Question 1

What is the minimum number of network connections needed for a multi-homed firewall?

1. 2 (Correct answer)
2. 4
3. 5
4. 3

Question 2

The company secretly hired hacker Ivan to attack its competitors before a major tender. Ivan did not
start with complex technological attacks but decided to hit the employees and their reputation. To do
this, he collected personal information about key employees of a competitor company. Then he
began to distribute it in the open form on the Internet by adding false information about past racist
statements of employees. As a result of the scandal in social networks and the censure of employees,
competitors lost the opportunity to win the tender, and Ivan's work was done. What is the name of
this form of attack?

1. Vishing
2. Daisy-chaining
3. Piggybacking
4. Doxing (Correct answer)

Question 3

There are different ways of pentest of a system, network, or application in information security based
on how much information you have about the target. There's black box testing, white box testing,
and gray box testing. Which of the statements is true about grey-box testing?

1. The tester only partially knows the internal structure. (Correct answer)
2. The tester is unaware of the internal structure.
3. The tester has full access to the internal structure.
4. The tester does not have access at all.

Question 4

Identify which of the following will provide you with the most information about the system's
security posture?

1. Social engineering, company site browsing, tailgating

2. Wardriving, warchalking, social engineering
3. Port scanning, banner grabbing, service identification (Correct answer)
4. Phishing, spamming, sending trojans

pg. 1
DataSpace Academy
Question 5

Which of the following best describes of counter-based authentication system?

1. An authentication system that bases authentication decisions on physical attributes.

2. An authentication system that uses passphrases that are converted into virtual passwords.
3. An authentication system that bases authentication decisions on behavioural attributes.
4. An authentication system that creates one-time passwords that are encrypted with secret
keys. (Correct answer)

Question 6

Which of the following stops vehicles from crashing through the doors of a building?

1. Traffic barrier
2. Mantrap
3. Bollards (Correct answer)
4. Turnstile

Question 7

Which of the following is correct?

1. Sniffers operate on both Layer 2 & Layer 3 of the OSI model.

2. Sniffers operate on Layer 3 of the OSI model.
3. Sniffers operate on Layer 2 of the OSI model. (Correct answer)
4. Sniffers operate on Layer 4 of the OSI model.

Question 8

You need to conduct a technical assessment of the network for a small company that supplies
medical services. All computers in the company use Windows OS. What is the best approach for
discovering vulnerabilities?

1. Use a scan tool like Nessus. (Correct answer)

2. Create a disk image of a clean Windows installation.
3. Use the built-in Windows Update tool.
4. Check MITRE.org for the latest list of CVE findings.

pg. 2
DataSpace Academy
Question 9

The fraudster Lisandro, masquerading as a large car manufacturing company recruiter, massively
sends out job offers via e-mail with the promise of a good salary, a friendly team, unlimited coffee,
and medical insurance. He attaches Microsoft Word or Excel documents to his letters into which he
embeds a special virus written in Visual Basic that runs when the document is opened and infects the
victim's computer. What type of virus does Lisandro use?

1. Polymorphic code
2. Macro virus (Correct answer)
3. Multipart virus
4. Stealth virus

Question 10

Identify the attack by the description:

It is the wireless version of the phishing scam. This is an attack-type for a rogue Wi-Fi access point
that appears to be a legitimate one offered on the premises but has been set up to eavesdrop on
wireless communications.

When performing this attack, an attacker fools wireless users into connecting a device to a tainted
hotspot by posing as a legitimate provider.

This type of attack may be used to steal the passwords of unsuspecting users by either snooping the
communication link or by phishing, which involves setting up a fraudulent website and luring people
there.

1. Signal Jamming
2. Sinkhole
3. Collision
4. Evil Twin (Correct answer)

Question 11

The ping utility is used to check the integrity and quality of connections in networks. In the process, it
sends an ICMP Echo-Request and captures the incoming ICMP Echo-Reply, but quite often remote
nodes block or ignore ICMP. Which of the options will solve this problem?

1. Use hping (Correct answer)

2. Use arping
3. Use traceroute
4. Use broadcast ping

pg. 3
DataSpace Academy
Question 12

Shortly after replacing the outdated equipment, John, the company's system administrator,
discovered a leak of critical customer information. Moreover, among the stolen data was the new
user’s information that excludes incorrect disposal of old equipment. IDS did not notice the intrusion,
and the logging system shows that valid credentials were used. Which of the following is most likely
the cause of this problem?

1. Default Credential (Correct answer)

2. Zero-day vulnerabilities
3. NSA backdoor
4. Industrial Espionage

Question 13

The network elements of the telecom operator are located in the data center under the protection of
firewalls and intrusion prevention systems. Which of the following is true for additional security
measures?

1. No additional measures are required since attacks and downtime are inevitable, and a
backup site is required.
2. Firewalls and intrusion detection systems are sufficient to ensure complete security.
3. No additional measures are required, since the attacker does not have physical access to the
data center equipment.
4. Periodic security checks and audits are required. Access to network elements should be
provided by user IDs with strong passwords. (Correct answer)

Question 14

When choosing a biometric system for your company, you should take into account the factors of
system performance and whether they are suitable for you or not. What determines such a factor as
the throughput rate?

1. The probability that the system incorrectly matches the input pattern to a non-matching
template in the database.
2. The probability that the system fails to detect a biometric input when presented correctly.
3. The data collection speeds, data processing speed, or enrolment time. (Correct answer)
4. The maximum number of sets of data that can be stored in the system.

pg. 4
DataSpace Academy
Question 15

NIST defines risk management as the process of identifying, assessing, and controlling threats to an
organization's capital and earnings. But what is the "risk" itself?

