Certified Ethical Hacker Pro, Ch 14 Ethical Hacker Pro, All Chapters
Which of the following HTTP response messages would you receive if additional action needs to be taken to complete the request?
3xx: Redirection
An attacker conducts a normal port scan on a host and detects protocols used by a Windows operating system and protocols used by a Linux operating system. Which of the following might this indicate?
A honeypot
Which of the following best describes a wireless access point?
A networking hardware device that allows other Wi-Fi devices to connect to a wired network.
As part of your penetration test, you have captured an FTP session, as shown below. Which of the following concerns or recommendations will you include in your report?
FTP uses clear-text passwords
Which of the following is the best defense against cloud account and service traffic hijacking?
Find and fix software flaws continuously, use strong passwords, and use encryption.
Which of the following is the process of determining the configuration of ACLs by sending a firewall TCP and UDP packets?
Firewalking
Gathering information about a system, its components, and how they work together is known as ________?
Footprinting
What are the two types of Intrusion Detection Systems (IDSs)?
HIDS and NIDS
You are looking for a web server security tool that will detect hidden malware in websites and advertisements. Which of the following security tools would you most likely use?
Hackalert
An attacker is attempting to connect to a database using a web application system account instead of user-provided credentials. Which of the following methods is the attacker attempting to use?
Hijacking web credentials
You are on a Windows system. You receive an alert that a file named MyFile.txt.exe had been found. Which of the following could this indicate?
Host-based IDS
During a penetration test, Omar found unpredicted responses from an application. Which of the following tools was he most likely using while assessing the network?
beSTORM
Plaintext
charset
When it comes to obfuscation mechanisms, nmap has the ability to generate decoys, meaning that detection of the actual scanning system becomes much more difficult. Which of the following is the proper nmap command?
nmap -D RND:10 target_IP_address
You are employed by a small start-up company. The company is in a small office and has several remote employees. You must find a business service that will accommodate the current size of the company and scale up as the company grows. The service needs to provide adequate storage as well as additional computing power. Which of the following cloud service models should you use?
IaaS
The SQL injection methodology has four parts. Which of the following parts is similar to playing the game 20 questions?
Launch a SQL attack
Which of the following best describes the countermeasures you would take against a cross-site request forgery attack?
Log off immediately after using a web application. Clear the history after using a web application, and don't allow your browser to save your login details.
Strict supply chain management, comprehensive supplier assessment, HR resource requirements, transparent information security and management, compliance reporting, and a security breach notification process are defenses against which of the following cloud computing threats?
Malicious insiders
You work for a very small company that has 12 employees. You have been asked to configure wireless access for them. Knowing that you have a very limited budget to work with, which of the following technologies should you use?
A software-based access point.
Which of the following best describes the SQL Power Injector tool?
A tool used to find SQL injections on a web page.
Which of the following best describes a phishing attack?
A user is tricked into believing that a legitimate website is requesting their login information.
Karen received a report of all of the mobile devices on the network. This report showed the total risk score[...]
A vulnerability scanner
Which of the following best describes a web application?
A web application is software that has been installed on a web server.
Which of the following best describes Microsoft Internet Information Services (IIS)?
A web server technology
You are using BlazeMeter to test cloud security. Which of the following best describes BlazeMeter?
An end-to-end performance and load testing tool that can simulate up to 1 million users and makes realistic load tests easier.
Which of the following IDS detection types compare behavior to baseline profiles or network behavior baselines?
Anomaly-based
Which of the following is an open-source web server technology?
Apache Web Server
20493750979830712-498uoidjflkdas;lkafjoieah jsd are the possible values in
Ascii-32-95
Which of the following is a short-range wireless personal area network that supports low-power, long-use IoT needs?
BLE
Which of the following is a password cracking tool that can make over 50 simultaneous target connections?
Brutus
HTTP headers can contain hidden parameters such as user-agent, host headers, accept, and referrer. Which of the following tool could you use to discover hidden parameters?
Burp Suite
Frank wants to do a penetration test. He is looking for a tool that checks for vulnerabilities in web applications, network systems, wireless networks, mobile devices, and defense systems such as IDS or IPS. Which of the following tools would you recommend to him?
COREImpact Pro
In 2011, Sony was targeted by an SQL injection attack that compromised over a million emails, usernames, and passwords. Which of the following could have prevented the attack?
Careful configuration and penetration testing on the front end.
The results section of an assessment report contains four sub topics. Which of the following sub sections contains the origin of the scan.
