Correct Answer:

Bring statistical information to the table, showing the risks of poor network security as well as the use of pen testing by industry and government agencies alike is correct.

Ethically, this is the only choice that makes any sense. You can’t do anything without an agreement in place first, and it’s your job to convince the potential client they need it.

Incorrect Answers:

Show pen test results from other assessments and explain the value those customers received, perform a partial pen test and show the customer what you’ve found with minimal effort, and find a single security vulnerability and exploit it, thus proving pen testing is necessary are incorrect.

Each of these answers—although funny and providing some satisfaction for the “See, I told you so!” crowd among us—is highly unethical.

Correct Answer:

Dragonblood vulnerability is correct.

“Dragonblood” is actually a set of five vulnerabilities (a DoS attack, two downgrade attacks, and two side-channel leaks) that impact the WPA3 Wi-Fi security and authentication standard. These vulnerabilities may allow an attacker who is in range to recover the Wi-Fi password and infiltrate the target’s network.

Incorrect Answers:

Cross-site request forgery, KerbKrack, and De-auth attack are incorrect.

Cross-site request forgery (CSRF, aka one-click attack or session riding) is an exploit of a website (unauthorized commands are submitted from a user the web application trusts).

KerbKrack is an older tool used to crack Kerberos hashes.

A de-auth attack is used to disassociate a client from an access point (AP) in hopes the resulting traffic provides enough data to pull the WEP key.

Correct Answer:

Rapid application development is correct.

Platform as a Service (PaaS) is geared toward software development because it provides a development platform that allows subscribers to develop applications without building the infrastructure it would normally take to develop and launch software. PaaS vastly speeds up the availability of servers, databases, and other components used by developers since they are hosted in a cloud and available within minutes.

Incorrect Answers:

Extended network bandwidth, lower network latency, and software distribution are incorrect.

A cloud—any cloud—cannot necessarily guarantee better bandwidth and less latency.

Software distribution is a primary benefit of SaaS, not PaaS.

Correct Answers:

The packet capture will provide the MAC addresses of other machines connected to the switch, the packet capture will display all unicast messages intended for the laptop, and the packet capture will display all broadcast messages are correct.

Switches are designed to filter traffic—that is, they send traffic intended for a destination MAC only to the port that holds the MAC address as an attached host. The exception, however, is broadcast traffic and multicast traffic, which get sent out every port. Because ARP is broadcast in nature, all machines’ ARP messages would be viewable.

Incorrect Answers:

The packet capture will only provide the MAC addresses of the laptop and the default gateway, and the packet capture will display all traffic intended for the default gateway are incorrect.

The switch will filter traffic to the laptop, and MAC addresses will be available from the broadcast ARPs.

Correct Answer:

There are two AD-integrated external DNS servers for Internet domains is correct.

There is no need to have an AD-integrated server of any type external to your network, much less DNS boxes.

Incorrect Answers:

External DNS is done by an ISP, internal AD-integrated DNS servers are using private, unregistered DNS names, and the internal network uses private IP addresses are incorrect.

Many organizations rely on external DNS resolution through a provider. Using private, unregistered names should reduce the company’s risk, and using private IP addresses should reduce the company’s network risk.

Correct Answer:

A parameter-manipulation attack attempt is correct.

Parameter tampering or parameter manipulation (aka URL tampering) is an attack where the hacker searches a URL string for parameters that can be adjusted. These entries are then manipulated within the URL string in hopes of modifying data, such as permissions and elevation of privilege, prices and quantities of goods, and credentials. On your exam, this will show when an attacker simply changes some of the entries on the URL itself, and will most often be a price or an account. In this example, it appears the attacker may be attempting to change a price.

Incorrect Answers:

A cross-site scripting attack attempt, a SQL injection attempt, and a directory traversal attempt are incorrect.

There is no indication of cross-site scripting (which would be inside the form, anyway) or SQL injection (no query language).

No directory traversal appears either (the dot-slash would be a giveaway).

Correct Answer:

UTF-8 is correct.

In 1992, lots of work started on streamlining Unicode transmission, since Unicode needed to be compatible with ASCII for transmission over the Internet. In January of 1993, UTF-8 was presented officially at the USENIX conference in San Diego to solve this problem. It was developed to encode UTF characters in a way that could be accepted and decoded by ASCII systems. Per Google, UTF-8 is the dominant character encoding on the Web.

Incorrect Answers:

XOR, EBCDIC, and UTF-16 are incorrect.

XOR is a logic gate comparing two inputs.

EBCDIC (Extended Binary Coded Decimal Interchange Code) is a binary code for alphabetic and numeric characters.

UTF-16 is a distractor.

Correct Answer:

NetStumbler can be installed on Windows is correct.

NetStumbler is a Windows tool. It can detect wireless traffic on 802.11a, b, and g networks but not on 802.11n networks.

Incorrect Answers:

NetStumbler can be installed on Linux, NetStumbler can be installed on macOS, and NetStumbler can run in monitor mode are incorrect.

NetStumbler can’t be installed on anything but Windows. Additionally, it doesn’t support monitor mode (used in passive scanning).

Correct Answer:

nmap -sS -PT -PI -O -T1 <ip address> is correct.

The T switch indicates the speed at which the scan runs (higher is faster). The T1 switch slows the scan down tremendously.

Incorrect Answers:

nmap -sF -P0 -O <ip address>, nmap -sF -PT -PI -O <ip address>, and nmap -sO -PT -O -C5 <ip address> are incorrect.

The remaining scans either have poor syntax (C5 switch) or do not address speed/stealth.

Correct Answer:

Man in the middle is correct.

This correctly describes a man-in-the-middle attack. The idea of a man-in-the-middle attack is to maintain the communications channel between the two entities in hopes of sniffing valuable data.

Incorrect Answers:

Polymorphic, proxy sitter, and session hijacking are incorrect.

Polymorphic is a virus type.

Proxy sitter is a distractor.

Session hijacking would have knocked one of the participants out of the communications channel.