CEH BIG SET

Réussis tes devoirs et examens dès maintenant avec Quizwiz!

In order to prevent an illegitimate user from performing a brute force attack, what security mechanism should be implemented to the accounts? Use of strong passwords Secure boot chain mechanism Account lockout mechanism Use of SSL/TLS

Account lockout mechanism

Which among the following is not a metric for measuring vulnerabilities in common vulnerability scoring system (CVSS)? Base Metrics Active Metrics Temporal Metrics Environmental Metrics

Active Metrics

An NMAP scan of a server shows port 25 is open. What risk could this pose? Open printer sharing Active mail relay Web portal data leak Clear text authentication

Active mail relay

An NMAP scan of a server shows port 25 is open. What risk could this pose? Open printer sharing Web portal data leak Clear text authentication Active mail relay

Active mail relay

Which of the following is a Mobile Device Management Software? XenMobile Phonty SpyBubble GadgetTrak

Among the options, XenMobile is the only tool that can provide complete Mobile Device Management. The remaining tools mentioned in the options are used only for tracking the geographical location of mobile devices.

Which of the following volumetric attacks technique transfers messages to the broadcast IP address in order to increase the traffic over a victim system and consuming his entire bandwidth? Amplification attack Flood attack Protocol attack Application layer attacks

Amplification attack

Which of the following techniques helps the attacker in identifying the OS used on the target host in order to detect vulnerabilities on a target system? Port scanning Banner grabbing Source routing IP address decoy

Banner grabbing

Which of the following techniques helps the attacker in identifying the OS used on the target host in order to detect vulnerabilities on a target system? IP address decoy Banner grabbing Port scanning Source routing

Banner grabbing

If an attacker is able to access the email contact list, text messages, photos, etc. on your mobile device, then what type of attack did the attacker employ? Bluesnarfing Bluesmacking Bluebugging BlueSniff

Bluesnarfing

Which of the following items of a computer system will an anti-virus program scan for viruses? Boot Sector Deleted Files Windows Process List Password Protected Files

Boot Sector

When a client's computer is infected with malicious software which connects to the remote computer to receive commands, the client's computer is called a ___________ Bot Botnet Command and Control(C&C) Client

Bot

An attacker tries to recover the plaintext of a message without knowing the required key in advance. For this he may first try to recover the key, or may go after the message itself by trying every possible combination of characters. Which code breaking method is he using? Brute force Frequency analysis One-time pad Trickery and deceit

Brute force

Which of the following is not an OWASP Top 10-2016 Mobile Risks? Insecure Communication Reverse Engineering Buffer Overflow Insecure Cryptography

Buffer Overflow

Which term refers to common software vulnerabilities that happen due to coding errors allowing attackers to get access to the target system ? Active Footprinting Port Scanning Banner Grabbing Buffer Overflows

Buffer Overflows

Which term refers to common software vulnerabilities that happen due to coding errors allowing attackers to get access to the target system ? Port Scanning Buffer Overflows Banner Grabbing Active Footprinting

Buffer Overflows

Advanced encryption standard is an algorithm used for which of the following? Data integrity Key discovery Bulk data encryption Key recovery

Bulk data encryption

An attacker wants to perform a session hijacking attack. What tool should he use to achieve his objective? Nessus Hydra Burp Suite Netcraft

Burp Suite

Which of the following is not a patch management tool? Symantec client management suite Software vulnerability manager GFI LanGuard Burp suite

Burp suite

An attacker has been successfully modifying the purchase price of items purchased on the company's website. The security administrators verify the webserver and Oracle database have not been compromised directly. They have also verified the intrusion detection system (IDS) logs and found no attacks that could have caused this. What is the most likely way the attacker has been able to modify the purchase price? By using SQL injection By changing hidden form values By using cross site scripting By utilizing a buffer overflow attack

By changing hidden form values

Network-level session hijacking attacks ____________ level protocols. Transport and internet level protocols Application level protocols Network or Internet level protocols Data link level protocols

By definition, network-level session hijacking attacks transport- and Internet-level protocols.

Select all correct answers. In blind SQLi, attackers can steal data by asking a series of true or false questions through SQL statements. Select all the correct types of blind SQL injections. a. Time Delay b. Boolean exploitation c. Tautology d. System stored procedure

Both (a) and (b) are types of Blind SQLi. However, (c) and (d) are types of error-based SQL injections.

