NVST TEST 1

1.

1 point

Ethereal is a software tool used to ______ between client and server machine

observe the packets sent and received

test the physical connection

transfer data and files

test the functionality of ethernet adaptors

2.

1 point

*Which of the following information cannot generally be found from the target’s Internet Registrar?

Company’s postal addresses

Customer information

Administrative,

Telephone numbers technical and billing contact names

3.

1 point

A type of software that repairs security flaws in an application is called a(n) ________.

repair

exploit

patch

hot fix

4.

1 point

A situation in which a program or process attempts to store more data in a temporary data storage area than it was intended to hold is known as a what?

Denial of service

Distributed denial of service

Storage overrun

Buffer overflow

5.

1 point

*An attacker can gain access to very sensitive information about an organisation through the following except _________.

software engineering

Dumpster diving

Physical break-in

Social engineering

6.

1 point

*Which of the following NOT common activity for Scanning?

War Dialling

Port Scanning

Dumpster Diving

Network Mapping

7.

1 point

*Sending an e-mail from one address but making it seem as if it is coming from another is called ______________.

falsifing

exploiting

telneting

spoofing

8.

1 point

The following are methods employed to uncover system vulnerabilities except ______.

IP Address scanning

Traffic monitoring

Manual vulnerability probing

Vulnerability scanning

9.

1 point

*Which of the following is the correct sequence for OSI (Open Systems Interconnection) seven layers?

Physical Layer, Data Link Layer, Transport Layer. Network Layer, Session Layer, Presentation Layer and Application Layer

Physical Layer, Data Link Layer, Network Layer, Transport Layer, Session Layer, Presentation Layer and Application Layer

Physical Layer, Network Layer, Data Link Layer, Transport Layer, Session Layer, Presentation Layer and Application Layer

Physical Layer, Network Layer, Transport Layer, Data Link Layer, Session Layer, Presentation Layer and Application Layer

10.

1 point

*Which of the following statements are TRUE about Computer Misuse Act (Cap 50A)?
i. Any police officer may arrest without warrant any person reasonably suspected of committing an offence under this Act
ii. Any person who knowingly causes a computer to perform any function for the purpose of securing access without authority to any program or data held in any computer shall be guilty of an offence
iii. Any person who causes a computer to perform any function for the purpose of securing access to any program or data held in any computer with intent to commit an offence to which this section applies shall be guilty of an offence.
iv. Any person who does any act which he knows will cause an unauthorised modification of the contents of any computer shall be guilty of an offence

i, ii and iii;

i, ii, iii and iv.

ii, iii and iv;

i, ii and iv;

11.

1 point

The following are payloads provided by Metasploit to foist on the target machine except _____.

Bind shell to current port

Create new user accounts

Inject DLL into running application

Distributed denial of service

12.

1 point

*Which of the following protocols is responsible for addressing hosts in a TCP/IP-based network?

TCP

IP

UDP

DHCP

13.

1 point

Which of the following troubleshooting utilities is common to all operating systems and is used for testing connectivity of two hosts on a network?

nslookup

tracert

ipconfig

ping

14.

1 point

*Which of the following is the correct sequence of phases of hacker’s attack?

Reconnaissance, Maintaining Access, Scanning, Gaining Access, Clearing Tracks;

Reconnaissance, Scanning, Gaining Access, Maintaining Access, Clearing Tracks;

Reconnaissance, Gaining Access, Maintaining Access, Scanning, Clearing Tracks;

Scanning, Reconnaissance, Gaining Access, Maintaining Access, Clearing Tracks;

15.

1 point

What type of attack attempts to use every possible key until the correct key is found?

Passive attack

Private key cryptography

Brute-force attack

Denial-of-service attack

16.

1 point

The purpose of port scanning is systematically scan for range of ____.

protected ports at the target system.

closed ports at the target system.

opened ports at the target system.

active ports that are running application services at the target system.

17.

1 point

Which of the following is not one of the IP address ranges reserved for private use by RFC 1918?

172.16.0.0-172.31.255.255

192.168.0.0-192.168.255.255

10.0.0.0-10.255.255.255

169.254.0.0-169.254.255.255

18.

1 point

*What is the information can be gathered by an attacker by typing the
following command using Netcat? C:> nc www.sp.edu.sg 80 HEAD / HTTP/1.0

Administrative Contact Number

Domain Name

Netblock Owner

Web Server version

19.

1 point

Which of the following
protocols should be disabled on a critical network device such as a router?

ICMP.

TCP/IP.

RIP

IPX/SPX.

20.

1 point

*Which information directory protocol is the standard for file transfer over the Internet?

TCP

UDP

FTP

HTTP