1.

Which of the following tools is a command-line vulnerability scanner that scans

web servers for dangerous files/CGIs?
A) Snort
B) Kon-Boot
C) John the Ripper
D) Nikto
2. Michael, a technical specialist, discovered that the laptop of one of the employees
connecting to a wireless point couldn't access the internet, but at the same time, it
can transfer files locally. He checked the IP address and the default gateway. They
are both on [Link]/24. Which of the following caused the problem?

A) The laptop is using an invalid IP address

B) The laptop and the gateway are not on the same network
C) The laptop isn't using a private IP address
D) The gateway is not routing to a public IP address
3. Josh, a security analyst, wants to choose a tool for himself to examine links
between data. One of the main requirements is to present data using graphs and
link analysis. Which of the following tools will meet John's requirements?

A) Palantir
B) Maltego
C) Analyst's Notebook
D) Metasploit
4. What describes two-factor authentication for a credit card (using a card and pin)?

A) Something you know and something you are

B) Something you have and something you know
C) Something you are and something you remember
D) Something you have and something you are
5. Identify a vulnerability in OpenSSL that allows stealing the information protected
under normal conditions by the SSL/TLS encryption used to secure the internet?

A) SSL/TLS Renegotiation Vulnerability

B) POODLE
C) Heartbleed Bug
D) Shellshock
6. You make a series of interactive queries, choosing subsequent plaintexts based on
the information from the previous encryption. What type of attack are you trying
to perform?
 A) Adaptive chosen-plaintext attack
B) Ciphertext-only attack
C) Known-plaintext attack
D) Chosen-plaintext attack
7. Which of the following does not apply to IPsec?

A) Provides authentication
B) Use key exchange
C) Encrypts the payloads
D) Work at the Data Link Layer
8. Alex, a cybersecurity specialist, received a task from the head to scan open ports.
One of the main conditions was to use the most reliable type of TCP scanning.
Which of the following types of scanning would Alex use?

A) NULL Scan
B) Half-open Scan
C) TCP Connect/Full Open Scan
D) Xmas Scan
9. Which of the following Nmap options will you use if you want to scan fewer ports
than the default?

A) -p
B) -sP
C) -T
D) -F
10. You conduct an investigation and finds out that the browser of one of your
employees sent malicious request that the employee knew nothing about. Identify
the web page vulnerability that the attacker used to attack your employee?

A) Cross-Site Request Forgery (CSRF)

B) Command Injection Attacks
C) File Inclusion Attack
D) Hidden Field Manipulation Attack
11. Which of the following program attack both the boot sector and executable files?

A) Stealth virus
B) Polymorphic virus
 C) Macro virus
D) Multipartite virus
12. Which of the following is the type of violation when an unauthorized individual
enters a building following an employee through the employee entrance?

A) Reverse Social Engineering

B) Tailgating
C) Pretexting
D) Announced
13. Maria conducted a successful attack and gained access to a linux server. She wants
to avoid that NIDS will not catch the succeeding outgoing traffic from this server
in the future. Which of the following is the best way to avoid detection of NIDS?

A) Protocol Isolation
B) Out of band signaling
C) Encryption
D) Alternate Data Streams
14. The company "Usual company" asked a cybersecurity specialist to check their
perimeter email gateway security. To do this, the specialist creates a specially
formatted email message:
From: employee76@[Link]
To: employee34@[Link]
Subject: Test message
Date: 5/8/2021 11:22
He sends this message over the Internet, and a "Usual company " employee
receives it. This means that the gateway of this company doesn't prevent _____.

A) Email phishing
B) Email harvesting
C) Email spoofing
D) Email masquerading
15. How works the mechanism of a Boot Sector Virus?

A) Moves the MBR to another location on the Random-access memory and copies
itself to the original location of the MBR
B) Overwrites the original MBR and only executes the new virus code
C) Modifies directory table entries to point to the virus code instead of the actual
MBR
D) Moves the MBR to another location on the hard disk and copies itself to
the original location of the MBR
16. Which of the options presented below is not a Bluetooth attack?

