- (Topic 2)
You work as a Network Administrator in the Secure Inc. You often need to send PDF documents that contain secret information, such as, client password, their credit card details, email passwords, etc. through email to your customers. However, you are making PDFs password protected you are getting complaints from customers that their secret information is being misused. When you analyze this complaint you get that however you are applying the passwords on PDFs, they are not providing the maximum protection. What may be the cause of this security hole?

1. A. PDFs can be read easily in the plain-text form by applying a sniffe
2. B. PDFs are sent in email in the plain-text for
3. C. PDF passwords can easily be cracked by brute force attack
4. D. You are applying easily guessed password

Correct Answer: C

- (Topic 1)
You've been asked to test a non-transparent proxy lo make sure it is working. After confirming the browser is correctly pointed at the proxy, you try to browse a web site. The browser indicates it is "loading" but never displays any part the page. Checking the proxy, you see a valid request in the proxy from your browser. Checking the response to the proxy, you see the results displayed in the accompanying screenshot. Which of the following answers is the most likely reason the browser hasn't displayed the page yet?

1. A. The proxy is likely hung and must be restarte
2. B. The proxy is configured to trap response
3. C. The proxy is configured to trap request
4. D. The site you are trying to reach is currently dow

Correct Answer: C

- (Topic 2)
You work as a Penetration Tester for the Infosec Inc. Your company takes the projects of
security auditing. Recently, your company has assigned you a project to test the security of the we-aresecure. com Web site. For this, you want to perform the idle scan so that you can get the ports open in the we-are-secure.com server. You are using Hping tool to perform the idle scan by using a zombie computer. While scanning, you notice that every IPID is being incremented on every query, regardless whether the ports are open or close. Sometimes, IPID is being incremented by more than one value. What may be the reason?

1. A. The zombie computer is not connected to the we-are-secure.com Web serve
2. B. The zombie computer is the system interacting with some other system besides your comp ute
3. C. Hping does not perform idle scannin
4. D. The firewall is blocking the scanning proces

Correct Answer: B

- (Topic 4)
Which of the following tools allow you to perform HTTP tunneling?
Each correct answer represents a complete solution. Choose all that apply.

1. A. BackStealth
2. B. HTTPort
3. C. Tunneled
4. D. Nikto

Correct Answer: ABC

- (Topic 2)
Which of following tasks can be performed when Nikto Web scanner is using a mutation technique?
Each correct answer represents a complete solution. Choose all that apply.

1. A. Guessing for password file name
2. B. Sending mutation payload for Trojan attac
3. C. Testing all files with all root directorie
4. D. Enumerating user names via Apach

Correct Answer: ACD