Classification
Which type of web application requires a separate application to be installed before you can use the app?
Client-based web app
A hacker has used an SQL injection to deface a web page by inserting malicious content and altering the contents of the database. Which of the following did the hacker accomplish?
Compromise data integrity
Which of the following cloud security controls includes backups, space availability, and continuity of services?
Computation and storage
Web applications use sessions to establish a connection and transfer sensitive information between a client and a server. Attacking an application's session management mechanisms can help you get around some of the authentication controls and allow you to use the permissions of more privileged application users. Which of the following type of attacks could you use to accomplish this?
Cookie parameter tampering
As a penetration tester, you have found there is no data validation being completed at the server, which could leave the web applications vulnerable to SQL injection attacks. Which of the following could you use to help defend against this vulnerability?
Decline any entry that includes binary input, comment characters, or escape sequences.
Joelle, an app developer, created an app using two-factor authentication (2FA) and requires strong user passwords. Which of the following IoT security challenges is she trying to overcome?
Default, weak, and hardcoded credentials
Robin, an IT technician, has implemented identification and detection techniques based on the ability to distinguish legitimate traffic from illegitimate traffic over the network. Which of the following is he trying to achieve?
Defend the network against IDS evasions.
Which of the following best describes the Platform as a Service (PaaS) cloud computing service model?
Delivers everything a developer needs to build an application on the cloud infrastructure.
Which of the following best describes a stateful inspection?
Determines the legitimacy of traffic based on the state of the connection from which the traffic originated.
Anabel purchased a smart speaker. She connected it to all the smart devices in her home. Which of the following communication models is she using?
Device-to-device
What are the four primary systems of IoT technology?
Devices, gateway, data storage, and remote control
The following are countermeasures you would take against a web application attack: -Secure remote administration and connectivity testing. -Perform extensive input validation. -Configure the firewall to deny ICMP traffic. -Stop data processed by the attacker from being executed. Which of the following attacks would these countermeasures prevent?
DoS Attacks
Ping of death, teardrop, SYN flood, Smurf, and fraggle are all examples of which of the following?
DoS attack types
You are cleaning your desk at work. You toss several stacks of paper in the trash, including a sticky note with your password written on it. Which of the following types of non-technical password attacks have you enabled.
Dumpster diving
Which of the following firewall limitations is a critical vulnerability because it means that packet filters cannot tell whether a connection was started inside or outside the organization?
Inability to detect the keep the state status
Which of the following functions does a single quote (') perform in an SQL injection?
Indicates that data has ended and a command is beginning.
Which of the following is the correct order for a hacker to launch an attack?
Information gathering, vulnerability scanning, launch attack, gain remote access, maintain access
Which of the following web server countermeasures is implemented to fix known vulnerabilities, eliminate bugs, and improve performance?
Install Patches and Updates
YuJin drove his smart car to the beach to fly his drone in search of ocean animal activity. Which of the following operation systems are most likely being used by his car and drone?
Integrity RTOS and snappy
Which of the following has five layers of structure that include Edge technology, Access gateway, Internet, Middleware, and Application?
IoT architecture
There are several types of signature evasion techniques. Which of the following best describes the obfuscated codes technique?
Is an SQL statement that is hard to read and understand.
Which of the following best describes Qualys Vulnerability Management assessment tool.
It is a cloud-based service that keeps all of your data in a private virtual database
Which of the following steps in the web server hacking methodology involves setting up a web server sandbox to gain hands-on experience attacking a web server?
Mirroring
Which of the following is another name for the signature-based detection method?
Misuse detection
A company has implemented the following defenses: The data center is located in safe geographical area. Backups are in different locations. Mitigation measures are in place. A disaster recovery plan is in place. Which of the following cloud computing threats has the customer implemented countermeasures against?
Natural disasters
Google Cloud, Amazon Web Services, and Microsoft Azure are some of the most widely used cloud storage solutions for enterprises. Which of the following factors prompts companies to take advantage of cloud storage?
Need to bring costs down and growing demand for storage.
Clive, a penetration tester, is scanning for vulnerabilities on the network, specifically outdated versions of Apple OS. Which of the following tools should he use.
Nessus
You are looking for a web application security tool that runs automated scans looking for vulnerabilities susceptible to SQL injection, cross-site scripting, and remote code injection. Which of the following web application security tools would you most likely use?
Netsparker
Which of the following is a sign of a network-based intrusion?
New or unusual protocols and services running.
Which of the following would be the best open-source tool to use if you are looking for a web server scanner.
