Certified Ethical Hacker (CEH) v.10 Practice Questions with Complete and Verified Answers, Exams of Computer Security

Download Certified Ethical Hacker (CEH) v.10 Practice Questions with Complete and Verified Answers and more Exams Computer Security in PDF only on Docsity! Certified Ethical Hacker (CEH) v.10 Practice Questions with Complete and Verified Answers 1. Which of the following is the best example of a deterrent control? A. A log aggregation system B. Hidden cameras onsite. C. A guard posted outside the door. D. Backup recovery systems.: correct answer : C. A guard posted outside the door. Deterrents have to be visible to prevent an attack. A guard visible outside the door could help prevent physical attacks. 2. Enacted in 2002, this US law requires every federal agency to implement information security programs, including significant reporting on compliance and accreditation. Which of the following is the best choice for this definition? A. FISMA B. HIPAA C. NIST 800-53 D. OSSTMM: correct answer : A. FISMA (Federal Information Security Management Act) FISMA has been around since 2002 and was updated in 2014. It gave information se- curity responsibilities to NIST, OMB, and other government agencies, and declared the Department of Homeland Security (DHS) as the operational lead for budgets and guidelines on security matters. 3. Brad has done some research and determined that a certain set of systems on his network fail once every ten years. The purchase price for each of these systems is $1200. Brad also discovers that the admins on staff, who earn $50 an hour, estimate five hours to replace a machine. Five employees, earning $25 an hour, depend on each system and will be completely unproductive while it's down. What is the ALE of these devices? A. $2075 B. $207.50 C. $120 D. $1200: correct answer : B. $207.50 ARO = 1 Occurrence/10 years = 0.1 SLE = $1200 + (5 x 50 = 250) + (5 x 5 x 25 = 625) = $2075 $2075 x 0.1 = $207.50 4. An ethical hacker is hired to test the security of a business network. The CEH is given no prior knowledge of the network and has a specific framework in which to work, defining boundaries, NDAs, and the completion data. Which of the following is a true statement? A. A white hat is attempting a black box test. B. A white hat is attempting a white box test. C. A black hat is attempting a black box test. D. A black hat is attempting a gray box test.: correct answer : A. A white hat is attempting a black box test. An ethical hacker hired under a specific agreement is a white hat. 5. When an attack by a hacker is politically motivated, the hacker is said to be participating in which of the following? A. Black Hat Hacking C. Conclusion D. Reconnaissance: correct answer : B. Assessment The Assessment phase is where all the activity takes place, including the passive information gathering performed by Sally in this example. 12. Joe is a security engineer for a firm. His company downsizes, and Joe discovers he will be laid off within a short amount of time. Joe plants viruses and sets about destroying data and settings throughout the network, with no regard to being caught. Which type of hacker is Joe considered to be? A. Hacktivist B. Suicide Hacker C. Black Hat D. Script Kiddie: correct answer : B. Suicide Hacker 13. Elements of security include confidentiality, integrity, and availability. Which technique provides for integrity? A. Encryption B. UPS C. Hashing D. Passwords: correct answer : C. Hashing 14. Which of the following best describes an effort to identify systems that are critical for continuation of operation for the organization? A. BCP B. BIA C. MTD D. DRP: correct answer : B. BIA (Business Impact Analysis) A BIA is the actual process to identify those critical systems. 15. Which of the following would be the best choice for footprinting restricted URLs and OS information from a target? A. www.archive.org B. www.alexa.com C. Netcraft D. Yesware: correct answer : C. Netcraft "Netcraft provides security services, including anti-fraud and anti-phishing services, application testing, and PCI scanning." 16. Which of the following consists of a publicly available set of databases that contain domain name registration contact information? A. IETF B. IANA C. Whois D. OSRF: correct answer : C. Whois Whois is a great resource to scour public information regarding your target. Registra- tion databases contain data points that may be useful, such as domain registration, points of contact, and IP ranges. 