1. Weakness in an information system, system security procedures, internal controls, or

implementation that could be exploited or triggered by a threat source.
2. An occurrence that actually or potentially jeopardizes the confidentiality, integrity, or
availability of an information system.
3. Potential that a threat will exploit vulnerabilities of an asset or group of assets. (Correct
answer)
4. The unauthorized disclosure, modification, or use of sensitive data.

Question 16

How can resist an attack using rainbow tables?

1. All uppercase character passwords.

2. Lockout accounts under brute force password cracking attempts.
3. Use of non-dictionary words.
4. Use password salting. (Correct answer)

Question 17

The attacker managed to gain access to Shellshock, and now he can execute arbitrary commands and
gain unauthorized access to many Internet-facing services. Which of the following operating system
can't be affected by an attacker yet?

1. Unix
2. Windows (Correct answer)
3. Linux
4. OS X

Question 18

Which of the following is a Denial-of-service vulnerability for which security patches have not yet
been released, or there is no effective means of protection?

1. APDoS
2. Smurf
3. Zero-Day (Correct answer)
4. Yo-yo

pg. 5
DataSpace Academy
Question 19

The company is trying to prevent the security breach by applying a security policy in which all Web
browsers must automatically delete their HTTP browser cookies upon termination. Identify the
security breach that the company is trying to prevent?

1. Attempts by attackers to access websites that trust the Web browser user by stealing the
employee's authentication credentials. (Correct answer)
2. Attempts by attackers to determine the employee's web browser usage patterns.
3. Attempts by attackers to access passwords stored on the employee's computer.
4. Attempts by attackers to access the user and password information stored in the company's
SQL database.

Question 20

Identify the type of DNS configuration in which first DNS server on the internal network and second
DNS in DMZ?

1. EDNS
2. DNSSEC
3. Split DNS (Correct answer)
4. DynDNS

Question 21

Which of the following is true about the AES and RSA encryption algorithms?

1. RSA is asymmetric, which is used to create a public/private key pair; AES is symmetric, which
is used to encrypt data. (Correct answer)
2. AES is asymmetric, which is used to create a public/private key pair; RSA is symmetric, which
is used to encrypt data.
3. Both are symmetric algorithms, but AES uses 256-bit keys.
4. Both are asymmetric algorithms, but RSA uses 1024-bit keys.

Question 22

Which of the following nmap options can be used for very fast scanning?

1. -T5 (Correct answer)

2. -O
3. -T4
4. -T0

pg. 6
DataSpace Academy
Question 23

In what type of testing does the tester have some information about the internal work of the
application?

1. Grey-box (Correct answer)

2. Black-box
3. Announced
4. White-box

Question 24

When getting information about the web server, you should be familiar with methods GET, POST,
HEAD, PUT, DELETE, TRACE. There are two critical methods in this list: PUT (upload a file to the
server) and DELETE (delete a file from the server). When using nmap, you can detect all these
methods. Which of the following nmap scripts will help you detect these methods?

1. http-headers
2. http-methods (Correct answer)
3. http enum
4. http ETag

Question 25

Identify a tool that can be used for passive OS fingerprinting?

1. Tracert
2. Nmap
3. Ping
4. Tcpdump (Correct answer)

Question 26

What Linux command will you use to resolve a domain name into an IP address?

1. host -t AXFR resolveddomain.com

2. host -t ns resolveddomain.com
3. host -t soa resolveddomain.com
4. host -t a resolveddomain.com (Correct answer)

pg. 7
DataSpace Academy
Question 27

In which phase of the ethical hacking process can Google hacking be used?

For example:

allintitle: root passwd

1. Scanning and Enumeration

2. Maintaining Access
3. Reconnaissance (Correct answer)
4. Gaining Access

Question 28

What is the name of the practice of collecting information from published or otherwise publicly
available sources?

1. Artificial intelligence
2. Open-source intelligence (Correct answer)
3. Human intelligence
4. Social intelligence

Question 29

Enumeration is a process which establishes an active connection to the target hosts to discover
potential attack vectors in the system, and the same can be used for further exploitation of the
system. What type of enumeration is used to get shared resources on individual hosts on the
network and a list of computers belonging to the domain?

1. SMTP enumeration
2. SNMP enumeration
3. Netbios enumeration (Correct answer)
4. NTP enumeration

Question 30

In what type of attack does the attacker forge the sender's IP address to gain access to protected
systems and confidential data?

1. Source Routing
2. IP fragmentation attack
3. IP Spoofing (Correct answer)
4. IP forwarding

pg. 8
DataSpace Academy
Question 31

Gabriella uses Google search operators, which allow you to optimize and expand the capabilities of
regular search. What will be the result of this request?

site:eccouncil.org discount -ilearn

1. Results about all discounts from the site eccouncil.org except for the ilearn format. (Correct
answer)
2. Results about all discounts from the site ec-council.org for the ilearn training format.
3. Results from the ec-council website except for discounts and the ilearn format.
4. The results that match the entire query.

Question 32

Ivan, a black-hat hacker, performs a man-in-the-middle attack. To do this, it uses a rogue wireless AP
and embeds a malicious applet in all HTTP connections. When the victims went to any web page, the
applet ran. Which of the following tools could Ivan probably use to inject HTML code?