Nikto
Which of the following is a nonprofit organization that provides tools and resources for web app security and is made up of software developers, engineers, and freelancers?
OWASP
Penetration testing is a practice conducted by an ethical hacker to see how an organization's security policies and security practices measure up to the organization's actual overall successful system security. When can an ethical hacker start the penetration test?
Once all the legal contracts are signed, formalities are settled, and permissions are given.
Which of the following best describes a proxy server?
Operates at Layer 7 (Application) of the OSI model.
Which of the following firewall technologies operates at Layers 3 (Network) and 4 (Transport) of the OSI model?
Packet Filtering
Which of the following types of wireless antenna is shown in the image?
Parabolic
Which of the following best describes the HTTP Request/Response TRACE?
Performs a loopback test to a target resource.
Which of the following attacks utilizes encryption to deny a user access to a device?
Ransomware attack
Which of the following best describes shoulder surfing
Someone nearby watches you enter your password on your computer and records it.
A company has subscribed to a cloud service that offers cloud applications and storage space. Through acquisition, the number of company employees quickly doubled. The cloud service vendor was able to add cloud services for these additional employees without requiring hardware changes. Which of the following cloud concepts does this represent?
Rapid elasticity
Which of the following types of injections can be injected into conversations between an application and a server to generate excessive amounts of spam email?
SMTP Injection
Which of the following cloud computing service models delivers software applications to a client either over the Internet or on a local area network?
SaaS
Upload bombing and poison null byte attacks are designed to target which of the following web application vulnerabilities?
Scripting Errors
Which of the following includes a list of resolved vulnerabilities
Security vulnerability summary
You are looking for a vulnerability assessment tool that detects vulnerabilities in mobile devices and gives you a report containing a total risk score.
SecurityMetrics Mobile
Which of the following footprinting methods would you use to scan a web server to find ports that the web server is using for various services?
Service Discovery
If an attacker's intent is to discover and then use sensitive data like passwords, session cookies, and other security configurations such as UDDI, SOAP, and WSDL, which of the following cloud computing attacks is he using?
Service hijacking through network sniffing.
Allen, the network administrator, needs a tool that can do network intrusion prevention and intrusion detection, capture packets, and monitor information. Which of the following tools would he most likely select?
Snort
Carl received a phone call from a woman who states that she is calling from his bank. She tells him that someone has tried to access his checking account [...]
Social engineering
ARP, DNS, and IP are all examples of which of the following?
Spoofing methods
You are configuring a wireless access point and are presented with the image shown below. Which of the following is the most correct statement regarding the access point's configuration?
The Host Name is what the users see in the list of available networks when they connect to the access point.
You are configuring several wireless access points for your network. Knowing that each access point will have a service set identifier (SSID), you want to ensure that it is configured correctly. Which of the following SSID statements are true?
The SSID is a unique name, separate from the access point name.
Which of the following best describes a cybersquatting cloud computing attack?
The hacker uses phishing scams by making a domain name that is almost the same as the cloud service provider.
You are using software as a service (SaaS) in your office. Who is responsible for the security of the data stored in the cloud?
The provider is responsible for all the security.
Which of the following statements is true regarding cookies?
They were created to store information about user preferences and web activities.
An IDS can perform many types of intrusion detections. Three common detection methods are signature-based, anomaly-based, and protocol-based. Which of the following best describes protocol-based detection?
This detection method can include malformed messages and sequencing errors.
You have just run the John the Ripper command shown in the image. Which of the following was the command used for?
To extract the password hashes and save them in the secure.txt file
An IT technician receives an IDS alert on the company network she manages. A seemingly random user now has administration privileges in the system, some files are missing, and other files seem to have just been created. Which of the following alerts did this technician receive?
True positive
SQL injections are a result of which of the following flaws?
Web Applications
Which of the following explains why web servers are often targeted by attackers?
Web servers provide an easily found, publicly accessible entrance to a network that users are encouraged to enter into and browse.
You are analyzing the web applications in your company and have newly discovered vulnerabilities. You want to launch a denial-of-service (DoS) attack against the web server. Which of the following tools would you most likely use?
WebInspect
Which of the following types of web server attacks is characterized by altering or vandalizing a website's appearance in an attempt to humiliate, discredit, or annoy the victim?
Website Defacement
Which of the following types of wireless antenna is shown?
Yagi
Which of the following techniques involves adding random bits of data to a password before it is stored as a hash
password salting
limited time
rainbow attack