Question 1

Which HTTP method starts a remote Application-layer loopback of the request message?&#10;A) TRACE&#10;B) PUT&#10;C) GET&#10;D) HEAD

Accepted Answer

The TRACE method is used to retrieve the original request message sent by the client in a remote loopback. It is mainly used for testing or debugging purposes. PUT method is used to upload or update a resource on the server, GET method is used to retrieve a resource from the server, and HEAD method is used to retrieve only the header information of a resource from the server. Therefore, among the given options, A is the best choice for the given question.

Question 2

The HTTP CONNECT method starts a remote application-layer loopback of the request message.

Accepted Answer

The HTTP CONNECT method is used to establish a tunnel to a server identified by the target resource, typically to facilitate a secure connection through an HTTP proxy.

Question 3

Wget is a *nix system command that can be used to retrieve HTTP,HTTPS,and FTP files over the Internet.

Accepted Answer

Wget is a command-line tool mainly used to download files from the internet. It is available on most *nix systems, including Linux and macOS, and can retrieve files via HTTP, HTTPS, and FTP protocols.

Question 4

What is the HTTP method that retrieves data by URI?&#10;A) GET&#10;B) PUT&#10;C) CONNECT&#10;D) HEAD

Accepted Answer

The HTTP method that retrieves data by URI is the GET method. This method requests access to the resource identified by the URI and retrieves the data associated with that resource.

Question 5

Which process enables you to see all the host computers on a network and basically give you a diagram of an organization's network?&#10;A) Web bugs&#10;B) footprints&#10;C) zone transfers&#10;D) namedroppers

Accepted Answer

Zone transfers are a process used in DNS (Domain Name System) to replicate DNS data across a number of DNS servers, which can inadvertently or deliberately reveal the structure of a network, including the host computers within that network. This can be used by administrators for legitimate purposes or by attackers for reconnaissance.

Question 6

What HTTP method is the same as the GET method,but retrieves only the header information of an HTML document,not the document body?&#10;A) CONNECT&#10;B) PUT&#10;C) POST&#10;D) HEAD

Accepted Answer

The HEAD method is used to retrieve only the header information of an HTML document, not the document body. This is useful when you want to check if a resource exists, get information about a resource, or check its modification date without actually downloading the resource itself.

Question 7

When an individual attempts to discover as much information legally possible about their competition,what information gathering technique are they performing?&#10;A) competitive study&#10;B) packet study&#10;C) basic information&#10;D) competitive intelligence

Accepted Answer

Competitive intelligence involves legally gathering as much information as possible about competitors in order to gain a strategic advantage. A competitive study may be part of the process, but competitive intelligence encompasses a broader range of information gathering techniques. A packet study and basic information are not specific techniques for gathering information about competitors.

Question 8

Which utility can extract meta-data and documents on a Website to reveal the document creator's network login,e-mail address,IP address,and other important information?&#10;A) Samba&#10;B) Bugnosis&#10;C) SamSpade&#10;D) FOCA

Accepted Answer

FOCA is a tool used for extracting metadata and hidden information from documents on websites, which can include details like the document creator's network login, email address, and IP address.

Question 9

Which HTTP method requests that the entity is stored under the Request-URI?&#10;A) GET&#10;B) PUT&#10;C) POST&#10;D) HEAD

Accepted Answer

The PUT method is used to request that a resource be stored under the Request-URI. The entity enclosed in the request is stored under the supplied Request-URI. If the Request-URI refers to an already existing resource, the enclosed entity should be considered as a modified version of the original resource.

Question 10

What area of a network is a major area of potential vulnerability because of the use of URLs?&#10;A) DNS&#10;B) SOA&#10;C) DHCP&#10;D) POST

Accepted Answer

DNS (Domain Name System) is the area of a network that is a major area of potential vulnerability because of the use of URLs (Uniform Resource Locators). URLs are used to identify and locate resources on the internet, and typically contain domain names that are resolved by DNS servers. If a DNS server is compromised or a DNS lookup is intercepted, it can result in users being directed to malicious or fake websites, leading to potential security risks such as phishing, malware, or data theft.