A) Bluesnarfing
B) Bluesmacking
C) Bluejacking
D) Bluedriving
17. Determine the type of SQL injection:
SELECT * FROM user WHERE name='x' AND userid IS NULL; --';

A) UNION SQL Injection

B) End of Line Comment
C) Illegal/Logically Incorrect Query
D) Tautology
18. Viktor, a white hat hacker, received an order to perform a penetration test from the
company "Test us". He starts collecting information and finds the email of an
employee of this company in free access. Viktor decides to send a letter to this
email, "boss@[Link]". He asks the employee to immediately open the "link
with the report" and check it. An employee of the company "Test us" opens this
link and infects his computer. Thanks to these manipulations, Viktor gained access
to the corporate network and successfully conducted a pentest. What type of attack
did Viktor use?

A) Eavesdropping
B) Piggybacking
C) Tailgating
D) Social engineering
19. Michael works as a system administrator. He receives a message that several sites
are no longer available. Michael tried to go to the sites by URL, but it didn't work.
Then he tried to ping the sites and enter IP addresses in the browser and it worked.
What problem could Michael identify?

A) Traffic is blocked on UDP port 69

B) Traffic is blocked on UDP port 88
C) Traffic is blocked on UDP port 56
D) Traffic is blocked on UDP port 53
20. Benjamin performs a cloud attack during the translation of the SOAP message in
the TLS layer. He duplicates the body of the message and sends it to the server as
a legitimate user. As a result of these actions, Benjamin managed to access the
server resources to unauthorized access.
 A) Cloud Hopper
B) Side-channel
C) Cloudborne
D) Wrapping
21. Ivan, an evil hacker, conducts an SQLi attack that is based on True/False
questions. What type of SQLi does Ivan use?

A) DMS-specific SQLi
B) Compound SQLi
C) Blind SQLi
D) Classic SQLi
22. Phillip, a cybersecurity specialist, needs a tool that can function as a network
sniffer, record network activity, prevent and detect network intrusion. Which of the
following tools is suitable for Phillip?

A) Nessus
B) Cain & Abel
C) Snort
D) Nmap
23. With which of the following SQL injection attacks can an attacker deface a web
page, modify or add data in a database and compromised data integrity?

A) Unauthorized access to an application

B) Information disclosure
C) Compromised Data Integrity
D) Loss of data availability
24. According to the Payment Card Industry Data Security Standard, when is it
necessary to conduct external and internal penetration testing?

A) At least once every two years and after any significant upgrade or modification
B) At least one every three years or after any significant upgrade or modification
C) At least twice a year or after any significant upgrade or modification
D) At least once a year and after any significant upgrade or modification
25. The attacker enters its malicious data into intercepted messages in a TCP session
since source routing is disabled. He tries to guess the response of the client and
server. What hijacking technique is described in this example?

A) TCP/IP
 B) RST
C) Registration
D) Blind
26. Which of the following is a logical collection of internet-connected devices such
as computers, smartphones or internet of things (IoT) devices whose security has
been breached and control ceded to a third party?

A) Botnet
B) Spear Phishing
C) Rootkit
D) Spambot
27. Rajesh, the system administrator analyzed the IDS logs and noticed that when
accessing the external router from the administrator's computer to update the
router configuration, IDS registered alerts. What type of an alert is this?

A) False negative
B) True negative
C) True positive
D) False positive
28. Which of the following requires establishing national standards for electronic
health care transactions and national identifiers for providers, health insurance
plans, and employers?

A) PCI-DSS
B) HIPAA
C) DMCA
D) SOX
29. Let's assume that you decided to use PKI to protect the email you will send. At
what layer of the OSI model will this message be encrypted and decrypted?

A) Session layer
B) Application layer
C) Presentation layer
D) Transport layer
30. Mark, the network administrator, must allow UDP traffic on the host [Link] and
internet traffic in the host [Link]. In addition to the main task, he needs to allow
all FTP traffic to the rest of the network and deny all other traffic. Mark applies his
ACL configuration on the router, and everyone has a problem with accessing FTP.
In addition, hosts that are allowed access to the internet cannot connect to it. In
 accordance with the following configuration, determine what happened on the
network?
access-list 102 deny tcp any any
access-list 104 permit udp host [Link] any
access-list 110 permit tcp host [Link] eq www any
access-list 108 permit tcp any eq ftp any

A) The ACL 104 needs to be first because its UDP

B) The ACL 110 needs to be changed to port 80
C) The ACL for FTP must be before the ACL 110
D) The first ACL is denying all TCP traffic, and the router is ignoring the
other ACLs
31. Suppose your company has implemented identify people based on walking
patterns and made it part pf physical control access to the office. The system
works according to the following principle:
The camera captures people walking and identifies employees, and then they must
attach their RFID badges to access the office.
Which of the following best describes this technology?