17. Which of the following best describes the role that the U.S. Computer Security Incident Response Team (CSIRT) provides? A. Vulnerability measurement and assessments for the U.S. Department of Defense. B. A reliable and consistent point of contact for all incident response services for associates of the Department of Homeland Security. C. Incident response services for all Internet providers. D. Pen test registration for public and private sector.: correct answer : B. CSIRT provides incident response services for any user, company, agency, or organization in partnership with the Department of Homeland Security. 18. A security peer is confused about a recent incident. An attacker success- fully accessed a machine in the organization and made off with some sensitive data. A full vulnerability scan was run immediately following the theft, and nothing was discovered. Which of the following best describes what may have happened? A. The attacker took advantage of a zero-day vulnerability on the machine. B. The attacker performed a full rebuild of the machine after he was done. C. The attacker performed a denial-of-service attack. D. Security measures on the device were completely disabled before the attack began.: correct answer : A. Zero-Day Vulnerability A zero-day vulnerability is simply one that security personnel, vendors, and even vulnerability scanners don't know about yet. It's more likely the attacker is using an attack vector unknown to the security personnel than he somehow managed to turn off all security measures without alerting anyone. 19. Which footprinting tool or technique can be used to find the names and addresses of employees or technical points of contact? A. whois B. Passive C. Reconnaissance D. None of the above.: correct answer : B. Passive All the methods discussed are passive in nature, per EC-Council's definition. 25. A pen tester is attempting to use nslookup and has the tool in interactive mode for the search. Which command should be used to request the appro- priate records? A. request type=ns B. transfer type=ns C. locate type=ns D. set type=ns: correct answer : D. set type=ns The syntax for the other commands listed is incorrect. 26. A member of your team enters the following command:nmap -sV -sC -O - traceroute IPAddress Which of the following Nmap commands performs the same task? A. nmap -A IPAddress B. nmap -all IPAddress C. nmap -Os IPAddress D. nmap -aA IPAddress: correct answer : A. nmap -A IPAddress The -A switch turns on OS detection, version detection, script scanning, and tracer- oute, just as the -O, -sV, -sC, and -traceroute switches do in conjunction with each other. 27. You want to perform banner grabbing against a machine (168.15.22.4) you suspect as being a web server. Assuming you have the correct tools installed, which of the following command-line entries will successfully perform a ban- ner grab? (Choose all that apply) A. telnet 168.15.22.4 80 B. telnet 80 168.15.22.4 C. nc -v -n 168.15.22.4 80 D. nc -v -n 80 168.15.22.4: correct answer : A. telnet 168.15.22.4 and C. nc-v-n 168.15.22.4 80 Both Telnet and netcat, among others, can be used for banner grabbing. The correct syntax for both has the port number last. 28. You've decided to begin scanning against a target organization but want to keep your efforts as quiet as possible. Which IDS evasion technique splits the TCP header among multiple packets? A. Fragmenting B. IP Spoofing C. Proxy scanning D. Anonymizer: correct answer : A. Fragmenting Fragmenting packets is a great way to evade an IDS, for any purpose. Sometimes referred to as IP Fragments, splitting a TCP header across multiple packets can serve to keep you hidden while scanning. 29. One of your team members is analyzing TTL fields and TCP window sizes in order to fingerprint the OS of a target. Which of the following is most likely being attempted? A. Online OS fingerprinting B. Passive OS fingerprinting C. Aggressive OS fingerprinting D. Active OS fingerprinting: correct answer : B. Passive OS fingerprinting Generally speaking, any activity noted in a question that does not explicitly state you are crafting packets and injecting them toward a system indicates you are passively observing traffic--in this case, most likely with a sniffed traffic log. 30. What flag or flags are sent in the segment during the second step of the TCP three-way handshake? A. SYN B. ACK C. SYN/ACK D. ACK/FIN: correct answer : C. SYN/ACK 1. SYN 2. SYN/ACK 3. ACK 31. You are port scanning a system and begin sending TCP packets with the ACK flag set. Examining return packets, you see a return packet for one port has the RST flag set and the TTL is less than 64. Which of the following is true? A. The response indicates an open port. B. The response indicates a closed port. C. The response indicates a Windows machine with a nonstandard TCP/IP stack. 