1- Which access control mechanism allows for multiple systems to use a central authentication server (CAS) that permits users to authenticate once and gain access to multiple systems?
A. Role Based Access Control (RBAC)
B. Discretionary Access Control (DAC)
C. Windows authentication
D. Single sign-on
Answer: D. Single sign-on
2- When purchasing a biometric system, one of the considerations that should be reviewed is the processing speed. Which of the following best describes what it is meant by processing?
A. The amount of time it takes to convert biometric data into a template on a smart card.
B. The amount of time and resources that are necessary to maintain a biometric system.
C. The amount of time it takes to be either accepted or rejected form when an individual provides Identiﬁcation and authentication information.
D. How long it takes to setup individual user accounts.
Answer: C. The amount of time it takes to be either accepted or rejected form when an individual provides Identiﬁcation and authentication information.
Answer: A. Network elements must be hardened with user ids and strong passwords. Regular security tests and audits should be performed.
4-. A company recently hired your team of Ethical Hackers to test the security of their network systems. The company wants to have the attack be as realistic as possible. They did not provide any information besides the name of their company. What phase of security testing would your team jump in right away?
Answer: B. Reconnaissance
5-. Passive reconnaissance involves collecting information through which of the following?
A. Social engineering
B. Network trafﬁc snifﬁng
C. Man in the middle attacks
D. Publicly accessible sources
Answer: D. Publicly accessible sources
6- Which results will be returned with the following Google search query? site:target.com site:Marketing.target.com accounting
A. Results from matches on the site marketing.target.com that are in the domain target.com but do not include the word accounting
B. Results for matches on target.com and Marketing.target.com that include the word “accounting”
C. Results matching “accounting” in domain target.com but not on the site Marketing.target.com
D. Results matching all words in the query
Answer: C. Results matching “accounting” in domain target.com but not on the site Marketing.target.com
7- Which one of the following Google advanced search operators allows an attacker to restrict the results to those websites in the given domain
Answer: A. [site:]
8- This phase will increase the odds of success in later phases of the penetration test. It is also the very ﬁrst step in Information Gathering, and it will tell you what the “landscape” looks like. Which of the following is the most important phase of ethical hacking wherein you need to spend considerable amount of time?
A. Gaining access
B. Escalating privilege
C. Network mapping
Answer: D. Footprinting
9- In which phase of the ethical hacking process can Google hacking be employed? This is a technique that involves manipulating a search string with speciﬁc operators to search for vulnerabilities. Example: allintitle: root passwd
A. Maintaining Access
B. Gaining Access
D. Scanning and Enumeration
Answer: C. Reconnaissance
10- When you are collecting information to perform a data analysis, Google commands are very useful to ﬁnd sensitive information and ﬁles. These ﬁles may contain information about passwords, system functions, or documentation.What command will help you to search ﬁles using Google as a search engine?
A. site: target.com ﬁletype:xls username password email
B. inurl: target.com ﬁlename:xls username password email
C. domain: target.com archive:xls username password email
D. site: target.com ﬁle:xls username password email
Answer: A. site: target.com ﬁletype:xls username password email