Mike works for a company "Fourth Rose Intl." as the sales manager. He was sent to Las Vegas on a business trip to meet his clients. After the successful completion of his meeting, Mike went back to his hotel room, connected to the hotel Wi-Fi network and attended his other scheduled online client meetings through his laptop. After returning back to his office headquarters, Mike connects his laptop to the office Wi-Fi network and continues his work; however, he observes that his laptop starts to behave strangely. It regularly slows down with blue screening from time-to-time and rebooting without any apparent reason. He raised the issue with his system administrator. Some days later, the system administrator in Mike's company observed the same issue in various other computers in his organization. Meanwhile, he has also observed that large amounts of unauthorized traffic from various IP addresses of "Fourth Rose Intl." were directed toward organizational web server. Security division of the company analyzed the network traces and identified that Mike's Laptop's IP address has authorized and initiated other computers in the network to perform DDoS abuse over the organizational web server. They further identified a malicious executable backdoor file on Mike's Laptop that connects to a remote anonymous computer. This remote computer is responsible for sending commands to Mike's Laptop in order to initiate and execute DDoS attack over the organizational web server. In this case, Mike's laptop was part of the _________? Botnet attack Bot attack Command-and-control (C&C) center IRC attack

Botnet attack

Which one of the following is a Google search query used for VPN footprinting to find Cisco VPN client passwords ? filetype:pcf "cisco" "GroupPwd" "[main]" "enc_GroupPwd=" ext:txt "Config" intitle:"Index of" intext:vpn inurl:/remote/login?lang=en

"[main]" "enc_GroupPwd=" ext:txt

In which of the following cloud security control layers do the security controls DNSSEC, OAuth operates? A: Management layer B: Information layer C: Network layer D: Computation and Storage layer

C: Network layer

ShellShock had the potential for an unauthorized user to gain access to a server. It affected many internet facing services, which OS did it not directly affect? A: Windows B: Linux C: OS X D: Unix

C: OS X

Which of the following technique is used to gather information about the target without direct interaction with the target? A: Active Footprinting B: Scanning C: Passive Footprinting D: Enumeration

C: Passive Footprinting

Which of the following steps in enumeration penetration testing extracts information about encryption and hashing algorithms, authentication type, key distribution algorithms, SA LifeDuration, etc.? A: Perform SMTP enumeration B: Perform DNS enumeration C: Perform IPsec enumeration D: Perform NTP enumeration

C: Perform IPsec enumeration

A person approaches a network administrator and wants advice on how to send encrypted e-mail from home. The end-user does not want to have to pay for any license fees or manage server services. Which of the following is the most secure encryption protocol that the network administrator should recommend? A: IP Security (IPsec) B: Multipurpose Internet Mail Extensions (MIME) C: Pretty Good Privacy (PGP) D: HyperText Transfer Protocol with Secure Socket Layer (HTTPS)

C: Pretty Good Privacy (PGP)

Which of the following is NOT a best practice for cloud security? A: Verify one's cloud in public domain blacklists B: Undergo AICPA SAS 70 Type II audits C: Provide unauthorized server access using security checkpoints D: Disclose applicable logs and data to customers

C: Provide unauthorized server access using security checkpoints

In which of the following cloud deployment models does the provider make services such as applications, servers, and data storage available to the public over the Internet? A: Community Cloud B: Private Cloud C: Public Cloud D: Hybrid Cloud

C: Public Cloud

What is the command used by an attacker to establish a null session with the target machine? C:\clearlogs.exe -app C:\>auditpol \\<ip address of target> auditpol /get /category:* C :\>auditpol \\<ip address of target> /disable

C:\>auditpol \\<ip address of target>

____ gets its name from the notion that it ignores the traditional A, B, and C class designations for IP addresses and can therefore set the network-host ID boundary wherever it wants to, in a way that simplifies routing across the resulting IP address spaces.

Classless Inter-Domain Routing

In which of the following hacking phases does an attacker use steganography and tunneling techniques to hide communication with the target for continuing access to the victim's system and remain unnoticed and uncaught? Reconnaissance Scanning Enumeration Clearing Track

Clearing Track

Clearing Tracks

Identify the technique used by the attackers to wipe out the entries corresponding to their activities in the system log to remain undetected? Executing applications Escalating privileges Gaining access Clearing logs

Clearing logs

Identify the technique used by the attackers to wipe out the entries corresponding to their activities in the system log to remain undetected? Clearing logs Executing applications Escalating privileges Gaining access

Clearing logs

What is the name of the international standard that establishes a baseline level of confidence in the security functionality of IT products by providing a set of requirements for evaluation? ISO 26029 Blue Book The Wassenaar Agreement Common Criteria

Common Criteria

What is the name of the international standard that establishes a baseline level of confidence in the security functionality of IT products by providing a set of requirements for evaluation? Blue Book ISO 26029 Common Criteria The Wassenaar Agreement

Common Criteria

Worm

Computer worms are standalone malicious programs that replicate, execute, and spread across network connections independently, without human intervention.

