CCSP Test 3 (Module 1 to 4)

Cybersecurity Engineer Test

CCSP Test 3 (Module 1 to 4)

1 / 100

Category: Cryptography and Steganography

1. Symmetric cryptography is also known as __________.

 

2 / 100

Category: Cryptography and Steganography

2. Which of the following manages digital certificates?

3 / 100

Category: Cryptography and Steganography

3. Asymmetric encryption is also referred to as which of the following?

4 / 100

Category: Cryptography and Steganography

4. Which of the following best describes hashing?

 

5 / 100

Category: Cryptography and Steganography

5. A message digest is a product of which kind of algorithm?

 

6 / 100

Category: Cryptography and Steganography

6. Who first developed SSL?

 

7 / 100

Category: Cryptography and Steganography

7. At what point can SSL be used to protect data?

8 / 100

Category: Cryptography and Steganography

8. Which system does SSL use to function?

9 / 100

Category: Cryptography and Steganography

9. SSL is a mechanism for which of the following?

10 / 100

Category: Cryptography and Steganography

10. Which of the following is a common hashing protocol?

11 / 100

Category: Cryptography and Steganography

11. What does hashing preserve in relation to data?

12 / 100

Category: Cryptography and Steganography

12. What types of remote communication SSH provides?

13 / 100

Category: Cryptography and Steganography

13. Which are the examples of SHA2 hashing algorithm? (Choose all applicable answers)

14 / 100

Category: Cryptography and Steganography

14. Which one is a html encoding format?

15 / 100

Category: Cryptography and Steganography

15. Which one is a base64 encoding format?

16 / 100

Category: Cryptography and Steganography

16. _____________ is another data hiding technique which can be used in conjunction with cryptography for the extra-secure method of protecting data.

17 / 100

Category: Cryptography and Steganography

17. Which one isn’t a type of steganography?

18 / 100

Category: Cryptography and Steganography

18. Which one is a correct format after an image steganography? (Choose all applicable answers)

19 / 100

Category: Cryptography and Steganography

19. Which one is the exception of document steganography?

20 / 100

Category: Cryptography and Steganography

20.  .RM is an audio stego format.

21 / 100

Category: Cryptography and Steganography

21. Embedding php code in an image file is a concept of cryptography.

22 / 100

Category: Cryptography and Steganography

22. Which one is not a form of steganalysis?

23 / 100

Category: Cryptography and Steganography

23. Which of the following types of attacks has only the steganographic medium available?

24 / 100

Category: Cryptography and Steganography

24. Which of the following is not a steganography tool?

25 / 100

Category: Cryptography and Steganography

25. The main motive for using steganography is that hackers or other users can hide a secret message behind a ______________

26 / 100

Category: Common web application vulnerabilities

1.   __________ is a client-side scripting language.

27 / 100

Category: Common web application vulnerabilities

2. Which of the following is used to access content outside the root of a website?

28 / 100

Category: Common web application vulnerabilities

3. Which of the following can prevent bad input from being presented to an application through a form?

29 / 100

Category: Common web application vulnerabilities

4. Cross Site Scripting is a vulnerability in web application that allows an attacker to inject _____ and _____ code into a web page.

30 / 100

Category: Common web application vulnerabilities

5. Input validation protect from an XSS

31 / 100

Category: Common web application vulnerabilities

6. Which are proper xss payloads?(Choose all applicable answers)

32 / 100

Category: Common web application vulnerabilities

7. What does CSRF stand for?

33 / 100

Category: Common web application vulnerabilities

8. Cross Site Request Forgery is performed via ________ .

34 / 100

Category: Common web application vulnerabilities

9. As a web application user, what puts you at most risk to fall victim to a cross-site request forgery (CSRF) attack?

35 / 100

Category: Common web application vulnerabilities

10. When a process stores data outside the memory that the developer intended is called:

36 / 100

Category: Common web application vulnerabilities

11. When an attacker obtains control of a target computer through some sort of vulnerability, gaining the power to execute commands on that remote computer is called:

37 / 100

Category: Common web application vulnerabilities

12. Which threat can be prevented by having unique usernames generated with a high degree of entropy?

38 / 100

Category: Common web application vulnerabilities

13. What threat are you vulnerable to if you do not validate the authorization of the user for direct references to restricted resources?

