Becky has been hired by a client from Dubai to perform a penetration test against one of their remote offices. Working from her location in Columbus, Ohio, Becky runs her usual reconnaissance scans to obtain basic information about their network. When analyzing the results of her Whois search, Becky notices that the IP was allocated to a location in Le Havre, France. Which regional Internet registry should Becky go to for detailed information?

1. A. ARIN
2. B. APNIC
3. C. RIPE
4. D. LACNIC

Correct Answer: C
Regional Internet Registries (RIRs):
ARIN (American Registry for Internet Numbers) AFRINIC (African Network Information Center) APNIC (Asia Pacific Network Information Center)
RIPE (Réseaux IP Européens Network Coordination Centre)
LACNIC (Latin American and Caribbean Network Information Center)

When discussing passwords, what is considered a brute force attack?

1. A. You attempt every single possibility until you exhaust all possible combinations or discover the password
2. B. You threaten to use the rubber hose on someone unless they reveal their password
3. C. You load a dictionary of words into your cracking program
4. D. You create hashes of a large number of words and compare it with the encrypted passwords
5. E. You wait until the password expires

Correct Answer: A

A penetration tester is performing the footprinting process and is reviewing publicly available information about an organization by using the Google search engine.
Which of the following advanced operators would allow the pen tester to restrict the search to the organization’s web domain?

1. A. [allinurl:]
2. B. [location:]
3. C. [site:]
4. D. [link:]

Correct Answer: C

What is the proper response for a NULL scan if the port is closed?

1. A. SYN
2. B. ACK
3. C. FIN
4. D. PSH
5. E. RST
6. F. No response

Correct Answer: E

In this attack, a victim receives an e-mail claiming from PayPal stating that their account has been disabled and confirmation is required before activation. The attackers then scam to collect not one but two credit card numbers, ATM PIN number and other personal details. Ignorant users usually fall prey to this scam.
Which of the following statement is incorrect related to this attack?

1. A. Do not reply to email messages or popup ads asking for personal or financial information
2. B. Do not trust telephone numbers in e-mails or popup ads
3. C. Review credit card and bank account statements regularly
4. D. Antivirus, anti-spyware, and firewall software can very easily detect these type of attacks
5. E. Do not send credit card numbers, and personal or financial information via e-mail

Correct Answer: D