An attacker creates anonymous access to the cloud services to carry out various attacks such as password and key cracking, hosting malicious data, and DDoS attack. Which of the following threats is he posing to the cloud platform? A: Insecure Interface and APIs B: Data Breach/Loss C: Insufficient due diligence D: Abuse and nefarious use of cloud services

D: Abuse and nefarious use of cloud services

On performing a risk assessment, you need to determine the potential impacts when some of the critical business process of the company interrupt its service. What is the name of the process by which you can determine those critical business? A: Risk Mitigation B: Emergency Plan Response (EPR) C: Disaster Recovery Planning (DRP) D: Business Impact Analysis (BIA)

D: Business Impact Analysis (BIA)

An attacker has captured a target file that is encrypted with public-key cryptography. Which of the attacks below is likely to be used to crack the target file? A: Timing attack B: Replay attack C: Memory trade-off attack D: Chosen plain-text attack

D: Chosen plain-text attack

Sohum is carrying out a security check on a system. This security check involves carrying out a configuration-level check through the command line in order to identify vulnerabilities such as incorrect registry and file permissions, as well as software configuration errors. Which type of assessment is performed by Sohum? External Assessment Internal Assessment Network based Assessment Host based Assessment

Host based Assessment

Which type of rootkit is created by attackers by exploiting hardware features such as Intel VT and AMD-V? Hypervisor Level Rootkit Hardware/Firmware Rootkit Kernel Level Rootkit Boot Loader Level Rootkit

Hypervisor Level Rootkit

Which of the following are valid types of rootkits? (Choose three.) Hypervisor level Network level Kernel level Application level Physical level Data access level

Hypervisor level Kernel level Application level

Which of the following are valid types of rootkits? (Choose three.) Hypervisor level Network level Kernel level Application level Physical level Data access level

Hypervisor level Kernel level Application level

Which of the following are valid types of rootkits? (Choose three.) Hypervisor level Physical level Kernel level Data access level Application level Network level

Hypervisor level Kernel level Application level

James wants to prevent reflective DoS attacks from being able to compromise your network.What steps can Stan take to prevent these attacks? -James will need to block all TCP port 17185 traffic on the firewall -James should configure his network devices to recognize SYN source IP addresses that never complete their connections -James needs to block all UDP traffic coming in on port 1001 to prevent future reflective DoS attacks against their network

I think it is this: James needs to block all UDP traffic coming in on port 1001 to prevent future reflective DoS attacks against their network

Which of the following tools is used for detecting SQL injection attacks? Nmap Wireshark IBM Security AppScan NetScanTools Pro

IBM Security AppScan

Which of the following can hackers use as part of a reconnaissance process to learn about active network addresses and active processes?

ICMP

Which of the following protocols is an extension of IP to send error messages? An attacker can use it to send messages to fool the client and the server. ICMP ARP SSL FTP

ICMP

Which message type supports functionality for reachability utilities like PIng and Tracert; essential when installing, configuring, and troubleshooting IP networks?

ICMP echo/echo reply

Which of the following types of messages serves to keep hosts apprised of networking conditions and problems, equipped to use best paths around the network?

ICMP messages

hping3 -1 <IP Address> -p 80

ICMP ping

Which of the following message types permits a gateway (router) on a nonoptimal route between sender and receiver to redirect traffic to a more optimal path?

ICMP redirect

Loki

ICMP tunneling tool.

Which of the following ICMP types is used for echo request packets?

ICMP type 8

IDA Pro

IDA Pro is a multi-platform disassembler and debugger that explores binary programs, for which source code is not always available, to create maps of their execution. It shows the instructions in the same way as a processor executes them in a symbolic representation called assembly language.

Which of the following is a type of network protocol for port-based network access control (PNAC)? SSH IEEE 802.1X suites SFTP SSL

IEEE 802.1X suites

Which of the following is a type of network protocol for port-based network access control (PNAC)? SFTP SSH IEEE 802.1X suites SSL

IEEE 802.1X suites

Which of the following is a type of network protocol for port-based network access control (PNAC)? SSH IEEE 802.1X suites SFTP SSL

IEEE 802.1X suites - It is a type of network protocol for PNAC, and its main purpose is to enforce access control at the point where a user joins the network. It is part of the IEEE 802.1 group of networking protocols. It provides an authentication mechanism to devices wishing to attach to a LAN or WLAN.

Which of the following is a defense technique for MAC spoofing used in switches that restricts the IP traffic on untrusted Layer 2 ports by filtering traffic based on the DHCP snooping binding database? IP Source Guard DHCP snooping binding table Dynamic ARP inspection Authentication, authorization, and accounting (AAA)

IP Source Guard

Which of the following is a defense technique for MAC spoofing used in switches that restricts the IP traffic on untrusted Layer 2 ports by filtering traffic based on the DHCP snooping binding database? Authentication, authorization, and accounting (AAA) DHCP snooping binding table Dynamic ARP inspection IP Source Guard

IP Source Guard

The components such as DLP, CMF, database activity monitoring, and encryption are included in which of the following cloud security control layers? Applications Layer Management Layer Information Layer Computer and Storage

Information Layer

Which of the following policies provides the guidelines on the processing, storage and transmission of sensitive information? Network Security Policy. Acceptable Use Policy. Server Security Policy. Information Protection Policy.

Information Protection Policy.

