- (Exam Topic 1)
PGP, SSL, and IKE are all examples of which type of cryptography?

1. A. Digest
2. B. Secret Key
3. C. Public Key
4. D. Hash Algorithm

Correct Answer: C

- (Exam Topic 1)
In the field of cryptanalysis, what is meant by a “rubber-hose” attack?

1. A. Forcing the targeted keystream through a hardware-accelerated device such as an ASIC.
2. B. A backdoor placed into a cryptographic algorithm by its creator.
3. C. Extraction of cryptographic secrets through coercion or torture.
4. D. Attempting to decrypt ciphertext by making logical assumptions about the contents of the original plaintext.

Correct Answer: C
A powerful and often the most effective cryptanalysis method in which the attack is directed at the most vulnerable link in the cryptosystem - the person. In this attack, the cryptanalyst uses blackmail, threats, torture, extortion, bribery, etc. This method's main advantage is the decryption time's fundamental independence from the volume of secret information, the length of the key, and the cipher's mathematical strength.
The method can reduce the time to guess a password, for example, for AES, to an acceptable level; however, it requires special authorization from the relevant regulatory authorities. Therefore, it is outside the scope of this course and is not considered in its practical part.

- (Exam Topic 2)
Wilson, a professional hacker, targets an organization for financial benefit and plans to compromise its systems by sending malicious emails. For this purpose, he uses a tool to track the emails of the target and
extracts information such as sender identities, mall servers, sender IP addresses, and sender locations from different public sources. He also checks if an email address was leaked using the haveibeenpwned.com API. Which of the following tools is used by Wilson in the above scenario?

1. A. Factiva
2. B. Netcraft
3. C. infoga
4. D. Zoominfo

Correct Answer: C
Infoga may be a tool gathering email accounts informations (ip,hostname,country,…) from completely different public supply (search engines, pgp key servers and shodan) and check if email was leaked using haveibeenpwned.com API. is a really simple tool, however very effective for the first stages of a penetration test or just to know the visibility of your company within the net.

- (Exam Topic 3)
Elante company has recently hired James as a penetration tester. He was tasked with performing enumeration on an organization's network. In the process of enumeration, James discovered a service that is accessible to external sources. This service runs directly on port 21. What is the service enumerated byjames in the above scenario?

1. A. Border Gateway Protocol (BGP)
2. B. File Transfer Protocol (FTP)
3. C. Network File System (NFS)
4. D. Remote procedure call (RPC)

Correct Answer: B

- (Exam Topic 3)
Which of the following provides a security professional with most information about the system’s security posture?

1. A. Phishing, spamming, sending trojans
2. B. Social engineering, company site browsing tailgating
3. C. Wardriving, warchalking, social engineering
4. D. Port scanning, banner grabbing service identification

Correct Answer: D