big hacking guy dude stuff

¡Supera tus tareas y exámenes ahora con Quizwiz!

Which of the following wireless standard has bandwidth up to 54 Mbit/s and signals in a regulated frequency spectrum around 5 GHz? A. 802.11a B. 802.11g C. 802.11n D. 802.11i

A. 802.11a

Which of the following describes сross-site request forgery? A. A browser makes a request to a server without the user's knowledge. B. A request sent by a malicious user from a browser to a server. C. Modifying the request by the proxy server between the client and the server. D. A server makes a request to another server without the user's knowledge.

A. A browser makes a request to a server without the user's knowledge.

Which of the following is the hacker's first step in conducting a DNS cache poisoning attack on a target organization? A. The hacker makes a request to the DNS resolver. B. The hacker forges a reply from the DNS resolver. C. The hacker queries a nameserver using the DNS resolver. D. The hacker uses TCP to poison the DNS resolver.

A. The hacker makes a request to the DNS resolver.

Determine the attack according to the following scenario: Benjamin performs a cloud attack during the translation of the SOAP message in the TLS layer. He duplicates the body of the message and sends it to the server as a legitimate user. As a result of these actions, Benjamin managed to access the server resources to unauthorized access. A. Wrapping B. Side-channel C. Cloud Hopper D. Cloudborne

A. Wrapping

You need to transfer sensitive data of the organization between industrial systems securely. For these purposes, you have decided to use short-range wireless communication technology that meets the following requirements: - Protocol based on the IEEE 203.15.4 standard; - Range of 10-100 m. - Designed for small-scale projects which need wireless connection. Which of the following protocols will meet your requirements? A. Zigbee B. NB-IoT C. LPWAN D. MQTT

A. Zigbee

Which of the following files determines the basic configuration in an Android application, such as broadcast receivers, services, etc.? APK.info classes.dex resources.asrc AndroidManifest.xml

APK.info

Elon plans to make it difficult for the packet filter to determine the purpose of the packet when scanning. Which of the following scanning techniques will Elon use? A. ICMP scanning. B. SYN/FIN scanning using IP fragments. C. ACK scanning. D. IPID scanning.

B. SYN/FIN scanning using IP fragments.

Which of the following is a file on a web server that can be misconfigured and provide sensitive information for a hacker, such as verbose error messages? A. httpd.conf B. php.ini C. idq.dll D. administration.config

B. php.ini

You makes a series of interactive queries, choosing subsequent plaintexts based on the information from the previous encryptions. What type of attack are you trying to perform? A. Ciphertext-only attack B. Chosen-plaintext attack C. Known-plaintext attack D. Adaptive chosen-plaintext attack

D. Adaptive chosen-plaintext attack

John performs black-box testing. It tries to pass IRC traffic over port 80/TCP from a compromised web-enabled host during the test. Traffic is blocked, but outbound HTTP traffic does not meet any obstacles. What type of firewall checks outbound traffic? A. Packet Filtering B. Stateful C. Circuit D. Application

D. Application

Ivan, an evil hacker, conducts an SQLi attack that is based on True/False questions. What type of SQLi does Ivan use? A. Compound SQLi B. Classic SQLi C. DMS-specific SQLi D. Blind SQLi

D. Blind SQLi

You know that the application you are attacking is vulnerable to an SQL injection, but you cannot see the result of the injection. You send a SQL query to the database, which makes the database wait before it can react. You can see from the time the database takes to respond, whether a query is true or false. What type of SQL injection did you use? A. UNION SQLi. B. Error-based SQLi. C. Out-of-band SQLi. D. Blind SQLi.

D. Blind SQLi.

Which of the following AAA protocols can use for authentication users connecting via analog modems, Digital Subscriber Lines (DSL), wireless data services, and Virtual Private Networks (VPN) over a Frame Relay network? A. Kerberos B. TACACS C. DIAMETER D. RADIUS

D. RADIUS

Which of the following application security testing method of white-box testing, in which only the source code of applications and their components is scanned for determines potential vulnerabilities in their software and architecture? A. DAST B. MAST C. IAST D. SAST

D. SAST

Philip, a cybersecurity specialist, needs a tool that can function as a network sniffer, record network activity, prevent and detect network intrusion. Which of the following tools is suitable for Philip? A. Nmap B. Nessus C. Cain & Abel D. Snort