Information such as IP address, protocols used, open ports, device type, and geo-location of a device is extracted by an attacker in which of the following phases of IoT hacking? Vulnerability scanning Gain access Information gathering Launch attacks

Information gathering

If an attacker wants to gather information such as IP address, hostname, ISP, device's location, and the banner of the target IoT device, which of the following types of tools can he use to do so? Sniffing tools Vulnerability scanning tools IoT hacking tools Information gathering tools

Information gathering tools

Which of the following tools can be used to perform LDAP enumeration? SuperScan SoftPerfect Network Scanner JXplorer Nsauditor Network Security Auditor

JXplorer

Which of the following tools can be used to perform LDAP enumeration? SuperScan SoftPerfect Network Scanner JXplorer Nsauditor Network Security Auditor

JXplorer

Name an attack where an attacker interrupts communication between two devices by using the same frequency signals on which the devices are communicating. Jamming attack Replay attack Side channel attack Man-in-the-middle attack

Jamming attack

When comparing the testing methodologies of Open Web Application Security Project (OWASP) and Open Source Security Testing Methodology Manual (OSSTMM) the main difference is OWASP addresses controls and OSSTMM does not. OWASP is for web applications and OSSTMM does not include web applications. OSSTMM is gray box testing and OWASP is black box testing. OSSTMM addresses controls and OWASP does not.

OWASP is for web applications and OSSTMM does not include web applications.

What are the three types of compliances that the Open-Source Security Testing Methodology Manual (OSSTMM) recognizes? Legal, performance, audit. Contractual, regulatory, industry. Legislative, contractual, standards-based. Audit, standards-based, regulatory.

Legislative, contractual, standards-based.

In the options given below; identify the nature of a library-level rootkit? Operates inside the victim's computer by replacing the standard application files Functions either by replacing or modifying the legitimate bootloader with another one Works higher up in the OS and usually patches, hooks, or supplants system calls with backdoor versions Uses devices or platform firmware to create a persistent malware image in hardware

Library Level Rootkits: Library level rootkits work higher up in the OS and they usually patch, hook, or supplant system calls with backdoor versions to keep the attacker unknown. They replace original system calls with fake ones to hide information about the attacker.

Which evasion technique is used by attackers to encode the attack packet payload in such a way that the destination host can only decode the packet but not the IDS? Obfuscation Session splicing Unicode Evasion Fragmentation Attack

Obfuscation

Which of the following protocols is responsible for accessing distributed directories and access information such as valid usernames, addresses, departmental details, and so on? LDAP DNS NTP SMTP

Lightweight directory access protocol (LDAP) is an Internet protocol for accessing distributed directory services.

Least privilege is a security concept, which requires that a user is ... Trusted to keep all data and access to that data under their sole control. Limited to those functions which are required to do the job. Given privileges equal to everyone else in the department. Given root or administrative privileges.

Limited to those functions which are required to do the job.

Which of the following steps in enumeration penetration testing extracts information about encryption and hashing algorithms, authentication type, key distribution algorithms, SA LifeDuration, etc.? Perform NTP enumeration Perform DNS enumeration Perform SMTP enumeration Perform IPsec enumeration

Perform IPsec enumeration

Which of the following steps in enumeration penetration testing extracts information about encryption and hashing algorithms, authentication type, key distribution algorithms, SA LifeDuration, etc.? Perform SMTP enumeration Perform DNS enumeration Perform IPsec enumeration Perform NTP enumeration

Perform IPsec enumeration

Which of the following can an administrator do to verify that a tape backup can be recovered in its entirety? Restore a random file. Perform a full restore. Read the first 512 bytes of the tape. Read the last 512 bytes of the tape.

Perform a full restore.

In order to avoid data loss from a Mobile device, which of following Mobile Device Management security measures should you consider? Perform periodic backup and synchronization Encrypt Storage Configure Application certification rules Enable Remote Management

Perform periodic backup and synchronization

Which of the following terms refers to an advanced form of phishing in which the attacker redirects the connection between the IP address and its target server? Skimming Pretexting Pharming Hacking

Pharming

Which of the following terms refers to an advanced form of phishing in which the attacker redirects the connection between the IP address and its target server? Hacking Pretexting Pharming Skimming

Pharming

Jose sends a link to the employee of a target organization, falsely claiming to be from a legitimate site in an attempt to acquire his account information. Identify the attack performed by Jose? Phishing Impersonation Vishing Eavesdropping

Phishing

Which of the following techniques is used to distribute malicious links via some communication channel such as mails to obtain private information from the victims? Dumpster diving Phishing Piggybacking Vishing

Phishing

Which of the following is NOT a type of DDoS attack? Phishing attack Volume (volumetric) attack Protocol attack Application layer attack

Phishing attack

microdot

Photographs reduced to the size of a printed period, and used to transmit secret messages, photographs, and drawings.

The ____ includes the physical transmission medium (cables or wireless media) that any network must use to send and receive the signals that constitute the physical expression of networked communications.

