Sample Questions
Q) Identify the type of firewall represented in the diagram below:
a) Stateful multilayer inspection firewall
b) Application level gateway
c) Packet filter
d) Circuit level gateway
Q) Due to illegal inputs, various types of TCP stacks respond in a different manner. Some IDSs do not take into account the TCP protocol's urgency feature, which could allow testers to evade the IDS. Penetration tester needs to try different combinations of TCP flags (e.g. none, SYN/FIN, SYN/RST, SYN/FIN/ACK, SYN/RST/ACK, and All Flags) to test the IDS. Which of the following TCP flag combinations combines the problem of initiation, midstream, and termination flags with the PSH and URG?
a) SYN/RST/ACK
b) SYN/FIN/ACK
c) SYN/FIN
d) All Flags
Q) Identify the person who will lead the penetration-testing project and be the client point of contact.
a) Database Penetration Tester
b)Policy Penetration Tester
c) Chief Penetration Tester
d) Application Penetration Tester
Q) A man enters a PIN number at an ATM machine, being unaware that the person next to him was watching. Which of the following social engineering techniques refers to this type of information theft?
a) Shoulder surfing
b) Phishing
c) Insider Accomplice
d) Vishing
Q)The Internet is a giant database where people store some of their most private information on the cloud, trusting that the service provider can keep it all safe. Trojans, Viruses, DoS attacks, website defacement, lost computers, accidental publishing, and more have all been sources of major leaks over the last 15 years. What is the biggest source of data leaks in organizations today?
a) Weak passwords and lack of identity management
b) Insufficient IT security budget
c) Rogue employees and insider attacks
d) Vulnerabilities, risks, and threats facing Web sites