لا تريد أن تفوت شيئا؟

نصائح اجتياز امتحان الشهادة

آخر أخبار الامتحانات ومعلومات الخصم

برعاية وحديثة من قبل خبرائنا

نعم، أرسل لي النشرة الإخبارية

خذ اختبارات أخرى عبر الإنترنت

السؤال #1
The Finger service displays information such as currently logged-on users, email address, full name, etc. Which among the following ports would you scan to identify this service during a penetration test?
A. Port 89
B. Port 99
C. Port 69
D. Port 79
عرض الإجابة
اجابة صحيحة: C
السؤال #2
William, a penetration tester in a pen test firm, was asked to get the information about the SMTP server on a target network. What does William need to do to get the SMTP server information?
A. Send an email message to a non-existing user of the target organization and check for bounced mail header
B. Examine the session variables
C. Examine TCP sequence numbers
D. Look for information available in web page source code
عرض الإجابة
اجابة صحيحة: A
السؤال #3
Jason is a penetration tester, and after completing the initial penetration test, he wanted to create a final penetration test report that consists of all activities performed throughout the penetration testing process. Before creating the final penetration testing report, which of the following reports should Jason prepare in order to verify if any crucial information is missed from the report?
A. Activity report
B. Host report
C. User report
D. Draft report
عرض الإجابة
اجابة صحيحة: B
السؤال #4
James is a security consultant at Big Frog Software Pvt Ltd. He is an expert in Footprinting and Social engineering tasks. His team lead tasked him to find details about the target through passive reconnaissance. James used websites to check the link popularity of the client’s domain name. What information does the link popularity provide?
A. Information about the network resources
B. Information about visitors, their geolocations, etc
C. Information about the server and its infrastructure
D. Information about the partner of the organization
عرض الإجابة
اجابة صحيحة: B
السؤال #5
Frank is a senior security analyst at Roger Data Systems Inc. The company asked him to perform a database penetration test on its client network to determine whether the database is vulnerable to attacks or not. The client did not reveal any information about the database they are using. As a pen tester Frank knows that each database runs on its own default port. So he started database port scanning using the Nmap tool and tried different commands using default port numbers and succeeded with the following
A. MySQL
B. Microsoft SQL Server
C. SQLite
D. Oracle
عرض الإجابة
اجابة صحيحة: D
السؤال #6
You are enumerating a target system. Which of the following PortQry commands will give a result similar to the screenshot below:
A. portqry -n myserver -p udp -e 389
B. portqry -n myserver -p udp -e 123
C. portqry -n myserver -p TCP -e 389
D. portqry -n myserver -p TCP -e 123
عرض الإجابة
اجابة صحيحة: D
السؤال #7
AB Cloud services provide virtual platform services for the users in addition to storage. The company offers users with APIs, core connectivity and delivery, abstraction and hardware as part of the service. What is the name of the service AB Cloud services offer?
A. Web Application Services
B. Platform as a service (PaaS)
C. Infrastructure as a service (IaaS)
D. Software as a service (SaaS)
عرض الإجابة
اجابة صحيحة: A
السؤال #8
You have implemented DNSSEC on your primary internal DNS server to protect it from various DNS attacks. Network users complained they are not able to resolve domain names to IP addresses at certain times. What could be the probable reason?
A. DNSSEC does not provide protection against Denial of Service (DoS) attacks
B. DNSSEC does not guarantee authenticity of a DNS response during an attack
C. DNSSEC does not protect the integrity of a DNS response
D. DNSSEC does not guarantee the non-existence of a domain name or type
عرض الإجابة
اجابة صحيحة: A
السؤال #9
Moses, a professional hacker, attempts to overwhelm the target victim computer by transmitting TCP connection requests faster than the computer can process them. He started sending multiple SYN packets of size between 800 and 900 bytes with spoofed source addresses and port numbers. The main intention of Moses behind this attack is to exhaust the server resources and saturate the network of the target organization. Identify the type of attack being performed by Moses?
A. VTP attack
B. DoS attack
C. ARP attack
D. HSRP attack
عرض الإجابة
اجابة صحيحة: D
السؤال #10
What is the purpose of the Traceroute command?
A. For extracting information about the network topology, trusted routers, and firewall locations
B. For extracting information about closed ports
C. For extracting information about the server functioning
D. For extracting information about opened ports
عرض الإجابة
اجابة صحيحة: C
السؤال #11
Fred, who owns a company called Skyfeit Ltd., wants to test the enterprise network for presence of any vulnerabilities and loopholes. He employed a third-party penetration testing team and asked them to perform the penetration testing over his organizational infrastructure. Fred briefed the team about his network infrastructure and provided them with a set of IP addresses on which they can perform tests. He gave them strict instruction not to perform DDoS attacks or access the domain servers in the company.