Physical layer

Which of the following policies addresses the areas listed below: Issue identification (ID) cards and uniforms, along with other access control measures to the employees of a particular organization. Office security or personnel must escort visitors into visitor rooms or lounges. Restrict access to certain areas of an organization in order to prevent unauthorized users from compromising security of sensitive data. Special-access policies Physical security policies Password security policies Defense strategy

Physical security policies

A tester is attempting to capture and analyze the traffic on a given network and realizes that the network has several switches. What could be used to successfully sniff the traffic on this switched network? (Choose three.) MAC duplication Reverse smurf attack Address Resolution Protocol (ARP) spoofing ARP broadcasting MAC flooding SYN flooding

MAC duplication Address Resolution Protocol (ARP) spoofing MAC flooding

A hacker, who posed as a heating and air conditioning specialist, was able to install a sniffer program in a switched environment network. Which attack could have been used by the hacker to sniff all of the packets in the network? Fraggle attack MAC flood attack Smurf attack Tear drop attack

MAC flood attack

A hacker, who posed as a heating and air conditioning specialist, was able to install a sniffer program in a switched environment network. Which attack could have been used by the hacker to sniff all of the packets in the network? MAC flood attack Fraggle attack Smurf attack Tear drop attack

MAC flood attack

Out of the following, which is not an active sniffing technique? MAC flooding Domain snipping Spoofing attack Switch port stealing

MAC flooding, spoofing attack, and switch port stealing are active sniffing techniques, whereas domain snipping is a type of domain name system (DNS) attack.

Multiple input, multiple output-orthogonal frequency-division multiplexing

MIMO-OFDM influences the spectral efficiency of 4G and 5G wireless communication services. Adopting the MIMO-OFDM technique reduces the interference and increases how robust the channel is.

Multiple input, multiple output-orthogonal frequency-division multiplexing (MIMO-OFDM)

MIMO-OFDM influences the spectral efficiency of 4G and 5G wireless communication services. Adopting the MIMO-OFDM technique reduces the interference and increases how robust the channel is.

Which option is sent in Router Advertisement messages to provide a common MTU value for nodes on the same network segment?

MTU

Which of the following DNS record type helps in DNS footprinting to determine domain's mail server? MX A NS CNAME

Which of the following DNS record type helps in DNS footprinting to determine domain's mail server? A NS CNAME MX

Which of the following DNS record type helps in DNS footprinting to determine domain's mail server? -A -NS -CNAME -MX

Which of the following programs is usually targeted at Microsoft Office products? Polymorphic virus Multipart virus Macro virus Stealth virus

Macro virus

Which of the following programs is usually targeted at Microsoft Office products? Multipart virus Macro virus Stealth virus Polymorphic virus

Macro virus

Which of the following vulnerabilities is found in all the Intel processors and ARM processors deployed by Apple (and others) and leads to tricking a process to access out of bounds memory by exploiting CPU optimization mechanisms such as speculative execution? Privilege escalation Dylib Hijacking Meltdown DLL Hijacking

Meltdown: Meltdown vulnerability is found in all the Intel processors and ARM processors deployed by Apple. This vulnerability leads to tricking a process to access out of bounds memory by exploiting CPU optimization mechanisms such as speculative execution.

Which of the following vulnerabilities is found in all the Intel processors and ARM processors deployed by Apple (and others) and leads to tricking a process to access out of bounds memory by exploiting CPU optimization mechanisms such as speculative execution? Dylib Hijacking Meltdown DLL Hijacking Privilege escalation

Meltdown

Which virus has the following characteristics: • Inserts dead code • Reorders instructions • Reshapes the expressions • Modifies program control structure Metamorphic Virus Stealth Virus Cluster Virus Macro Virus

Metamorphic Virus

Which virus has the following characteristics: • Inserts dead code• Reorders instructions• Reshapes the expressions• Modifies program control structure Cluster Virus Metamorphic Virus Macro Virus Stealth Virus

Metamorphic Virus

Metamorphic virus

Metamorphic viruses are programmed in such a way that they rewrite themselves completely each time they infect a new executable file.

meterpreter

Meterpreter is an advanced, dynamically extensible payload that uses in-memory DLL injection stagers and is extended over the network at runtime.

In order to show improvement of security over time, what must be developed? Taxonomy of vulnerabilities Testing tools Reports Metrics

Metrics

In which of the following techniques is the text or an image considerably condensed in size, up to one page in a single dot, to avoid detection by unintended recipients? Microdots Computer-Based Methods Invisible Ink Spread Spectrum

Microdots

In which of the following techniques is the text or an image considerably condensed in size, up to one page in a single dot, to avoid detection by unintended recipients? Computer-Based Methods Invisible Ink Spread Spectrum Microdots

Microdots

Which of the following scanning tools is specifically designed to find potential exploits in Microsoft Windows products? Microsoft Security Baseline Analyzer Retina Core Impact Microsoft Baseline Security Analyzer

Microsoft Baseline Security Analyzer

Which tool includes a graphical and command line interface that can perform local or remote scans of Microsoft Windows systems? Netcraft Microsoft Baseline Security Analyzer (MBSA) FOCA Wireshark

Microsoft Baseline Security Analyzer (MBSA)

Which tool includes a graphical and command line interface that can perform local or remote scans of Microsoft Windows systems? Wireshark Microsoft Baseline Security Analyzer (MBSA) FOCA Netcraft

