A penetration tester was hired to perform a penetration test for a bank. The tester began searching for IP ranges owned by the bank, performing lookups on the bank's DNS servers, reading news articles online about the bank, watching what times the bank employees come into work and leave from work, searching the bank's job postings (paying special attention to IT related jobs), and visiting the local dumpster for the bank's corporate office. What phase of the penetration test is the tester currently in?


A. Information reporting
B. Vulnerability assessment
C. Active information gathering
D. Passive information gathering

Which system consists of a publicly available set of databases that contain domain name registration contact information?


A. WHOIS
B. IANA
C. CAPTCHA

D. IETF

Which of the following techniques will identify if computer files have been changed?


A. Network sniffing
B. Permission sets
C. Integrity checking hashes
D. Firewall alerts

A company has publicly hosted web applications and an internal Intranet protected by a firewall. Which technique will help protect against enumeration?


A. Reject all invalid email received via SMTP.
B. Allow full DNS zone transfers.
C. Remove A records for internal hosts.
D. Enable null session pipes.

When utilizing technical assessment methods to assess the security posture of a network, which of the following techniques would be most effective in determining whether end-user security training would be beneficial?


A. Vulnerability scanning
B. Social engineering
C. Application security testing
D. Network sniffing

Which of the following is a component of a risk assessment?


A. Physical security
B. Administrative safeguards
C. DMZ
D. Logical interface

Which of the following is a detective control?


A. Smart card authentication
B. Security policy
C. Audit trail
D. Continuity of operations plan

A penetration tester is hired to do a risk assessment of a company's DMZ. The rules of engagement states that the penetration test be done from an external IP address with no prior knowledge of the internal IT systems. What kind of test is being performed?


A. white box
B. grey box
C. red box
D. black box

Which of the following lists are valid data-gathering activities associated with a risk assessment?


A. Threat identification, vulnerability identification, control analysis
B. Threat identification, response identification, mitigation identification
C. Attack profile, defense profile, loss profile
D. System profile, vulnerability identification, security determination

What type of OS fingerprinting technique sends specially crafted packets to the remote OS and analyzes the received response?


A. Passive
B. Reflective
C. Active
D. Distributive