Question 11

Namedroppers is a tool that can be used to capture Web server information and vulnerabilities in a Web site's pages that could allow exploits such as SQL injection and buffer overflows.

Accepted Answer

The answer of Namedroppers is a tool that can be...

Question 12

Network attacks can often begin by gathering information from a company's Web site.

Accepted Answer

The answer of Network attacks can often begin by gathering...

Question 13

Walking is an automated way to discover pages of a Web site by following links.

Accepted Answer

The answer of Walking is an automated way to discover...

Question 14

Which HTTP error informs you the server understands the request but refuses to comply?&#10;A) 401 Unauthorized&#10;B) 404 Not Found&#10;C) 403 Forbidden&#10;D) 409 Conflict

Accepted Answer

The answer of Which HTTP error informs you the server...

Question 15

Which tool can be used to gather competitive intelligence from Web sites?&#10;A) Whois&#10;B) Netcat&#10;C) Metis&#10;D) Dig

Accepted Answer

The answer of Which tool can be used to gather...

Question 16

What tool can be used to read and write data to ports over a network?&#10;A) Whois&#10;B) Netcat&#10;C) Metis&#10;D) Dig

Accepted Answer

The answer of What tool can be used to read...

Question 17

What utility can be used to intercept detailed information from a company's Web site?&#10;A) JavaAttack&#10;B) Zed Attack Proxy&#10;C) Trace&#10;D) WebAnalysis

Accepted Answer

The answer of What utility can be used to intercept...

Question 18

Which utility is used to gather IP and domain information?&#10;A) Whois&#10;B) Netcat&#10;C) Metis&#10;D) Dig

Accepted Answer

The answer of Which utility is used to gather IP...

Question 19

To see additional parameters that can be used with the Netcat command,what should you type at the command prompt?&#10;A) nc -lookup&#10;B) nc -z&#10;C) nc -h&#10;D) nc -up

Accepted Answer

The answer of To see additional parameters that can be...

Question 20

What is the passive process of finding information on a company's network called?&#10;A) footprinting&#10;B) searching&#10;C) calling&#10;D) digging

Accepted Answer

The answer of What is the passive process of finding...

Question 21

Explain why a simple process like &#34;dumpster diving&#34; can be so effective when gathering information utilizing social engineering?

Accepted Answer

The answer of Explain why a simple process like &#34;dumpster...

Question 22

How can a computer criminal use HTTP methods before running an exploit on a server?

Accepted Answer

The answer of How can a computer criminal use HTTP...

Question 23

How can computer criminals use the Whois utility for their purposes?

Accepted Answer

The answer of How can computer criminals use the Whois...

Question 24

How can DNS be used for footprinting?

Accepted Answer

The answer of How can DNS be used for footprinting?...

Question 25

Which HTTP method is used with a proxy that can dynamically switch to a tunnel connection,such as Secure Socket Layer (SSL)?&#10;A) HEAD&#10;B) CONNECT&#10;C) PUT&#10;D) GET

Accepted Answer

The answer of Which HTTP method is used with a...

Question 26

Which technique can be used to read PINs entered at ATMs or at other areas when a pin code is entered?&#10;A) shoulder surfing&#10;B) footprinting&#10;C) zone transferring&#10;D) piggybacking

Accepted Answer

The answer of Which technique can be used to read...

Question 27

Match each item with a statement below.a.HTTP 400 Bad Request
b.HTTP 403 Forbidden
c.HTTP 404 Not Found
d.HTTP 405 Method Not Allowed
e.HTTP 408 Request Timeout
f.HTTP 500 Internal Server Error
g.HTTP 502 Bad Gateway
h.HTTP 503 Service Unavailable
i.HTTP 504 Gateway Timeout
j.HTTP 409 Conflict
Server received invalid response from the upstream server

Accepted Answer

The answer of Match each item with a statement below.a.HTTP...

