Cyber Sentinels

Question Bank

1. Which of the following is a type of password attack?

a) Brute force
b) Cross-site scripting
c) SQL injection
d) Denial of Service

2. Which of the following is a way to prevent SQL injection attacks?

a) Encrypting network traffic

b) Implementing a firewall

c) Input validation

d) Installing antivirus software

3. Which of the following is a type of denial of service attack?

a) Smurf attack

b) SQL injection

c) Cross-site scripting

d) Port scanning

4. Which of the following is NOT an example of a social engineering

technique?

a) Pretexting

b) Phishing

c) Shoulder surfing

d) SQL injection
5. Which of the following is an example of a passive network reconnaissance
technique?

a) Port scanning

b) Ping sweep

c) Banner grabbing

d) Sniffing

6. Which of the following is NOT an example of a cryptography algorithm?

a) AES

b) RSA

c) SHA

d) SQL

7. Which of the following is a technique used to prevent a buffer overflow

attack?

a) Input validation

b) Brute force attack

c) Man-in-the-middle attack

d) Social engineering attack

8. Which of the following is an example of a black box testing technique?

a) Fuzz testing

b) Penetration testing

c) Vulnerability scanning

d) Source code review

 9. Which of the following is NOT a common method used for social
engineering attacks?

A) Pretexting

B) Phishing

C) Vishing

D) Port Scanning

10. Which of the following is a common vulnerability assessment tool used to

identify weaknesses in a network?

A) Metasploit

B) Nikto

C) Nessus

D) Wireshark

11. What type of attack is designed to exhaust a network's resources and deny
access to legitimate users?

A) Smurf attack

B) SQL injection

C) Cross-site scripting

D) Social engineering

12. Which of the following is NOT a common encryption algorithm used to

protect data?

A) AES

B) RSA

C) SHA-1

D) Blowfish
13. Which of the following is a method used to hide a message or file inside
another message or file?

A) Steganography

B) Cryptography

C) Hashing

D) Brute-force attack

14. Which of the following is NOT a type of social engineering attack?

a) Phishing

b) Shoulder surfing

c) Bluejacking

d) Spoofing

15. Which of the following is a common technique used by attackers to exploit

buffer overflow vulnerabilities?

a) Cross-site scripting

b) SQL injection

c) DNS spoofing

d) Shellcode injection

16. Which of the following is NOT a step in the vulnerability assessment

process?

a) Scanning

b) Enumeration

c) Fuzzing

d) Exploitation
17. Which of the following is a technique used by attackers to gain access to a
system by exploiting a weakness in the system's authentication mechanism?

a) Password spraying

b) Port scanning

c) Ping of Death

d) DNS rebinding

18. Which of the following is a technique used by attackers to hide their tracks
by erasing evidence of their activities from log files?

a) SQL injection

b) Privilege escalation

c) Fileless malware

d) Log tampering

19. Which of the following is a passive reconnaissance technique used in

ethical hacking?

a) Port Scanning

b) Social Engineering

c) Sniffing

d) SQL Injection

20. Which of the following is a technique used to hide data in plain sight?

a) Steganography

b) Cryptography

c) Brute-Force Attack

d) SQL Injection
21. Which of the following is a vulnerability scanning tool?

a) Metasploit

b) Nmap

c) Wireshark

d) Cain & Abel

22. Which of the following is a technique used to prevent unauthorized access

to a network?

a) Encryption

b) Firewall

c) DMZ

d) VLAN

23. Which of the following is a web application vulnerability?

a) Cross-site scripting (XSS)

b) DNS spoofing

c) SYN flood

d) Ping of Death

24. Which of the following is NOT an example of social engineering?

a) Phishing

b) Shoulder surfing

c) Denial of Service

d) Tailgating
25. Which of the following is a technique used to detect network vulnerabilities
by analyzing network traffic?

a) Penetration testing

b) Vulnerability scanning

c) Packet sniffing

d) Hash cracking

26. Which of the following is NOT an example of a password attack?

a) Brute force

b) Dictionary

c) SQL injection

d) Rainbow table

27. Which of the following is NOT an example of a wireless network attack?

a) Rogue access point

b) Evil twin

c) Packet sniffing

d) SQL injection

28. Which of the following is a type of malware that is designed to spread

rapidly across a network?

a) Adware

b) Spyware

c) Trojan

d) Worm
29. If you click the login button on a webpage, what kind of request does the
browser generally send to the server?
A. An HTTP POST request
B. An HTTP GET request
C. An HTTP PUT request
D. An HTTP OPTIONS request

30. You have found a live system on IP-address 192.168.11.54. Which Nmap
command allows you to identify the target’s operating system?
A. nmap -oS 192.168.11.54
B. nmap -sn 192.168.11.54
C. nmap -O 192.168.11.54
D. nmap -sL 192.168.11.54

31. The attacker copies the target’s password file and then tries to crack
passwords in his system at a different location. What type of password attack
that performed?

