Michael, a Licensed Penetration Tester, wants to create an exact replica of an original website, so he can
browse and spend more time analyzing it.
Which of the following tools will Michael use to perform this task?
A. VisualRoute
B. NetInspector
C. BlackWidow
D. Zaproxy
Alisa is a Network Security Manager at Aidos Cyber Security. During a regular network audit, she sent
specially crafted ICMP packet fragments with different offset values into the network, causing a system
crash.
Which attack Alisa is trying to perform?
A. Ping-of-death attack
B. Fraggle attack
C. Session hijacking
D. Smurf attack
Which of the following SQLMAP commands will allow you to test if a parameter in a target URL is vulnerable to SQL injection (injectable)?
A. sqlmap -g "inurl:\".php?id=1\""
B. sqlmap.py -l burp.log --scope="(www)?\.[target]\.(com | net | org)"
C. sqlmap –url [ Target URL ]
D. sqlmap –host [ Target URL ]
Peter is working on a pen testing assignment. During the reconnaissance phase, Peter discovered that the client's SYSLOG systems are taken off for four hours on the second Saturday of every month for maintenance. He wants to analyze the client's web pages for sensitive information without triggering their logging mechanism. There are hundreds of pages on the client's website and it is difficult to analyze all the information in just four hours. What will Peter do to analyze all the web pages in a stealthy manner?
A. Use HTTrack to mirror the complete website
B. Use WayBackMachine
C. Perform reverse DNS lookup
D. Search the Internet, newsgroups, bulletin boards, and negative websites for information about the client
You work as a penetration tester for Hammond Security Consultants. You are currently working on a contract for the state government of California; Your next step is to initiate a DoS attack on their network. Why would you want to initiate a DoS attack on a system you are testing?
A. Use attack as a launching point to penetrate deeper into the network
B. Demonstrate that no system can be protected against DoS attacks
C. List weak points on their network
D. Show outdated equipment so it can be replaced
Identify the type of testing that is carried out without giving any information to the employees or administrative head of the organization.
A. Unannounced Testing
B. Double Blind Testing
C. Announced Testing
D. Blind Testing
Harold wants to set up a firewall on his network but is not sure which one would be the most appropriate.
He knows he needs to allow FTP traffic to one of the servers on his network, but he wants to only allow
FTP-PUT.
Which firewall would be most appropriate for Harold?
A. Application-level proxy firewall
B. Data link layer firewall
C. Packet filtering firewall
D. Circuit-level proxy firewall
After passively scanning the network of Department of Defense (DoD), you switch over to active scanning to identify live hosts on their network. DoD is a large organization and should respond to any number of scans. You start an ICMP ping sweep by sending an IP packet to the broadcast address. Only five hosts responds to your ICMP pings; definitely not the number of hosts you were expecting. Why did this ping sweep only produce a few responses?
A. A switched network will not respond to packets sent to the broadcast address
B. Only IBM AS/400 will reply to this scan
C. Only Unix and Unix-like systems will reply to this scan
D. Only Windows systems will reply to this scan
Attackers create secret accounts and gain illegal access to resources using backdoor while bypassing the authentication procedures. Creating a backdoor is a where an attacker obtains remote access to a computer on a network.

Which of the following techniques do attackers use to create backdoors to covertly gather critical information about a target machine?
A. Internal network mapping to map the internal network of the target machine
B. Port scanning to determine what ports are open or in use on the target machine
C. Sniffing to monitor all the incoming and outgoing network traffic
D. Social engineering and spear phishing attacks to install malicious programs on the target machine
SQL injection attacks are becoming significantly more popular amongst hackers and there has been an
estimated 69 percent increase of this attack type.
This exploit is used to great effect by the hacking community since it is the primary way to steal sensitive
data from web applications. It takes advantage of non-validated input vulnerabilities to pass SQL
commands through a web application for execution by a back-end database.
The below diagram shows how attackers launched SQL injection attacks on web applications.

Which of the following can the attacker use to launch an SQL injection attack?
A. Blah' "2=2 -"
B. Blah' and 2=2 -
C. Blah' and 1=1 -
D. Blah' or 1=1 -