You are performing a penetration test for a client and have gained shell access to a
Windows machine on the internal network. You intend to retrieve all DNS records for the
internal domain, if the DNS server is at 192.168.10.2 and the domain name is
abccorp.local, what command would you type at the nslookup prompt to attempt a zone
transfer?

A.

list server=192.168.10.2 type=all

B.

is-d abccorp.local

C.

Iserver 192.168.10.2-t all

D.

List domain=Abccorp.local type=zone

if you send a TCP ACK segment to a known closed port on a firewall but it does not respond with an RST. what do you know about the firewall you are scanning?

A.

There is no firewall in place.

B.

This event does not tell you encrypting about the firewall.

C.

It is a stateful firewall

D.

It Is a non-stateful firewall.

While performing online banking using a Web browser, a user receives an email that
contains a link to an interesting Web site. When the user clicks on the link, another Web
browser session starts and displays a video of cats playing a piano. The next business day,
the user receives what looks like an email from his bank, indicating that his bank account
has been accessed from a foreign country. The email asks the user to call his bank and
verify the authorization of a funds transfer that took place. What Web browser-based
security vulnerability was exploited to compromise the user?

A.

Clickjacking

B.

Cross-Site Scripting

C.

Cross-Site Request Forgery

D.

Web form input validation

Wilson, a professional hacker, targets an organization for financial benefit and plans to
compromise its systems by sending malicious emails. For this purpose, he uses a tool to
track the emails of the target and extracts information such as sender identities, mall
servers, sender IP addresses, and sender locations from different public sources. He also
checks if an email address was leaked using the haveibeenpwned.com API. Which of the
following tools is used by Wilson in the above scenario?

A.

Factiva

B.

Netcraft

C.

infoga

D.

Zoominfo

You are a Network Security Officer. You have two machines. The first machine
(192.168.0.99) has snort installed, and the second machine (192.168.0.150) has kiwi
syslog installed. You perform a syn scan in your network, and you notice that kiwi syslog is
not receiving the alert message from snort. You decide to run wireshark in the snort
machine to check if the messages are going to the kiwi syslog machine. What Wireshark
filter will show the connections from the snort machine to kiwi syslog machine?

A.

tcp.srcport= = 514 && ip.src= = 192.168.0.99

B.

tcp.srcport= = 514 && ip.src= = 192.168.150

C.

tcp.dstport= = 514 && ip.dst= = 192.168.0.99

D.

tcp.dstport= = 514 && ip.dst= = 192.168.0.150

One of your team members has asked you to analyze the following SOA record. What is
the version?
Rutgers.edu.SOA NS1.Rutgers.edu ipad.college.edu (200302028 3600 3600 604800
2400.) (Choose four.)

A.

200303028

B.

3600

C.

604800

D.

2400

E.

60

F.

4800

During the enumeration phase. Lawrence performs banner grabbing to obtain information
such as OS details and versions of services running. The service that he enumerated runs
directly on TCP port 445.Which of the following services is enumerated by Lawrence in this scenario?

A.

Server Message Block (SMB)

B.

Network File System (NFS)

C.

Remote procedure call (RPC)

D.

Telnet

Bob is going to perform an active session hijack against Brownies Inc. He has found a
target that allows session oriented connections (Telnet) and performs the sequence
prediction on the target operating system. He manages to find an active session due to the
high level of traffic on the network. What is Bob supposed to do next?

A.

Take over the session

B.

Reverse sequence prediction

C.

Guess the sequence numbers

D.

Take one of the parties offline

You are attempting to crack LM Manager hashed from Windows 2000 SAM file. You will be
using LM Brute force hacking tool for decryption. What encryption algorithm will you be decrypting?

A.

MD4

B.

DES

C.

SHA

D.

SSL

Samuel a security administrator, is assessing the configuration of a web server. He noticed
that the server permits SSlv2 connections, and the same private key certificate is used on a
different server that allows SSLv2 connections. This vulnerability makes the web server
vulnerable to attacks as the SSLv2 server can leak key information.
Which of the following attacks can be performed by exploiting the above vulnerability?

A.

DROWN attack

B.

Padding oracle attack

C.

Side-channel attack

D.

DUHK attack

What is the known plaintext attack used against DES which gives the result that encrypting
plaintext with one DES key followed by encrypting it with a second DES key is no more
secure than using a single key?

A.

Man-in-the-middle attack

B.

Meet-in-the-middle attack

C.

Replay attack

D.

Traffic analysis attack

Robin, an attacker, is attempting to bypass the firewalls of an organization through the DNS
tunneling method in order to exfiltrate data. He is using the NSTX tool for bypassing the
firewalls. On which of the following ports should Robin run the NSTX tool?

A.

Port 53

B.

Port 23

C.

Port 50

D.

Port 80