PARTE 4

Pregunta 1:
Which DoS attack sends traffic to the target with a spoofed IP of the target
itself?
a- Land
b- Teardrop
c- SYN flood
d- Smurf

Explicación:A land attack fits this description. Smurf Attacks deal with ICMP echo
requests going back to a spoofed target address. SYN floods use custom packets that
barrage a target with requests. Teardrop attacks use custom fragmented packets that
have overlapping offsets.

Pregunta 2:
If you can’t gain enough information directly from a target, what is another
option?
a- Competitive analysis
b- EDGAR
c- Scanning
d- Social engineering

Explicación:. Competitive analysis can prove very effective when you’re trying to gain
more detailed information about a target. Competitive analysis relies on looking at a
target’s competitors in an effort to find out more about the target.

Pregunta 3:
Which of the following is not typically used during footprinting?
a- Email
b- Port scanning
c- Search engines
d- Google hacking

Explicación:Port scanning is typically reserved for later stages of the attack process.
Pregunta 4:
Jason is the local network administrator who has been tasked with securing the
network from possible DoS attacks. Within the last few weeks, some traffic logs
appear to have internal clients making requests from outside the internal LAN.
Based on the traffic Jason has been seeing, what action should he take?
a- Implement ingress filtering
b- Implement egress filtering
c- Trottle network traffic
d- Update antivirus definitions

Explicación:Throttling network traffic will slow down a potential DoS attack; however,
an ingress filter will check for internal addresses coming in from the public side. This is
a good indicator of a spoofed IP.

Pregunta 5:
Which of the following best describes footprinting?
a- Discussion with people
b- Enumeration of services
c- Investigation of a target
d- Discovery of services

Explicación:Footprinting is the gathering of information relating to an intended target.

The idea is to gather as much information about the target as possible before starting
an attack.

Pregunta 6:
Which of the following is used to access content outside the root of a website?
a- SQL injection
b- Brute forcé
c- Port scanning
d- Directory traversal

Explicación:Directory traversals are used to browse outside the root of the site or
location and access files or directories that should otherwise be hidden.

Pregunta 7:
Databases can be a victim of code exploits depending on which of the
following?
a- Patches
 b- Configuration
c- Client version
d- Vendor

Explicación:Databases can be a victim of source code exploits, depending on their

configuration and design.

Pregunta 8:
What is the role of social engineering?
a- To gain information about posts and cameras
b- To gain information about social media
c- To gain information from human beings
d- To gain information about computers

Explicación:Social engineering can gain information about computers and other

items, but it does so by interacting with people to extract that information.

Pregunta 9:
What is the hexadecimal value of a NOP instruction in an Intel system?
a- 0x99
b- 0x90
c- 0x80
d- 99x0

Explicación:0x90 is the hexadecimal value of a NOP instruction for Intel-based

systems. Remember to keep an eye out for this value; it indicates a NOP and possibly
a NOP sled, which could indicate a buffer overflow condition in progress.

Pregunta 10:
Footprinting has two phases. What are they?
a- Social and anonymous
b- Active and pseudonymous
c- Scanning and enumerating
d- Active and passive
Explicación:Footprinting is typically broken into active and passive phases, which are
characterized by how aggressive the process actually is. Active phases are much
more aggressive than their passive counterparts.

Pregunta 11:
Why use Google hacking?
a- To look for information about google
b- To fine-tune search results
c- To speed up searches
d- To target domain

Explicación:Google hacking is used to produce more targeted and useful search

results than would be possible using normal searches.

Pregunta 12:
Which of the following can prevent bad input from being presented to an
application through a form?
a- Directory traversing
b- Request filtering
c- Input scanning
d- Input validation

Explicación:Input validation is the process of checking input for correctness prior to its
being accepted by an application. Unlike filtering, which works on the server side,
validation works on the client side and prevents bad input from making it to the server.

Pregunta 13:
WEP is designed to offer security comparable to which of the following?
a- Wired networks
b- Bluetooth
c- IPv6
d- IrDA

Explicación:WEP is intended to offer security comparable to that experienced on

traditional wired networks. In practice the security has been less than intended.