39 / 100

Category: Common web application vulnerabilities

14. For every link or form which invokes state-changing functions with an unpredictable token for each user what attack can be prevented?

40 / 100

Category: Common web application vulnerabilities

15. For an indirect reference, what happens if there's no list of limited values authorized for a user in the direct reference?

41 / 100

Category: Common web application vulnerabilities

16. We can allow client-side scripts to execute in the browsers for needed operations.

42 / 100

Category: Common web application vulnerabilities

17. The use of proper security techniques can:(Choose all applicable answers)

43 / 100

Category: Common web application vulnerabilities

18. The characteristics of an effective security system are that the system is:(Choose all applicable answers)

44 / 100

Category: Common web application vulnerabilities

19. Executing the following code ->  “<?php phpinfo(); ?>” is a example of remote command execution.

45 / 100

Category: Common web application vulnerabilities

20. Execution of the following code 🡪 “system("id");” is a example of:

46 / 100

Category: Common web application vulnerabilities

21. What is the difference between Distributed Denial of Service (DDoS) attack and a Denial of Service (DoS) attack?

47 / 100

Category: Common web application vulnerabilities

22. What can a DDoS attack do?

48 / 100

Category: Common web application vulnerabilities

23. Which of the security misconfiguration this HTTP header is disclosing?

49 / 100

Category: Common web application vulnerabilities

24. To prevent security misconfigurations the developer should: (Choose all applicable answers)

50 / 100

Category: Common web application vulnerabilities

25. example . net / browse . php ? dir = .. / .. / etc / paswd which type of attack is this?

51 / 100

Category: Penetration Testing Tools

1.  Which one is a vulnerability analysis tool?

52 / 100

Category: Penetration Testing Tools

2. Which one is a information gathering tool?

53 / 100

Category: Penetration Testing Tools

3. Metasploit is a framework that includes a database of exploits.

54 / 100

Category: Penetration Testing Tools

4. Which exploitation tool can be used to exploit database?

55 / 100

Category: Penetration Testing Tools

5. What is “dirbuster”?

56 / 100

Category: Penetration Testing Tools

6. When web defacement happens, that means the attacker compromised the web server fully.

57 / 100

Category: Penetration Testing Tools

7.  Which of the following is not a web server attack type?

58 / 100

Category: Penetration Testing Tools

8. Which characters divide or split the header and body in http response splitting attack?

59 / 100

Category: Penetration Testing Tools

9. Which one is the perfect ssh brute force attack command?(Choose all applicable answers)

60 / 100

Category: Penetration Testing Tools

10. Man-in-the-Middle Attacks → Technically, any type of attack in which a third party manages to get in between the two parties communicating

61 / 100

Category: Penetration Testing Tools

11. The interception of legitimate communication and forging a fictitious response to the sender

62 / 100

Category: Penetration Testing Tools

12. Which of the following is a tool for analysing the degree of randomness in security critical tokens issued by an application?

63 / 100

Category: Penetration Testing Tools

13. Which of the following is a tool for automating customised attacks against web applications?

64 / 100

Category: Penetration Testing Tools

14. Which of the following technologies allows you to define multiple listeners?

65 / 100

Category: Penetration Testing Tools

15. Which of the following platforms for security testing of web applications includes detailed analysis and rendering of requests and responses?

66 / 100

Category: Penetration Testing Tools

16. Which of the following methods sends an unlimited amount of information over a socket connect as per HTTP request?

67 / 100

Category: Penetration Testing Tools

17. In which of the following techniques, you tell burp what your target scope is for active and passive scanning?

68 / 100

Category: Penetration Testing Tools

18. What is the task of 'Forward' control in intercepting Burp Suite request?

69 / 100

Category: Penetration Testing Tools

19. Which of the following is/are correct about Burp suite walk through step in web application?

70 / 100

Category: Penetration Testing Tools

20. What are the resolution steps when Burp does not intercept HTTPS requests?

71 / 100

Category: Penetration Testing Tools

21. Which of the following SQLMAP commands will allow you to test if a parameter in a target URL is vulnerable to SQL injection (injectable)?