D. Snort

Identify the protocol used to secure an LDAP service against anonymous queries? RADIUS NTLM WPA SSO

NTLM

Which of the following tools is a command-line vulnerability scanner that scans web servers for dangerous files/CGIs? A. John the Ripper B. Kon-Boot C. Nikto D. Snort

Nikto

Which of the following SQLi types leverages a database server's ability to make DNS requests to pass data to an attacker? Time-based blind SQLi Union-based SQLi Out-of-band SQLi In-band SQLi

Out-of-band SQLi

Which of the following is API designed to reduce complexity and increase the integrity of updating and changing which uses a web service that uses HTTP methods such as PUT, POST, GET, and DELETE and can improve the overall performance, visibility, scalability, reliability, and portability of an application? RESTful API SOAP API JSON-RPC REST API

RESTful API

What of the following is a file which is the rich target to discover the structure of a website during web-server footprinting? domain.txt index.html Document root Robots.txt

Robots.txt

During testing execution, you established a connection with your computer using the SMB service and entered your login and password in plaintext. After the testing is completed, you need to delete the data about the login and password you entered so that no one can use it. Which of the following files do you need to clear? .bashrc .bash_history .xsession-log .profile

.bash_history

According to the configuration of the DHCP server, only the last 100 IP addresses are available for lease in subnet 10.1.4.0/23. Which of the following IP addresses is in the range of the last 100 addresses? 10.1.3.156 10.1.4.254 10.1.155.200 10.1.5.200

10.1.5.200

You simulate an attack on your organization's network resources and target the NetBIOS service. You decided to use the NetBIOS API for this attack and perform an enumeration. After finishing, you found that port 139 was open, and you could see the resources that could be accessed or viewed on a remote system. Also, you came across many NetBIOS codes during enumeration. Which of the following NetBIOS codes is used for obtaining the messenger service running for the logged-in user? <1B> <00> <03> <20>

<03>

Ivan, an evil hacker, is preparing to attack the network of a financial company. To do this, he wants to collect information about the operating systems used on the company's computers. Which of the following techniques will Ivan use to achieve the desired result? A. Banner Grabbing. B. SSDP Scanning. C. IDLE/IPID Scanning. D. UDP Scanning.

A. Banner Grabbing.

You need to assess the system used by your employee. During the assessment, you found that compromise was possible through user directories, registries, and other system parameters. Also, you discovered vulnerabilities such as native configuration tables, incorrect registry or file permissions, and software configuration errors. Which of the following types of vulnerability assessments that you conducted? A. Host-based assessment B. Database assessment C. Credentialed assessment D. Distributed assessment

A. Host-based assessment

Which of the following tools is packet sniffer, network detector and IDS for 802.11(a, b, g, n) wireless LANs? A. Kismet B. Nessus C. Nmap D. Abel

A. Kismet

Josh, a security analyst, wants to choose a tool for himself to examine links between data. One of the main requirements is to present data using graphs and link analysis. Which of the following tools will meet John's requirements? A. Maltego. B. Palantir. C. Analyst's Notebook. D. Metasploit.

A. Maltego.

Which of the following SQL injection attack does an attacker usually bypassing user authentication and extract data by using a conditional OR clause so that the condition of the WHERE clause will always be true? A. Tautology B. UNION SQLi C. Error-Based SQLi D. End-of-Line Comment

A. Tautology

A competitor organization has hired a professional hacker who could collect sensitive information about your organization. The hacker starts by gathering the server IP address of the target organization using Whois footprinting. After this, he entered the server IP address as an input to an online tool to retrieve information such as your organization's network range and identify the network topology and operating system used in the network. Which of the following tools did the hacker use for this purpose? AOL DuckDuckGo ARIN Baidu

ARIN

Your friend installed the application from a third-party app store. After a while, some of the applications in his smartphone were replaced by malicious applications that appeared legitimate, and he began to receive a lot of advertising spam. Which of the following attacks has your friend been subjected to? Clickjacking Agent Smith attack SMS phishing attack SIM card attack

