Answers |Actual Complete Exam |Already Graded A+
(Just Released)
Which of the following is not an example of reconnaissance or gathering information of the
target company through open source intelligence?
A. Using LinkedIn and other social media to gather e-mail addresses of top executives
B. Performing passive reconnaissance by capturing packets and scanning ports
C. Monitoring job sites to learn what technologies are used
D. Performing DNS harvesting of company network data from external DNS servers ✔Correct
Answer-B. is correct. Capturing packets and scanning ports are not examples of passive
reconnaissance. Scanning ports is considering active reconnaissance. If your activities could
create entries in a log, then those actions are not passive.
What is the name of the command-line version of Wireshark?
A. nmap
B. tcpdump
C. Nessus
D. TShark ✔Correct Answer-D. is correct. TShark is the command-line interface of Wireshark.
You're at an employee's workstation. You need to quickly determine what other machines this
system is talking to. You don't have time to install extra tools. What command-line utility and
command-line switch will reveal connections between this workstation and others?
A. tcpdump -i -eth0
B. nikto -host
C. netstat -a
D. nbtstat -A ✔Correct Answer-C. is correct. The utility netstat is on the workstation and is
already a part of the operating system. Netstat is a command-line utility for viewing network
statistics information, such as what connections and protocols are in use. The command-line
switch -a will display all connections and listening ports.
You suspect an employee's workstation may be the source of malicious traffic. Which of the
following steps is the best course of action to determine both the type of traffic and this
workstation's participation in the traffic?
A. Set up packet capturing on a network device upstream from the workstation.
B. Set up packet capturing on the suspect workstation.
C. Set up packet capturing on a small group of servers identified as targets.
D. Install antivirus software on the suspect workstation. ✔Correct Answer-B. is correct.
Capturing packets from the suspect workstation will yield complete information regarding this
workstation as the source, thus demonstrating both the types of traffic and how the
workstation fits into the situation.
,Utilizing search sites as well as professional and social media sites with the goal of gathering
contact information is an example of what?
A. CVSS
B. OSINT
C. Social engineering
D. Phishing ✔Correct Answer-B is correct. OSINT, or open source intelligence, refers to
gathering information about a target without directly interacting with that target's
infrastructure
Which of the following is not an example of a virtualization technology?
A. Containers
B. Software-defined networking
C. Mirroring
D. Hypervisors ✔Correct Answer-C. is correct. Mirroring describes a technique of fault
tolerance in storage, or in the case of switch ports, it describes copying network traffic.
Mirroring is not a virtualization technology.
Which of the following is a Type 2 hypervisor?
A. VMware Player
B. Microsoft Hyper-V
C. VMware ESX
D. Kernel-based Virtual Machine ✔Correct Answer-A. is correct. VMware Player is a Type 2
hypervisor, which means it runs from within an operating system.
Which of the following is not an actual cloud computing technology?
A. IaaS
B. SaaS
C. PaaS
D. SDN ✔Correct Answer-D. is correct. Although SDN (or software-defined networking) is a
virtualization technology, it is not necessarily in the cloud.
You are tasked with scanning across the network space 192.168.2.x and identifying what
operating systems are presently running. Select the correct tool and command-line switch
necessary to determine what operating systems are running on that subnet.
A. nikto -Version 192.168.2.0
B. nmap -O 192.168.2.0/24
C. syslog -network 192.168.2.0-192.168.2.254
D. netstat -a 192.168.2.0 /24 ✔Correct Answer-B. is correct. Nmap is capable of detecting
operating systems, and the command-line syntax shown is correct.
A company has suffered a recent incident where a print server was infected with malware and
began aggressively scanning other machines on the network. The malware-infected server was
identified only after a significant number of other machines were experiencing issues. Although
,the problem was contained, the timing was an issue. The company asks you to suggest how
responding to problems like this could be done more quickly. What do you suggest?