36. Which of the following commands would you use to quickly identify live targets on a subnet? (Choose all that apply) A. nmap -A 172.17.24.17 B. nmap -O 172.17.24.0/24 C. nmap -sn 172.17.24.0/24 D. nmap -PI 172.17.24.0/24: correct answer : C. nmap -sn subnet range and D. nmap -PI subnet range -sn = Ping scan (Disables port scanning; host discovery only) -PI = IP address discovery? (Couldn't find definition) 37. You're running an IDLE scan and send the first packet to the target ma- chine. Next, the SYN/ACK packet is sent to the zombie. The IPID on the return packet from the zombie is 36754. If the starting IPID was 36753, in what state is the port on the target machine? A. Open B. Closed C. Unknown D. None of the above.: correct answer : B. Closed Since the IPID incremented by only one, this means the zombie hasn't sent anything since your original SYN/ACK to figure out the starting IPID. If the IPID had increased by two, then the port would be open because the zombie would have responded to the target machine's SYN/ACK. 38. Which ICMP message type/code indicates the packet could not arrive at the recipient due to exceeding its time to live? A. Type 11 B. Type 3, Code 1 C. Type 0 D. Type 8: correct answer : A. Type 11 A Type 11 ICMP packet indicates the TTL for the packet has reached 0; therefore it must be discarded. 39. An ethical hacker is sending TCP packets to a machine with the SYN flag set. None of the SYN/ACK responses on open ports is being answered. Which type of port scan is this? A. Ping sweep B. XMAS C. Stealth D. Full: correct answer : C. Stealth ECC defines what most of us used to call a half-open scan as a "stealth scan," A.K.A a SYN scan. 40. Which of the following statements is true regarding port scanning? A. Port scanning's primary goal is to identify live targets on a network. B. Port scanning is designed to overload the ports on a target in order to identify which are open and which are closed. C. Port scanning is designed as a method to view all traffic to and from a system. D. Port scanning is used to identify potential vulnerabilities on a target sys- tem.: correct answer : D. Port scanning is used to identify potential vulnerabilities on a target system. Port scanning has a singular purpose--to knock on ports and see if they're open (listening). Does an open port necessarily mean something is wrong? No, but it does represent a potential vulnerability you can exploit later. 41. Which of the following best describes a honeypot? A. It is used to filter traffic from screened subnets. B. It is used to gather information about potential network attackers. C. It is used to analyze traffic for detection signatures. D. Its primary function involves malware and virus protection.: correct answer : B. It is used to gather information about potential network attackers. A honeypot is designed to draw attackers in so you can watch what they do, how they do it, and where they do it from. 42. Which of the following Wireshark filters would display all traffic sent from, or destined to, systems on the 172.17.15.0/24 subnet? (Choose all that apply) A. ip.addr == 172.17.15.0/24 B. ip.src == 172.17.15.0/24 and ip.dst == 172.17.15.0/24 C. ip.src == 172.17.15.0/24 or ip.dst == 172.17.15.0/24 D. ip.src == 172.17.15.0/24 and ip.dst == 172.17.15.0/24: correct answer : A. ip.addr == 172.17.15.0/24 AND C. ip.src == 172.17.15.0/24 or ip.dst == 172.17.15.0/24 In Wireshark filter questions, always pay attention to the operators. While answer A shows any packet with the correct IP in it, anywhere, the or operator in answer C shows packets meeting both options. 43. Which of the following best describes active sniffing? A. Active sniffing is usually required when hubs are in place. B. Active sniffing is usually required when switches are in place. Machine A wanted to receive a copy of this message, which of the following circumstances would be necessary? A. The ARP cache of the router would need to be poisoned, changing the entry for Machine A to 00-01-02-CC-DD-EE. B. The ARP cache of Machine B would need to be poisoned, changing the entry for the default gateway to 00-01-02-AA-BB-CC. C. The ARP cache of Machine C would need to be poisoned, changing the entry for the default gateway to 00-01-02-AA-BB-CC. D. The ARP cache of Machine A would need to be poisoned, changing the entry for Machine C to 00-01-02-BB-CC-DD.: correct answer : B. The ARP cache of Machine B would need to be poisoned, changing the entry for the default gateway to 00-01-02-AA-BB-CC. ARP poisoning is done on the machine creating the frame--the sender. Changing the default gateway entry on the sending machine results in all frames intended for an IP out of the subnet being delivered to the attacker. Changing the ARP cache on the other machine or the router is pointless. 