Agent Smith attack

The attacker tries to take advantage of vulnerability where the application does not verify if the user is authorized to access the internal object via its name or key. Which of the following queries best describes an attempt to exploit an insecure direct object using the name of the valid account "User 1"? A. "GET/restricted/goldtransfer?to=Account&from=1 or 1=1' HTTP/1.1Host: westbank.com" B. "GET/restricted/accounts/?name=User1 HTTP/1.1 Host: westbank.com" C. "GET/restricted/bank.getaccount("˜User1') HTTP/1.1 Host: westbank.com" D. "GET/restricted/\r\n\%00account%00User1%00access HTTP/1.1 Host: westbank.com"

B. "GET/restricted/accounts/?name=User1 HTTP/1.1 Host: westbank.com"

You must discover all the active devices hidden by a restrictive firewall in the IPv4 range in a target network. Which of the following host discovery techniques will you use? A. UDP scan B. ARP ping scan C. TCP Maimon scan D. ACK flag probe scan

B. ARP ping scan

What is the purpose of the demilitarized zone? A. To add/protect network devices B. Add an extra layer of security to a LAN C. Scan all traffic coming through the DMZ to the internal network D. Provide a place for a honeypot

B. Add an extra layer of security to a LAN

John wants to attack the target organization, but before that, he needs to gather information. For these purposes, he performs DNS footprinting to gather information about DNS servers and identify the hosts connected to the target network. John is going to use an automated tool that can retrieve information about DNS zone data, including DNS domain names, computer names, IP addresses, DNS records, and network Whois records. Which of the following tools will John use? A. Towelroot B. Bluto C. Knative D. zANTI

B. Bluto

Which of the following option is a security feature on switches leverages the DHCP snooping database to help prevent man-in-the-middle attacks? A. Spanning tree B. DAI C. Port security D. DHCP relay

B. DAI

You found that sensitive data, employee usernames, and passwords are shared in plaintext, paving the way for hackers to perform successful session hijacking. Which of the following protocols, which can send data using encryption and digital certificates, will help solve this problem? A. HTTPS B. FTPS C. IP D. FTP

B. FTPS

Which of the following is the method of determining the movement of a data packet from an untrusted external host to a protected internal host through a firewall? A. MITM B. Firewalking C. Network sniffing D. Session hijacking

B. Firewalking

Identify a vulnerability in OpenSSL that allows stealing the information protected under normal conditions by the SSL/TLS encryption used to secure the Internet? A. POODLE B. Heartbleed Bug C. SSL/TLS Renegotiation Vulnerability D. Shellshock

B. Heartbleed Bug

Matthew successfully hacked the server and got root privileges. Now he wants to pivot and stealthy transit the traffic over the network, avoiding the IDS. Which of the following will be the best solution for Matthew? A. Install and use Telnet to encrypt all outgoing traffic from this server. B. Install Cryptcat and encrypt outgoing packets from this server. C. Use Alternate Data Streams to hide the outgoing packets from this server. D. Use HTTP so that all traffic can be routed vis a browser, thus evading the internal Intrusion Detection Systems.

B. Install Cryptcat and encrypt outgoing packets from this server.

Andrew is conducting a penetration test. He is now embarking on sniffing the target network. What is not available for Andrew when sniffing the network? A. Identifying operating systems, services, protocols and devices. B. Modifying and replaying captured network traffic. C. Collecting unencrypted information about usernames and passwords. D. Capturing network traffic for further analysis.

B. Modifying and replaying captured network traffic.

Identify the attack by description: The attacker decides to attack IoT devices. First, he will record the frequency required to share information between connected devices. Once he gets the necessary frequency, the attacker will capture the original data when the connected devices initiate commands. As soon as he collects original data, he will use tools such as URH to segregate the command sequence. The final step in this attack will be starting injecting the segregated command sequence on the same frequency into the IoT network, which repeats the captured signals of the devices. A. Cryptanalysis attack. B. Replay attack. C. Reconnaissance attack. D. Side-channel attack.

B. Replay attack.

Which of the following is not included in the list of recommendations of PCI Data Security Standards? A. Do not use vendor-supplied defaults for system passwords and other security parameters. B. Rotate employees handling credit card transactions on a yearly basis to different departments. C. Encrypt transmission of cardholder data across open, public networks. D. Protect stored cardholder data.