A. Announced testing
B. Blind testing
C. Grey-Box testing
D. Unannounced testing
عرض الإجابة
اجابة صحيحة: A
السؤال #12
Veronica, a penetration tester at a top MNC company, is trying to breach the company’s database as a part of SQLi penetration testing. She began to use the SQLi techniques to test the database security level. She inserted new database commands into the SQL statement and appended a SQL Server EXECUTE command to the vulnerable SQL statements. Which of the following SQLi techniques was used to attack the database?
A. Function call injection
B. File inclusion
C. Buffer Overflow
D. Code injection
عرض الإجابة
اجابة صحيحة: D
السؤال #13
Ross performs security test on his company’s network assets and creates a detailed report of all the findings. In his report, he clearly explains the methodological approach that he has followed in finding the loopholes in the network. However, his report does not mention about the security gaps that can be exploited or the amount of damage that may result from the successful exploitation of the loopholes. The report does not even mention about the remediation steps that are to be taken to secure the networ
A. Penetration testing
B. Vulnerability assessment
C. Risk assessment
D. Security audit
عرض الإجابة
اجابة صحيحة: C
السؤال #14
Nick is a penetration tester in Stanbiz Ltd. As a part of his duty, he was analyzing the network traffic by using various filters in the Wireshark tool. While sniffing the network traffic, he used “tcp.port==1433” Wireshark filter for acquiring a specific database related information since port number 1433 is the default port of that specific target database. Which of the following databases Nick is targeting in his test?
A. PostgreSQL
B. Oracle
C. MySQL
D. Microsoft SQL Server
عرض الإجابة
اجابة صحيحة: A
السؤال #15
Frank is performing a wireless pen testing for an organization. Using different wireless attack techniques, he successfully cracked the WPA-PSK key. He is trying to connect to the wireless network using the WPA-PSK key. However, he is unable to connect to the WLAN as the target is using MAC filtering. What would be the easiest way for Frank to circumvent this and connect to the WLAN?
A. Attempt to crack the WEP key
B. Crack the Wi-Fi router login credentials and disable the ACL
C. Sniff traffic off the WLAN and spoof his MAC address to the one that he has captured
D. Use deauth command from aircrack-ng to deauthenticate a connected user and hijack the session
عرض الإجابة
اجابة صحيحة: A
السؤال #16
Stuart has successfully cracked the WPA-PSK password during his wireless pen testing assignment. However, he is unable to connect to the access point using this password. What could be the probable reason?
A. It is a rogue access point
B. The access point implements another layer of WEP encryption
C. The access point implements a signal jammer to protect from attackers
D. The access point implements MAC filtering
عرض الإجابة
اجابة صحيحة: B
السؤال #17
Rebecca, a security analyst, was auditing the network in her organization. During the scan, she found a service running on a remote host, which helped her to enumerate information related to user accounts, network interfaces, network routing and TCP connections. Which among the following services allowed Rebecca to enumerate the information?
A. NTP
B. SNMP
C. SMPT
D. SMB
عرض الإجابة
اجابة صحيحة: B
السؤال #18
JUA Networking Solutions is a group of certified ethical hacking professionals with a large client base. Stanley works as a penetrating tester at this firm. Future group approached JUA for an internal pen test. Stanley performs various penetration testing test sequences and gains information about the network resources and shares, routing tables, audit and service settings, SNMP and DNS details, machine names, users and groups, applications and banners. Identify the technique that gave Stanley this informat
A. Enumeration
B. Sniffing
C. Ping sweeps
D. Port scanning
عرض الإجابة
اجابة صحيحة: A
السؤال #19
Christen is a renowned SQL penetration testing specialist in the US. A multinational ecommerce company hired him to check for vulnerabilities in the SQL database. Christen wanted to perform SQL penetration testing on the database by entering a massive amount of data to crash the web application of the company and discover coding errors that may lead to a SQL injection attack. Which of the following testing techniques is Christen using?
A. Fuzz Testing
B. Stored Procedure Injection
C. Union Exploitation
D. Automated Exploitation
عرض الإجابة
اجابة صحيحة: D
السؤال #20
The penetration testers are required to follow predefined standard frameworks in making penetration testing reporting formats. Which of the following standards does NOT follow the commonly used methodologies in penetration testing?
A. National Institute of Standards and Technology (NIST)
B. Information Systems Security Assessment Framework (ISSAF)
C. Open Web Application Security Project (OWASP)
D. American Society for Testing Materials (ASTM)
عرض الإجابة
اجابة صحيحة: B

عرض الإجابات بعد التقديم

يرجى إرسال البريد الإلكتروني الخاص بك والواتس اب للحصول على إجابات الأسئلة.

ملحوظة: يرجى التأكد من صلاحية معرف البريد الإلكتروني وWhatsApp حتى تتمكن من الحصول على نتائج الاختبار الصحيحة.

بريد إلكتروني:
رقم الواتس اب/الهاتف: