A. The most effective pretexts in spam (e.g. pornography, male enhancement drugs

Question

A. The most effective pretexts in spam (e.g. pornography, male enhancement drugs)

B. Pump and dump stock scams

C. Free items

D. Only B & C

E. All of the above are appropriate

Question 3 of 41

2.0 Points

A. Escalate privileges to administrator or system level

B. Read log files

C. Delete log files to avoid detection

D. Exfiltrate sensitive data

E. A, C & D are correct

Question 4 of 41

2.0 Points

A. Accept the business cards as-is.

B. Accept the business cards, but file a protest with your boss's supervisor.

C. Decline the business cards.

D. Decline the business cards, and notify the certifying authority of the practice.

Question 5 of 41

2.0 Points

A. Loss of service

B. Data loss

C. Loss of data confidentiality

D. Data corruption

E. All of the above

Question 6 of 41

2.0 Points

Question 7 of 41

2.0 Points

Question 8 of 41

2.0 Points

A. True

B. False

Question 9 of 41

2.0 Points

A. Symmetric keys

B. Asymmetric keys

C. Required for SSH to operate properly

D. Generated and issued by a certificate authority

Question 10 of 41

2.0 Points

A. At the busiest time to ensure that no one can sneak past safeguards at busy times.

B. When the server is under severe loads to ensure it won't fail.

C. During an average day to be sure that the safeguard won't fail under normal conditions.

D. At a non-busy, scheduled time to avoid interfering with business functions.

E. None of the above

Question 11 of 41

2.0 Points

A. Reviewing job listings posted by a targeted company

B. Port scanning the targeted company

C. Calling the company and asking questions about its services

D. Driving around the targeted company connecting to open wireless connections.

E. All of the above

Question 12 of 41

2.0 Points

A. True

B. False

Question 13 of 41

2.0 Points

A. True

B. False

Question 14 of 41

2.0 Points

A. public, authorized_keys

B. private, authorized_keys

C. public, authorized_hosts

D. private, authorized_hosts

Question 15 of 41

2.0 Points

A. Active fingerprinting tools inject packets into the network

B. Passive fingerprinting tools inject packets into the network

C. Nmap can be used for passive fingerprinting

D. Passive fingerprinting tools do not require network traffic to fingerprint an operating system.

E. None of the above are correct.

When performing social engineering attacks on a corporation, which of the following are appropriate pretexts to trick employees?

A. The most effective pretexts in spam (e.g. pornography, male enhancement drugs)

B. Pump and dump stock scams

C. Free items

D. Only B & C

E. All of the above are appropriate

Reset Selection

Question 3 of 41

2.0 Points

After successfully exploiting a system, which of the following is most correct regarding the actions an attacker would likely take?

A. Escalate privileges to administrator or system level

B. Read log files

C. Delete log files to avoid detection

D. Exfiltrate sensitive data

E. A, C & D are correct

Reset Selection

Question 4 of 41

2.0 Points

You are newly hired at a penetration testing firm. Your boss gives you new business cards, stating you are EC-Council certified as a Certified Ethical Hacker. You tell your boss that you don't have the certification, and are told that the rest of the firm is certified, and so you can consider yourself certified. You should:

A. Accept the business cards as-is.

B. Accept the business cards, but file a protest with your boss's supervisor.

C. Decline the business cards.

D. Decline the business cards, and notify the certifying authority of the practice.

Reset Selection

Question 5 of 41

2.0 Points

You should disclose to clients all possible risks associated with a penetration test, including:

A. Loss of service

B. Data loss

C. Loss of data confidentiality

D. Data corruption

E. All of the above

Reset Selection

Question 6 of 41

2.0 Points

Network mapping discovers the connections between systems, and is often used to produce network diagrams.

Question 7 of 41

2.0 Points

You are ethically bound to keep your skills current as a penetration tester. True False Reset Selection

Question 8 of 41

2.0 Points

Exploitation of a target system is only done by attackers, not by penetration testers.

A. True

B. False

Reset Selection

Question 9 of 41

2.0 Points

SSH keys are:

A. Symmetric keys

B. Asymmetric keys

C. Required for SSH to operate properly

D. Generated and issued by a certificate authority

Reset Selection

Question 10 of 41

2.0 Points

What time of day (or week/month) should a penetration test be performed?

A. At the busiest time to ensure that no one can sneak past safeguards at busy times.

B. When the server is under severe loads to ensure it won't fail.

C. During an average day to be sure that the safeguard won't fail under normal conditions.

D. At a non-busy, scheduled time to avoid interfering with business functions.

E. None of the above

Reset Selection

Question 11 of 41

2.0 Points

Which of the following is the best example of passive information gathering?

A. Reviewing job listings posted by a targeted company

B. Port scanning the targeted company

C. Calling the company and asking questions about its services

D. Driving around the targeted company connecting to open wireless connections.

E. All of the above

Reset Selection

Question 12 of 41

2.0 Points

Reporting the results of a penetration test involves discussing the test with any employee who interacts with the system.

A. True

B. False

Reset Selection

Question 13 of 41

2.0 Points

A cloud or hosted service can be penetration tested without any additional permissions, as long as the firm commissioning the penetration test gives permission.

A. True

B. False

Reset Selection

Question 14 of 41

2.0 Points

To allow a user to log in with an SSH key, the _______ key must be added to the _________________ file on the target machine.

A. public, authorized_keys

B. private, authorized_keys

C. public, authorized_hosts

D. private, authorized_hosts

Reset Selection

Question 15 of 41

2.0 Points

Which of the following statements is most correct?

A. Active fingerprinting tools inject packets into the network

B. Passive fingerprinting tools inject packets into the network

C. Nmap can be used for passive fingerprinting

D. Passive fingerprinting tools do not require network traffic to fingerprint an operating system.

E. None of the above are correct.

Reset Selection

Explanation / Answer

Question 3 of 41 - E. All of the above are appropriate

Question 3 of 41 - E. A, C & D are correct

Question 4 of 41 - D. Decline the business cards, and notify the certifying authority of the practice.

Question 5 of 41 - E. All of the above

Question 7 of 41 - True

Question 8 of 41 - B. False

Question 9 of 41 - B. Asymmetric keys

Question 10 of 41 - D. At a non-busy, scheduled time to avoid interfering with business functions.

Question 11 of 41 - A. Reviewing job listings posted by a targeted company

Question 12 of 41 - B. False
Question 13 of 41 - B. False

Question 14 of 41 - A. public, authorized_keys

Question 15 of 41 - A. Active fingerprinting tools inject packets into the network

Related Questions

Navigate

• Browse (All)
• Browse A
• Subjects

---

---

Integrity-first tutoring: explanations and feedback only — we do not complete graded work. Learn more.