Microsoft Baseline Security Analyzer (MBSA)

Identify the Trojan which exhibits the following characteristics: Login attempts with 60 different factory default username and password pairs Built for multiple CPU architectures (x86, ARM, Sparc, PowerPC, Motorola) Connects to CnC to allows the attacker to specify an attack vector Increases bandwidth usage for infected bots Identifies and removes competing malware Windigo Mirai PlugBot Ramnit

Mirai

Tesla is running an application with debug enabled in one of its system. Under which category of vulnerabilities can this flaw be classified? Design Flaws Operating System Flaws Misconfiguration Unpatched servers

Misconfiguration

Tesla is running an application with debug enabled in one of its system. Under which category of vulnerabilities can this flaw be classified? Operating System Flaws Design Flaws Unpatched servers Misconfiguration

Misconfiguration

Which of the following applications allows attackers to identify the target devices and block the access of Wi-Fi to the victim devices in a network? NetCut Network Spoofer KingoRoot DroidSheep

NetCut

Which of the following firewalls is used to secure mobile device? Comodo firewall Glasswire TinyWall NetPatch firewall

NetPatch firewall

Which tool would be used to collect wireless packet data? NetStumbler John the Ripper Nessus Netcat

NetStumbler

Which tool would be used to collect wireless packet data? NetStumbler Netcat Nessus John the Ripper

NetStumbler

In which of the following cloud security control layers do the security controls DNSSEC, OAuth operates? Management layer Information layer Network layer Computation and Storage layer

Network layer

Which of the following techniques is used by network management software to detect rogue APs? RF scanning Wired side inputs AP scanning Virtual-private-network

Network management software uses this technique to detect rogue APs. This software detects devices connected in the LAN, including Telnet, SNMP, CDP (Cisco discovery protocol) using multiple protocols.

Wired Side Inputs

Which of the following information is collected using enumeration? Operating systems, location of web servers, users and passwords. Network resources, network shares, and machine names. Email Recipient's system IP address and geolocation. Open ports and services.

Network resources, network shares, and machine names.

Which of the following information is collected using enumeration? Network resources, network shares, and machine names. Open ports and services. Email Recipient's system IP address and geolocation. Operating systems, location of web servers, users and passwords.

Network resources, network shares, and machine names.

Which of the following operating systems allows loading of weak dylibs dynamically that is exploited by attackers to place a malicious dylib in the specified location? Unix OS X Linux Android

OS X

Which of the following can pose a risk to mobile platform security? A: Install applications from trusted application stores B: Securely wipe or delete the data when disposing of the device C: Disable wireless access such as Wi-Fi and Bluetooth, if not in use D: Connecting two separate networks such as Wi-Fi and Bluetooth simultaneously

D: Connecting two separate networks such as Wi-Fi and Bluetooth simultaneously

Which of the following categories of security controls minimizes the consequences of an incident by limiting the damage? A: Deterrent Controls B: Preventive Controls C: Detective Controls D: Corrective Controls

D: Corrective Controls

In which of the following attacks, does an attacker divert a user to a spoofed website by poisoning the DNS server or the DNS cache on the user's system? A: Cybersquatting B: Domain Hijacking C: Domain Snipping D: DNS Poisoning

D: DNS Poisoning

Which of the following tools allows an attacker to extract information such as sender identity, mail server, sender's IP address, location, and so on? A: Web Updates Monitoring Tools B: Metadata Extraction Tools C: Website Mirroring Tools D: Email Tracking Tools.

D: Email Tracking Tools.

In Wireshark, the packet bytes panes show the data of the current packet in which format? A: Decimal B: ASCII only C: Binary D: Hexadecimal

D: Hexadecimal

Which of the following types of cloud computing services provides virtual machines and other abstracted hardware and operating systems (OSs) which may be controlled through a service API? A: XaaS B: PaaS C: SaaS D: IaaS

D: IaaS

What is the correct PCAP filter to capture all TCP traffic going to or from host 192.168.0.125 on port 25? A: tcp.src == 25 and ip.host == 192.168.0.125 B: host 192.168.0.125:25 C: port 25 and host 192.168.0.125 D: tcp.port == 25 and ip.host == 192.168.0.125

D: tcp.port == 25 and ip.host == 192.168.0.125

Name an attack where an attacker uses an army of botnets to target a single online service or system. Sybil attack Replay attack DDoS attack Side channel attack

DDoS attack

Which of the following attack is not selected as OWASP Top 10 Application Security Risks in the year 2017? Injection attacks DDoS attacks Insecure Deserialization attacks XML External Entity (XXE) attacks

DDoS attacks

Which of the following is a service that provides a way for a client computer that lacks an IP address assignment to request one from any listening DHCP server - without the help of an administrator?

DHCP

Which of the following is enabled at a client machine when you select the Obtain an IP address automatically option in the Internet Protocol (TCP/IP) Properties window?