Pregunta 14:
Which of the following would be a very effective source of information as it
relates to social engineering?
 a- Social networking
b- Port scanning
c- Job boards
d- Websites

Explicación:Social networking has proven especially effective for social engineering

purposes. Due to the amount of information people tend to reveal on these sites, they
make prime targets for information gathering.

Pregunta 15:
Footprinting can determine all of the following except __________?
a- Hardware types
b- Business processes
c- Distribution and number of personnel
d- Software types

Explicación:Footprinting is not very effective at gaining information about the number

of personnel.

Pregunta 16:
Which of the following is designed to locate wireless access points?
a- Site survey
b- Traffic analysis
c- Pattern recognition
d- Cracking

Explicación:The purpose of a site survey is to map out a site and locate access points
and other wireless-enabled devices.

Pregunta 17:
Which of the following can be used to tweak or fine-tune search results?
a- Refining
b- Hacking
c- Operators
d- Archiving
Explicación:Operators such as filetype are used to manipulate search results for
some search engines such as Google.

Pregunta 18:
Which of the following operates at 5 GHz?
a- 802.11b
b- 802.11a
c- 802.11g
d- 802.11i

Explicación:802.11a operates exclusively at the 5 GHz frequency range, whereas

802.11b and 802.11g operate at the 2.54 GHz range. The newer 802.11n standard
can operate at both frequency ranges.

Pregunta 19:
Android is based on which operating system?
a- Windows
b- Unix
c- Linux
d- OS X

Explicación
Android is based on Linux.

Pregunta 20:
Which tool can trace the path of a packet?
a- DNS
b- Ping
c- Whois
d- Tracert

Explicación:Tracert is a tool used to trace the path of a packet from source to ultimate
destination.

PARTE 5
Pregunta 1:
Which of the following types of attack has no flags set?
 a- NULL
b- FIN
c- SYN
d- Xmas tree
Explicación: A NULL scan has no flags configured on its packets.

Pregunta 2:
Which of the following is used to perform customized network scans?
a- AirPcap
b- Nessus
c- Nmap
d- Wireshark
Explicación:Nmap is a utility used to scan networks and systems and for other
types of custom scans.

Pregunta 3:
Which best describes a vulnerability scan?
a- A way to automate the Discovery of vulnerabilities
b- A proxy attack
c- A way to diagram a network
d- A way to find open ports

Explicación:Vulnerability scans are designed to pick up weaknesses in a system.

They are typically automated.

Pregunta 4:
A full-open scan means that the three-way handshake has been completed.
What is the difference between this and a half-open scan?
a- A half-open uses TCP
b- A half-open does not include the final ACK
c- A half-open includes the final ACK
d- A half-open uses UDP

Explicación:A three-way handshake is part of every TCP connection and

happens at the beginning of every connection. In the case of a half-open scan,
however, a final ACK is not sent, therefore leaving the connection halfway
complete.
Pregunta 5:
Which of the following can be used to evade an IDS?
a- Port scanning
b- Packet sniffing
c- Encryption
d- Enumeration

Explicación:Encryption can be used to avoid specific types of firewalls because

of their inability to decrypt the traffic.

Pregunta 6:
SaaS is a cloud hosting environment that offers what?
a- Testing options
b- Improved security
c- Software hosting
d- Development options

Explicación:SaaS, or Software as a Service, is an environment used to host software

services offsite and possibly license just what a company needs and only for as long
as they need it.

Pregunta 7:
What is the proper sequence of the TCP three-way-handshake?
a- SYN-ACK.ACK.ACK
b- SYN-SYN,SYN-ACK,SYN
c- SYN,SYN-ACK.ACK
d- ACK, SYN-ACK,SYN

Explicación:Remember this three-way handshake sequence; you will see it quite a bit
in packet captures when sniffing the network. Being able to identify the handshake
process allows you to quickly find the beginning of a data transfer.

Pregunta 8:
What is the purpose of a proxy?
a- To assist in scanning
b- To keep a scan hidden
c- To perform a scan
d- To automate the Discovery of vulnerabilities
Pregunta 9:
Physical security can prevent which of the following?
a- FTP
b- Tailgating
c- Cracking
d- DDoS

Explicación:Tailgating is an attack where an intruder follows an approved

individual into a facility. Devices such as mantraps can thwart this attack

Pregunta 10:
A public and private key system differs from symmetric because it uses which of
the following?
a- One algorithm
b- Two keys
c- Two algorithms
d- One key

Explicación:A public and private key are mathematically related keys, but they
are not identical. In symmetric systems only one key is used at a time.

