1) Which of the following are Penetration testing methodology?
A. White box model
B. Black box model
C. Gray box model
D. All of the above
2) Which of the following skills are needed to be a security tester?
A. Knowledge of network and computer technology
B. Ability to communicate with management and IT personnel
C. An understanding of the laws in your location and ability to use necessary tools
D. All of the above
3) Which of the following are the district layer of TCP/IP?
A. Network and Internet
B. Transport and Application
C. Network, Internet, Transport, Presentation
D. A and B
4) Which of the followings are the TCP segment flags?
A. SYN flag: synch flag , ACK flag: acknowledgment flag
B. PSH flag: push flag, URG flag: urgent flag, STF flag: set test flag
C. PSH flag: push flag, URG flag: urgent flag, RST flag: reset flag, FIN flag: finish flag
D. A and C
5) Which of the following are properties of User Datagram Protocol (UDP)?
A. Fast but unreliable delivery protocol and Operates on Transport layer
B. Used for speed but Does not need to verify receiver is listening or ready
C. Depends on higher layers of TCP/IP stack handle problems and Referred to as a connectionless protocol
D. All of the above
6) Distributed denial-of-service (DDoS) attack is:
A. Attack on host from single servers or workstations and Network could be flooded with billions of packets that causes Loss of bandwidth and Degradation or loss of speed
B. Attack on host from multiple servers or workstations and Network could be flooded with billions of packets that causes Loss of bandwidth and Degradation or loss of speed
C. Attack on server from multiple host or workstations and Network could be flooded with billions of packets causes Loss of bandwidth and Degradation or loss of speed
D. None of the above
7) Different categories of Attacks are:
A. Denial-of-Service (DoS), Distributed Denial-of-Service (DDoS), Buffer overflow
B. Ping of Death, Session hijacking
C. Denial-of-Service (DoS), Distributed Denial-of-Service (DDoS), Buffer overflow, Ping of Death, Port High jacking (PoH)
D. A and B
8) Which of the following are Social Engineering Tactics?
A. Persuasion, Intimidation, Coercion
B. Persuasion, Intimidation, Coercion, Extortion, blackmailing
C. Persuasion, Intimidation, Coercion, Extortion, Urgency
D. All of the above
9) Which of the following/s are types of Port Scans?
A. ACK scan, FIN scan, UDP scan
B. SYN scan, NULL scan, XMAS scan,
C. ACK scan, FIN scan, UDP scan, SYN scan, NULL scan, XMAC scan
D. A and B
10) Enumeration extracts information about:
A. Resources or shares on the network
B. Usernames or groups assigned on the network
C. User’s password and recent logon times
D. All of the above
11) Which of the following are NetBIOS Enumeration Tools?
A. Nbtstat command, Net view command, Net use command
B. Nbtstat command, Net view command, Dumpsec command
C. Nbtstat command, Net view command, Hyena command
D. None of the above
12) D ...
1) Which of the following are Penetration testing methodology .docx
1. 1) Which of the following are Penetration testing methodology?
A. White box model
B. Black box model
C. Gray box model
D. All of the above
2) Which of the following skills are needed to be a security
tester?
A. Knowledge of network and computer technology
B. Ability to communicate with management and IT personnel
C. An understanding of the laws in your location and ability to
use necessary tools
D. All of the above
3) Which of the following are the district layer of TCP/IP?
A. Network and Internet
B. Transport and Application
C. Network, Internet, Transport, Presentation
D. A and B
4) Which of the followings are the TCP segment flags?
A. SYN flag: synch flag , ACK flag: acknowledgment flag
B. PSH flag: push flag, URG flag: urgent flag, STF flag: set test
flag
C. PSH flag: push flag, URG flag: urgent flag, RST flag: reset
flag, FIN flag: finish flag
D. A and C
5) Which of the following are properties of User Datagram
Protocol (UDP)?
