Security Protocols and Access Control

Questions and Answers

PDF Questions PDF Answers

Which type of hacker may use their skills for both benign and malicious goals at different times?

Black hat

White hat

Suicide hacker

Gray hat (correct)

What is the primary goal of a hacktivist?

To disrupt business operations

To bring about political or social change (correct)

To steal sensitive information

To gain unauthorized access to a system

What is the key characteristic of a suicide hacker?

Disregard for the law

Intent to reform

Lack of fear of being caught (correct)

Desire to be helpful

What is the primary focus of vulnerability research?

Passively uncovering vulnerabilities

What is the purpose of a contract in penetration testing?

To provide proof of testing

At which layer of the OSI model does a device that uses node MAC addresses to funnel traffic operate?

Layer 2

What does TOE stand for in the context of penetration testing?

Target of evaluation

What is the primary function of a proxy operating at the Application layer of the OSI model?

Caching frequently requested resources

What is the most common desktop operating system, which is also a large attack surface?

Windows

Which port is used for secure web traffic using SSL?

443

What type of network topology uses a token-based access methodology?

Ring

What is the sequence of the TCP three-way-handshake?

SYN, SYN-ACK, ACK

What type of firewall inspects packets at the most granular level possible while providing improved traffic efficiency?

Application firewall

What Google command is used to search files using a specific file extension on a target website?

site: target.com filetype:xls username password email

What type of OS fingerprinting technique involves analyzing the response to specially crafted packets?

Active

What access control mechanism allows for central authentication and access to multiple systems?

Single Sign-On (SSO)

What is the primary function of an application firewall?

Inspecting packets at the application layer

What is the goal of using Google commands for data analysis?

To gather information about system functions and documentation

What is the primary focus of a security audit or vulnerability assessment?

Locating vulnerabilities

What restricts access to a single individual at any one time?

Mantrap

Which mechanism manages digital certificates through a system of trust?

PKI

What protocol is used to create a secure environment in a wireless network?

WPA

What type of exercise is conducted with full knowledge of the target environment?

White box

Which technology would best establish a network connection between two LANs using the Internet?

L2TP

Which regulation defines security and privacy controls for Federal information systems and organizations?

NIST SP 800-53

What is the primary purpose of DNSSEC?

To prevent DNS poisoning and spoofing attacks

Which statement regarding ethical hacking is incorrect?

Ethical hackers should never use tools or methods that have the potential of exploiting vulnerabilities.

What type of security policy defines the use of VPN for gaining access to an internal corporate network?

Remote access policy

What is the best nmap command to enumerate all machines in the network 10.10.0.0/24?

nmap -T4 -F 10.10.0.0/24

What is the primary goal of penetration testing?

To identify vulnerabilities in an organization's systems.