0 of 44 questions completed
Questions:
You have already completed the exam before. Hence you can not start it again.
Exam is loading…
You must sign in or sign up to start the exam.
You must first complete the following:
0 of 44 questions answered correctly
Your time:
Time has elapsed
You have reached 0 of 0 point(s), (0)
Earned Point(s): 0 of 0, (0)
0 Essay(s) Pending (Possible Point(s): 0)
2) In which phase the hacker exploits the network or system vulnerabilities.
3) Which command is used to check the processes running in a Linux system?
4) What is the sequence of a TCP connection?
5) Which of the following Services or commands are associated with troubleshooting network connections?Ā
a) root@root# ifconfig
b) root@root# service network-manager restart
c) root@root# service networking restart
d) root@root# service apache2 start
6) Which of the following services use TCP(Transmission Control Protocol)? 1:RIP 2:SSH 3:TFTP 4:DHCP 5:HTTP 6:FTP
7)Ā What port does Metasploitable’s IRC service run on?
8) Which of the following statements are TRUE for cookies:
a) Cookies have executable code which help server to track down user activity.
b) Cookies have limitation of storing data up-to 4 Kb per cookie.
c) Cookies are made for both Client side programming and Server side programming.
d) Cookies can be used for activating re-targeting advertisements.
9) Which algorithms belong to asymmetric cryptography?
10) In Reconnaissance, an organization or system compromises which CIA triad of security?
11) PKI (Public Key Infrastructure) uses which of the following elements:
12) When to start investigation?
13) Which attack is called the “Evil Twin” ?
14) Digital signature certificate is requirement under various applications
15) What is the difference between session cookies and persistent cookies?Ā
16) Recently you discovered a new vulnerability in an application that is handling the Financial sector which leaks some sensitive data of the users and the vendor is not responding. Which one of the following approaches would be the most responsible way for you to report this?
17) Ā Which of the following deals with network intrusion detection and real-time traffic analysis?
18) How to scan a target using default scripts?
19) A hacker finds a system that has a poorly design and unpatched program installed. He wants to create a backdoor for himself. Which of the following tools could he use to establish a backdoor?
20) Ā Mention what flaw arises from session tokens having poor randomness across a range of values?
21) What is the attack technique used to exploit web sites by altering backend database queries through inputting manipulated queries?
22) when user input is placed into EMAIL headers without adequate sanitization, allowing an attacker to inject additional headers with arbitrary values. This results in:
23) Which of the following is most common intercepting tool?
24) Which of the following best describes the difference between a port scanner and a vulnerability scanner?
25) Point out the wrong statement.
26) Point out the correct statement.
27) A hacker has managed to gain access to the /etc/passwd file on a Linux host. What can the hacker obtain from this file?
Ā 28) Which of the following input sources can be directly controlled by a malicious user?
29) ______ is an attack that forces an end user to execute unwanted actions on a web application in which he/she is currently authenticated?
30) Mention what threat can be avoided by having unique usernames produced with a high degree of entropy?
31) Which of the following refers to a solution allowing administrators to block internet access for users until they perform a required action?
32) How is risk affected if users have direct access to a database at the system level?
33) Which attack can execute scripts in the user’s browser and is capable of hijacking user sessions, defacing websites or redirecting the user to malicious sites?
34) Enumeration is done to gain information. Which of the following cannot be achieved using enumeration?
35) Which of the command is not correct for network host discovery?
36) Even our emails contain the IP address of the sender which helps in the enumeration. We can get this IP from _______ from within the email.
37) Which of the tool in the Linux environment can help you to route complete system traffic to the onion.
38) Which of the following statement is NOT true?
39) Attackers commonly target _____________ for fetching IP address of a target or victim user.
40) Point out the correct statement.
41) How to set SUID bit to the file?
42) “\/bin/ls -al” is a payload for which injection attack?
44) Maximum no of IP’s that can be given to hosts on a single subnet that use 255.255.255.224 subnet mask?
45) In the process of Reconnaissance a organisation or system compromise of which CIA triad of security?