Question 28

What type of information is usually gathered by social engineering?

Accepted Answer

The answer of What type of information is usually gathered...

Question 29

When an attacker chooses to combine social engineering with exploiting vulnerabilities carried out by e-mail,what type of attack is being performed?&#10;A) spear phishing&#10;B) email surfing&#10;C) personal&#10;D) email phishing

Accepted Answer

The answer of When an attacker chooses to combine social...

Question 30

What is &#34;competitive intelligence&#34;?

Accepted Answer

The answer of What is &#34;competitive intelligence&#34;?...

Question 31

Match each item with a statement below.a.HTTP 400 Bad Request
b.HTTP 403 Forbidden
c.HTTP 404 Not Found
d.HTTP 405 Method Not Allowed
e.HTTP 408 Request Timeout
f.HTTP 500 Internal Server Error
g.HTTP 502 Bad Gateway
h.HTTP 503 Service Unavailable
i.HTTP 504 Gateway Timeout
j.HTTP 409 Conflict
Server received invalid response from the upstream server

Accepted Answer

The answer of Match each item with a statement below.a.HTTP...

Question 32

List at least five tools available for footprinting.

Accepted Answer

The answer of List at least five tools available for...

Question 33

What social engineering tactic can be utilized to acquire old notes that may contain written passwords or other items that document important information?&#10;A) shoulder-surfing&#10;B) dumpster diving&#10;C) piggybacking&#10;D) desk surfing

Accepted Answer

The answer of What social engineering tactic can be utilized...

Question 34

What tactic is being used when an attacker trailing closely behind an employee enters a restricted area without any security credentials by utilizing their proximity to another employee with security clearance?

A) Shoulder surfing
B) Footprinting
C) Piggybacking
D) Dumpster diving

Accepted Answer

The answer of What tactic is being used when an...

Question 35

Which process utilizes the knowledge of human nature to get information from people to use for executing an attack on a computer network?&#10;A) fingerprinting&#10;B) footprinting&#10;C) zone transferring&#10;D) social engineering

Accepted Answer

The answer of Which process utilizes the knowledge of human...

Question 36

Explain the process of &#34;footprinting,&#34; and why it is important to a security professional?

Accepted Answer

The answer of Explain the process of &#34;footprinting,&#34; and why...

Question 37

Which of the following is a text file generated by a Web server and stored on a user's browser?&#10;A) index&#10;B) cookie&#10;C) server index&#10;D) web file

Accepted Answer

The answer of Which of the following is a text...

Question 38

What type of general commands allow a security tester to pull information from a Web server using a web browser?&#10;A) TFTP&#10;B) DNS&#10;C) HTTP&#10;D) ARP

Accepted Answer

The answer of What type of general commands allow a...

Question 39

Which type of social engineering attack attempts to discover personal information through the use of email?&#10;A) email surfing&#10;B) footprinting&#10;C) spamming&#10;D) phishing

Accepted Answer

The answer of Which type of social engineering attack attempts...

Question 40

List and explain the five techniques used by social engineers in their attempts to gain information from unsuspecting people.

Accepted Answer

The answer of List and explain the five techniques used...

Question 41

Match each item with a statement below.a.HTTP 400 Bad Request
b.HTTP 403 Forbidden
c.HTTP 404 Not Found
d.HTTP 405 Method Not Allowed
e.HTTP 408 Request Timeout
f.HTTP 500 Internal Server Error
g.HTTP 502 Bad Gateway
h.HTTP 503 Service Unavailable
i.HTTP 504 Gateway Timeout
j.HTTP 409 Conflict
Server received invalid response from the upstream server

Accepted Answer

The answer of Match each item with a statement below.a.HTTP...