49. An IDS installed on the network perimeter sees a spike in traffic during off- duty hours and begins logging and alerting. Which type of IDS is in place? A. Stateful B. Signature Based C. Anomaly Based D. Packet Filtering: correct answer : C. Anomaly Based IDSs can be signature or anomaly based. Anomaly-based systems build a baseline of normal traffic patterns over time, and anything that appears outside of the baseline is flagged. 50. In what situation would you employ a proxy server? (Choose the best answer) A. You wish to share files inside the corporate network. B. You want to allow outside customers into a corporate website. C. You want to filter Internet traffic for internal systems. D. You want to provide IP addresses to internal hosts.: correct answer : C. You want to filter Internet traffic for internal systems. There are a bunch of reasons for having a proxy. In this case, you're using it to filter traffic between internal hosts and the rest of the world. Generally speaking, proxies don't act as file servers, websites, or DHCP servers. 51. An attacker has successfully connected a laptop to a switch port and turned on a sniffer. The NIC is running in promiscuous mode, and the laptop is left alone for a few hours to capture traffic. Which of the following statements are true? (Choose all that apply) A. The packet capture will provide the MAC addresses of other machines connected to the switch. B. The packet capture will provide only the MAC addresses of the laptop and the default gateway. C. The packet capture will display all traffic intended for the laptop. D. The packet capture will display all traffic intended for the default gateway.: correct answer : A. The packet capture will provide the MAC addresses of other machines connected to the switch. AND C. The packet capture will display all traffic intended for the laptop. Switches filter or flood traffic based on the address. Broadcast traffic, such as ARP requests and answers, is flooded to all ports. Unicast traffic, such as traffic intended for the laptop itself or the default gateway, is sent only to the port on which the machine tests. 52. Which of the following are appropriate active sniffing techniques against a switched network? (Choose all that apply) A. ARP poisoning B. MAC flooding C. SYN flooding D. Birthday attack E. Firewalking: correct answer : A. ARP poisoning AND B. MAC flooding ARP poisoning can be used to trick a system into sending packets to your machine instead of recipients (including the default gateway). MAC flooding is an older attack used to fill a CAM table and make a switch behave like a hub. 53. A pen tester is configuring a WIndows laptop for a test. In setting up Wireshark, what driver and library are required to allow the NIC to work in promiscuous mode? A. libpcap B. winprom C. winpcap D. promsw: correct answer : C. winpcap WinPcap is the library used for Windows devices. Libpcap is used on Linux devices for the same purpose. 54. Which of the following works at Layer 5 of the OSI model? D. The attack uses rainbow tables, randomly attempting hash values through- out the list until the password is cracked.: correct answer : C. The hybrid attack takes a dictionary list and includes variations using numbers and special characters. 60. While pen-testing a client, you discover that LM hashing, with no salting, is still engaged for backward compatibility on most systems. One stolen password hash reads 9FAF6B755DC38E12AAD3B435B51404EE. Is this user following good password procedures? A. Yes, the hash shows a 14 character, complex password. B. No, the hash shows a 14 character password; however, it's not complex. C. No, the hash reveals a 7 character or less password has been used. D. It is impossible to determine simply by looking at the hash.: correct answer : C. LM hashes pad a password with blank spaces to reach 14 characters, split it into two 7 character sections, and then hash both separately. Because the LM hash of seven blank characters is always AAD3B435B51404EE, you can tell from the hash that the user has used only seven or fewer characters. CEH recommends a password with a minimum of eight characters, that's complex, and that expires after 30 days. The user isn't following good policy. 