B. Rotate employees handling credit card transactions on a yearly basis to different departments.

Viktor, a professional hacker, targeted an organization's network to sniff all the traffic. During this process, Viktor plugged in a rogue switch to an unused port in the LAN with a priority lower than any other switch in the network so that he could make it a root bridge that will later allow him to sniff all the traffic in the network. What is the attack performed by Viktor in the above scenario? A. DNS poisoning attack B. STP Attack C. ARP spoofing attack D. VLAN hopping attack

B. STP Attack

Ivan, a black hat hacker, sends partial HTTP requests to the target webserver to exhaust the target server's maximum concurrent connection pool. He wants to ensure that all additional connection attempts are rejected. What type of attack does Ivan implement? A. Fragmentation B. Slowloris C. HTTP GET/POST D. Spoofed Session Flood

B. Slowloris

Alex, a cybersecurity specialist, received a task from the head to scan open ports. One of the main conditions was to use the most reliable type of TCP scanning. Which of the following types of scanning should Alex use? A. Xmas Scan. B. TCP Connect/Full Open Scan. C. Half-open Scan. D. NULL Scan.

B. TCP Connect/Full Open Scan.

During a port scan on the target host, your colleague sends FIN/ACK probes and finds that an RST packet is sent in response by the target host, indicating that the port is closed. Which of the following port scanning techniques did your colleague use? A. Xmas scan B. TCP Maimon scan C. IDLE/IPID header scan D. ACK flag probe scan

B. TCP Maimon scan

Identify the type of jailbreaking which allows user-level access and does not allow iboot-level access? A. iBootrom Exploit B. Userland Exploit C. iBoot Exploit D. Bootrom Exploit

B. Userland Exploit

While using your bank's online servicing you notice the following string in the URL bar: http://www.MyPersonalBank.com/account?id=368940911028389&Damount=10980&Camount=21 You observe that if you modify the Damount & Camount values and submit the request, that data on the web page reflect the changes. Which type of vulnerability is present on this site? A. XSS Reflection B. Web Parameter Tampering C. Cookie Tampering D. SQL injection

B. Web Parameter Tampering

Session splicing is an IDS evasion technique that exploits how some IDSs do not reconstruct sessions before performing pattern matching on the data. The idea behind session splicing is to split data between several packets, ensuring that no single packet matches any patterns within an IDS signature. Which tool can be used to perform session splicing attacks? A. tcpsplice B. Whisker C. Burp D. Hydra

B. Whisker

Ferdinand installs a virtual communication tower between the two authentic endpoints to mislead the victim. What attack does Ferdinand perform? A. Aspidistra B. aLTEr C. Wi-Jacking D. Sinkhole

B. aLTEr

Black hat hacker Ivan wants to implement a man-in-the-middle attack on the corporate network. For this, he connects his router to the network and redirects traffic to intercept packets. What can the administrator do to mitigate the attack? A. Redirection of the traffic is not possible without the explicit admin's confirmation. B. Use the Open Shortest Path First (OSPF). C. Add message authentication to the routing protocol. D. Use only static routes in the corporation's network.

C. Add message authentication to the routing protocol.

You conduct an investigation and finds out that the browser of one of your employees sent malicious requests that the employee knew nothing about. Identify the web page vulnerability that the attacker used when the attack to your employee? A. Command Injection Attacks B. File Inclusion Attack C. Cross-Site Request Forgery (CSRF) D. Hidden Field Manipulation Attack

C. Cross-Site Request Forgery (CSRF)

All the industrial control systems of your organization are connected to the Internet. Your management wants to empower the manufacturing process, ensure the reliability of industrial networks, and reduce downtime and service disruption. You have been assigned to find and install an OT security tool that further protects against security incidents such as cyber espionage, zero-day attacks, and malware. Which of the following tools will you use to accomplish this task? A. BalenaCloud B. Robotium C. Flowmon D. IntentFuzzer

C. Flowmon

Which of the following tiers in the three-tier application architecture is responsible for moving and processing data between them? A. Application Layer B. Data tier C. Logic tier D. Presentation tier

C. Logic tier

John, a system administrator, is learning how to work with new technology: Docker. He will use it to create a network connection between the container interfaces and its parent host interface. Which of the following network drivers is suitable for John? A. Host networking. B. Bridge networking. C. Macvlan networking. D. Overlay networking.

