MK0-201 Exam Questions

When talking about databases search query languages, commands such as Select, Update, Insert, Grant, and Revoke would all be part of what language?

What does the union operation perform when attempting to execute an SQL Injection through a web form?

MS SQL server makes use of Stored Procedures. There is an extended stored procedure called sp_makewebtask that can be used with data being returned from executed queries. What woul...

While doing your testing you discover an MS SQL server within the target range. You attempt to connect to the SA account using the default password which is usually blank. You quic...

This document is a high level document that describes management intentions towards security. What is the name of the document?

This document, which is a part of good practices within an organization, describes step by step how to accomplish a specific task. What is the name of this document?

Ethics is one of the subjects that often leads to heated discussions amongst penetration testers. It is often lacking in multiple area of information security. Which of the followi...

While performing a penetration test you discover that the system being tested is already compromised by an intruder. Further examination shows the intruder being currently on the s...

On wireless networks, what is the Service Set Identity used for?

As you have learned in your Penetration Testing training or field experience, WEP is the encryption that was used with early WLAN implementation. It uses a stream cipher called RC4...

Bob is a keen administrator with Company XYZ. Bob has renamed his administrator account to Julius in order to hide the real administrator login. However, recently he has discovered...

The nbtstat tool is used to query the NetBIOS name table from a remote Windows system. The table below shows a sample output of the tool. The second column is a two digit hexadecim...

A Windows computer that has not been hardened properly might allow NULL connection from a remote host. Which of the following commands would be used by a remote attacker to attempt...

Nathalie, an employee of Corporation XYZ, has notice that Bob, one of her coworkers, has been abusing company assets and resources for his own personal gain. According to good ethi...

When a company wishes to have some assurance that a product is working as per the vendor claim they usually seek certification. One of the most commonly used certification schemes...

Methodology is one of the most important factors of success while doing a security test. Which of the following steps would represent the first step that is done either by a malici...

Clement is someone who greatly enjoys fishing. Clement recently visited a web site that is very proactive in its attempt to save marine life. While on the site he downloaded a diso...

Bryce, who is a great security professional with a perfect track record, has just been called into his supervisor's office. His supervisor has the sad task of letting him know that...

Name Servers are the Penetration Testers best friend. The Domain Name Registration database contains information about who registered a particular domain. What common command line...

Footprinting is one of the first steps performed by a Penetration Tester. Many security testers neglect to perform this phase whereby you have the opportunity to easily gather info...

Joshua, a specialist in Penetration Testing, has been hired by Company XYZ to perform a security test on some of their servers. Joshua has been challenged to remain undetected by C...

Wayne, who has a twisted mind, has been watching security mailing lists very closely. Today he has seen a new vulnerability announcement that affects multiple mail servers. Jack wi...

Company XYZ has been getting numerous complaints that one of their employees has been actively probing remote DNS servers and attempting to extract information from them. After inv...

You would like to know through what gateways a packet travels while being sent from point A to point B. Which of the following tools would be best to use for that specific purpose?...

Which of the following would best describe a scanning technique that is the most reliable but also the most noticeable on the target that is being evaluated?

A normal connection is usually established using a TCP Three Way handshake where sequences of packets are sent as follows: Syn, Syn-Ack, Ack. A malicious attacker probing a remote...

Which of the following scanning methods would be the most stealthy and best at hiding the source of a scan?

An attacker is sending packets with no flag set. This is also known as doing a NULL scan. Usually, operating system networking stacks will respond with a RST packet; however, some...

What is traceroute used for?

Bob has heard about weaknesses related to phone systems from one of his phreaker friends. His friend warns him about the potential danger of listening devices that are sometimes ba...

A null session allows users to connect remotely to other Windows computers on the network. According to the implementation of NULL Sessions on Windows platforms, how long would the...

Mae is a keen system administration; she constantly monitors the mailing list for best practices that are being used out in the field. On the servers that she maintains, Mae has re...

Which of the following password and encryption cracking methods is guaranteed to successfully crack any password or encryption algorithm?

Duane is a clever attacker; he has penetrated a system and wishes to hide some files within other files on the file system. Which of the following could be used by Duane to attempt...

Which of the following would represent a technique to embed data within another file whereby it would be near impossible for anyone using or looking at the file to claim that there...

Keen administrators (the enemy of penetration testers) will take great steps in order to collect logs on different servers. By having a detailed log of activities they may be able...

Which of the following would best match the following description: A program that looks useful at first sight but attempts to break your security policy by installing unwanted soft...

Nathalie has just received an I-Pod computer for Christmas. While on leave she decides to download some song from the internet; however, not being familiar with good download sites...

Kingsleigh has been learning about sniffer programs and found out that they can be used to collect information on networks. Kingsleigh would definitively like to gather a series of...

Ping utilities can be used for basic network connectivity tests; the ping command sends out an ICMP Echo Request packets and the destination host will reply with an ICMP Echo Reply...

A Denial of Service (DoS) attack can have severe effect on a company network or systems. What is the main purpose of a DoS attack? Choose the best response.

Todays security infrastructures are composed of firewall, intrusion detection systems, content screening, certificates, tokens, and a lot more. However, there is still one aspect t...

John is monitoring his local area network. He knows that a new token based authentication system has been implemented for user authentication. He is no longer able to gather clear...

Session Hijacking is possible due to which weakness within the TCPIP stack implementation?

Bob has accessed a nice site that sells high end wireless network equipment. However, after looking around for a while it was obvious that most items were too expensive for his low...

Mary has learned about the different ways authentication can be implemented on a web site. Which of the following forms of authentication would consist of the most basic form and a...

There are multiples ways that passwords could be cracked. Which of the following is not a password cracking method?

Wireless Local Area Networks (WLAN) are becoming increasingly popular. In order to link a wireless network to a wired network what type of device would be used?

On 802.11x Wireless Local Area Network, what is the effective length of the keys being used?

Which of the following protocols usually make use of the UDP protocol while querying information and the TCP protocol for some other functions?