A. The company should review the firewall rules for areas to improve.
B. The company should install an IDS on the network.
C. The company should install an IPS on the network.
D. The company should scan for further vulnerable print servers. ✔Correct Answer-C. is
correct. An IPS would not only identify the problem but immediately react to contain or
eliminate it.
What is a primary challenge to using cloud storage versus on-premises storage?
A. On-premises storage doesn't permit mobile access.
B. Expensive software licensing and hardware for cloud services.
C. Cloud resources put more emphasis on identity management.
D. Limited options for cloud computing. ✔Correct Answer-C. is correct. Identity management
becomes ever more important when users are accessing resources away from your control.
Wireshark and tcpdump are examples of what kind of application?
A. Syslog aggregators
B. Packet analyzers
C. Intrusion detection systems
D. Port scanners ✔Correct Answer-B. is correct. Wireshark and tcpdump are packet capturing
and analysis tools. Both will allow you to capture and view packets as well as perform varying
levels of analysis on network traffic.
Which of the following is not included when capturing packet headers but is provided with full
packet capture?
A. Source address
B. Payload
C. Protocol flags
D. Destination addres ✔Correct Answer-B. is correct. The payload is not captured when only
the packet header is captured.
Which of the following statements is not true when it comes to syslog?
A. Syslog supports a broad range of devices and events.
B. Messages can be aggregated into a single, nonhierarchical feed.
C. Devices are polled for messages, echoing back to a syslog server.
D. The syslog protocol and messaging come native in most firewalls and network devices as well
as most *nix systems. ✔Correct Answer-C. is correct. Syslog does not "poll" devices for event
messages. Syslog messages are only sent to a syslog server, with no prompting.
A company is frustrated by its firewall's inability to catch higher-level malicious attacks, such as
SQL injection and cross-site scripting (XSS). The firewall is unable to distinguish between valid
HTTP traffic and malicious attacks when such traffic traverses the firewall on port 80. What do
you see as the primary limitation of the firewall?
, A. The firewall is an application-layer firewall, unable to identify the higher-layer data.
B. The firewall needs to be partnered with an IDS or IPS.
C. The firewall rules need to be reviewed and likely changed.
D. The firewall is a layer 3 or 4 device and should be replaced with an application-layer device.
✔Correct Answer-D. is correct. The problem described seems to point to a standard firewall
that's unable to inspect application-layer traffic. It should be replaced with a capable,
application-layer firewall.
If an attacker is using nmap to map the network topology, which of the returned states of the
port scans provides the least information?
A. Unfiltered
B. Filtered
C. Closed
D. Open ✔Correct Answer-B. is correct. Filtered state means the nmap probe scan was unable
to reach the port, to hear back whether the port was open or closed. This would make the
attacker's efforts most difficult in mapping the network topology in order to understand the
various network areas such DMZ, perimeter devices, and other key network components
What would be an appropriate tool for performing service discovery on a large network?
A. An IDS (but no IPS) placed anywhere on the servers' local subnet
B. A HIDS placed on a target server
C. Any tool able to review firewall logs or router ACLs
D. A port scanner ✔Correct Answer-D. is correct. A port scanner would quickly reveal what
ports (and the services behind them) are open and listening on devices on the scanned
network.
When you're capturing packets on a wireless network versus a wired network, which of the
following statements are true? (Choose all that apply.)
A. Using promiscuous mode to view all packets applies on both wired and wireless networks.
B. Being in monitor mode allows for the capture of all 802.11 activity, without connection to the
access point.
C. Wireless signals can be relatively limited beyond a physical presence such as a fence.
D. Strong, secure encryption provides no protection against data exposed via eavesdropping.
✔Correct Answer-A and B are correct. A is correct because promiscuous mode, if supported by
the wireless card, is what allows the card to process all 802.11 activity, not just traffic targeted
to that card. B is correct because monitor mode allows the same visibility to all activity, even
without being connected to an access point.
Which of the following data sources would offer the least diverse, most precise kind of
information?