A. Fast but unreliable delivery protocol and Operates on
Transport layer
B. Used for speed but Does not need to verify receiver is
2. listening or ready
C. Depends on higher layers of TCP/IP stack handle problems
and Referred to as a connectionless protocol
D. All of the above
6) Distributed denial-of-service (DDoS) attack is:
A. Attack on host from single servers or workstations and
Network could be flooded with billions of packets that causes
Loss of bandwidth and Degradation or loss of speed
B. Attack on host from multiple servers or workstations and
Network could be flooded with billions of packets that causes
Loss of bandwidth and Degradation or loss of speed
C. Attack on server from multiple host or workstations and
Network could be flooded with billions of packets causes Loss
of bandwidth and Degradation or loss of speed
D. None of the above
7) Different categories of Attacks are:
A. Denial-of-Service (DoS), Distributed Denial-of-Service
(DDoS), Buffer overflow
B. Ping of Death, Session hijacking
C. Denial-of-Service (DoS), Distributed Denial-of-Service
(DDoS), Buffer overflow, Ping of Death, Port High jacking
(PoH)
D. A and B
8) Which of the following are Social Engineering Tactics?
A. Persuasion, Intimidation, Coercion
B. Persuasion, Intimidation, Coercion, Extortion, blackmailing
C. Persuasion, Intimidation, Coercion, Extortion, Urgency
D. All of the above
9) Which of the following/s are types of Port Scans?
A. ACK scan, FIN scan, UDP scan
B. SYN scan, NULL scan, XMAS scan,
C. ACK scan, FIN scan, UDP scan, SYN scan, NULL scan,
3. XMAC scan
D. A and B
10) Enumeration extracts information about:
A. Resources or shares on the network
B. Usernames or groups assigned on the network
C. User’s password and recent logon times
D. All of the above
11) Which of the following are NetBIOS Enumeration Tools?
A. Nbtstat command, Net view command, Net use command
B. Nbtstat command, Net view command, Dumpsec command
C. Nbtstat command, Net view command, Hyena command
D. None of the above
12) Dumsec is an Enumeration tool for Windows systems that
does the following/s:
A. Allows user to connect to a server and “dump”, Permissions
for shares, Permissions for printers
B. Permissions for the Registry, Users in column or table
format, Policies ,Rights, Services
C. Allows user to connect to a server and “dump”, Permissions
for shares, Permissions for printers and Permissions for the
Registry, Users in column or table format
D. A and B
13) Which of the following are Tools for enumerating Windows
targets?
A. Nbtstat, Net view, Net use
B. Nbtstat, Net view, Net use and Other utilities
C. Nbtstat, Net view, Net use, Nessus
D. All of the above
14) Which of the following statements is more accurate about
Windows OS?
A. Many Windows OSs have serious vulnerabilities
4. B. None of the Windows OSs have any serious vulnerabilities
C. A few Windows OSs have any serious vulnerabilities
D. All of the Windows OSs have any serious vulnerabilities
15) Which of the following best describes Remote Procedure
Call?
A. Allows a program running on one host to run code on a
remote host
B. Allows a program running on one server to run code on
another server
C. Allows a program running any server to run code on a
designated clinet
D. None of the above
16) Buffer Overflows occurs when:
A. Data is written to a buffer and corrupts data in memory next
to allocated buffer
B. Normally, occurs when copying strings of characters from
one buffer to another
C. Data is deleted from a buffer and corrupts data in memory
next to deleted buffer
D. A and B
17) Microsoft Baseline Security Analyzer (MBSA) is capable of
checking which of the following/s?
A. Patches, Security updates, Configuration errors
B. Blank or weak passwords
C. A and B
D. None of the above
18) Which of the following/s are Vulnerabilities in Windows
file systems?
