Ping utilities can be used for basic network connectivity test; the ping command sends out an ICMP Echo Request packets and the destination host will reply with an ICMP Echo Reply packets if the host is alive.
However,in some cases the host might be alive and responses are not received.What is the most likely cause of such behavior?
A. The packet suffers from time exceeded in transit
B. The packet did not reach the destination gateway
C. A filtering device is dropping the packets
D. The remote device OS does not support the ping command.
A normal TCP connection is always established by using what is called a TCP Three Way Handshake. Which of the packet sequences below would represent a normal TCP connection establishment?
A. SYN,SYN/ACK,ACK
B. SYN,PSH,ACK
C. ACK,SYY,SYN/ACK
D. FIN,ACK,SYN
From the items listed below,which would be expected from a cracker or hacker but NOT from an Ethical Hacker or Certified Penetration tester?
A. Code of ethics
B. Signed Authorization
C. Disregard for potential losses
D. Presentation of a detailed report
Which of the following password and encyption cracking methods is guaranteed to successfully crack any password or encryption algorithm?
A. Dictionary
B. Hybrid
C. Brute Force
D. RainbowCrack
After completing your reconnaissance and scanning,which of the following would be the next logical step performed bye the Pen Tester?
A. Vulnerability Assessment
B. Enumeration
C. Privilege Escalation
D. Clean up
Which of the following password implementation is found only in Windows 2000 and newer Windows versions?
A. LM
B. NTLM
C. NTLMv2
D. Kerberos
Under the Windows platform,there is something refered to as Null Session.
Which of the following statements would best describe what a null session consists of?
A. It is a session where zero bytes of traffic have been transferred
B. It is a session where erroneous commands are being used showing the lack of knowledge of the user connected.
C. It is a remote session that is established anonymously to a Windows machine.
D. It is a anonymous FTP session under the Windows platform
Which of the following actions can often be used as countermeasures to port scans?Choose all that apply.
A. Block unassigned port traffic
B. Monitor transport-layer connections (control of TCP,SYN,RST,ACK)
C. Block ICMP type 3 and 8
D. Use active network monitoring
Bob is working as an Instrusion Detection System administrator for a company called CCCure.
Being a keen analyst he has noted a very large amount of SYN packet being sent to some of his external IP addresses.
At first it looked like normal daily traffic but somehow it seems that after his internet facing hosts sends a SYN/ACK reply back to the connection request,the final ACK packet is never received from the remote host.
What type of scan does this pattern indicate?
A. A FIN Scan
B. A Vanilla port scan
C. A Half-Open Scan
D. A NULL scan
Which of the following SQL injection scripts would attempt to discover all usernames on the table users beginning with Ad?
A. SELECT *FROM* WHERE username =AD*
B. OR 1=1; SELECT username FROM users WHERE username LIKE ad%:
C. SELECT name FROM Master..sysxlogins
D. OR 1=2 WHERE name is like AD%
While performing a penetration test you discover that the system being tested is already compromised by an intruder.Further examination shows the intruder being currently on the system and doing his deeds.As a Certified Penetration Testing Specialist What should you do?
A. Retaliate immediately and attempt to break into the attacker system before you loose track of where he is doing the attack from.
B. Suspend your test immediately and advise your client.Once the client gives you authorization you would resume your testing.
C. Immediately attempt to gather as much information as possible about the intruder,monitor his moves very closely but never attempt to break into this system or retaliate.
D. Call 911 immediately and then call management to notify them of your promptaction.Once management gives you authorization you can resume your testing.
Joshua, a specialist in Penetration Testing,has been hired by TestKing.com to perform a security test on some of their servers.Joshua has been challenged to remain undetected by TestKing.com internal security team.
Over the past few days Joshua has been collecting tons of information about his target.He did so by accessing public database and never sending any packets to his target.How would you call this type of information gathering?
A. Active Information Gathering
B. Passive Information Gathering
C. Stealth Information Gathering
D. Secret Information Gathering
Which of these methods would be considered examples of active reconnaissance?(Choose three.)
A. War dialing
B. Firewalking
C. Whois lookup
D. FTP banner retrieval
Which of the following countermeasures can make it more difficult for an attacker to gain access to the local SAM file if the attacker has physical access to that computer?Choose two.
A. Change the BIOS to always boot first from the hard drive and enable a BIOS password
B. Install a smartcard reader for login
C. Encrypt the SAM file using EFS
D. Physically remove the floppy drive and CD/DVD drives
Which of the following would best describe a scanning technique that is the most reliable but also the most noticeable on the target is being evaluated?
A. Half-Scan
B. TCP Connect( )
C. Fin Scan
D. NMAP scan