Which Wireshark filter displays all the packets where the IP address of the source host is 10.0.0.7?

A. ip.dst==10.0.0.7

B. ip.port==10.0.0.7

C. ip.src==10.0.0.7

D. ip.dstport==10.0.0.7

Which of the following is the range for assigned ports managed by the Internet Assigned Numbers Authority (IANA)?

A. 3001-3100

B. 5000-5099

C. 6666-6674

D. 0 ?1023

Which of the following are the default ports used by NetBIOS service?

A. 135, 136, 139, 445

B. 134, 135, 136, 137

C. 137, 138, 139, 140

D. 133, 134, 139, 142

Which of the following protocols cannot be used to filter VoIP traffic?

A. Media Gateway Control Protocol (MGCP)

B. Real-time Transport Control Protocol (RTCP)

C. Session Description Protocol (SDP)

D. Real-Time Publish Subscribe (RTPS)

Which of the following scan option is able to identify the SSL services?

A.璼S

B.璼V

C.璼U

D.璼T

Which of the following acts is a proprietary information security standard for organizations that handle cardholder information for the major debit, credit, prepaid, e-purse, ATM, and POS cards and applies to all entities involved in payment card processing?

A. PIPEDA

B. PCI DSS

C. Human Rights Act 1998

D. Data Protection Act 1998

Which of the following policy forbids everything with strict restrictions on all usage of the company systems and network?

A. Information-Protection Policy

B. Paranoid Policy

C. Promiscuous Policy

D. Prudent Policy

You are conducting a penetration test against a company and you would like to know a personal email address of John, a crucial employee. What is the fastest, cheapest way to find out John's email address.

A. Call his wife and ask for his personal email account

B. Call a receptionist and ask for John Stevens' personal email account

C. Search in Google for his personal email ID

D. Send an email to John stating that you cannot send him an important spreadsheet attachment file to his business email account and ask him if he has any other email accounts

In the context of penetration testing, what does blue teaming mean?

A. A penetration test performed with the knowledge and consent of the organization's IT staff

B. It is the most expensive and most widely used

C. It may be conducted with or without warning

D. A penetration test performed without the knowledge of the organization's IT staff but with permission from upper management

A directory traversal (or path traversal) consists in exploiting insufficient security validation/sanitization of user-supplied input file names, so that characters representing "traverse to parent directory" are passed through to the file APIs.

The goal of this attack is to order an application to access a computer file that is not intended to be accessible. This attack exploits a lack of security (the software is acting exactly as it is supposed to) as opposed to exploiting a bug in the code.

To perform a directory traversal attack, which sequence does a pen tester need to follow to manipulate variables of reference files?

A. dot-dot-slash (../) sequence

B. Denial-of-Service sequence

C. Brute force sequence

D. SQL Injection sequence