1. Ettercap (Correct answer)

2. Wireshark
3. Aircrack-ng
4. tcpdump

Question 33

Your company regularly conducts backups of critical servers but cannot afford them to be sent off-
site vendors for long-term storage and archiving. The company found a temporary solution in the
form of storing backups in the company's safe. During the next audit, there was a risk associated with
the fact that backup storages are not stored off-site. The company manager has a plan to take the
backup storages home with him and wants to know what two things he can do to secure the backup
tapes while in transit?

1. Encrypt the backup tapes and transport them in a lockbox. (Correct answer)
2. Encrypt the backup tapes and use a courier to transport them.
3. Hash the backup tapes and transport them in a lockbox.
4. Degauss the backup tapes and transport them in a lockbox.

pg. 9
DataSpace Academy
Question 34

The analyst needs to evaluate the possible threats to Blackberry phones for third-party company. To
do this, he will use the Blackjacking attack method to demonstrate how an attacker could circumvent
perimeter defences and gain access to the corporate network. Which of the following tools is best
suited for the analyst for this task?

1. Paros Proxy
2. BBCrack
3. Blooover
4. BBProxy (Correct answer)

Question 35

To protect the enterprise infrastructure from the constant attacks of the evil hacker Ivan, Viktor
divided the network into two parts using the network segmentation approach.

· In the first one (local, without direct Internet access), he isolated business-critical resources.

· In the second (external, with Internet access), he placed public web servers to provide services to
clients.

Subnets communicate with each other through a gateway protected by a firewall. What is the name
of the external subnet?

1. WAF
2. Demilitarized Zone (Correct answer)
3. Bastion host
4. Network access control

Question 36

Alex, an employee of a law firm, receives an email with an attachment

"Court_Notice_09082020.zip". There is a file inside the archive "Court_Notice_09082020.zip.exe".
Alex does not notice that this is an executable file and runs it. After that, a window appears with the
notification "This word document is corrupt" and at the same time, malware copies data to
APPDATA\local directory takes place in the background and begins to beacon to a C2 server to
download additional malicious binaries. What type of malware has Alex encountered?

1. Key-Logger
2. Trojan (Correct answer)
3. Worm
4. Macro Virus

pg. 10
DataSpace Academy
Question 37

Victims of DoS attacks often are web servers of high-profile organizations such as banking,
commerce, media companies, or government and trade organizations. Which of the following
symptom could indicate a DoS or DDoS attack?

1. An inability to access any website (Correct answer)

2. Misbehaviour of computer programs and application.
3. Unknown programs running on your system.
4. Damage and corrupt files.

Question 38

Black-hat hacker Ivan created a fraudulent website to steal users' credentials. What of the proposed
tasks does he need to perform so that users are redirected to a fake one when entering the domain
name of a real site?

1. SMS phishing
2. MAC Flooding
3. ARP Poisoning
4. DNS spoofing (Correct answer)

Question 39

The evil hacker Ivan wants to attack the popular air ticket sales service. After careful study, he
discovered that the web application is vulnerable to introduced malicious JavaScript code through
the application form. This code does not cause any harm to the server itself, but when executed on
the client's computer, it can steal his personal data. What kind of attack is Ivan preparing to use?

1. XSS (Correct answer)

2. LDAP Injection
3. SQL injection
4. CSRF

Question 40

ISAPI filters is a powerful tool that is used to extend the functionality of IIS. However, improper use
can cause huge harm. Why do EC-Council experts recommend that security analysts monitor the
disabling of unused ISAPI filters?

1. To defend against webserver attacks (Correct answer)

2. To prevent leaks of confidential data
3. To defend against wireless attacks
4. To prevent memory leaks

pg. 11
DataSpace Academy
Question 41

The absolute majority of routers and switches use packet filtering firewalls. That kind of firewalls
makes decisions about allowing traffic to pass into the network based on the information contained
in the packet header. At what level of the OSI model do these firewalls work?

1. Application layer
2. Network layer (Correct answer)
3. Physical layer
4. Session layer

Question 42

Identify the attack where the hacker uses the ciphertexts corresponding to a set of plaintexts of his
own choosing?

1. Chosen-plaintext (Correct answer)

2. Known-plaintext attack
3. Differential cryptanalysis
4. Kasiski examination

Question 43

Which of the following components of IPsec provides confidentiality for the content of packets?

1. ISAKMP
2. AH
3. ESP (Correct answer)
4. IKE

Question 44

Identify the structure designed to verify and authenticate the identity of individuals within the
enterprise taking part in a data exchange?

1. single sign-on
2. PKI (Correct answer)
3. Biometrics
4. SOA

pg. 12
DataSpace Academy
Question 45

Transmission Control Protocol accepts data from a data stream, divides it into chunks, and adds a TCP
header creating a TCP segment. A TCP segment consists of a segment header and a data section. The
segment header contains 10 mandatory fields and an optional extension field. Which of the
suggested fields is not included in the TCP segment header?

1. Sequence Number
2. Source Port
3. Checksum
4. Source IP address (Correct answer)

Question 46

Which of the following services run on TCP port 123 by default?

1. Telnet
2. POP3
3. NTP (Correct answer)
4. DNS

Question 47

Identify which term corresponds to the following description:

It is can potentially adversely impact a system through unauthorized access, destruction, disclosure,
denial of service or modification of data.

1. Risk
2. Attack
3. Threat (Correct answer)
4. Vulnerability

Question 48

As a result of the attack on the dating web service, Ivan received a dump of all user passwords in a
hashed form. Ivan recognized the hashing algorithm and started identifying passwords. What tool is
he most likely going to use if the service used hashing without salt?

