CPTS - Certified Pen Testing Specialist - MK0-201 Exam Practice Test

Question 1

A Windows computer that has not been hardened properly might allow NULL connection from a remote host.
Which of the following commands would be used by a remote attacker to attempt connecting using NULL session?

A. net share \\servername\ipc$ /u:

B. net use \\servername\ipc$ /u:

C. net use \\servername\ipc$ /u:NULL

D. net use \\servername\ipc$ NULL /u:

Correct Answer: B

Question 2

Pieces of malware code are getting smarter all the time.
It seems it always finds a way of reinstalling itself on a system after it has been removed.
If you wish to look for malicious registry entries that could be used to restart such malware on a Windows XP computer, which of the following entries would you be looking for?
(Choose two from the list below)

A. HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnce

B. HKLM\Software\Microsoft\Windows\CurrentVersion\XP\Run

C. HKLM\Software\Microsoft\Windows\CurrentVersion\Run

D. HKLM\Software\Microsoft\Windows\CurrentVersion\XP\Startup

Correct Answer: A,C

Question 3

You have been reading a series of papers on connection hijacking.
However, there were contradictions as to which Operating System would be more vulnerable and which one has predictable sequence number generation.
Which of the following tools could be used to help you in evaluating sequence number predictability? Choose two from the list below.

A. SeqNum

B. Senna

C. nmap

D. hping

Correct Answer: C,D

Question 4

SSL can be used to protect information sent over a public network while surfing the web.
During the establishment of a secure SSL session, on which side of the communication link is the session key created?

A. It is generated by the server

B. It is preconfigured on the web server

C. There is no session key used, only public and private keys are being used

D. It is generated by the client

Correct Answer: D

Question 5

What Windows technology should prevent SMB Relay from sniffing user credentials in a man in the middle attack? Choose the best answer.

A. Windows Update

B. NetBIOS over TCP

C. SYSKEY

D. SMB Signing

Correct Answer: D

Question 6

Which tools and or techniques can be used to remove an Alternative Data Stream on an NTFS file? Choose two.

A. Copy the NTFS file containing the stream to a FAT partition, delete the original NTFS file, copy the FAT file back to NTFS

B. Ads_cat

C. ADSChecker

D. ADS_Del

Correct Answer: A

Question 7

Bob is working as an Intrusion Detection System administrator for a company called CCCure.
Being a keen analyst he has noted a very large amount of SYN packet being sent to some of his external IP addresses.
At first it looked like normal daily traffic but somehow it seems that after his internet facing hosts sends a SYN/ACK reply back to the connection request, the final ACK packet is never received from the remote host.
What type of scan does this pattern indicate?

A. A Half-Open Scan

B. A FIN Scan

C. A Vanilla port scan

D. A NULL scan

Correct Answer: A

Question 8

Which of these methods would be considered examples of active reconnaissance?
(Choose three.)

A. Whois lookup

B. War dialing

C. FTP banner retrieval

D. Firewalking

Correct Answer: B,C,D

Question 9

Why is it important to ensure that SRV records are not publicly accessible? Choose the best answer.

A. SRV records reveal Active Directory domain controllers

B. SRV records are required on NT 4 domains

C. SRV records indicate how long a machine has been up since reboot and hence could indicate patch levels

D. SRV records reveal Software Update Services computers

Correct Answer: A

Question 10

Nathalie, an employee of Corporation XYZ, has notice that Bob, one of her coworkers, has been abusing company assets and resources for his own personal gain.
According to good ethics values, what should Nathalie do in this case?

A. Report Bob to upper management where a decision about a course of action can be made along with the HR and Legal department.

B. Immediately install a network sniffer and keystroke recorder to monitor Bobs activities.

C. Nathalie should not get involved; this is none of her business.
She should simply continue her work day and wait until he gets caught.

D. Retaliate by abusing Bobs resources; he does it to the company, hence why not do it against Bob himself.

Correct Answer: A

Question 11

Nathalie is exclusively making use of a public key crypto system to communicate with her peers.
She would like to send information to Bob while protecting the confidentiality of the content being sent over the public network.
She will ask Bob to send one of his keys that she will use to encrypt the message content before sending it.
Which key will Bob send to Nathalie?

A. His private key

B. His symmetric key

C. His secret key

D. His public key

Correct Answer: D

Question 12

Which of the following SQL injection scripts would attempt to discover all usernames on the table users beginning with Ad?

A. OR 1=2 WHERE name is like AD%--

B. OR 1=1; SELECT username FROM users WHERE username LIKE ad%;--

C. SELECT * FROM * WHERE username = AD*

D. SELECT name FROM Master..sysxlogins

Correct Answer: B

Question 13

Which of the following penetration framework is Open Source and offers features that are similar to some of its rival commercial tools?

A. METASPLOIT

B. CORE IMPACT

C. CANVAS

D. DEEP HOLE

Correct Answer: A

Mile2-Security CPTS - Certified Pen Testing Specialist - MK0-201 Exam Practice Test

Latest Update

Useful Links

Contact Us