A) Biological motion cannot be used to identify people

B) The solution implements the two factors authentication: physical object
and physical characteristic
C) The solution will have a high level of false positives
D) Although the approach has two phases, it actually implements just one
authentication factor
32. Which one of the following Google search operators allows restricting results to
those from a specific website?

A) [site:]
B) [link:]
C) [inurl:]
D) [cache:]
33. Define Metasploit module used to perform arbitrary, one-off actions such as port
scanning, denial of service, SQL injection and fuzzing?

A) Payload module
B) Auxiliary module
C) Exploit module
D) NOPS module
34. Which of the following is a network software suite designed for 802.11 WEP and
WPA-PSK keys cracking that can recover keys once enough data packets have
been captured?

A) Aircrack-ng
B) wificracker
C) WLAN-crack
D) Airgaurd
35. What is an automated software testing technique that involves providing invalid,
unexpected, or random data as inputs to a computer program?

A) Security testing
B) Concolic Testing
C) Fuzz testing
D) Monkey testing
36. Which of the following tools is a packet sniffer, network detector and IDS for
802.11(a,b,g,n) wireless LANs?

A) Nessus
B) Abel
C) Kismet
D) Nmap
37. John, a system administrator, is learning how to work with new technology:
Docker. He will use it to create a network connection between the container
interfaces and its parent host interface. Which of the following network drivers is
suitable for John?

A) Overlay networking
B) Macvlan networking
C) Host networking
D) Bridge networking
38. The attacker posted a message and an image on the forum, in which he embedded
a malicious link. When the victim clicks on this link, the victim's browser sends an
authenticated request to a server. What type of attack did the attacker use?

A) Session hijacking
B) SQL injection
C) Cross-site scripting
D) Cross-site request forgery
39. While using your bank's online servicing you notice the following string in the
URL bar: [Link]
id=368940911028389&Damount=10980&Camount=21
You observe that if you modify the Damount & Camount values and submit the
request, that data on the web page reflect the changes. Which type of vulnerability
is present on this site?

A) XSS Reflection
B) Cookie Tampering
C) SQL injection
D) Web Parameter Tampering
40. The evil hacker Antonio is trying to attack the IoT device. He will use several fake
identifies to create a strong illusion of traffic congestion, affecting communication
between neighbouring nodes and networks. What kind of attack does Antonia
perform?

A) Forged malicious device

B) Side-channel attack
C) Sybil attack
D) Exploit kits
41. Which of the following can be designated as "Wireshark for CLI"?

A) Nessus
B) ethereal
C) John the Ripper
D) tcpdump
42. What is the purpose of the demilitarized zone?

A) To scan all traffic coming through the DMZ to the internal network
B) To provide a place for a honeypot
C) To add protection to network devices
D) To add an extra layer of security to an organization's local area network
43. Which of the following Nmap's commands allows you to most reduce the
probability of detection by IDS when scanning common ports?

A) nmap -A --host-timeout 99-T1

B) nmap -sT -O -T0
C) nmap -sT -O -T2
D) nmap -A -Pn
44. Jack sent an email to Jenny with a business proposal. Jenny accepted it and
fulfilled all her obligations. Jack suddenly refused his offer when everything was
ready and said taht he had never sent an email. Which of the following digital
signature properties will help Jenny prove that Jack is lying?

A) Authentication
B) Non-Repudiation
C) Integrity
D) Confidentiality
45. Identify the standard by the description:
A regulation contains a set of guidelines that everyone who processes any
electronic data in medicine should adhere to. It includes information on medical
practices, ensuring that all necessary measures are in place while saving,
accessing, and sharing any electronic medical data to secure patient data.

A) FISMA
B) HIPAA
C) COBIT
D) ISO/IEC 27002
46. After several unsuccessful attempts to extract cryptography keys using software
methods, Mark is thinking about trying another code-breaking methodology.
Which of the following will best suit Mark based on his unsuccessful attempts?