Question 42

Match each item with a statement below.a.HTTP 400 Bad Request
b.HTTP 403 Forbidden
c.HTTP 404 Not Found
d.HTTP 405 Method Not Allowed
e.HTTP 408 Request Timeout
f.HTTP 500 Internal Server Error
g.HTTP 502 Bad Gateway
h.HTTP 503 Service Unavailable
i.HTTP 504 Gateway Timeout
j.HTTP 409 Conflict
Server received invalid response from the upstream server

Accepted Answer

The answer of Match each item with a statement below.a.HTTP...

Question 43

Match each item with a statement below.a.HTTP 400 Bad Request
b.HTTP 403 Forbidden
c.HTTP 404 Not Found
d.HTTP 405 Method Not Allowed
e.HTTP 408 Request Timeout
f.HTTP 500 Internal Server Error
g.HTTP 502 Bad Gateway
h.HTTP 503 Service Unavailable
i.HTTP 504 Gateway Timeout
j.HTTP 409 Conflict
Server received invalid response from the upstream server

Accepted Answer

The answer of Match each item with a statement below.a.HTTP...

Question 44

Match each item with a statement below.a.HTTP 400 Bad Request
b.HTTP 403 Forbidden
c.HTTP 404 Not Found
d.HTTP 405 Method Not Allowed
e.HTTP 408 Request Timeout
f.HTTP 500 Internal Server Error
g.HTTP 502 Bad Gateway
h.HTTP 503 Service Unavailable
i.HTTP 504 Gateway Timeout
j.HTTP 409 Conflict
Server received invalid response from the upstream server

Accepted Answer

The answer of Match each item with a statement below.a.HTTP...

Question 45

Match each item with a statement below.a.HTTP 400 Bad Request
b.HTTP 403 Forbidden
c.HTTP 404 Not Found
d.HTTP 405 Method Not Allowed
e.HTTP 408 Request Timeout
f.HTTP 500 Internal Server Error
g.HTTP 502 Bad Gateway
h.HTTP 503 Service Unavailable
i.HTTP 504 Gateway Timeout
j.HTTP 409 Conflict
Server received invalid response from the upstream server

Accepted Answer

The answer of Match each item with a statement below.a.HTTP...

Question 46

Match each item with a statement below.a.HTTP 400 Bad Request
b.HTTP 403 Forbidden
c.HTTP 404 Not Found
d.HTTP 405 Method Not Allowed
e.HTTP 408 Request Timeout
f.HTTP 500 Internal Server Error
g.HTTP 502 Bad Gateway
h.HTTP 503 Service Unavailable
i.HTTP 504 Gateway Timeout
j.HTTP 409 Conflict
Server received invalid response from the upstream server

Accepted Answer

The answer of Match each item with a statement below.a.HTTP...

Question 47

Match each item with a statement below.a.HTTP 400 Bad Request
b.HTTP 403 Forbidden
c.HTTP 404 Not Found
d.HTTP 405 Method Not Allowed
e.HTTP 408 Request Timeout
f.HTTP 500 Internal Server Error
g.HTTP 502 Bad Gateway
h.HTTP 503 Service Unavailable
i.HTTP 504 Gateway Timeout
j.HTTP 409 Conflict
Server received invalid response from the upstream server

Accepted Answer

The answer of Match each item with a statement below.a.HTTP...

Question 48

Match each item with a statement below.a.HTTP 400 Bad Request
b.HTTP 403 Forbidden
c.HTTP 404 Not Found
d.HTTP 405 Method Not Allowed
e.HTTP 408 Request Timeout
f.HTTP 500 Internal Server Error
g.HTTP 502 Bad Gateway
h.HTTP 503 Service Unavailable
i.HTTP 504 Gateway Timeout
j.HTTP 409 Conflict
Server received invalid response from the upstream server

Accepted Answer

The answer of Match each item with a statement below.a.HTTP...

Deck 4: Footprinting and Social Engineering