C. Macvlan networking.

Imagine the following scenario: The hacker monitored and intercepted already established traffic between the victim and a host machine to predict the victim's ISN. The hacker sent spoofed packets with the victim's IP address to the host machine using the ISN. After this manipulation, the host machine responded with a packet having an incremented ISN. After this manipulation, the host machine responded with a packet having an incremented ISN. The victim's connection was interrupted, and the hacker was able to connect with the host machine on behalf of the victim. Which of the following attacks did the hacker perform? A. UDP hijacking B. Blind hijacking C. TCP/IP hijacking D. Forbidden attack

C. TCP/IP hijacking

Michael, a technical specialist, discovered that the laptop of one of the employees connecting to a wireless point couldn't access the Internet, but at the same time, it can transfer files locally. He checked the IP address and the default gateway. They are both on 192.168.1.0/24. Which of the following caused the problem? A. The laptop is using an invalid IP address. B. The laptop and the gateway are not on the same network. C. The gateway is not routing to a public IP address. D. The laptop isn't using a private IP address.

C. The gateway is not routing to a public IP address.

You have been assigned the task of defending the company from network sniffing. Which of the following is the best option for this task? A. Restrict Physical Access to Server Rooms hosting Critical Servers. B. Register all machines MAC Address in a Centralized Database. C. Using encryption protocols to secure network communications. D. Use Static IP Address.

C. Using encryption protocols to secure network communications.

Which of the following will allow you to prevent unauthorized network access to local area networks and other information assets by wireless devices? A. AISS B. HIDS C. WIPS D. NIDS

C. WIPS

Which of the following programs is best used for analyzing packets on your wireless network? A. Airsnort with Airpcap B. Wireshark with Winpcap C. Wireshark with Airpcap D. Ethereal with Winpcap

C. Wireshark with Airpcap

Identify the attack used in the scenario below: The victim connected his iPhone to a public computer that the attacker had previously infected. After establishing the connection with this computer, the victim enabled iTunes Wi-Fi sync so that the device could continue communication with that computer even after being physically disconnected. Now the attacker who infected the computer can access the victim's iPhone and monitor all of the victim's activity on the iPhone, even after the device is out of the communication zone. A. iOS jailbreaking B. Exploiting SS7 vulnerability C. iOS trustjacking D. Man-in-the-disk attack

C. iOS trustjacking

Recently your company set up a cloud computing service. Your system administrator reached out to a telecom company to provide Internet connectivity and transport services between the organization and the cloud service provider to implement this service. Which category does the telecom company fall in the above scenario according to NIST cloud deployment reference architecture? Cloud consumer Cloud broker Cloud auditor Cloud carrier

Cloud carrier

Ivan, the evil hacker, decided to attack the cloud services of the target organization. First of all, he decided to infiltrate the target's MSP provider by sending phishing emails that distributed specially created malware. This program compromised users' credentials, and Ivan managed to gain remote access to the cloud service. Further, he accessed the target customer profiles with his MSP account, compressed the customer data, and stored them in the MSP. After this, he used this information to launch further attacks on the target organization. Which of the following cloud attacks did Ivan perform? Cloud cryptojacking Cloud hopper attack Man-in-the-cloud (MITC) attack Cloudborne attack

Cloud hopper attack

With which of the following SQL injection attacks can an attacker deface a web page, modify or add data stored in a database and compromised data integrity? A. Information Disclosure. B. Loss of data availability. C. Unauthorized access to an application. D. Compromised Data Integrity.

D. Compromised Data Integrity.

Which of the following best describes code injection? A. Form of attack in which a malicious user gets the server to execute arbitrary code using a buffer overflow. B. Form of attack in which a malicious user gains access to the codebase on the server and inserts new code. C. Form of attack in which a malicious user inserts additional code into the JavaScript running in the browser. D. Form of attack in which a malicious user inserts text into a data field interpreted as code.

D. Form of attack in which a malicious user inserts text into a data field interpreted as code.

Attacker uses various IDS evasion techniques to bypass intrusion detection mechanisms. At the same time, IDS is configured to detect possible violations of the security policy, including unauthorized access and misuse. Which of the following evasion method depend on the Time-to-Live (TTL) fields of a TCP/IP ? A. Denial-of-Service Attack B. Unicode Evasion C. Obfuscation D. Insertion Attack

D. Insertion Attack

The attacker, during the attack, installed a scanner on a machine belonging to one of the employees of the target organization and scanned several machines on the same network to identify vulnerabilities to exploit further. Which of the following type of vulnerability assessment tools employed the attacker? A. Cluster scanner. B. Agent-based scanner. C. Proxy scanner. D. Network-based scanner.