A) One-Time Pad
B) Frequency Analysis
C) Brute-Force
D) Trickery and Deceit
47. What is meant by a "rubber-hose" attack in cryptography?

A) A backdoor is placed into a cryptographic algorithm by its creator

B) Attempting to decrypt ciphertext by making logical assumptions about the
contents of the original plain text
C) Extraction of cryptographic secrets through coercion or torture
D) Forcing the targeted keystream through a hardware-accelerated device such as
an ASIC
48. Which of the following will allow you to prevent unauthorized network access to
local area networks and other information assets by wireless devices?

A) AISS
 B) WIPS
C) HIDS
D) NIDS
49. Which of the following cipher is based on factoring the product of two large prime
numbers?

A) MD5
B) RSA
C) RC5
D) SHA-1
50. Which of the following web application attack inject the special character
elements "Carriage Return" and "Line Feed" into the user's input to trick the web
server, web application, or user into believing that the current object is terminated
and a new object has been initiated?

A) HTML injection
B) Server-Side JS injection
C) CRLF injection
D) Log injection
51. Which of the following is an encryption technique where data is encrypted by a
sequence of photons that have a spinning trait while travelling from one end to
another?

A) Elliptic Curve Cryptography

B) Quantum Cryptography
C) Homomorphic
D) Hardware-Based
52. Alex, a cyber security specialist, should conduct a pentest inside the network,
while he received absolutely no information about the attacked network. What
type of testing will Alex conduct?

A) Internal, white-box
B) Internal, black-box
C) Internal, grey-box
D) External, black-box
53. Which of the following command will help you launch the Computer Management
Console from "Run" windows as a local administrator?

A) [Link]
 B) [Link]
C) [Link]
D) [Link]
54. Which of the following SQL injection attack does an attacker usually bypassing
user authentication and extract data by using a conditional OR clause so that the
condition of the WHERE clause will always be true?

A) UNION SQLi
B) End-of-Line Comment
C) Tautology
D) Error-Based SQLi
55. John, a cybersecurity specialist, received a copy of the event logs from all
firewalls, Intrusion Detection Systems (IDS) and proxy servers on a company's
network. He tried to match all the registered events in all the logs, and he found
that their sequence didn't match. What can cause such a problem?

A) The attacker altered events from the logs

B) A proper chain of custody was not observed while collecting the logs
C) The security breach was a false positive
D) The network devices are not all synchronized
56. Ivan, a black hat hacker, sends partial HTTP requests to the target web server to
exhaust the target server's maximum concurrent connection pool. He wants to
ensure that all additional connection attempts are rejected. What type of attack
does Ivan implement?

A) Spoofed Session Flood

B) Slowloris
C) HTTP GET/POST
D) Fragmentation
57. Viktor, the white hat hacker, conducts a security audit. He gains control over a user
account and tries to access another account's sensitive information and files. How
can he do this?

A) Fingerprinting
B) Shoulder-Surfing
C) Privilege Escalation
D) Port Scanning
58. Which of the following options represents a conceptual characteristic of an
anomaly-based IDS over a signature-based IDS?
 A) Requires vendor updates for a new threat
B) Cannot deal with encrypted network traffic
C) Produces less false positives
D) Can identify unknown attacks
59. Based on the following data, you need to calculate the approximate cost of
recovery of the system operation per year:
The cost of a new hard drive is $300
The chance of a hard drive failure is 1/3
The recovery specialist earns $10/hour
Restore the OS and software to the new hard disk - 10 hours
Restore the database form the last backup to the new hard disk - 4 hours
Assume the EF = 1 (100%), calculate the SLE, ARO, and ALE

A) $146
B) $295
C) $440
D) $960

Explanation
1. AV (Asset value) = $300 + (14 * $10) = $440 - the cost of a hard drive plus the
work of a recovery person, [Link] much would it take to replace 1 asset? 10 hours
for resorting the OS and soft + 4 hours for DB restore multiplies by hourly rate of
the recovery person.
2. SLE (Single Loss Expectancy) = AV EF (Exposure Factor) = $440 1 = $440
3. ARO (Annual rate of occurrence) = 1/3 (every three years, meaning the
probability of occurring during 1 years is 1/3)
4. ALE (Annual Loss Expectancy) = SLE ARO = 0.33 $440 = $145.2
60. Andrew is conducting a penetration test. He is now embarking on sniffing the
target network. What is not available for Andrew when sniffing the network?

