Saintleo COM546 Module 2 Exam 1 Latest 2019 May Question # 00601230 Subject: Education Due on: 05/13/2019 Posted On: 05/13/2019 04:24 AM Tutorials: 0 Rating: 4.6/5

What type of testing procedure involves the tester(s)
analyzing the company’s security policy and procedures, and reporting any
vulnerabilities to management?

Question 1 options:

penetration test

security test

hacking test

ethical hacking test

Question 2

What term best describes a person who hacks computer systems
for political or social reasons?

Question 2 options:

cracktivist

hacktivist

sniffer

script kiddy

Question 3

What security certification did the “The International
Council of Electronic Commerce Consultants” (EC-Council) develop?

Question 3 options:

Security+

OSSTMM Professional Security Tester (OPST)

Certified Information Systems Security Professional (CISSP)

Certified Ethical Hacker (CEH)

Question 4

Penetration testers and security testers need technical
skills to perform their duties effectively.

Question 4 options:

True

False

Question 5

If you work for a company as a security professional, you
will most likely be placed on a special team that will conduct penetration
tests. What is the standard name for a team made up of security professionals?

Question 5 options:

pen team

blue team

red team

security team

Question 6

Penetration testing can create ethical, technical, and
privacy concerns for a company’s management team. What can a security
consultant do to ensure the client fully understands the scope of testing that
will be performed?

Question 6 options:

create a contractual agreement

create a lab demonstration

create a virtual demonstration

create a slide presentation

Question 7

What organization disseminates research documents on
computer and network security worldwide at no cost?

Question 7 options:

EC-Council

SANS

ISECOM

ISC2

Question 8

Even though the Certified Information Systems Security
Professional (CISSP) certification is not geared toward the technical IT
professional, it has become one of the standards for many security
professionals.

Question 8 options:

True

False

Question 9

Port scanning is a noninvasive, nondestructive, and legal
testing procedure that is protected by federal law.

Question 9 options:

True

False

Question 10

What name is given to people who break into computer systems
with the sole purpose to steal or destroy data?

Question 10 options:

packet monkeys

crackers

script kiddies

bots

Question 11

What penetration model should be used when a company’s
management team does not wish to disclose that penetration testing is being
conducted?

Question 11 options:

black box

white box

red box

silent box

Question 12

What type of laws should a penetration tester or student
learning hacking techniques be aware of?

Question 12 options:

local

state

federal

all of the above

Question 13

What derogatory title do experienced hackers, who are
skilled computer operators, give to inexperienced hackers?

Question 13 options:

script kiddies

repetition monkeys

packet sniffers

crackers

Question 14

In the TCP/IP stack, what layer is concerned with physically
moving bits across the network’s medium?

Question 14 options:

Internet

Network

Transport

Application

Question 15

What layer, in the TCP/IP protocol stack, is responsible for
encapsulating data into segments?

Question 15 options:

Transport layer

Internet layer

Application layer

Network layer

Question 16

In the TCP/IP stack, what layer is concerned with
controlling the flow of data, sequencing packets for reassembly, and
encapsulating the segment with a TCP or UDP header?

Question 16 options:

Internet

Network

Transport

Application

Question 17

How many host computers can be assigned a valid IPv4 address
when using a CIDR /24 prefix?

Question 17 options:

254

512

65,000

16 million

Question 18

What port does the Trivial File Transfer Protocol, or TFTP
service use?

Question 18 options:

25

53

69

80

Question 19

What does the acronym TCP represent?

Question 19 options:

Transfer Control Protocol

Transmission Control Protocol

Transfer Congestion Protocol

The Control Protocol

Question 20

What port does the Hypertext Transfer Protocol, or HTTP
service use?

Question 20 options:

25

53

69

80

Question 21

What type of network attack relies on guessing a TCP
header’s initial sequence number, or ISN?

Question 21 options:

ARP spoofing

Session hijacking

DoS

Man-in-the-middle

Question 22

A hex number is written with two characters, each
representing a byte.

Question 22 options:

True

False

Question 23

What is the logical component of a TCP connection that can
be assigned to a process that requires network connectivity?

Question 23 options:

ISN

IP

port

SYN

Question 24

In the TCP/IP stack, the Transport layer includes network
services and client software.

Question 24 options:

True

False

Question 25

To retrieve e-mail from a mail server, you most likely
access port 119.

Question 25 options:

True

False

Question 26

What layer protocols operate as the front end to the
lower-layer protocols in the TCP/IP stack?

Question 26 options:

Internet

Network

Transport

Application

Question 27

Which term best describes a hash or code pattern that
antivirus software companies use to compare known viruses to every file on a
computer?

Question 27 options:

signatures

heuristics

macros

bots

Question 28

The virus signature file is maintained by what type of
software?

Question 28 options:

antivirus

keylogger

remote control

firewall

Question 29

When a computer hacker uses multiple compromised computers
to carry out a DDOS attack, the compromised computers are usually referred to
as which of the following?

Question 29 options:

viruses

zombies

macros

cyborgs

Question 30

What type of malicious program cannot stand on its own and
can replicate itself through an executable program attached to an e-mail?

Question 30 options:

shell

virus

keylogger

rootkit

Question 31

What type of virus is used to lock a user’s system, or cloud
accounts until the system’s owner complies by paying the attacker a monetary
fee?

Question 31 options:

keylogger

rootkit

ransomware

macro

Question 32

The acronym IDS stands for which of the following?

Question 32 options:

Intrusion Detection System

Information Dissemination System

Information Destruction System

Intruder Dispersal System

Question 33

Which type of security is specifically concerned with
computers or devices that are part of a network infrastructure?

Question 33 options:

Host security

Server security

Computer security

Network security

Question 34

Which of the following physical security methods provides
the ability to secure a company’s assets and document any individuals physical
time of entry?

Question 34 options:

rotary locks

combination locks

card access

deadbolt locks

Question 35

Whitelisting allows only approved programs to run on a
computer.

Question 35 options:

True

False

Question 36

What type of malicious procedure involves using sniffing
tools to capture network communications to intercept confidential information
or gather credentials that can be used to extend the attack?

Question 36 options:

eavesdropping

overflowing

injecting

capturing

Question 37

Which type of attack is being carried out when an attacker
joins a TCP session and makes both parties think he or she is the other party?

Question 37 options:

A DoS attack

Ping of Death

A buffer overflow attack

Session hijacking

Question 38

A malicious computer program that replicates and propagates
itself without having to attach to a host is called which of the following?

Question 38 options:

virus

Trojan

worm

shell

Question 39

A computer hacker may use a phishing e-mail to lure a user
into following a malicious link. What type of technique is being used by the
computer hacker?

Question 39 options:

mail fraud

heuristics

ransoming

social engineering

Question 40

Which type of program can mitigate some risks associated
with malware?

Question 40 options:

shells

bots

antivirus

rootkits