D. Network-based scanner.

Determine what of the list below is the type of honeypots that simulates the real production network of the target organization? A. Low-interaction Honeypots. B. High-interaction Honeypots. C. Research honeypots. D. Pure Honeypots.

D. Pure Honeypots.

Which of the following best describes a software firewall? A. Software firewall is placed between the router and the networking components of the operating system. B. Software firewall is placed between the desktop and the software components of the operating system. C. Software firewall is placed between the anti-virus application and the IDS components of the operating system. D. Software firewall is placed between the normal application and the networking components of the operating system.

D. Software firewall is placed between the normal application and the networking components of the operating system.

The evil hacker Antonio is trying to attack the IoT device. He will use several fake identities to create a strong illusion of traffic congestion, affecting communication between neighbouring nodes and networks. What kind of attack does Antonio perform? A. Side-Channel Attack B. Forged Malicious Device C. Exploit Kits D. Sybil Attack

D. Sybil Attack

Which of the following is an IOS jailbreaking technique that patches the kernel during the device boot to keep jailbroken after each reboot? A. Tethered jailbreaking B. Semi-tethered jailbreaking C. Semi-untethered jailbreaking D. Untethered jailbreaking

D. Untethered jailbreaking

John needs to choose a firewall that can protect against SQL injection attacks. Which of the following types of firewalls is suitable for this task? A. Hardware firewall. B. Packet firewall. C. Stateful firewall. D. Web application firewall.

D. Web application firewall.

Identify the technique by description: During the execution of this technique, an attacker copies the entire website and its content on a local drive to view the complete profile of the site's directory structure, file structure, web pages, images, etc. Thanks to the information gathered using this technique, an attacker map the website's directories and gains valuable information. A. Website defacement B. Session hijacking C. Web cache poisoning D. Website mirroring

D. Website mirroring

You must bypass the firewall. To do this, you plan to use DNS to perform data exfiltration on an attacked network. You embed malicious data into the DNS protocol packets. DNSSEC can't detect these malicious data, and you successfully inject malware to bypass a firewall and maintain communication with the victim machine and C&C server. Which of the following techniques would you use in this scenario? DNS cache snooping DNSSEC zone walking DNS enumeration DNS tunneling

DNS tunneling

You were instructed to check the configuration of the webserver and you found that the server permits SSLv2 connections, and the same private key certificate is used on a different server that allows SSLv2 connections. You understand that this vulnerability makes the web server vulnerable to attacks as the SSLv2 server can leak key information. Which of the following attacks can an attacker perform using this vulnerability? Padding oracle attack Side-channel attack DROWN attack DUHK attack

DROWN attack

You have detected an abnormally large amount of traffic coming from local computers at night. You decide to find out the reason, do a few checks and find that an attacker has exfiltrated user data. Also, you noticed that AV tools could not find any malicious software, and the IDS/IPS has not reported on any non-whitelisted programs. Which of the following type of malware did the attacker use to bypass your company's application whitelisting? Zero-day malware Phishing malware Logic bomb malware Fileless malware

Fileless malware

Your organization conducts a vulnerability assessment for mitigating threats. Your task is to scan the organization by building an inventory of the protocols found on the organization's machines to detect which ports are attached to services such as a web server, an email server or a database server. After this, you will need to select the vulnerabilities on each machine and start executing only the relevant tests. Which of the following type of vulnerability assessment solutions will you perform? Inference-based assessment Tree-based assessment Service-based solutions Product-based solutions

Inference-based assessment

John sent a TCP ACK segment to a known closed port on a firewall, but it didn't respond with an RST. What conclusion can John draw about the firewall he scanned? John can't draw any conclusions based on this information. There is no firewall. It's a non-stateful firewall. It's a stateful firewall.

It's a stateful firewall.