DHCP client

Which of the following tool is a DNS Interrogation Tool? Hping DIG NetScan Tools Pro SandCat Browser

DIG

Which of the following tool is a DNS Interrogation Tool? Hping DIG NetScan Tools Pro SandCat Browser

DIG is the tool that can be used to perform DNS Interrogation. It can be used as a web-based equivalent of the Unix dig command.

Choose an ICANN accredited registrar and encourage them to set registrar-lock on the domain name in order to avoid which attack? Denial-of-Service Attack DNS Hijacking Attack Session Hijacking Attack Man-in-the-Middle Attack

DNS Hijacking Attack

In which of the following attacks, does an attacker divert a user to a spoofed website by poisoning the DNS server or the DNS cache on the user's system? Cybersquatting Domain Hijacking Domain Snipping DNS Poisoning

DNS Poisoning

Which of the following is not a mitigation technique against MAC address spoofing? IP Source Guard DHCP Snooping Binding Table Dynamic ARP Inspection DNS Security (DNSSEC)

DNS Security (DNSSEC)

Which of the following is not a mitigation technique against MAC address spoofing? IP Source Guard DHCP Snooping Binding Table Dynamic ARP Inspection DNS Security (DNSSEC)

DNS Security (DNSSEC)

Which of the following is not a session hijacking technique? Session fixation Session sidejacking Cross-site scripting DNS hijacking

DNS hijacking

If an attacker compromises a DNS server and changes the DNS settings so that all the requests coming to the target webserver are redirected to his/her own malicious server, then which attack did he perform? DNS server hijacking DoS attack DNS amplification attack HTTP response splitting attack

DNS server hijacking

Which protocol defines the payload formats, types of exchange, and naming conventions for security information such as cryptographic algorithm or security policies. Identify from the following options. AH ESP DOI ISAKMP

DOI

Which of the following steganography techniques allows the user to add white spaces and tabs at the end of the lines? Document steganography Folder Steganography Image Steganography Video steganography

Document steganography

James has published personal information about all senior executives of Essential Securities Bank on his blog website. He has collected all this information from multiple social media websites and publicly accessible databases. What is this known as? Doxing Social Engineering Phishing Impersonatio

Doxing

DroidSheep

Droidsheep is a session hijacking tool which allows hackers to capture session cookies over a wireless network

Jean Power wants to try and locate passwords from company XYZ. He waits until nightfall and climbs into the paper recycling dumpster behind XYZ, searching for information. What is Jean doing? Dumpster diving Social engineering Paper tracking Password finding

Dumpster diving

Jean Power wants to try and locate passwords from company XYZ. He waits until nightfall and climbs into the paper recycling dumpster behind XYZ, searching for information. What is Jean doing? Password finding Social engineering Paper tracking Dumpster diving

Dumpster diving

The fundamental difference between symmetric and asymmetric key cryptographic systems is that symmetric key cryptography uses__________________? Multiple keys for non-repudiation of bulk data Different keys on both ends of the transport medium Bulk encryption for data transmission over fiber The same key on each end of the transmission medium

The same key on each end of the transmission medium

Which of the following short range wireless communication protocol is used for home automation that allows devices to communicate with each other on local wireless LAN? VSAT Cellular MoCA Thread

Thread is an IPv6 based networking protocol for IoT devices. Its main aim is home automation, so that the devices can communicate with each other on local wireless networks.

Select all correct answers. In blind SQLi, attackers can steal data by asking a series of true or false questions through SQL statements. Select all the correct types of blind SQL injections. Time Delay Boolean exploitation Tautology System stored procedure

Time Delay Boolean exploitation

Which of the following protocols provides reliable multiprocess communication service in a multinetwork environment? UDP TCP SMTP SNMP

Transmission control protocol (TCP) is a connection-oriented protocol. It is capable of carrying messages or e-mail over the Internet. It provides reliable multiprocess communication service in a multinetwork environment.

Network-level session hijacking attacks ____________ level protocols. Transport and internet level protocols Application level protocols Network or Internet level protocols Data link level protocols

Transport and internet level protocols

Network-level session hijacking attacks ____________ level protocols. Transport and internet level protocols Application level protocols Network or Internet level protocols Data link level protocols

Transport and internet level protocols

An e-commerce site was put into a live environment and the programmers failed to remove the secret entry point (bits of code embedded in programs) that was used during the application development to quickly gain access at a later time, often during the testing or debugging phase. What is this secret entry point known as? SDLC process Honey pot SQL injection Trap door

Trap door

A security analyst is performing an audit on the network to determine if there are any deviations from the security policies in place. The analyst discovers that a user from the IT department had a dial-out modem installed. Which security policy must the security analyst check to see if dial-out modems are allowed? Firewall-management policy Acceptable-use policy Remote-access policy Permissive policy

Remote-access policy

A company has publicly hosted web applications and an internal Intranet protected by a firewall. Which technique will help protect against enumeration? Reject all invalid email received via SMTP. Allow full DNS zone transfers. Remove A records for internal hosts. Enable null session pipes

Remove A records for internal hosts.