61. Where is the SAM file stored on a Windows 7 system? A. /etc/ B. C:Windows\System32\etc\ C. C:Windows\System32\Config\ D. C:Windows\System32\Drivers\Config: correct answer : C. The SAM file is stored in the same folder on most Windows Machines: correct answer : C:Windows\System32\Config\ 62. Examining a database server during routine maintenance, you discover an hour of time missing from the log file, during what would otherwise be normal operating hours. Further investigation reveals no user complaints on accessibility. Which of the following is the most likely explanation? A. The log file is simply corrupted. B. The server was compromised by an attacker. C. The server was rebooted. D. No activity occurred during the hour time frame.: correct answer : B. The server was compro- mised by an attacker. A reboot would've shown up somewhere no users complained about it being down at all. 63. Which of the following can migrate the machine's actual operating system into a virtual machine? A. Hypervisor level rootkit B. Kernel level rootkit C. Virtual rootkit D. Library level rootkit: correct answer : A. Hypervisor level rootkits replace your physical OS with a virtual one. 64. After gaining access to a Windows machine, you see the last command executed on the box looks like this: net use F:\\MATTBOX\BankFiles /persistent :yes Assuming the user had appropriate credentials, which of the following are true? (Choose all that apply) A. In Windows Explorer, a folder will appear under the root directory named BankFiles. B. In Windows Explorer, a drive will appear denoted as BankFiles (\\MATTBOX) (F:). C. The mapped drive will remain mapped after a reboot. D. The mapped drive will not remain mapped after a reboot.: correct answer : B. A drive will appear denoted as BankFiles (\\MATTBOX) (F:) and C. The mapped drive will remain mapped after a reboot. The command connects to a shared folder on MATTBOX named BankFiles, and the mapping will display as a drive (F:) on the local machine. The persistent:yes portion means it will remain mapped forever, until you turn it off. 65. An attacker has hidden badfile.exe in the readme.txt file. Which of the following is the correct command to execute the file? A. start readme.txt>badfile.exe B. start readme.txt:badfile.exe C. start badfile.exe > readme.txt D. start badfile.exe | readme.txt: correct answer : B. start readme.txt:badfile.exe This command says "Start the executable badfile.exe that's hidden in the readme.txt file." 66. You see the following command in a Linux history file review: someproc & Which of the following best describe the command result? (Choose two) A. The process "someproc" will stop when the user logs out. B. The process "someproc" will continue to run when the user logs out. C. The process "someproc" will run as a background task. 70. You are examining IDS logs and come across the following entry : Mar 30 10 :31:07 [1123} : IDS1661/NOPS-x86: 64.118.55.64:1146-> 192.168.119.56:53 What can you infer from this log entry? A. The attacker, using address 192.168.119.56, is attempting to connect to 64.118.55.64 using a DNS port. B. The attacker, using address 64.118.55.64, is attempting a directory traversal attack. C. The attacker is attempting a known SQL attack against 192.168.119.56. D. The attacker is attempting a buffer overflow against 192.168.119.56.: correct answer : D. The log file shows that the NOP sled signature is being used against 192.168.119.56. There is no indication in the log file about SQL or directory traversal. 71. Which of the following would be the best protection against XSS attacks? A. Invest in top of the line firewalls. B. Perform vulnerability scans against your systems. C. Configure input validation on your systems. D. Have a pen test performed against your systems.: correct answer : C. "Best" is always a tricky word. In this case, configuring server-side operations to vali- date what's being put in the input field is by far the best mitigation. Could vulnerability scans and pen tests tell you something is wrong? Sure, but by themselves they don't do anything to protect you. 72. Which of the following is true regarding n-tier architecture? A. Each tier must communicate openly with every other tier. B. N-tier always consists of presentation, logic, and data tiers. C. N-tier is usually implemented on one server. D. N-tier allows each tier to be configured and modified independently.: correct answer : D. While usually implemented in three tiers, n-tier simply means you have three or more independently monitored, managed, and maintained collections of servers, each providing a specific service or tasking. 