72 / 100

Category: Penetration Testing Tools

22. Which among the following sqlmap queries does James issue in order to extract the tables related to the database "offices"?

73 / 100

Category: Penetration Testing Tools

23. Richard is working on a web app pen testing assignment for one of his clients. After preliminary information, gathering and vulnerability scanning Richard runs the SQLMAP tool to extract the database information. Which of the following commands will give Richard an output as shown in the screenshot?

74 / 100

Category: Penetration Testing Tools

24. Which one is the command that dumps all tables in sqlmap?

75 / 100

Category: Penetration Testing Tools

25. What are the tasks related to Burp Proxy for intercepting and manipulating the request?

76 / 100

Category: Basic operations of Metasploit Framework and System Hacking

 1.  Which metasploit command can be used to launch an attack and is an alias for the run command?

77 / 100

Category: Basic operations of Metasploit Framework and System Hacking

2. Which MSFS directory contains the MSF core files?

78 / 100

Category: Basic operations of Metasploit Framework and System Hacking

3. Which command sets the SHELLCODE?

79 / 100

Category: Basic operations of Metasploit Framework and System Hacking

4. Which programming language can be used to write metasploit scripts for metasploit 4.x Framework?

80 / 100

Category: Basic operations of Metasploit Framework and System Hacking

5. Which command can be used to create a print screen from the target machine in meterpreter shell?

81 / 100

Category: Basic operations of Metasploit Framework and System Hacking

6. What is the first phase of an attack?

82 / 100

Category: Basic operations of Metasploit Framework and System Hacking

7. Which tool is the most appropriate to exploit a vulnerability?

83 / 100

Category: Basic operations of Metasploit Framework and System Hacking

8. What languages is metasploit mostly written in?

84 / 100

Category: Basic operations of Metasploit Framework and System Hacking

9. According to the talk, what is an external tool that metasploit uses?

85 / 100

Category: Basic operations of Metasploit Framework and System Hacking

10. What does encoder do?

86 / 100

Category: Basic operations of Metasploit Framework and System Hacking

11. We can create malware in metasploit and compile it to any format?

87 / 100

Category: Basic operations of Metasploit Framework and System Hacking

12. The "R" in "RHOST" stands for _____

88 / 100

Category: Basic operations of Metasploit Framework and System Hacking

13. Which command did we use to take a photograph with the remote webcam?

89 / 100

Category: Basic operations of Metasploit Framework and System Hacking

14. What does the command keyscan_dump do?

90 / 100

Category: Basic operations of Metasploit Framework and System Hacking

15.  Armitage has a command line interface.

91 / 100

Category: Basic operations of Metasploit Framework and System Hacking

16. Which command allows a user to initiate a connection from a vulnerable machine to the attacker machine?

92 / 100

Category: Basic operations of Metasploit Framework and System Hacking

17. Which command is used to start metasploit console ?

93 / 100

Category: Basic operations of Metasploit Framework and System Hacking

18. Which metasploit’s payload can be used to connect to netcat listener on vulnerable server ?

94 / 100

Category: Basic operations of Metasploit Framework and System Hacking

19. You’ve gained access to an internal system using metasploit. Now you use this hacked system to access and attack other internal systems. Which of the following terms best describes the scenario?

95 / 100

Category: Basic operations of Metasploit Framework and System Hacking

20. Which one is the “rpcbind” port?

96 / 100

Category: Basic operations of Metasploit Framework and System Hacking

21. Which one is the port number of smb protocol?

97 / 100

Category: Basic operations of Metasploit Framework and System Hacking

22. The following exploit 🡪 “exploit/unix/irc/unreal_ircd_3281_backdoor” is used for exploiting:

98 / 100

Category: Basic operations of Metasploit Framework and System Hacking

23. NOP modules generate a no-operation instructions used for blocking out buffers.

99 / 100

Category: Basic operations of Metasploit Framework and System Hacking

24. “6667” port is used for:

100 / 100

Category: Basic operations of Metasploit Framework and System Hacking

25. Which one is a proper command for generate an android reverse tcp payload?

0%