A) Collecting unencrypted information about usernames and passwords

B) Modifying and replaying captured network traffic
C) Capturing network traffic for further analysis
D) Identifying operating systems, services, protocols, and devices
61. Your company has a risk assessment, and according to its results, the risk of a
breach in the main company application is 40%. Your cybersecurity department
has made changes to the application and requested a re-assessment of the risks.
The assessment showed that the risk fell to 12%, with a risk threshold of 20%.
Which of the following options would be the best from a business point of view?
 A) Avoid the risk
B) Accept the risk
C) Introduce more controls to bring risk to 0%
D) Limit the risk
62. Which of the following command-line flags set a stealth scan for Nmap?

A) -sM
B) -sU
C) -sT
D) -sS
63. Wireshark is one of the most important tools for a cybersecurity specialist. It is
used for network troubleshooting, analysis, software, etc. You often have to work
with a packet bytes pane. In what format is the data presented in this pane?

A) ASCII only
B) Decimal
C) Binary
D) Hexadecimal
64. Identify Secure Hashing Algorithm, which produces a 160-bit digest from a
message on principles similar to those used in MD4 and MD5?

A) SHA-0
B) SHA-2
C) SHA-1
D) SHA-3
65. Elon plans to make it difficult for the packet filter to determine the purpose of the
packet when scanning. Which of the following scanning techniques will Elon use?

A) ACK scanning
B) SYN/FIN scanning using IP fragments
C) ICMP scanning
D) IPID scanning
66. You analyze the logs and see the following output of logs from the machine with
the IP address of [Link]:

Time August 21 11:22:06 Port:20 Source:[Link] Destination:[Link]

Protocol:TCP
Time August 21 11:22:08 Port:21 Source:[Link] Destination:[Link]
 Protocol:TCP
Time August 21 11:22:11 Port:22 Source:[Link] Destination:[Link]
Protocol:TCP
Time August 21 11:22:14 Port:23 Source:[Link] Destination:[Link]
Protocol:TCP
Time August 21 11:22:15 Port:25 Source:[Link] Destination:[Link]
Protocol:TCP
Time August 21 11:22:19 Port:80 Source:[Link] Destination:[Link]
Protocol:TCP
Time August 21 11:22:21 Port:443 Source:[Link]
Destination:[Link] Protocol:TCP

What conclusion can you make based on this output?

A) Port scan targeting [Link]

B) Teardrop attack targeting [Link]
C) Denial of service attack targeting [Link]
D) Port scan targeting [Link]
67. What is a set of extensions to DNS that provide to DNS clients (resolvers) origin
authentication, authenticated denial of existence and data integrity, but not
availability or confidentiality?

A) Zone tranfer
B) Resource records
C) Resource tranfer
D) DNSSEC
68. The firewall prevents packets from entering the organization through certain ports
and applications. What does this firewall check?

A) Application layer port numbers and the transport layer headers

B) Presentation layer headers and session layer port numbers
C) Application layer headers and transport layer port numbers
D) Network layer headers and the session layer port numbers
69. Which of the following protocols is used in a VPN for setting up a secure channel
between two devices?

A) SET
B) PPP
C) PEM
D) IPSEC
70. What is a "Collision attack?"

A) Collision attacks try to change the hash

B) Collision attack on a hash tries to find two inputs producing the same hash
value
C) Collision attacks attempt to recover information from a hash
D) Collision attacks break the hash into several parts, with the same bytes in each
part to get the private key
71. You managed to compromise a server with an IP address of10.10.0.5, and you
want to get fast a list of all the machines in this network. Which of the following
Nmap command will you need?

A) nmap -T4 -p [Link]/24

B) nmap -T4 -r [Link]/24
C) nmap -T4 -F [Link]/24
D) nmap -T4 -q [Link]/24
72. Identify the type of jailbreaking which allows user-level access and does not allow
iboot-level access?

A) Userland exploit
B) iBootrom exploit
C) iBoot exploit
D) Bootrom exploit
73. Which regulation defines security and privacy controls for all U.S. federal
information systems except those related to national security?

A) HIPAA
B) EU Safe Harbor
C) NIST-800-53
D) PCI-DSS
74. Which of the following methods is best suited to protect confidential information
on your laptop which can be stolen while traveling?