1. Brute force
2. Rainbow table (Correct answer)
3. XSS
4. Dictionary attacks

pg. 13
DataSpace Academy
Question 49

Leonardo, an employee of a cybersecurity firm, conducts an audit for a third-party company. First of
all, he plans to run a scanning that looks for common misconfigurations and outdated software
versions. Which of the following tools is most likely to be used by Leonardo?

1. Metasploit
2. Armitage
3. Nmap
4. Nikto (Correct answer)

Question 50

Sniffing is a process of monitoring and capturing all data packets passing through a given network. An
intruder can capture and analyze all network traffic by placing a packet sniffer on a network in
promiscuous mode. Sniffing can be either Active or Passive in nature. How does passive sniffing
work?

1. This is the process of sniffing through the switch.

2. This is the process of sniffing through the router.
3. This is the process of sniffing through the hub. (Correct answer)
4. This is the process of sniffing through the gateway.

Question 51

Which of the following method of password cracking takes the most time?

1. Shoulder surfing
2. Brute force (Correct answer)
3. Dictionary attack
4. Rainbow tables

Question 52

An attacker stole financial information from a bank by compromising only a single server. After that,
the bank decided to hire a third-party organization to conduct a full security assessment.
Cybersecurity specialists have been provided with information about this case, and they need to
provide an initial recommendation. Which of the following will be the best recommendation?

1. Require all employees to change their passwords immediately.

2. Issue new certificates to the web servers from the root certificate authority.
3. Place a front-end web server in a demilitarized zone that only handles external web traffic.
(Correct answer)
4. Move the financial data to another server on the same IP subnet.

pg. 14
DataSpace Academy
Question 53

Jenny, a pentester, conducts events to detect viruses in systems. She uses a detection method where
the anti-virus executes the malicious codes on a virtual machine to simulate CPU and memory
activities. Which of the following methods does Jenny use?

1. Code Emulation. (Correct answer)

2. Vulnerability scanner.
3. Integrity checking.
4. Heuristic Analysis.

Question 54

Which of the following best describes the operation of the Address Resolution Protocol?

1. It sends a request packet to all the network elements, asking for the MAC address from a
specific IP. (Correct answer)
2. It sends a reply packet to all the network elements, asking for the MAC address from a
specific IP.
3. It sends a reply packet for a specific IP, asking for the MAC address.
4. It sends a request packet to all the network elements, asking for the domain name from a
specific IP.

Question 55

Evil Russian hacker Ivan is attacking again! This time, he got a job in a large American company to
steal commercial information for his customer to gain a competitive advantage in the market. In his
attack, Ivan used all available means, especially blackmail, bribery, and technological surveillance.
What is the name of such an attack?

1. Social Engineering
2. Business Loss
3. Corporate Espionage (Correct answer)
4. Information Leakage

Question 56

Monitoring your company’s assets is one of the most important jobs you can perform. What
warnings should you try to reduce when configuring security tools, such as security information and
event management (SIEM) solutions or intrusion detection systems (IDS)?

1. True Positives and True Negatives

2. Only True Negatives
3. Only False Positives
4. False Positives and False Negatives (Correct answer)

pg. 15
DataSpace Academy
Question 57

Which of the following type of hackers refers to an individual who works both offensively and
defensively?

1. Suicide Hacker
2. White Hat
3. Gray Hat (Correct answer)
4. Black Hat

Question 58

While performing online banking using a browser, your friend receives a message that contains a link
to a website. He decides to click on this link, and another browser session starts and displays a funny
video. A few hours later, he receives a letter from the bank stating that his online bank was visited
from another country and tried to transfer money. The bank also asks him to contact them and
confirm the transfer if he really made it. What vulnerability did the attacker use when attacking your
friend?

1. Cross-Site Scripting
2. Clickjacking
3. Webform input validation
4. Cross-Site Request Forgery (Correct answer)

Question 59

Having a sufficient database of passwords, you can use statistical analysis of the list of words, you can
create a very effective way to crack passwords for such tools as, for example, John The Ripper. Which
of the attacks uses such an analysis to calculate the probability of placing characters in a quasi-brute
attack?

1. Fingerprint
2. Markov Chain (Correct answer)
3. Prince
4. Toggle-Case

Question 60

What flags will be set when scanning when using the following command:

#nmap -sX host.companydomain.com

1. SYN and ACK flags are set.

2. URG, PUSH and FIN are set. (Correct answer)
3. SYN flag is set.
4. ACK flag is set.

pg. 16
DataSpace Academy
Question 61

One of the most popular tools in the pentester's arsenal - John the Ripper is designed for...

1. Automation of the process of detecting and exploiting the SQL injection vulnerability.
2. Search for various default and insecure files, configurations, and programs on any type of
web servers.
3. Discover hosts and services on a computer network by sending packets and analyzing the
responses.
4. Test password strength, brute-force encrypted or hashed passwords, and crack passwords via
dictionary attacks. (Correct answer)

Question 62

Alex works as a network administrator at ClassicUniversity. There are many Ethernet ports are
available for professors and authorized visitors (but not for students) on the university campus.

However, Alex realized that some students connect their notebooks to the wired network to have
Internet access. He identified this when the IDS alerted for malware activities in the network. What
should Alex do to avoid this problem?

1. Ask students to use the wireless network.

2. Use the 802.1x protocol. (Correct answer)
3. Disable unused ports in the switches.
4. Separate students in a different VLAN.

Question 63

Assume an attacker gained access to the internal network of a small company and launches a
successful STP manipulation attack. What are his next steps?

1. He will create a SPAN entry on the spoofed root bridge and redirect traffic to his computer.
(Correct answer)
2. He will repeat the same attack against all L2 switches of the network.
3. He will activate OSPF on the spoofed root bridge.
4. He will repeat this action so that it escalates to a DoS attack.

Question 64

What is the first and most important phase that is the starting point for penetration testing in the
work of an ethical hacker?

1. Reconnaissance (Correct answer)

2. Maintaining Access
3. Scanning
4. Gaining Access

pg. 17
DataSpace Academy
Question 65

Alex, a cybersecurity science student, needs to fill in the information into a secured PDF-file job
application received from a prospective employer. He can't enter the information because all the
fields are blocked. He doesn't want to request a new document that allows the forms to be
completed and decides to write a script that pulls passwords from a list of commonly used passwords
to try against the secured PDF until the correct password is found or the list is exhausted. Which
attack is the student attempting?

1. Brute-force attack
2. Man-in-the-middle attack
3. Dictionary-attack (Correct answer)
4. Session hijacking

Question 66

Identify a security policy that defines using of a VPN for gaining access to an internal corporate
network?

1. Network security policy

2. Information protection policy
3. Remote access policy (Correct answer)
4. Access control policy

Question 67

Due to the network slowdown, the IT department decided to monitor the Internet traffic of all
employees to track a possible cause, but they can't do it immediately. Which of the following is
troublesome to take this kind of measure from a legal point of view?

1. The absence of an official responsible for traffic on the network.

2. Lack of comfortable working conditions.
3. All of the employees would stop normal work activities.
4. Not informing the employees that they are going to be monitored could be an invasion of
privacy. (Correct answer)

Question 68

Jack needs to analyze the files produced by several packet-capture programs such as Wireshark,
tcpdump, EtherPeek and WinDump. Which of the following tools will Jack use?

1. OpenVAS
2. Tcptrace (Correct answer)
3. Tcptraceroute
4. Nessus

pg. 18
DataSpace Academy
Question 69

What is the name of the risk assessment method that allows you to study how various types of
negative events (violations, failures or destructions) can affect the main activities of the company
and key business processes?

1. Risk Mitigation
2. Business Impact Analysis (BIA) (Correct answer)
3. Emergency Plan Response (EPR)
4. Disaster Recovery Planning (DRP)

Question 70

A rootkit is a clandestine computer program designed to provide continued privileged access to a

computer while actively hiding its presence. They are classified according to the place of their
injection.

What type of rootkit loads itself underneath the computer’s operating system and can intercept
hardware calls made by the original operating system.

1. Kernel mode rootkits

2. Hypervisor (Virtualized) Rootkits (Correct answer)
3. Memory rootkit
4. Application rootkit

Question 71

Identify the way to achieve chip-level security of an IoT device?

1. Closing insecure network services

2. Turning off the device when not needed or not in use
3. Encrypting the JTAG interface (Correct answer)
4. Changing the password of the router

Question 72

An attacker gained access to a Linux host and stolen the password file from /etc/passwd. Which of
the following scenarios best describes what an attacker can do with this file?

1. The attacker can perform actions as root because the file reveals the passwords to the root
user only.
2. The attacker can perform actions as a user because he can open it and read the user ids and
corresponding passwords.
3. Nothing because the password file does not contain the passwords themselves. (Correct
answer)
4. Nothing because he cannot read the file because it is encrypted.

pg. 19
DataSpace Academy
Question 73

To send an email using SMTP protocol which does not encrypt messages and leaving the information
vulnerable to being read by an unauthorized person. To solve this problem, SMTP can upgrade a
connection between two mail servers to use TLS, and the transmitted emails will be encrypted.
Which of the following commands is used by SMTP to transmit email over TLS?

1. OPPORTUNISTICTLS
2. STARTTLS (Correct answer)
3. FORCETLS
4. UPGRADETLS

Question 74

John needs to send a super-secret message, and for this, he wants to use the technique of hiding a
secret message within an ordinary message. The technique provides "security through obscurity."
Which of the following techniques will John use?

1. Digital watermarking
2. Encryption
3. Steganography (Correct answer)
4. Deniable encryption

Question 75

Organizations need to deploy a web-based software package that requires three separate servers
and internet access. What is the recommended architecture in terms of server placement?

1. A web server facing the Internet, an application server on the internal network, a database
server on the internal network. (Correct answer)
2. All three servers need to face the Internet so that they can communicate between
themselves.
3. A web server and the database server facing the Internet, an application server on the
internal network.
4. All three servers need to be placed internally.

Question 76

Lisandro is engaged in sending spam. To avoid blocking, he connects to incorrectly configured SMTP
servers that allow e-mail relay without authentication (which allows Lisandro to fake information
about the sender's identity). What is the name of such an SMTP server?

1. Public SMTP server.

2. Message transfer agent.
3. Open mail relay. (Correct answer)
4. Weak SMTP.

pg. 20
DataSpace Academy
Question 77

Lisandro is a novice fraudster, he uses special software purchased in the depths of the network for
sending his malware. This program allows it to deceive pattern-based detection mechanisms and
even some behavior-based ones, disguising malwares as harmless programs. What does Lisandro
use?

1. Ransomware
2. Payload
3. Crypter (Correct answer)
4. Dropper

Question 78

Implementing the security testing process early in the SDLC is the key to finding out and fixing the
security bugs early in the SDLC lifecycle. The security testing process can be performed in two ways,
Automated or Manual web application security testing. Which of the proposed statements is true?

1. Automatic testing requires a lot of money and is still very imperfect, so it cannot be used for
security
2. Neural networks and artificial intelligence are already used in new tools and do not require
additional actions
3. Manual testing is obsolete and should be completely replaced by automatic testing.
4. Automatic and manual testing should be used together to better cover potential problems
(Correct answer)

Question 79

Which of the following modes of IPSec should you use to assure integrity and confidentiality of data
within the same LAN?

1. ESP tunnel mode.

2. AH transport mode.
3. AH tunnel mode.
4. ESP transport mode. (Correct answer)

Question 80

Which of the following Linux-based tools will help you change any user's password or activate
disabled accounts if you have physical access to a Windows 2008 R2 and an Ubuntu 9.10 Linux
LiveCD?

1. SET
2. John the Ripper
3. CHNTPW (Correct answer)
4. Cain & Abel

pg. 21
DataSpace Academy
Question 81

A digital signature is the digital equivalent of a handwritten signature or stamped seal. It is intended
to solve the problem of tampering and impersonation in digital communications. Which of the
following option does a digital signature NOT provide?

1. Authentication
2. Confidentiality (Correct answer)
3. Integrity
4. Non-repudiation

Question 82

Maria, the leader of the Blue Team, wants to use network traffic analysis to implement the ability to
detect an intrusion in her network of several hosts quickly. Which tool is best suited to perform this
task?

1. HIDS
2. Honeypot
3. NIDS (Correct answer)
4. Firewalls

Question 83

What property is provided by using hash?

1. Authentication
2. Availability
3. Confidentiality
4. Integrity (Correct answer)

Question 84

An attacker tries to infect as many devices connected to the Internet with malware as possible to get
the opportunity to use their computing power and functionality for automated attacks hidden from
the owners of these devices. Which of the proposed approaches fits description of the attacker's
actions?

1. Creating a botnet (Correct answer)

2. Using Banking Trojans
3. APT attack
4. Mass distribution of Ransomware

pg. 22
DataSpace Academy
Question 85

John, a cybersecurity specialist, wants to perform a syn scan in his company's network. He has two
machines. The first machine (192.168.0.98) has snort installed, and the second machine
(192.168.0.151) has kiwi Syslog installed. When he started a syn scan in the network, he notices that
kiwi Syslog is not receiving the alert message from snort. He decides to run Wireshark in the snort
machine to check if the messages are going to the kiwi Syslog machine. What Wireshark filter will
show the connections from the snort machine to kiwi Syslog machine?

1. tcp.srcport==514 && ip.src==192.168.0.98

2. tcp.dstport==514 && ip.dst==192.168.0.151 (Correct answer)
3. tcp.srcport==514 && ip.src==192.168.151
4. tcp.dstport==514 && ip.dst==192.168.0.0/16

Question 86

Confidential information is stored and processed on your company's servers, however, auditing has
never been enabled. What of the following should be done before enabling the audit feature?

1. Allocate funds for staffing of audit log review.

2. Perform a cost/benefit analysis of the audit feature.
3. Determine the impact of enabling the audit feature. (Correct answer)
4. Perform a vulnerability scan of the system.

Question 87

Which of the following is a common IDS evasion technique?

1. Port knocking
2. Spyware
3. Subnetting
4. Unicode characters (Correct answer)

Question 88

In order to prevent collisions and protect password hashes from rainbow tables, Maria, the system
administrator, decides to add random data strings to the end of passwords before hashing. What is
the name of this technique?

1. Masking
2. Extra hashing
3. Stretching
4. Salting (Correct answer)

pg. 23
DataSpace Academy
Question 89

Rajesh, a black-hat hacker, could not find vulnerabilities in the target company's network since their
infrastructure is very well protected. IDS, firewall with strict rules, etc. He is trying to find such an
attack method independent of the reliability of the infrastructure of this company. Which attack is an
option suitable for Rajesh?

1. Confidence trick
2. Buffer Overflow
3. Denial-of-Service
4. Social Engineering (Correct answer)

Question 90

Buffer overflow mainly occurs when a created memory partition (or buffer) is written beyond its
intended boundaries. If an attacker manages to do this from outside the program, this can cause
security problems since it can potentially allow them to manipulate arbitrary memory cells, although
many modern operating systems protect against the worst cases of this. What programming
language is this example in?

1. C (Correct answer)
2. Java
3. HTML
4. SQL

Question 91

Which of the following is a vulnerability in modern processors such as Intel, AMD and ARM using
speculative execution?

1. Launch Daemon
2. Application Shimming
3. Spectre and Meltdown (Correct answer)
4. Named Pipe Impersonation

Question 92

Which of the following types of keys does the Heartbleed bug expose to the Internet, making
exploiting any compromised system very easy?

1. Public
2. Shared
3. Private (Correct answer)
4. Root

pg. 24
DataSpace Academy
Question 93

Which of the following is most useful for quickly checking for SQL injection vulnerability by sending a
special character to web applications?

1. Backslash
2. Double quotation
3. Semicolon
4. Single quotation (Correct answer)

Question 94

Which characteristic is most likely not to be used by companies in biometric control for use on the
company's territory?

1. Voice
2. Iris patterns
3. Height/Weight (Correct answer)
4. Fingerprints

Question 95

Identify a component of a risk assessment?

1. Logical interface
2. DMZ
3. Administrative safeguards (Correct answer)
4. Physical security

Question 96

Which of the following is an entity in a PKI that will vouch for the identity of an individual or
company?

1. KDC
2. VA
3. CA (Correct answer)
4. CR

pg. 25
DataSpace Academy
Question 97

What of the following is the most common method of using "ShellShock" or "Bash Bug"?

1. Using SYN Flood.

2. Manipulate format strings in text fields.
3. Through Web servers utilizing CGI to send a malformed environment variable. (Correct
answer)
4. Using SSH.

Question 98

The CIA Triad is a security model that highlights the main goals of data security and serves as a guide
for organizations to protect their confidential data from unauthorized access and data theft. What
are the three concepts of the CIA triad?

1. Transference, transformation and transcendence

2. Efficiency, equity and liberty
3. Confidentiality, integrity, and availability (Correct answer)
4. Comparison, reflection and abstraction

Question 99

Which of the following documents describes the specifics of the testing, the associated violations
and essentially protects both the organization's interest and third-party penetration tester?

1. Project Scope
2. Service Level Agreement
3. Rules of Engagement (Correct answer)
4. Non-Disclosure Agreement

Question 100

During the security audit, Gabriella used Wget to read exposed information from a remote server
and got this result:

What is the name of this method of obtaining information?

1. Banner grabbing (Correct answer)

2. Cross-site scripting
3. XML External Entities (XXE)
4. SQL injection

pg. 26
DataSpace Academy
Question 101

Which of the following is the most effective way against encryption ransomware?

1. Use the 3-2-1 backup rule. (Correct answer)

2. Analyze the ransomware to get the decryption key of encrypted data.
3. Pay a ransom.
4. Use multiple antivirus software.

Question 102

The Domain Name System (DNS) is the phonebook of the Internet. When a user tries to access a web
address like “example.com”, web browser or application performs a DNS Query against a DNS server,
supplying the hostname. The DNS server takes the hostname and resolves it into a numeric IP
address, which the web browser can connect to. Which of the proposed tools allows you to set
different DNS query types and poll arbitrarily specified servers?

1. Nikto
2. Metasploit
3. Wireshark
4. Nslookup (Correct answer)

Question 103

Alex, the system administrator, should check the firewall configuration. He knows that all traffic from
workstations must pass through the firewall to access the bank's website. Alex must ensure that
workstations in network 10.10.10.0/24 can only reach the bank website 10.20.20.1 using HTTPS.
Which of the following firewall rules best meets this requirement?

1. If (source matches 10.10.10.0/24 and destination matches 10.20.20.1 and port matches 443)
then permit (Correct answer)
2. If (source matches 10.20.20.1 and destination matches 10.10.10.0/24 and port matches 443)
then permit
3. If (source matches 10.10.10.0/24 and destination matches 10.20.20.1 and port matches 80
or 443) then permit
4. If (source matches 10.10.10.0 and destination matches 10.20.20.1 and port matches 443)
then permit

pg. 27
DataSpace Academy
Question 104

Identify the type of partial breaks in which the attacker discovers a functionally equivalent algorithm
for encryption and decryption, but without learning the key?

1. Global deduction. (Correct answer)

2. Instance deduction.
3. Information deduction.
4. Total break.

Question 105

You want to surf safely and anonymously on the Internet. Which of the following options will be best
for you?

1. Use Tor network with multi-node. (Correct answer)

2. Use VPN.
3. Use public WiFi.
4. Use SSL sites.

Question 106

What type of cryptography is used in IKE, SSL, and PGP?

1. Hash
2. Public Key (Correct answer)
3. Digest
4. Secret Key

Question 107

Identify a low-tech way of gaining unauthorized access to information?

1. Eavesdropping
2. Sniffing
3. Scanning
4. Social engineering (Correct answer)

pg. 28
DataSpace Academy
Question 108

Identify the type of attack according to the following scenario:

Ivan, a black-hat hacker, initiates an attack on a certain organization. In preparation for this attack, he
identified a well-known and trust website that employees of this company often use. In the next
step, Ivan embeds an exploit into the website that infects the target systems of employees when
using the website. After this preparation, he can only wait for the successful execution of his attack.

1. Watering Hole (Correct answer)

2. Spear Phishing
3. Shellshock
4. Heartbleed

Question 109

Alex, a network administrator, received a warning from IDS about a possibly malicious sequence of
packets sent to a Web server in the network's external DMZ. The packet traffic was captured by the
IDS and saved to a PCAP file. Now Alex needs to determine if these packets are genuinely malicious
or simply a false positive. Which of the following type of network tools will he use?

1. Intrusion Prevention System (IPS).

2. Protocol analyzer. (Correct answer)
3. Host-based intrusion prevention system (HIPS).
4. Vulnerability scanner.

Question 110

Which of the following is an access control mechanism that allows multiple systems to use a CAS that
permits users to authenticate once and gain access to multiple systems?

1. Role-Based Access Control (RBAC)

2. Single sign-on (Correct answer)
3. Mandatory access control (MAC)
4. Discretionary Access Control (DAC)

Question 111

Which mode of a NIC (interface) allows you to intercept and read each network packet that arrives in
its entirety?

1. Port forwarding
2. Simplex Mode
3. Multicast
4. Promiscuous mode (Correct answer)

pg. 29
DataSpace Academy
Question 112

The flexible SNMP architecture allows you to monitor and manage all network devices from a single
console. The data exchange is based on the Protocol Data Unit (PDU). There are 7 PDUs in the latest
version of the SNMP protocol. Which of them sends a notification about the past event immediately,
without waiting for the manager's request, and does not need confirmation of receipt?

