You have several plain-text firewall logs that you must review to evaluate network traffic. You know that in order to do fast, efficent searches of the logs you must use regular expressions. Which command-line utility are you most likely to Read more…


Which of the following tools performs comprehensive tests against web servers, including dangerous files and CGIs? Nikto Dsniff Snort John the Ripper


You have successfully compromised a machine on the network and found a server that is alive on the same network. You tried to ping it but you didn’t get any response back. What is happening? ICMP could be disabled on Read more…


Which of the following is the greatest threat posed by backups? A backup is incomplete because no verification was performed A backup is unavailable during disaster recovery An un-encrypted backup can be misplaced or stolen. A backup is the source Read more…


Your company performs penetration tests and security assessments for small and medium-sized business in the local area. During a routine security assessment, you discover information that suggests your client is involved with human trafficking. What should you do? Ignore the Read more…


Nation-state threat actors often discover vulnerabilities and hold on to them until they want to launch a sophisticated attack. The Sutxnet attack was an unprecedented style of attack because it used four types of vulnerability. What is this style of Read more…


Your team has won a contract to infiltrate an organization. The company wants to have the attack be as realistic as possible; therefore, they did not provide any information besides the company name. What should be the first step in Read more…


The Open Web Application Security Project (OWASP) is the worldwide not-for-profit charitable organization focused on improving the security of software. What item is the primary concern on OWASP’s Top Ten Project Most Critical Web Application Security Risks? Cross Site Scripting Read more…


After trying multiple exploits, you’ve gained root access to a Centos 6 server. To ensure you maintain access, what would you do first? Disable IPTables Create User Account Download and Install Netcat Disable Key Services


Which of the following is an extremely common IDS evasion technique in the web world? subnetting port knocking unicode characters spyware


Which of the following is an extremely common IDS evasion technique in the web world? subnetting port knocking unicode characters spyware


An attacker has installed a RAT on a host. The attacker wants to ensure that when a user attempts to go to “www.MyPersonalBank.com”, that the user is directed to a phishing site. Which file does the attacker need to modify? Read more…


Which of the following tools is used to analyze the files produced by several packet-capture programs such as tcpdump, WinDump, Wireshark, and EtherPeek? Nessus tcptraceroute OpenVAS tcptrace


To maintain compliance with regulatory requirements, a security audit of the systems on a network must be performed to determine their compliance with security policies. Which one of the following tools wouldmost likely be used in such an audit? Protocol Read more…


To determine if a software program properly handles a wide range of invalid input, a form of automated testing can be used to randomly generate invalid input in an attempt to crash the program. What term is commonly used when Read more…