A. Lack of ACL support in FAT and Risk of malicious ADSs in
NTFS
B. RCP, NetBIOS, SMB, Null sessions
C. Windows Web services and IIS
5. D. All of the above
19) An Embedded system is:
A. Any computer system that is a general-purpose PC or server
and they are in all networks and Perform essential functions
B. Any computer system that isn’t a general-purpose PC or
server and they are in all networks and Perform essential
functions
C. Any computer system that isn’t a server or client
D. None of the above
20) Object Linking and Embedding Database are Set of
interfaces that:
A. Enable applications to access data stored in DBMS and relies
on connection strings and allows application to access data
stored on external device
B. Enable applications to access data stored in a server and
relies on connection tokens and allows application to access
data stored on external device
C. Enable applications to access data stored in flat files
D. All of the above
21) ActiveX Data Objects are:
A. Programming interface for connecting Web applications to a
database
B. Defines a set of technologies that allow desktop applications
to interact with Web
C. Network interface for connecting Web applications to a
database
D. A and B
22) Attackers controlling a Web server can do which of the
following/s?
A. Deface the Web site and destroy company’s database or sell
contents
B. Gain control of user accounts and perform secondary attacks
6. C. Gain root access to other application servers
D. All of the above
23) Which of the following/s are Web application
vulnerabilities?
A. Cross-site scripting (XSS) flaws and Injection flaws and
malicious file execution and Unsecured direct object reference
B. Cross-site request forgery (CSRF) and Information leakage
and incorrect error handling and Broken authentication and
session management
C. Unsecured cryptographic storage and Unsecured
communication and Failure to restrict URL access
D. All of the above
24) Which of the following statements best describes Wireless
Hacking?
A. Hacking a wireless network is different from hacking a wired
Lan and Port scanning and Enumeration techniques can not be
used.
B. Hacking a wireless network is not much different from
hacking a wired LAN and Port scanning and Enumeration
techniques can be used.
C. Hacking a wireless network is not much different from
hacking a wired LAN and Port scanning technique can be used
D. All of the above
25) Cryptography is:
A. Process of converting plaintext into ciphertext
B. Process of converting ciphertext into plaintext
C. Process of converting plaintext into ciphertext and vise
versa
D. All of the above
26) Which of the following statements is true?
A. Cryptography is a new technology
B. Cryptography has been around for thousands of years
7. C. Cryptography has been around for hundreds of years
D. None of the above
27) Which of the following best describes Hashing Algorithms?
A. Takes a variable-length message and produces a fixed-length
value (i.e., message digest), Like a fingerprint of the message
B. Takes a variable-length message and produces a fixed-length
value (i.e., message digest), Like a fingerprint of the message,
If message is changed, hash value changes
C. Takes a fixed-length message and produces a variable-length
value (i.e., message digest), Like a fingerprint of the message,
If message is changed, hash value changes
D. B and C
1. Who’s responsible for the ad? Look for the logo, which is the
symbol representing the brand. When you find it,
ask yourself what you know about the brand. Do you like it?
Does it have a good reputation? In this case, Zed is
responsible for this ad. It’s the company that picked everything
in the ad to convince you to buy its products.
2. What is the ad actually saying? Remember to look at more
than words. Everything in an ad is a message to you:
the pictures, the colors, the feel – and the words. In this ad, you
could find a bunch of messages: if you wear Zed
clothes, you’ll be hip; you can dress well for not a lot of money;
if you buy these new, stylish clothes, you won’t
feel guilty; if you wear these clothes; you’ll be happy and have
cool friends; if you buy Zed, you’ll be cool like
8. these kids. Basically, whatever you think the ad is saying to you
is right.
3. What does the ad want me to do? Buy clothes from Zed.
4. Who do you think this ad is for? Probably girls, maybe ages
12-20.
5. What do you see that makes you think that? The pictures of
high school or college girls (though there are two guys,
so they may sell guy’s clothes, too). And the logo has a kind of
flowery pattern, which might be more for girls.
Federal Trade Commission
ftc.gov
1. Who’s responsible for this ad?
2. What is the ad actually saying?
3. What does the ad want me to do?
4. Who is the ad for?
5. What do you see that makes you
think that?
Now it’s your turn
Answer these questions to deconstruct this ad: