Security Protocols and Access Control

Questions and Answers

Which type of hacker may use their skills for both benign and malicious goals at different times?

• Black hat
• White hat
• Suicide hacker
• Gray hat (correct)

What is the primary goal of a hacktivist?

• To disrupt business operations
• To bring about political or social change (correct)
• To steal sensitive information
• To gain unauthorized access to a system

What is the key characteristic of a suicide hacker?

• Disregard for the law
• Intent to reform
• Lack of fear of being caught (correct)
• Desire to be helpful

What is the primary focus of vulnerability research?

Passively uncovering vulnerabilities (A)

What is the purpose of a contract in penetration testing?

To provide proof of testing (B)

At which layer of the OSI model does a device that uses node MAC addresses to funnel traffic operate?

Layer 2 (D)

What does TOE stand for in the context of penetration testing?

Target of evaluation (A)

What is the primary function of a proxy operating at the Application layer of the OSI model?

Caching frequently requested resources (D)

What is the most common desktop operating system, which is also a large attack surface?

Windows (A)

Which port is used for secure web traffic using SSL?

443 (A)

What type of network topology uses a token-based access methodology?

Ring (D)

What is the sequence of the TCP three-way-handshake?

SYN, SYN-ACK, ACK (A)

What type of firewall inspects packets at the most granular level possible while providing improved traffic efficiency?

Application firewall (B)

What Google command is used to search files using a specific file extension on a target website?

site: target.com filetype:xls username password email (B)

What type of OS fingerprinting technique involves analyzing the response to specially crafted packets?

Active (B)

What access control mechanism allows for central authentication and access to multiple systems?

Single Sign-On (SSO) (D)

What is the primary function of an application firewall?

Inspecting packets at the application layer (D)

What is the goal of using Google commands for data analysis?

To gather information about system functions and documentation (D)

What is the primary focus of a security audit or vulnerability assessment?

Locating vulnerabilities (B)

What restricts access to a single individual at any one time?

Mantrap (B)

Which mechanism manages digital certificates through a system of trust?

PKI (B)

What protocol is used to create a secure environment in a wireless network?

WPA (B)

What type of exercise is conducted with full knowledge of the target environment?

White box (A)

Which technology would best establish a network connection between two LANs using the Internet?

L2TP (D)

Which regulation defines security and privacy controls for Federal information systems and organizations?

NIST SP 800-53 (A)

What is the primary purpose of DNSSEC?

To prevent DNS poisoning and spoofing attacks (D)

Which statement regarding ethical hacking is incorrect?

Ethical hackers should never use tools or methods that have the potential of exploiting vulnerabilities. (B)

What type of security policy defines the use of VPN for gaining access to an internal corporate network?

Remote access policy (D)

What is the best nmap command to enumerate all machines in the network 10.10.0.0/24?

nmap -T4 -F 10.10.0.0/24 (D)

What is the primary goal of penetration testing?

To identify vulnerabilities in an organization's systems. (B)

Flashcards are hidden until you start studying