73. Which character is the best choice to start a SQL injection attempt? A. Colon B. Semicolon C. Double quote D. Single quote: correct answer : D. The single quote should begin SQL injection attempts, even though in many data- base systems it's not always an absolute. 74. Which of the following is a true statement? A. Configuring the web server to send random challenge tokens is the best mitigation for XSS attacks. B. Configuring the web server to send random challenge tokens is the best mitigation for buffer overflow attacks. C. Configuring the web server to send random challenge tokens is the best mitigation for parameter manipulation attacks. D. Configuring the web server to send random challenge tokens is the best mitigation for CSRF attacks.: correct answer : D. The requests from the bad guy masquerading with your session ID through your browser can be largely stopped by making sure each request has a challenge token- -if the server gets one without a token, it's deemed bad and dropped. 75. Which of the following is a true statement? A. SOAP cannot bypass a firewall. B. SOAP encrypts messages using HTTP methods. C. SOAP is compatible with HTTP and SMTP. D. SOAP messages are usually bidirectional.: correct answer : C. SOAP (Simple Object Access Protocol) is compatible with HTTP and SMTP, and usually the messages are "one way" in nature. 76. Question Is In The Image Due To Javascript Causing Errors O Site.: correct answer : D. This indicates a cross-site scripting vulnerability. 77. SOAP (Simple Object Access Protocol) is used to package and exchange information for web services. What does SOAP use to format this information? A. XML B. HTML C. HTTP D. Unicode: correct answer : A. SOAP formats its information exchange in XML. 78. A security administrator monitoring logs comes across a user login at- tempt that reads UserJoe)(&). What can you infer from this username login attempt? A. The attacker is attempting SQL injection. B. The attacker is attempting LDAP injection. C. The attacker is attempting SOAP injection. allowing only MAC addresses from clients she personally configures in each list. You explain this step will not prevent a determined attacker from connecting to her network. Which of the following explains why the APs are still vulnerable? A. WEP keys are easier to crack when MAC filtering is in place. B. MAC addresses are dynamic and can be sent via DHCP. C. An attacker could sniff an existing MAC address and spoof it. D. An attacker could send a MAC flood, effectively turning the AP into a hub.: correct answer : C. MAC filtering is easily hacked by sniffing the network for a valid MAC and then spoofing it, using any number of options available. 84. What information is required in order to attempt to crack a WEP AP? (Choose Two) A. Network SSID. B. MAC address of the AP. C. IP address of the AP. D. Starting sequence number in the first initialization vector.: correct answer : A. & B. The MAC address of the AP and the SSID are required for attempting a WEP crack. 85. Whcih of the following protects against man-in-the-middle attacks in WPA? A. MIC B. CCMP C. EAP D. AES: correct answer : A. MIC (Message Integrity Codes) MIC provides integrity checking in WPA, verifying frames are authentic and haven't been tampered with. Part of how it accomplishes this is a sequence number--if any frames arrive out of sequence, the whole session is dropped. 86. Which of the following is the best choice for detecting wireless LANs using the 802.11a/b/g/n WLAN standards on a Linux platform? A. Kismet B. Nessus C. NetStumbler D. Cain and Abel: correct answer : A. Kismet Kismet is your best option here, as the other tools simply don't fit the bill. 87. A user calls with a problem. Her laptop uses the same hardware and software as many of the other clients on the network, and she can see the wireless network, but cannot connect. You run a sniffer, and results show the WAP is not responding to the association requests being sent by the wireless client. Of the following choices, which is the most likely source of the problem? A. The wireless client does not use DHCP. B. The wireless client is on the wrong wireless channel. C. The WAP has MAC filtering engaged and doesn't recognize the MAC. D. SSID security is preventing the connection.: correct answer : C. MAC filtering is probably the issue here. With the hardware and software that's set up, it's probably not a channel issue and no other answer makes sense. 