What is the feature in FOCA that checks each domain to ascertain the host names
configured in NS, MX, and SPF servers to discover the new host and domain
names?
A Common names
B DNS search
C Web search
D Bing IP - Correct Answer - B
Which of the following countermeasures should be followed to safeguard the
privacy, data, and reputation of an organization and to prevent information
disclosure?
A Keeping the domain name profile public
B Enabling directory listings in the web servers
C Avoiding domain-level cross-linking for critical assets
D Turning on geolocation access on all mobile devices - Correct Answer - C
Which of the following TCP communication flags notifies the transmission of a
new sequence number and represents the establishment of a connection between
two hosts?
A FIN flag
B SYN flag
C PSH flag
pg. 1
,D RST flag - Correct Answer - B
Ben, an ethical hacker, was hired by an organization to check its security levels.
In the process, Ben examined the network from a hacker's perspective to identify
exploits and vulnerabilities accessible to the outside world by using devices such
as firewalls, routers, and servers.
Which of the following types of vulnerability assessment did Ben perform on the
organization?
A Active assessment
B Passive assessment
C External assessment
D Internal assessment - Correct Answer - C
Clark, an ethical hacker, is performing vulnerability assessment on an
organization's network. Instead of performing footprinting and network scanning,
he used tools such as Nessus and Qualys for the assessment.
Which of the following types of vulnerability assessment did Clark perform on the
organization?
A Manual assessment
B Credentialed assessment
C Distributed assessment
D Automated assessment - Correct Answer - D
Ray, a security professional in an organization, was instructed to identify all
potential security weaknesses in the organization and fix them before an attacker
can exploit them. In the process, he consulted a third-party consulting firm to run
a security audit of the organization's network
Which of the following types of solutions did Ray implement in the above
scenario?
A Product-based solution
B Service-based solution
C Tree-based assessment
pg. 2
,D Inference-based assessment - Correct Answer - B
Karen, a security professional in an organization, performed a vulnerability
assessment on the organization's network to check for vulnerabilities. In this
process, she used a type of location data examination scanner that resides on a
single machine but can scan several machines on the same network.
Which of the following types of location and data examination tools did Karen
use?
A Network-based scanner
B Agent-based scanner
C Proxy scanner
D Cluster scanner - Correct Answer - B
Rick, an ethical hacker, is performing a vulnerability assessment on an
organization and a security audit on the organization's network. In this process,
he used a tool for identifying vulnerabilities, configuration issues, and malware
that attackers use to penetrate networks.
Which of the following tools did Rick use to perform vulnerability assessment?
A Metagoofil
B Infoga
C Immunity Debugger
D Nessus - Correct Answer - D
Which of the following types of password attacks does not require any technical
knowledge about hacking or system exploitation and includes techniques such
as shoulder surfing, social engineering, and dumpster diving?
A Active online attacks
B Passive online attacks
C Non-electronic attacks
D Offline attacks - Correct Answer - C
pg. 3
, Which of the following hping commands is used by an attacker to scan the entire
subnet to detect live hosts in a target network?
A hping3 -8 50-60 -S 10.0.0.25 -V
B hping3 -F -P -U 10.0.0.25 -p 80
C hping3 -1 10.0.1.x --rand-dest -I eth0
D hping3 -9 HTTP -I eth0 - Correct Answer - C
Which of the following commands is used by an attacker to perform an ICMP
ECHO ping sweep that can determine the live hosts from a range of IP addresses
by sending ICMP ECHO requests to multiple hosts?
A nmap -sn -PR 10.10.10.10
B nmap -sn -PU 10.10.10.10
C nmap -sn -PE 10.10.10.10
D nmap -sn -PE 10.10.10.5-15 - Correct Answer - D
Which of the following scanning techniques is used by an attacker to send a TCP
frame to a remote device with the FIN, URG, and PUSH flags set?
A Xmas scan
B TCP Maimon scan
C ACK flag probe scan
D IDLE/IPID header scan - Correct Answer - A
A certain scanning technique has no three-way handshake, and the system does
not respond when the port is open; when the port is closed, the system responds
with an ICMP port unreachable message.
Which of the following is this scanning technique?
A List scanning
B SCTP COOKIE ECHO scanning
C IPv6 scanning
D UDP scanning - Correct Answer - D
pg. 4
The benefits of buying summaries with Stuvia:
Guaranteed quality through customer reviews
Stuvia customers have reviewed more than 700,000 summaries. This how you know that you are buying the best documents.
Quick and easy check-out
You can quickly pay through credit card or Stuvia-credit for the summaries. There is no membership needed.
Focus on what matters
Your fellow students write the study notes themselves, which is why the documents are always reliable and up-to-date. This ensures you quickly get to the core!
Frequently asked questions
What do I get when I buy this document?
You get a PDF, available immediately after your purchase. The purchased document is accessible anytime, anywhere and indefinitely through your profile.
Satisfaction guarantee: how does it work?
Our satisfaction guarantee ensures that you always find a study document that suits you well. You fill out a form, and our customer service team takes care of the rest.
Who am I buying these notes from?
Stuvia is a marketplace, so you are not buying this document from us, but from seller ASSIGNMENT7. Stuvia facilitates payment to the seller.
Will I be stuck with a subscription?
No, you only buy these notes for $17.49. You're not tied to anything after your purchase.