1. GetNextRequest
2. InformRequest
3. GetRequest
4. Trap (Correct answer)

Question 113

Black-hat hacker Ivan wants to determine the status of ports on a remote host. He wants to do this
quickly but imperceptibly for IDS systems. For this, he uses a half-open scan that doesn’t complete
the TCP three-way handshake. What kind of scanning does Ivan use?

1. FIN scan
2. TCP SYN (Stealth) Scan (Correct answer)
3. XMAS scans
4. PSH Scan

Question 114

The attacker tries to find the servers of the attacked company. He uses the following command:

nmap 192.168.1.64/28

The scan was successful, but he didn't get any results.

Identify why the attacker could not find the server based on the following information:

The attacked company used network address 192.168.1.64 with mask 255.255.255.192. In the
network, the servers are in the addresses192.168.1.122, 192.168.1.123 and 192.168.1.124.

1. He needs to add the command ""ip address"" just before the IP address.
2. He needs to change the address to 192.168.1.0 with the same mask.
3. He is scanning from 192.168.1.64 to 192.168.1.78 because of the mask /28 and the servers
are not in that range. (Correct answer)
4. The network must be down and the nmap command and IP address are ok.

Question 115

The SOC analyst of the company wants to track the transfer of files over the unencrypted FTP
protocol, which filter for the Wireshark sniffer should he use?

1. tcp.port ==21 (Correct answer)

2. tcp.port == 80
3. tcp.port = 23
4. tcp.port == 443

pg. 30
DataSpace Academy
Question 116

Identify an adaptive SQL Injection testing technique by the description:

A testing technique is used to discover coding errors by inputting massive amounts of random data
and observing the changes in the output.

1. Fuzz Testing. (Correct answer)

2. Dynamic Testing.
3. Functional Testing.
4. Static application security testing.

Question 117

After scanning the ports on the target machine, you see a list of open ports, which seems unusual to
you:

Starting NMAP 5.21 at 2019-06-18 12:32

NMAP scan report for 172.19.40.112

Host is up (1.00s latency).

Not shown: 993 closed ports

PORT STATE SERVICE

21/tcp open ftp

23/tcp open telnet

80/tcp open http

139/tcp open netbios-ssn

515/tcp open

631/tcp open ipp

9100/tcp open

MAC Address: 00:00:5D:3F:EE:92

Based on the NMAP output, identify what is most likely this host?

1. The host is likely a Windows machine.

2. The host is likely a router.
3. The host is likely a printer. (Correct answer)
4. The host is likely a Linux machine.

pg. 31
DataSpace Academy
Question 118

Identify the algorithm according to the following description:

That wireless security algorithm was rendered useless by capturing packets and discovering the
passkey in seconds. This vulnerability was strongly affected to TJ Maxx company. This vulnerability led
to a network invasion of the company and data theft through a technique known as wardriving.

1. Wired Equivalent Privacy (WEP) (Correct answer)

2. Temporal Key Integrity Protocol (TKIP)
3. Wi-Fi Protected Access (WPA)
4. Wi-Fi Protected Access 2 (WPA2)

Question 119

TLS, also known as SSL, is a protocol for encrypting communications over a network. Which of the
following statements is correct?

1. SSL/TLS uses do not uses asymmetric or symmetric encryption.

2. SSL/TLS uses only symmetric encryption.
3. SSL/TLS uses both asymmetric and symmetric encryption. (Correct answer)
4. SSL/TLS uses only asymmetric encryption.

Question 120

Which of the following is a component of IPsec that performs protocol-level functions required to
encrypt and decrypt the packets?

1. Oakley
2. IPsec driver (Correct answer)
3. Internet Key Exchange (IKE)
4. IPsec Policy Agent

Question 121

John received this text message: "Hello, this is Jack Smith from the Gmail customer service. Kindly
contact me about problems with your account: jacksmith@gmail.com". Which statement below is
true?

1. This is a scam because John does not know Jack.

2. John should write to jacksmith@gmail.com to verify the identity of Jack.
3. This is probably a legitimate message as it comes from a respectable organization.
4. This is a scam as everybody can get a @gmail.com address, not the Gmail customer service
employees. (Correct answer)

pg. 32
DataSpace Academy
Question 122

Which of the following is the type of message that sends the client to the server to begin a 3-way
handshake while establishing a TCP connection?

1. SYN-ACK
2. RST
3. ACK
4. SYN (Correct answer)

Question 123

Shellshock is a serious bug in the Bash command-line interface shell that allows an attacker to
execute commands by gaining unauthorized access to computer systems.

env x=`(){ :;};echo exploit` bash -c 'cat /etc/passwd'

What is the result of executing this query on a vulnerable host?

1. Display of the contents of the passwd file. (Correct answer)

2. Creating a passwd file.
3. Deleting the passwd file.
4. Copying the contents of the passwd file

Question 124

IPsec is a suite of protocols developed to ensure the integrity, confidentiality, and authentication of
data communications over an IP network. Which protocol is NOT included in the IPsec suite?

1. Encapsulating Security Protocol (ESP)

2. Media Access Control (MAC) (Correct answer)
3. Security Association (SA)
4. Authentication Header (AH)

Question 125

Which of the following is an attack where used precomputed tables of hashed passwords?

1. Rainbow Table Attack (Correct answer)

2. Hybrid Attack
3. Brute Force Attack
4. Dictionary Attack

pg. 33
DataSpace Academy