Ethical Hacker Security

Question 1

What port number is used by LDAP protocol?

Accepted Answer

389

Answer

110

Answer

464

Answer

445

Question 2

A penetration tester is hired to do a risk assessment of a company's DMZ.
The rules of engagement states that the penetration test be done from an external IP address with no prior knowledge of the internal IT systems.
What kind of test is being performed?

Accepted Answer

black box

Answer

white box

Answer

grey box

Answer

red box

Question 3

How many bits encryption does SHA-1 use?

Accepted Answer

160 bits

Answer

64 bits

Answer

128 bits

Answer

256 bits

Question 4

What is the least important information when you analyze a public IP address in a security alert?

Accepted Answer

ARP

Answer

Whois

Answer

DNS

Answer

Geolocation

Question 5

A medium-sized healthcare IT business decides to implement a risk management strategy.
Which of the following is NOT one of the five basic responses to risk?

Accepted Answer

Delegate

Answer

Avoid

Answer

Mitigate

Answer

Accept

Question 6

When creating a security program, which approach would be used if senior management is supporting and enforcing the security policy?

Accepted Answer

A top-down approach

Answer

A bottom-up approach

Answer

A senior creation approach

Answer

An IT assurance approach

Question 7

Simon is security analyst writing signatures for a Snort node he placed internally that captures all mirrored traffic from his border firewall.
From the following signature, what will Snort look for in the payload of the suspected packets?

alert tcp $EXTERNAL_NET any -> $HOME_NET 27374 (msG."BACKDOOR SIG - SubSseven 22";flags: A +; content: "|0d0a5b52504c5d3030320d0a|"; reference:arachnids, 485;) alert

Accepted Answer

Snort will look for 0d0a5b52504c5d3030320d0a in the payload.

Answer

The payload of 485 is what this Snort signature will look for.

Answer

Packets that contain the payload of BACKDOOR SIG - SubSseven 22 will be flagged.

Answer

From this snort signature, packets with HOME_NET 27374 in the payload will be flagged.

Question 8

You work as a Security Analyst for a retail organization. In securing the company's network, you set up a firewall and an IDS. However, hackers are able to attack the network.
After investigating, you discover that your IDS is not configured properly and therefore is unable to trigger alarms when needed.
What type of alert is the IDS giving?

Accepted Answer

False Negative

Answer

True Positive

Answer

True Negative

Answer

False Positive

Question 9

How can telnet be used to fingerprint a web server?

Accepted Answer

telnet webserverAddress 80 HEAD / HTTP/1.0

Answer

telnet webserverAddress 80 PUT / HTTP/1.0

Answer

telnet webserverAddress 80 HEAD / HTTP/2.0

Answer

telnet webserverAddress 80 PUT / HTTP/2.0

Question 10

During a security audit of IT processes, an IS auditor found that there were no documented security procedures.
What should the IS auditor do?

Accepted Answer

Identify and evaluate existing practices

Answer

Terminate the audit

Answer

Create a procedures document

Answer

Conduct compliance testing