88. Which of the following provides for integrity in WPA2? A. AES B. CCMP C. TKIP D. RADIUS: correct answer : B. CCMP Counter Mode with Cipher Block Chaining Message Authentication Code Protocol uses message integrity codes (MICs) for integrity purposes. 89. Which of the following is a true statement? A. Configuring a strong SSID is a vital step in securing your network. B. An SSID should always be more than eight characters in length. C. An SSID should never be a dictionary word or anything easily guessed. D. SSIDs are important for identifying networks but do little to nothing for security.: correct answer : D. An SSID is nothing more than a name for a network. It's not a security measure. 90. Which wireless technology uses RC4 for encryption? A. WAP B. WPA C. WEP D. WPA2 E. All of the above.: correct answer : C. WEP WEP using RC4 is part of the reason why it's so easily hacked and not considered secure. 91. Which wireless encryption technology makes use of temporal keys? A. WAP B. WPA C. Full Disk Encryption D. AES: correct answer : C. Full Disk Encryption FDE is the appropriate control for data at rest protection. Pre-boot Authentication provides protection against loss or theft. 97. Which of the following is used to distribute a public key within the PKI system, verifying the user's identity to the recipient? A. Digital signature B. Hash value C. Private key D. Digital Certificate: correct answer : D. Digital Certificate A digital certificate contains, among other things, the sender's public key, and it can be used to identify the sender. 98. A hacker feeds plaintext files into a hash, eventually finding two or more that create the same fixed-value hash result. This anomaly is known as what? A. Collision B. Chosen plaintext C. Hash value compromise D. Known plaintext: correct answer : A. Collision When two or more plaintext entries create the same fixed value hash result, a collision has occurred. 99. An attacker uses a Metasploit auxiliary exploit to send a series of small messages to a server at regular intervals. The server responds with 64kb of data from its memory. Which of the following best describes the attack being used? A. POODLE B. Heartbleed C. FREAK D. DROWN: correct answer : B. Heartbleed Heartbleed takes advantage of the data echoing acknowledgement heartbeat in SSL. OpenSSL version 1.0.1 through Version 1.0.1f are vulnerable to this attack. 100. Which of the following statements is true regarding encryption algo- rithms? A. Symmetric algorithms are slower, are good for bulk encryption, and have no scalability problems. B. Symmetric algorithms are faster, are good for bulk encryption, and have no scalability problems. C. Symmetric algorithms are faster, are good for bulk encryption, but have scalability problems. D. Symmetric algorithms are faster but have scalability problems and are not suited for bulk encryption.: correct answer : C. Symmetric algorithms are faster, are good for bulk encryption, but have scalability problems. 101. Within a PKI system, Julia encrypts a message for Heidi and sends it. Heidi receives the message and decrypts the message using what? A. Julia's public key B. Julia's private key C. Heidi's public key D. Heidi's private key: correct answer : D. Heidi's private key. Heidi's public key is used to encrypt the message. her private key is used to decrypt it. 102. Which of the following is a symmetric encryption method that transforms a fixed-length amount of plain text into an encrypted version of the same length? A. Stream B. Block C. Bit D. Hash: correct answer : B. Block Block encryption takes a fixed-length block of plaintext and converts it to an encrypt- ed block of the same length. 103. Which symmetric algorithm uses variable block sizes (from 32 to 128 bits)? A. DES B. 3DES C. RC D. MD5: correct answer : C. RC (Rivest's Cipher/Ron's Code) Rivest Cipher uses variable block sizes (from 32 to 128 bits) 104. Which hash algorithm produces a 160-bit output value? A. SHA-1 B. SHA-2 C. Diffie-Hellman D. MD5: correct answer : A. SHA-1 SHA-1 produces a 160-bit output value. 105. Two different organizations have their own public key infrastructure up and running. When the two companies merged, security personnel wanted both PKIs to