Your organization uses LDAP for accessing distributed directory services. An attacker knowing this can try to take advantage of an automated tool to anonymously query the LDAP service for sensitive information such as usernames, addresses, departmental details, and server names to launch further attacks on your organization. Which of the following tools can an attacker use to gather information from the LDAP service? JXplorer ike-scan EarthExplorer Zabasearch

JXplorer

Your organization has a public key infrastructure set up. Your colleague Bernard wants to send a message to Joan. Therefore, Bernard both encrypts the message and digitally signs it. Bernard uses ____ to encrypt the message for these purposes, and Joan uses ____ to confirm the digital signature. Joan's public key; Joan's public key. Joan's public key; Bernard's public key. Bernard's public key; Bernard's public key. Joan's private key; Bernard's public key.

Joan's public key; Bernard's public key.

You are the head of the Network Administrators department. And one of your subordinates uses SNMP to manage networked devices from a remote location. And one of your subordinates uses SNMP to manage networked devices from a remote location. To manage network nodes, your subordinate uses MIB, which contains formal descriptions of all network objects managed by SNMP. He accesses the contents of MIB by using a web browser either by entering the IP address and Lseries.mib or by entering the DNS library name and Lseries.mib. You know that your subordinate can retrieve information from a MIB that contains object types for workstations and server services. Which of the following types of MIB will your subordinate use to retrieve information about types for workstations and server services? WINS.MIB DHCP.MIB MIB_II.MIB LNMIB2.MIB

LNMIB2.MIB

You have successfully executed the attack and launched the shell on the target network. Now you want to identify all the OS of machines running on this network. You are trying to run the Nmap command to perform this task and see the following: hackeduser@hackedserver.~$ nmap -T4 -O 192.168.0.0/24 TCP/IP fingerprinting (for OS scan) xxxxxxx xxxxxx xxxxxxxxx. QUITTING! Why couldn't the scan be performed? The outgoing TCP/IP fingerprinting is blocked by the host firewall. The nmap syntax is wrong. OS Scan requires root privileges. The shell is not stabilized.

OS Scan requires root privileges.

Which of the following type of viruses avoid detection changing their own code, and then cipher itself multiple times as it replicates? Encryption virus Tunneling virus Stealth virus Cavity virus

Stealth virus

You need to send an email containing confidential information. Your colleague advises you to use PGP to be sure that the data will be safe. What should you use to communicate correctly using this type of encryption? Use your own public key to encrypt the message. Use your own private key to encrypt the message. Use your colleague's public key to encrypt the message. Use your colleague's private key to encrypt the message.

Use your colleague's public key to encrypt the message.

You must choose a tool for monitoring your organization's website, analyzing the website's traffic, and tracking the geographical location of the users visiting the organization's website. Which of the following tools will you use for these purposes? Webroot WAFW00F WebSite-Watcher Web-Stat

Web-Stat

Which of the following command will help you launch the Computer Management Console from" Run " windows as a local administrator Windows 7? A. services.msc B. gpedit.msc C. ncpa.cpl D. compmgmt.msc

compmgmt.msc

Identify the correct syntax for ICMP scan on a remote computer using hping2. hping2 -1 target.domain.com hping2 --l target.domain.com hping2 --set-ICMP target.domain.com hping2 target.domain.com

hping2 -1 target.domain.com

Which of the following Metasploit Framework tool can be used to bypass antivirus? msfencode msfcli msfpayload msfd

msfencode

Ivan, the evil hacker, decided to use Nmap scan open ports and running services on systems connected to the target organization's OT network. For his purposes, he enters the Nmap command into the terminal which identifies Ethernet/IP devices connected to the Internet and further gathered information such as the vendor name, product code and name, device name, and IP address. Which of the following commands did Ivan use in this scenario? nmap -Pn -sT -p 102 --script s7-info < Target IP > nmap -Pn -sT -p 46824 < Target IP > nmap -Pn -sT --scan-delay 1s --max-parallelism 1 -p < Port List > < Target IP > nmap -Pn -sU -p 44818 --script enip-info < Target IP >

nmap -Pn -sU -p 44818 --script enip-info < Target IP >


Conjuntos de estudio relacionados

Management process (key business functions)

View Set

Ch8 final, Final Ch4, Ch10 Final Exam

View Set

ACAMs Foundation Training - Section 1

View Set

Communication Essentials REVIEW for Final Exam Chapters 7, 8, 13, & 14

View Set

7.4 Physiology of Osseous Tissue

View Set

Phlebotomy Ch 8: Venipuncture Procedures

View Set