Internet Control Message Protocol (ICMP) messages occur in many situations, such as whenever a datagram cannot reach the destination or the gateway does not have the buffering capacity to forward a datagram. Each ICMP message contains three fields: type, code, and checksum.
Different types of Internet Control Message Protocols (ICMPs) are identified by a type and code field.

Which of the following ICMP messages will be generated if the destination port is not reachable?

1. A. ICMP Type 11 code 1
2. B. ICMP Type 5 code 3
3. C. ICMP Type 3 code 2
4. D. ICMP Type 3 code 3

Correct Answer: D

John, a penetration tester from a pen test firm, was asked to collect information about the host file in a Windows system directory. Which of the following is the location of the host file in Window system directory?

1. A. C:\Windows\System32\Boot
2. B. C:\WINNT\system32\drivers\etc
3. C. C:\WINDOWS\system32\cmd.exe
4. D. C:\Windows\System32\restore

Correct Answer: B

As a security analyst you setup a false survey website that will require users to create a username and a strong password. You send the link to all the employees of the company. What information will you be able to gather?

1. A. The employees network usernames and passwords
2. B. The MAC address of the employees' computers
3. C. The IP address of the employees computers
4. D. Bank account numbers and the corresponding routing numbers

Correct Answer: C

SQL injection attack consists of insertion or "injection" of either a partial or complete SQL query via the data input or transmitted from the client (browser) to the web application. A successful SQL injection attack can:
i) Read sensitive data from the database
iii) Modify database data (insert/update/delete)
iii) Execute administration operations on the database (such as shutdown the DBMS)
iV) Recover the content of a given file existing on the DBMS file system or write files into the file system
v) Issue commands to the operating system

Pen tester needs to perform various tests to detect SQL injection vulnerability. He has to make a list of all input fields whose values could be used in crafting a SQL query, including the hidden fields of POST requests and then test them separately, trying to interfere with the query and to generate an error.
In which of the following tests is the source code of the application tested in a non-runtime environment to detect the SQL injection vulnerabilities?

1. A. Automated Testing
2. B. Function Testing
3. C. Dynamic Testing
4. D. Static Testing

Correct Answer: D

The objective of social engineering pen testing is to test the strength of human factors in a security chain within the organization. It is often used to raise the level of security awareness among employees.

The tester should demonstrate extreme care and professionalism during a social engineering pen test as it might involve legal issues such as violation of privacy and may result in an embarrassing situation for the organization.
Which of the following methods of attempting social engineering is associated with bribing, handing out gifts, and becoming involved in a personal relationship to befriend someone inside the company?

1. A. Accomplice social engineering technique
2. B. Identity theft
3. C. Dumpster diving
4. D. Phishing social engineering technique

Correct Answer: A