ICMP ping and ping sweeps are used to.check for active systems and to check
A. if.ICMP ping traverses a firewall.
B. the route that the.ICMP ping took.
C. the location of the switchport in relation to the.ICMP ping.
D. the number of hops an ICMP.ping takes to reach a destination.
A hacker searches in Google for filetype:pcf to find Cisco VPN config files. Those files may contain connectivity passwords that can be decoded with which of the following?
C. Cain.and Abel
D. John The Ripper Pro
Which technical characteristic do Ethereal/Wireshark, TCPDump, and Snort have in common?
A. They are written in Java.
B. They send alerts to security monitors.
C. They use the same packet analysis engine.
D. They use the same packet capture utility.
A pentester gains acess to a Windows application server and.needs to determine the settings of the built-in Windows firewall. Which command would.be used?
A. Netsh firewall show config
B. WMIC firewall show config
C. Net firewall show config
D. Ipconfig firewall show config
The following is a sample of output from a penetration tester’s machine targeting a machine with the IP address of 192.168.1.106:
What is most likely taking place?
A. Ping sweep of the 192.168.1.106 network
B. Remote service brute force attempt
C. Port scan of 192.168.1.106
D. Denial of service attack on 192.168.1.106
A tester is attempting to capture and analyze the traffic on a given network and realizes that the network has several switches. What could be used to successfully sniff the traffic on this switched network? (Choose three.)
A. ARP spoofing
B. MAC duplication
C. MAC flooding
D. SYN flood
E. Reverse smurf attack
F. ARP broadcasting
A newly discovered flaw in a software application would be considered which kind of security vulnerability?
A. Input validation flaw
B. HTTP header injection vulnerability
C. 0-day vulnerability
D. Time-to-check to time-to-use flaw
What are the three types of authentication?
A. Something you: know,remember,prove
B. Something you: have,know,are
C. Something you: show,prove,are
D. Something you: show,have,prove
What are the three types of compliance that the.Open Source Security Testing Methodology Manual (OSSTMM) recognizes?
B. Audit,standards based,regulatory
D. Legislative,contractual,standards based
While checking the settings on the internet browser, a technician finds that the proxy server settings have been checked and.a computer is trying to use itself as a proxy server..What specific octet within the subnet does the technician see?