Pregunta 11:
Which of the following is not a flag on a packet?
a- END
b- RST
c- URG
d- PSH

Explicación:END is not a type of flag. Valid flags are ACK, FIN, SYN, URG, RST,
and PSH.

Pregunta 12:
Which of the following is used for banner grabbing?
a- Wireshark
b- Telnet
c- FTP
d- SSH
Explicación:Telnet is used to perform banner grabs against a system. However, other
tools are available to do this as well.

Pregunta 13:
Which of the following can be used to identify a firewall?
a- Google hacking
b- Email
c- Search engines
d- Port scanning

Explicación:Port scanning can be used to identify certain firewalls because specific

ports are known to be open and available on some firewalls.

Pregunta 14:
What is the sequence of the three-way handshake?
a- SYN,ACK,ACK
b- SYN,ACK,SYN-ACK
c- SYN,SYN-ACK
d- SYN,SYN-ACK,ACK

Explicación:A three-way handshake is part of every TCP connection and happens at

the beginning of every connection. It includes the sequence SYN, SYN-ACK, ACK to
be fully completed.

Pregunta 15:
What is the three-way handshake?
a- The opening sequence of a TCP connection
b- A type of half-open scan
c- Part of a UDP scan
d- A Xmas tree scan

Explicación:The three-way handshake happens at the beginning of every TCP

connection.

Pregunta 16:
Which network topology uses a token-based access methodology?
a- Bus
b- Ring
 c- Star
d- Ethernet

Explicación:Token ring networks use a token-based access methodology. Each

node connected to the network must wait for possession of the token before it
can send traffic via the ring.

Pregunta 17:
An HIDS is used to monitor activity on which of the following?
a- Application
b- Host
c- Network
d- Log file

Explicación:An HIDS (host-based intrusion detection system) is used to monitor

security violations on a particular host.

Pregunta 18:
What is an ICMP echo scan?
a- A SYN scan
b- A ping sweep
c- A Xmas tree scan
d- Part of a UDP scan

Explicación:An ICMP echo scan is a ping sweep-type scan.

Pregunta 19:
Which of these protocols is a connection-oriented protocol?
a- FTP
b- UDP
c- POP3
d- TCP

Explicación:Transmission Control Protocol (TCP) is a connection-oriented protocol

that uses the three-way-handshake to confirm that a connection is established. FTP
and POP3 use connections, but they are not connection-oriented protocols.
Pregunta 20:
An SYN attack uses which protocol?
a- HTTP
b- UDP
c- TCP
d- Telnet

Explicación:SYN flags are seen only on TCP-based transmissions and not in UDP
transmissions of any kind.

PARTE 6
Pregunta 1:
SNScan is used to access information for which protocol?
a- SMTP
b- FTP
c- HTTP
d- SNMP
Explicación:SNScan is designed to access and display information for SNMP.

Pregunta 2:
Enumeration does not uncover which of the following pieces of information?
a- Services
b- Ports
c- Shares
d- User accounts

Explicación:Ports are usually uncovered during the scanning phase and not the
enumeration phase.

Pregunta 3:
Enumeration is useful to system hacking because it provides which of the
following?
a- IP ranges
b- Configurations
c- Passwords
d- Usernames
Explicación:Usernames are especially useful in the system hacking process
because they allow you to target accounts for password cracking.

Pregunta 4:
Which ports does SNMP use to function?
a- 161 and 162
b- 389 and 160
c- 160 and 162
d- 160 and 161

Explicación:Ports 161 and 162 are used by SNMP.

Pregunta 5:
Which kind of values is injected into a connection to the host machine in an
effort to increment the sequence number in a predictable fashion?
a- Bit
b- Null
c- IP
d- Counted

Explicación:Null values are used to increment the sequence numbers of packets

between the victim and the host. The null packets are sent to the host machine in an
effort to prepare for desynchronizing the client.

Pregunta 6:
__________ involves grabbing a copy of a zone file.
a- Zone update
b- Zone transfer
c- Nslookup transfers
d- DNS transfer

Explicación:Zone transfers are used to retrieve a copy of the zone file from a
server and store it in another location.

