Correct Answer:

High interaction is correct. A so-called “high-interaction” honeypot simulates all services of a target network, including applications the attacker might assume are in play.

Incorrect Answers:

Low interaction, pure, and evil twin are incorrect.

Low-interaction honeypots simulate only a limited amount of target services.

Pure honeypots emulate the entirety of a real production network.

Evil twin is a wireless attack method.

Correct Answer:

grep is correct.

Per grep’s man page, grep searches a file for lines containing a match to a given pattern. By default, grep prints the matching lines. In addition, two variant programs are available: egrep is the same as grep -E (interprets the pattern as an extended regular expression), and fgrep is the same as grep -F (allows you to use a list of fixed strings—any of which will be matched). Direct invocation as either egrep or fgrep is deprecated but is provided to allow historical applications that rely on them to run unmodified.

Incorrect Answers:

cat, chmod, and search are incorrect.

The cat command reads a file to screen (or output to whatever you want), chmod changes permissions, and search does not exist.

Correct Answer:

Mobile based is correct.

Mobile-based social engineering uses mobile device technology.

Incorrect Answers:

Human based, computer based, and technology based are incorrect.

The other two methods are human based and computer based.

Technology based is not a valid term.

Correct Answer:

Self-signed is correct.

A self-signed certificate is one created and signed by the entity internally and never intended to be used in any other situation or circumstance—a self-signed certificate is one signed with its own private key. These certificates are generally used inside an intranet because their identity cannot be validated by a third party.

Incorrect Answers:

Signed, remote signed, and in-place signed are incorrect.

Signed certificates generally indicate a CA is involved, and the signature validating the identity of the entity is confirmed via an external source—in some instances a validation authority (VA). Signed certificates, as opposed to self-signed certificates, can be trusted: assuming the CA chain is validated and not corrupted, it’s good everywhere.

Remote signed and in-place signed are not valid terms.

Correct Answer:

< is correct.

You don’t need to be a coder to pass this exam, but you do need to know some basics. HTML entities are used within code to clean things up and make the appearance of the website better. The < entity creates the less-than symbol on the page. As a hint, the “l” and the “t” should give this one away.

Incorrect Answers:

&, >, and none of the above. There is no HTML entity for less-than are incorrect.

& presents the ampersand (&) sign, and > is for the greater-than (>) symbol.

Correct Answer:

Insecure Network Services is correct.

Insecure Network Services are unneeded or insecure network services running on devices, especially those exposed to the Internet, that compromise the confidentiality, integrity/authenticity, or availability of information or allow unauthorized remote control.

Incorrect Answers:

Use of outdated components, insecure data transfer, and insecure data transfer are incorrect.

Use of insecure or outdated components could allow the device to be compromised. This includes insecure customization of operating system platforms as well as the use of third-party software or hardware components from a compromised supply chain.

Insecure data transfer is lack of encryption or access control of sensitive data anywhere within the ecosystem, including at rest, in transit, or during processing.

Insufficient privacy protection is when a user’s personal information stored on the device or in the ecosystem is used insecurely, improperly, or without permission.

Correct Answer:

Site:sample.com filetype:xls username password is correct.

Of the answers provided, this matches the correct syntax of what is being searched for.

Incorrect Answers:

Site:sample.com file:xls username password, domain:sample.com file:inurl username password, and inurl:xls password site:sample.com are incorrect.

The remaining answers do not match the syntax required for the search.

Correct Answer:

XSS is correct.

This is a classic (albeit simple) demonstration of a cross-site scripting (XSS) attack.

Incorrect Answers:

SQL injection, buffer overflow, and directory traversal are incorrect.

The actions taken do not indicate SQL injection (which would have shown query language), buffer overflow (which would be blatantly obvious from the entry field), or directory traversal (which uses the URL and the “dot-slash” method).

Correct Answer:

A disgruntled employee is correct.

The internal disgruntled employee represents the biggest risk to your organization. And as easy as this is to remember, you’ll definitely get asked about it on the exam.

Incorrect Answers:

Script kiddies, phishing, and a white-hat attacker are incorrect.

Script kiddies are novice hackers who rely on tools and luck.

Phishing is an e-mail social engineering attack.

A white-hat attacker would be an ethical hacker as part of an assessment.

Correct Answer:

An attacker leverages a victim’s authenticated connection to send requests of the attacker’s choosing to the target site is correct. Session riding is, in effect, simply CSRF under a different name and deals with cloud services instead of traditional data centers.

Incorrect Answers:

An attacker gains control of an existing VM (or places his own) on the same physical host as the target, an attacker inputs scripts into a web form field, and An attacker performs comparisons of encrypted documents to read messages are incorrect.

These answers describe other attack vectors.