A well-intentioned researcher discovers a vulnerability on the web site of a major corporation. What should he do?


A. Ignore it.
B. Try to sell the information to a well-paying party on the dark web.
C. Notify the web site owner so that corrective action be taken as soon as possible to patch the vulnerability.
D. Exploit the vulnerability without harming the web site owner so that attention be drawn to the problem.

An IT employee got a call from one of our best customers. The caller wanted to know about the company's network infrastructure, systems, and team. New opportunities of integration are in sight for both company and customer. What should this employee do?


A. Since the company's policy is all about Customer Service, he/she will provide information.
B. Disregarding the call, the employee should hang up.
C. The employee should not provide any information without previous management authorization.
D. The employees can not provide any information; but, anyway, he/she will provide the name of the person in charge.

Sid is a judge for a programming contest. Before the code reaches him it goes through a restricted OS and is tested there. If it passes, then it moves onto Sid. What is this middle step called?


A. Fuzzy-testing the code
B. Third party running the code
C. Sandboxing the code
D. String validating the code

_________ is a set of extensions to DNS that provide to DNS clients (resolvers) origin authentication of DNS data to reduce the threat of DNS poisoning, spoofing, and similar attacks types.


A. DNSSEC
B. Zone transfer
C. Resource transfer
D. Resource records

An attacker tries to do banner grabbing on a remote web server and executes the following command.

Service detection performed. Please report any incorrect results at http://nmap.org/submit/.
Nmap done: 1 IP address (1 host up) scanned in 6.42 seconds

What did the hacker accomplish?


A. nmap can't retrieve the version number of any running remote service.
B. The hacker successfully completed the banner grabbing.
C. The hacker should've used nmap -O host.domain.com.
D. The hacker failed to do banner grabbing as he didn't get the version of the Apache web server.

Which tier in the N-tier application architecture is responsible for moving and processing data between the tiers?


A. Application Layer
B. Data tier
C. Presentation tier
D. Logic tier

Seth is starting a penetration test from inside the network. He hasn't been given any information about the network. What type of test is he conducting?


A. Internal Whitebox
B. External, Whitebox
C. Internal, Blackbox
D. External, Blackbox

What is the way to decide how a packet will move from an untrusted outside host to a protected inside that is behind a firewall, which permits the hacker to determine which ports are open and if the packets can pass through the packet-filtering of the firewall.


A. Firewalking
B. Session hijacking
C. Network sniffing
D. Man-in-the-middle attack

Eve stole a file named secret.txt, transferred it to her computer and she just entered these commands:

What is she trying to achieve?


A. She is encrypting the file.
B. She is using John the Ripper to view the contents of the file.
C. She is using ftp to transfer the file to another hacker named John.
D. She is using John the Ripper to crack the passwords in the secret.txt file.

A hacker has managed to gain access to a Linux host and stolen the password file from /etc/passwd. How can he use it?


A. The password file does not contain the passwords themselves.
B. He can open it and read the user ids and corresponding passwords.
C. The file reveals the passwords to the root user only.
D. He cannot read it because it is encrypted.