Which of the following can take an arbitrary length of input and produce a message digest output of 160 bit?


A. SHA-1
B. MD5

C. HAVAL
D. MD4

Which cipher encrypts the plain text digit (bit or byte) one by one?


A. Classical cipher
B. Block cipher
C. Modern cipher
D. Stream cipher

Which of the following algorithms provides better protection against brute force attacks by using a 160-bit message digest?


A. MD5
B. SHA-1
C. RC4
D. MD4

What are the three types of compliance that the Open Source Security Testing Methodology Manual (OSSTMM) recognizes?


A. Legal, performance, audit
B. Audit, standards based, regulatory
C. Contractual, regulatory, industry
D. Legislative, contractual, standards based

Which Open Web Application Security Project (OWASP) implements a web application full of known vulnerabilities?


A. WebBugs
B. WebGoat
C. VULN_HTML
D. WebScarab

When comparing the testing methodologies of Open Web Application Security Project (OWASP) and Open Source Security Testing Methodology Manual (OSSTMM) the main difference is


A. OWASP is for web applications and OSSTMM does not include web applications.
B. OSSTMM is gray box testing and OWASP is black box testing.
C. OWASP addresses controls and OSSTMM does not.
D. OSSTMM addresses controls and OWASP does not.

Which NMAP feature can a tester implement or adjust while scanning for open ports to avoid detection by the networks IDS?


A. Timing options to slow the speed that the port scan is conducted
B. Fingerprinting to identify which operating systems are running on the network
C. ICMP ping sweep to determine which hosts on the network are not available
D. Traceroute to control the path of the packets sent during the scan

Which of the following network attacks relies on sending an abnormally large packet size that exceeds TCP/IP specifications?


A. Ping of death
B. SYN flooding
C. TCP hijacking
D. Smurf attack

A technician is resolving an issue where a computer is unable to connect to the Internet using a wireless access point. The computer is able to transfer files locally to other machines, but cannot successfully reach the Internet. When the technician examines the IP address and default gateway they are both on the 192.168.1.0/24. Which of the following has occurred?

A. The gateway is not routing to a public IP address.
B. The computer is using an invalid IP address.
C. The gateway and the computer are not on the same network.
D. The computer is not using a private IP address.

If an e-commerce site was put into a live environment and the programmers failed to remove the secret entry point that was used during the application development, what is this secret entry point known as?


A. SDLC process
B. Honey pot
C. SQL injection
D. Trap door