A. Active Online Attack

B. Passive Online Attack
C. Non-Electronic Attack
D. Offline Attack

32. It is a kind of malware (malicious software) that gets activated upon users’
certain predefined actions. When activated, it can grant attackers unrestricted
access or control of all data stored on compromised information systems and
can cause potentially immense damage. Which of the following terms best
matches the definition?

A. Virus
B. Trojan
C. Ransomware
D. Worm

33. Server Administrator configures access settings for users to authenticate

first before accessing web pages. Which requirement of information security
is addressed by implementing the configuration?

A. Integrity
B. Availability
C. Confidentiality
D. Scalability
34. An organization allows employees to work from the outside network to
access the data for a specific purpose. Which technology should be
implemented to ensure data confidentiality as data is transmitted?

A. Telnet
B. VLAN
C. WPA2
D. VPN

35. Attackers use image files to hide some information for malicious purposes.
What type of technique did the attacker perform?

A. Spyware
B. Cryptography
C. Steganography
D. Backdoor

36. Which Intrusion Detection System is the best applicable to analyze the
system’s behavior for Desktop PC or Server?

A. HIDS
B. NIDS
C. Firewall
D. Antivirus

37. What is the purpose of a demilitarized zone on a network?

A. Protecting the network devices

B. Provide detection for malicious traffic on the network
C. Provide security on servers
D. Providing security to the internal network and only provide direct access to DMZ
nodes

38. Which of the following types of firewall inspects specific traffic such as
http:get or post?

A. Packet filtering firewall

B. Application-level firewall
C. Circuit-level gateway firewall
D. Stateful Multilayer Inspection
39. The system administrator uses virus detection to prevent viruses on the
system. He uses a tool for monitoring system operation requests that are
written to disk. What is the virus detection method that the system
administrator performs?

A. Scanning
B. Interception
C. Code Emulation
D. Integrity Checking

40. Hyena is a tool to manages and secures Windows operating systems and
uses a Windows Explorer-style interface for all operations. It shows shares
and user login names for Windows servers and domain controllers. What is
the purpose of using this tool?

A. NETBIOS Enumeration
B. LDAP Enumeration
C. SNMP Enumeration
D. SMTP Enumeration

41. Hashing is generating a value or values from a string of text using a

mathematical function. Which of the following is assured by the use of a hash?

A. Confidentiality
B. Integrity
C. Availability
D. Authentication

42. Domain Name System (DNS) has a few types of records. One type of them
is AAAA Record. What is the purpose of the AAAA Record ?

A. IPv4 address resolution record

B. IPv6 address resolution record
C. Mail exchange record
D. Text record

43. CVSS is a published standard that provides an open framework for

communicating the characteristics and impacts of IT vulnerabilities. CVSS
assessment consists of three metrics for measuring vulnerabilities. Which of
the following is the best definition of base metric?

A. Represents the inherent qualities of a vulnerability

B. Represents the vulnerabilities that are based on a particular environment or
implementation
C. Represents the features that keep on changing during the lifetime of vulnerability
D. Represent the type of vulnerability
 44. Which type of hacker performs an attack on the system by using tools and
knowledge found on the internet?

A. White Hat
B. Grey Hat
C. Black Hat
D. Script Kiddies

45. Which of the following OSI layers is the packet filtering firewall work on?

A. Application
B. Application, Presentation, Session
C. Physical, Data Link
D. Data Link, Network, Transport

46. The enormous usage of mobile devices has grabbed the attention of
attackers. Mobile devices access many of the resources that traditional
computers use. Apart from that, mobile devices also have some unique
features that add new attack vectors and protocols to the mix. Which of the
following are mobile attack vectors?

A. Malware
B. Data Exfiltration
C. Data Tampering
D. Data Breaking

47. Which of the following protocol used to ensure security in transferring files
across the network?

A. SSL
B. HTTP
C. TLS
D. SFTP

48. How to detect a honeypot that running on VMWare?

A. analysing outgoing packets

B. Looking for MAC Address range on IEEE standard
C. Looking for specific TCP/IP parameters such as TTL, RTT, and, TCP timestamp
D. using time-based TCP fingerprinting method
49. XYZ company uses 10.20.29.0/27 for the local network. Which of the
following subnet mask in this network?

A. 255.255.255.0
B. 255.255.255.252
C. 255.255.255.248
D. 255.255.255.224

50. In the Linux system, you want to view firewall logs to evaluate network
traffic. It would be best if you searched the specific logs with fast and efficient.
Which command-line utility are you most likely to use?