Pregunta 7:
During a Xmas tree scan what indicates a port is closed?
a- RST
b- SYN
 c- ACK
d- No return response

Explicación:An RST indicates the port is closed in many of the TCP scan types. The
RST is sent in response to a connection request and the RST indicates that the port is
not available.

Pregunta 8:
Which of the following would confirm a user named chell in SMTP?
a- expn –u chell
b- expn chell
c- vrfy chell
d- vrfy –u chell

Explicación:vrfy chell, the verify command, is used within SMTP to verify that
the object provided is legitimate.

Pregunta 9:
Which mechanism can be used to influence a targeted individual?
a- Means of dress or appearance
b- Physical controls
c- Training
d- Technological controls

Explicación:Appearance can easily impact the opinion that an individual or a group

has about someone. The other options here are types of countermeasures used to
stop physical attacks.

Pregunta 10:
Phishing can be mitigated through the use of __________.
a- Spam Filtering & Education
b- Anti-malware
c- Spam filtering
d- Antivirus
e- Education
Explicación:Education and spam filtering are tremendously helpful at lessening
the impact of phishing. Pure antivirus and anti-malware typically do not include
this functionality unless they are part of a larger suite.

Pregunta 11:
A __________ is used to represent a password.
a- Hash
b- Rootkit
c- NULL sesión
d- Rainbow table

Explicación:A password hash is commonly used to represent a password in an

encrypted format that is not reversible in locations such as the SAM database.

Pregunta 12:
LDAP is used to perform which function?
a- Query a database
b- Query a directory
c- Query a network
d- Query a file system

Explicación:LDAP is used to query and structure databases; this database could

include a directory service, but it is not necessarily one.

Pregunta 13:
SMTP is used to perform which function?
a- Monitor network equipment
b- Transmit status information
c- Send email messages
d- Transfer files

Explicación:SMTP is primarily intended to transfer email messages from email

servers and clients.

Pregunta 14:
VRFY is used to do which of the following?
a- Expand a mailing list
b- Validate an email server
 c- Validate an email address
d- Test a connection

Explicación:VRFY validates an email address in SMTP.

Pregunta 15:
SNMP is used to do which of the following?
a- Transfer files
b- Synchronize clocks
c- Monitor network devices
d- Retrieve mail from a server
Explicación:SNMP is used to monitor and send messages to network devices.

Pregunta 16:
What is the best option for thwarting social-engineering attacks?
a- Physical controls
b- Training
c- Technology
d- Policies

Explicación:Training is the best and most effective method of blunting the impact of
social engineering. Addressing the problem through education can lessen the need for
some countermeasures.

Pregunta 17:
Which of the following is not a Trojan?
a- Subseven
b- BO2K
c- TCPTROJAN
d- LOKI

Explicación:TCPTROJAN is not a Trojan. All the other utilities on this list are
different forms of Trojans.

Pregunta 18:
Network-level hijacking focuses on the mechanics of a connection such as the
manipulation of packet sequencing. What is the main focus of web app session
hijacking?
 a- Breaking user logins
b- Traffic redirection
c- Resource DoS
d- Stealing sesión IDs

Explicación:Stealing session IDs is the main objective in web session hijacking.

Session IDs allow the attacker to assume the role of the legitimate client without the
timeconsuming task of brute-forcing user logins or sniffing out authentication
information.

Pregunta 19:
A __________ is a type of offline attack.
a- Birthday attack
b- Rainbow attack
c- Cracking attack
d- Hashing attack

Explicación:A rainbow attack or rainbow table attack is designed to generate the

hashes necessary to perform an offline attack against an extracted hash.

Pregunta 20:
Zombies Inc. is looking for ways to better protect their web servers from
potential DoS attacks. Their web admin proposes the use of a network appliance
that receives all incoming web requests and forwards them to the web server.
He says it will prevent direct customer contact with the server and reduce the
risk of DoS attacks. What appliance is he proposing?
a- IDS
b- Reverse proxy
c- Web proxy
d- Firewall

Explicación:Reverse proxies are implemented to protect the destination resource, not

the client or user. In this scenario, a reverse proxy will field all outside requests,
thereby preventing direct traffic to the web server and reducing the risk of a DoS
attack.