Question 1

A penetration tester was hired to perform a penetration testfor abank. The tester began searching for IP ranges owned by the bank, performing lookups on the bank's DNS servers, reading news articles online about the bank, watching what times the bank employees come into work and leave from work, searching the bank's job postings (paying special attention to IT related jobs), and visiting the local dumpster for the bank's corporate office. What phase of the penetration test is the tester currently in?

Options :

A : Information reporting

B : Vulnerability assessment

C : Active information gathering

D : Passive information gathering

Answer: D

Question 2

A circuit level gateway works at which of the following layers of the OSI Model?

Options :

A : Layer 5 - Application

B : Layer 4 -- TCP

C : Layer 3 -- Internet protocol

D : Layer 2 -- Data link

Answer: B

Question 3

Symmetric encryption algorithms are known to be fast but present great challenges on the key management side. Asymmetric encryption algorithms are slow but allow communication with a remote host without having to transfer a key out of band or in person. If we combine the strength of both crypto systems where we use the symmetric algorithm to encrypt the bulk of the data and then use the asymmetric encryption system to encrypt the symmetric key, what would this type of usage be known as?

Options :

A : Symmetric system

B : Combined system

C : Hybrid system

D : Asymmetric system

Answer: C

Question 4

Sniffing is considered an active attack.

Options :

A : True

B : False

Answer: B

Question 5

Which of the following lists are valid data-gathering activities associated with a risk assessment?

Options :

A : Threat identification, vulnerability identification, control analysis

B : Threat identification, response identification, mitigation identification

C : Attack profile, defense profile, loss profile

D : System profile, vulnerability identification, security determination

Answer: A