A. Notepad
B. Nano
C. Gedit
D. Grep

51. A pen-tester is attacking wireless networks using fake authentication and

ARP request injection. Which tools should be used by a pen-tester?

A. Aircrack-ng
B. Aireplay-ng
C. Airman-ng
D. Wireshark

52. It is the process of replacing unwanted bits in an image and its source files
with the secret data. Which of the term being described?

A. Spyware
B. Cryptography
C. Steganography
D. Backdoor

53. Which protocol is used for setting up secure channels between two
devices, typically in VPNs?

A. PPP
B. IPSEC
C. WPA
D. WEP
54. John the Ripper is a technical assessment tool used to test the weakness
of which of the following?

A. Usernames
B. File permissions
C. Firewall rulesets
D. Passwords

55. In what stage of Virus life does a stealth virus gets activated with the user
performing certain actions such as running an infected program?

 A. Design
 B. Elimination
 C. Incorporation
 D. Replication
 E. Launch
 F. Detection

56. What is a sniffing performed on a switched network called?

 A. Spoofed sniffing
 B. Passive sniffing
 C. Direct sniffing
 D. Active sniffing

57. A rootkit is a collection of tools (programs) that enable administrator-level access

to a computer. This program hides itself deep into an operating system for malicious
activity and is extremely difficult to detect. The malicious software operates in a
stealth fashion by hiding its files, processes and registry keys and may be used to
create a hidden directory or folder designed to keep out of view from a user's
operating system and security software.
What privilege level does a rootkit require to infect successfully on a Victim's
machine?

 A. User level privileges

 B. Ring 3 Privileges
 C. System level privileges
 D. Kernel level privileges

58. Which Steganography technique uses Whitespace to hide secret

messages?

 A. snow
 B. beetle
 C. magnet
 D. cat
59. Cyber Criminals have long employed the tactic of masking their true
identity. In IP spoofing, an attacker gains unauthorized access to a computer
or a network by making it appear that a malicious message has come from a
trusted machine, by "spoofing" the IP address of that machine.
How would you detect IP spoofing?

 A. Check the IPID of the spoofed packet and compare it with TLC checksum.
If the numbers match then it is spoofed packet
 B. Probe a SYN Scan on the claimed host and look for a response SYN/FIN
packet, if the connection completes then it is a spoofed packet
 C. Turn on 'Enable Spoofed IP Detection' in Wireshark, you will see a flag tick
if the packet is spoofed
 D. Sending a packet to the claimed host will result in a reply. If the TTL in the
reply is not the same as the packet being checked then it is a spoofed packet

60. David is a security administrator working in Boston. David has been asked
by the office's manager to block all POP3 traffic at the firewall because he
believes employees are spending too much time reading personal email. How
can David block POP3 at the firewall?

 A. David can block port 125 at the firewall.

 B. David can block all EHLO requests that originate from inside the office.
 C. David can stop POP3 traffic by blocking all HELO requests that originate
from inside the office.
 D. David can block port 110 to block all POP3 traffic.

61. You want to capture Facebook website traffic in Wireshark. What display
filter should you use that shows all TCP packets that contain the word
'facebook'?

 A. display==facebook
 B. traffic.content==facebook
 C. tcp contains facebook
 D. list.display.facebook
62. XSS attacks occur on Web pages that do not perform appropriate bounds
checking on data entered by users. Characters like < > that mark the
beginning/end of a tag should be converted into HTML entities.

What is the correct code when converted to html entities?

 A. Option A
 B. Option B
 C. Option C
 D. Option D

63. Most cases of insider abuse can be traced to individuals who are
introverted, incapable of dealing with stress or conflict, and frustrated with
their job, office politics, and lack of respect or promotion. Disgruntled
employees may pass company secrets and intellectual property to competitors
for monitory benefits.
Here are some of the symptoms of a disgruntled employee:
a. Frequently leaves work early, arrive late or call in sick
b. Spends time surfing the Internet or on the phone
c. Responds in a confrontational, angry, or overly aggressive way to simple
requests or comments d. Always negative; finds fault with everything
These disgruntled employees are the biggest threat to enterprise security.
How do you deal with these threats? (Select 2 answers)

 A. Limit access to the applications they can run on their desktop computers
and enforce strict work hour rules
 B. By implementing Virtualization technology from the desktop to the data
centre, organizations can isolate different environments with varying levels of
access and security to various employees
 C. Organizations must ensure that their corporate data is centrally managed
and delivered to users just and when needed
 D. Limit Internet access, e-mail communications, access to social networking
sites and job hunting portals

64. Fake Anti-Virus, is one of the most frequently encountered and persistent
threats on the web. This malware uses social engineering to lure users into
infected websites with a technique called Search Engine Optimization.
Once the Fake AV is downloaded into the user's computer, the software will
scare them into believing their system is infected with threats that do not
really exist, and then push users to purchase services to clean up the non-
existent threats.
The Fake AntiVirus will continue to send these annoying and intrusive alerts
until a payment is made.
What is the risk of installing Fake AntiVirus?

 A. Victim's Operating System versions, services running and applications

installed will be published on Blogs and Forums
 B. Victim's personally identifiable information such as billing address and
credit card details, may be extracted and exploited by the attacker
 C. Once infected, the computer will be unable to boot and the Trojan will
attempt to format the hard disk
 D. Denial of Service attack will be launched against the infected computer
crashing other machines on the connected network

65. How would you describe an attack where an attacker attempts to deliver
the payload over multiple packets over long periods of time with the purpose
of defeating simple pattern matching in IDS systems without session
reconstruction? A characteristic of this attack would be a continuous stream
of small packets.

 A. Session Hijacking
 B. Session Stealing
 C. Session Splicing
 D. Session Fragmentation

66. Jake works as a system administrator at Acme Corp. Jason, an accountant

of the firm befriends him at the canteen and tags along with him on the pretext
of appraising him about potential tax benefits. Jason waits for Jake to swipe
his access card and follows him through the open door into the secure
systems area. How would you describe Jason's behavior within a security
context?

 A. Smooth Talking
 B. Swipe Gating
 C. Tailgating
 D. Trailing

67. While performing a ping sweep of a local subnet you receive an ICMP reply
of Code 3/Type
13 for all the pings you have sent out. What is the most likely cause of this?

 A. The firewall is dropping the packets

 B. An in-line IDS is dropping the packets
 C. A router is blocking ICMP
 D. The host does not respond to ICMP packets
68. Consider the following code:
URL:http://www.certified.com/search.pl?
text=<script>alert(document.cookie)</script>
If an attacker can trick a victim user to click a link like this, and the Web
application does not validate input, then the victim's browser will pop up an
alert showing the users current set of cookies. An attacker can do much more
damage, including stealing passwords, resetting your home page, or
redirecting the user to another Web site.
What is the countermeasure against XSS scripting?

 A. Create an IP access list and restrict connections based on port number

 B. Replace "<" and ">" characters with "& l t;" and "& g t;" using server scripts
 C. Disable Javascript in IE and Firefox browsers
 D. Connect to the server using HTTPS protocol instead of HTTP

69. What kind of OS fingerprinting approach examines the answer received after
sending specially constructed packets to the distant OS?

 A. Passive
 B. Reflective
 C. Active
 D. Distributive

70. Port 25 is open on a server, according to an NMAP scan. What danger

might this bring?

 A. Open printer sharing

 B. Web portal data leak
 C. Clear text authentication
 D. Active mail relay

71. Which of the following methods is used for passive reconnaissance

information gathering?

 A. Social engineering
 B. Network traffic sniffing
 C. Man in the middle attacks
 D. Publicly accessible sources

72. What must be produced in order to demonstrate security improvement

over time?

 A. Reports
 B. Testing tools
 C. Metrics
 D. Taxonomy of vulnerabilities
 73.Which of the following applications typically targets Microsoft Office
software?

 A. Polymorphic virus
 B. Multipart virus
 C. Macro virus
 D. Stealth virus

74. Which claim about network firewalls preventing Web application assaults
is TRUE?

 A. Attacks can be stopped by network firewalls because they can identify

malicious HTTP traffic.
 B. Because ports 80 and 443 need to be opened, network firewalls cannot
stop assaults.
 C. If configured correctly, network firewalls can stop attacks.
 D. Network firewalls can’t stop assaults because setting them up is too
difficult.
75. In a DDoS attack, what communications channel is commonly used to
orchestrate the attack?

A) Internet Relay Chat (IRC)

B) MSN Messenger
C) ICMP
D) Google Talk

76. Which of the following best describes a web application?

A) Code designed to be run on the client
B) Code designed to be run on the server
C) SQL code for databases
D) Targeting of web services

77.__________ is a client-side scripting language.

A) JavaScript
B) ASP
C) ASP.NET
D) PHP

78. Which of the following is an example of a server-side scripting language?

A) JavaScript
B) PHP
C) SQL
D) HTML
79.__________ can be used to identify a web server.
A) Session hijacking
B) Banner grab
C) Traversal
D) Header analysis

80.Which of the following is an attribute used to secure a cookie?

A) Encrypt
B) Secure
C) HttpOnly
D) Domain