A) Hidden folders
B) Full disk encryption
C) Password protected files
D) BIOS password
75. The evil hacker Ivan has installed a remote access trojan on a host. He wants to be
sure that when a victim attempts to go to "[Link]" that the user is directed
 to a phishing site. Which file should Ivan change in this case?

A) [Link]
B) Sudoers
C) Hosts
D) Networks
76. Which of the following UDP ports is usually used by Network Time Protocol
(NTP)?

A) 19
B) 161
C) 177
D) 123
77. Black hat hacker Ivan wants to implement a man-in-the-middle attack on the
corporate network. For this, he connects his router to the network and redirects
traffic to intercept packets. What can the administrator do to mitigate the attack?

A) Use only static routes in the corporation's network

B) Use the Open Shortest Path First (OSPF)
C) Redirection of the traffic is not possible without the explicit admin's
confirmation
D) Add message authentication to the routing protocol
78. Which of the following layer in IoT architecture helps bridge the gap between two
endpoints, such as a device and a client, and carries out message routing, message
identification, and subscribing?

A) Access Gateway
B) internet
C) Middleware
D) Edge technology
79. Determine the attack by the description:
The known-plaintext attack used against DES. This attack causes that encrypting
plaintext with one DES key followed by encrypting it with a second DES key is no
more secure than using a single key.

A) Replay attack
B) Traffic analysis attack
C) Meet-in-the-middle attack
D) Man-in-the-middle attack
80. Often, for a successful attack, hackers very skillfully simulate phishing messages.
To do this, they collect the maximum information about the company that they
will attack: emails of real employees (including information about the hierarchy in
the company), information about the appearance of the message (formatting,
logos), etc. What is the name of the stage of the hacker's work?

A) Enumeration stage
B) Exploration stage
C) Reconnaissance stage
D) Investigation stage
81. The web development team is holding an urgent meeting, as they has received
information from testers about a new vulnerability in their web software. They
make an urgent decision to reduce the likelihood of using the vulnerability. The
team decides to modify the software requirements to disallow users from entering
HTML as input into their web application. Determine the type of vulnerability that
the team found?

A) Cross-site request forgery vulnerability

B) Website defacement vulnerability
C) Cross-site scripting vulnerability
D) SQL injection vulnerability
82. John needs to choose a firewall that can protect against SQL injection attacks.
Which of the following types of firewalls is suitable for this task?

A) Packet firewall
B) Web application firewall
C) Hardware firewall
D) Stateful firewall
83. You know that the application you are attacking is vulnerable to an SQL injection,
but you cannot see the result of the injection. You send a SQL query to the
database, which makes the database wait before it can react. You can see from the
time the database takes to respond, whether a query is true or false. What type of
SQL injection did you use?

A) Blind SQLi
B) Out-of-band SQLi
C) Error-based SQLi
D) UNION SQLi
84. You are configuring the connection of a new employee's laptop to join an 802.11
network. The new laptop has the same hardware and software as the laptops of
other employees. You used the wireless packet sniffer and found that it shows that
the Wireless Access Point (WAP) is not responding to the association requests
being sent by the laptop. What can cause this problem?

A) The WAP does not recognize the laptop's MAC address

B) The laptop is configured for the wrong channel
C) The laptop cannot see the SSID of the wireless network
D) The laptop is not configured to use DHCP
85. Which of the following is not included in the list of recommendations of PCI Data
Security Standards?

A) Rotate employees handling credit card transactions on a yearly basis to

different departments
B) Do not use vendor-supplied defaults for systems passwords and other security
parameters
C) Protect stored cardholder data
D) Encrypt transmission of cardholder data across open, public networks
86. Which of the following best describes as software firewall?

A) Software firewall is placed between the anti-virus application and the IDS
components of the operating system
B) Software firewall is placed between the router and the networking components
of the operating systems
C) Software firewall is placed between the desktop and the software components
of the operating system
D) Software firewall is placed between the normal application and the
networking components of the operating system
87. Which of the following wireless standard has bandwidth up to 54 Mbit/s and
signals in a regulated frequency spectrum around 5 GHz?

A) 802.11g
B) 802.1n
C) 802.11a
D) 802.11i
88. Identify Bluetooth attack techniques that is used in to send messages to users
without the recipient's consent, for example for guerrilla marketing campaigns?
 A) Bluebugging
B) Bluesmacking
C) Bluejacking
D) Bluesnarfing
89. Why is a penetration test considered to be better than a vulnerability scan?

A) The tools used by penetration testers tend to have much more comprehensive
vulnerability databases
B) Penetration tests are intended to exploit weakness in the architecture of
your IT network, while a vulnerability scan does not typically involve active
exploitation
C) Vulnerability scans only do host discovery and port scanning by default
D) A penetration test is often performed by an automated tool, while a
vulnerability scan requires active engagement
90. What does the flag "-oX" mean in Nmap?

A) Run an express scan

B) Output the results in truncated format to the screen
C) Run an Xmas scan
D) Output the results in XML format to a file
91. For the company, an important criterion is the immutability of the financial reports
sent by the financial director to the accountant. They need to be sure that the
accountant received the reports and it hasn't been changed. How can this be
achieved?

A) Financial reports can send the financial statements twice, one by email and the
other delivered in USB and the accountant can compare both
B) Reports can send to the accountant using an exclusive USB for that document
C) Use a hash algorithm in the document once CFO approved the financial
statements
D) Use a protected excel file
92. You have been assigned the task of defending the company from network sniffing.
Which of the following is the best option for this task?

A) Restrict physical access to the server rooms hosting critical servers

B) Use static IP addresses
C) Using encryption protocols to secure network connections
D) Register all machines MAC addresses in a centralized database
93. The attacker tries to take advantage of vulnerability where the application does not
verify if the user is authorized to access the internal object via its name or key.
Which of the following queries best describes an attempt to exploit an insecure
direct object using the name of the valid account "User 1"?

A)
"GET/restricted/goldtranfer?to=Account&from=1or1=1'HTTP/1.1Host:westbank.
com"
B) "GET/restricted/accounts/?name=User1HTTP/1.1Host:[Link]"
C) "GET/restricted/[Link]("~User1")HTTP/1.1Host:[Link]"
D)
"GET/restricted/\r\n\%00account%00User1%00accessHTTP/1.1Host:[Link]
m"
94. Imagine the following scenario:
1. An attacker created a website with tempting content and banner like: "Do you
want to make $10,000 in a month?"
2. The victim clicks to the interesting and attractive content URL
3. The attacker creates a transparent 'iframe' in front of the banner which victim
attempts to click. The victim thinks that he clicks the "Do you want to make
$10,000 in a month?" banner but actually he clicks the content or UPL that exists
in the transparent 'iframe' which is set up by the attacker.
What is the name of the attack used in the scenario?

A) Session fixation
B) HTML injection
C) HTTP parameter pollution
D) Clickjacking attack
95. John, a penetration tester, decided to conduct a SQL injection test. He enters a
huge amount of random data and observers changes in output and security
loopholes in web applications. What SQL injection testing did John use?

A) Function testing
B) Fuzzing testing
C) Static testing
D) Dynamic testing
96. Ivan, an evil hacker, is preparing to attack the network of a financial company. To
do this, he wants to collect information about the operating systems used on the
company's computers. Which of the following techniques will Ivan use to achieve
the desired result?
 A) SSDP Scanning
B) Banner Grabbing
C) IDLE/IPID Scanning
D) UDP Scanning
97. Which of the following is a protocol that used for querying databases that store the
registered users or assignees of an internet resource, such as a domain name, and
IP address block or an autonomous system?

A) Internet engineering task force

B) CAPTCHA
C) Internet assigned numbers authority
D) WHOIS
98. Session splicing is an IDS evasion technique that exploits how some IDSs do not
reconstruct sessions before performing patter matching on the data. The idea
behind session splicing is to split data between several packets, ensuring that no
single packet matches any patterns within an IDS signature. Which tool can be
used to perform session splicing attacks?

A) Whisker
B) tcpsplice
C) Burp
D) Hydra
99. Which of the following flags will trigger an Xmas scan?

A) -sP
B) -sV
C) -sA
D) -sX
100. Maria is surfing the internet and trying to find information about Super
Security LLC. Which process is Maria doing?

A) Enumeration
B) Scanning
C) System Hacking
D) Footprinting
101.