In which of the following attacks, an attacker intercepts legitimate messages from a valid communication and continuously send the intercepted message to the target device to crash the target device? Ransomware Attack Side Channel Attack Man-in-the-middle Attack Replay Attack

Replay Attack

Company XYZ is one of the most famous and well-known organization across the globe for its cyber security services. It has received Best Cyber Security Certification Provider Award for three consecutive times. One day, a hacker identified severe vulnerability in XYZ's website and exploited the vulnerabilities in the website successfully compromising customers' private data. Besides the loss of data and the compromised network equipment, what has been the worst damage for Company XYZ? Reputation. Routers. Customers. Credit Score.

Reputation

You are doing a research on SQL injection attacks. Which of the following combination of Google operators will you use to find all Wikipedia pages that contain information about SQL, injection attacks or SQL injection techniques? site:Wikipedia.org related:"SQL Injection" SQL injection site:Wikipedia.org allinurl: Wikipedia.org intitle:"SQL Injection" site:Wikipedia.org intitle:"SQL Injection"

SQL injection site:Wikipedia.org

You are doing a research on SQL injection attacks. Which of the following combination of Google operators will you use to find all Wikipedia pages that contain information about SQL, injection attacks or SQL injection techniques? SQL injection site:Wikipedia.org site:Wikipedia.org intitle:"SQL Injection" allinurl: Wikipedia.org intitle:"SQL Injection" site:Wikipedia.org related:"SQL Injection"

SQL injection site:Wikipedia.org

A tester wants to securely encrypt the session to prevent the network against sniffing attack, which of the following protocols should he use as a replacement of Telnet? SSH Intrusion Prevention System (IPS) Public Key Infrastructure (PKI) Load Balancing (LB)

SSH

A tester wants to securely encrypt the session to prevent the network against sniffing attack, which of the following protocols should he use as a replacement of Telnet? SSH Load Balancing (LB) Intrusion Prevention System (IPS) Public Key Infrastructure (PKI)

SSH

Bitvise

SSH tunneling tool

Which of the following protocols is used for secure information passage between two endpoints? SSL TCP UDP FTP

SSL

hping3 -8 50-60 -S <IP Address> -V

SYN scan on port 50-60

Maira wants to establish a connection with a server using the three-way handshake. As a first step she sends a packet to the server with the SYN flag set. In the second step, as a response for SYN, she receives packet with a flag set. Which flag does she receive from the server? ACK SYN+ACK RST FIN

SYN+ACK

You are a security engineer for XYZ Corp. You are looking for a cloud-based e-mail provider to migrate the company's legacy on-premise e-mail system to. What type of cloud service model will the new e-mail system be running on? SaaS IaaS PaaS XaaS

SaaS

Which of the following three service models are the standard cloud service models? SaaS, PaaS, and IaaS XaaS, Private, and Public SaaS, IaaS, and Hybrid Private, Public, and Community

SaaS, PaaS, and IaaS

Which of the following technique helps protect mobile systems and users by limiting the resources the mobile application can access on the mobile platform? Firewall Sandbox Anti-Malware Spam Filter

Sandbox

Which of the following is not a mobile platform risk? Malicious Apps in App Store Mobile Malware Jailbreaking and Rooting Sandboxing

Sandboxing

SandCat Browser

Sandcat is a lightweight multi-tabbed web browser packed with features for developers and pen-testers. The browser is built on top of Chromium, the same engine that powers the Google Chrome browser, and uses the Lua programming language to provide extensions and scripting support.

Which United States legislation mandates that the chief executive officer (CEO) and the chief financial officer (CFO) must sign statements verifying the completeness and accuracy of financial reports? Sarbanes-Oxley Act (SOX) Fair and Accurate Credit Transactions Act (FACTA) Gramm-Leach-Bliley Act (GLBA) Federal Information Security Management Act (FISMA)

Sarbanes-Oxley Act (SOX)

Which United States legislation mandates that the chief executive officer (CEO) and the chief financial officer (CFO) must sign statements verifying the completeness and accuracy of financial reports? Sarbanes-Oxley Act (SOX) Gramm-Leach-Bliley Act (GLBA) Fair and Accurate Credit Transactions Act (FACTA) Federal Information Security Management Act (FISMA)

Sarbanes-Oxley Act (SOX)

Which United States legislation mandates that the Chief Executive Officer (CEO) and the Chief Financial Officer (CFO) must sign statements verifying the completeness and accuracy of financial reports? Sarbanes-Oxley Act (SOX). Gramm-Leach-Bliley Act (GLBA). Fair and Accurate Credit Transactions Act (FACTA). Federal Information Security Management Act (FISMA).

Sarbanes-Oxley Act (SOX).

During a penetration test, Marin discovered that a web application does not change the session cookie after successful login. Instead, the cookie stays the same and is allowed additional privileges. This vulnerability and application-level session hijacking is called ______________. Session fixation Session sniffing Session replay attack Predictable session token

Session fixation

Which of the following is not a session hijacking technique? Session fixation Session sidejacking Cross-site scripting DNS hijacking

Session fixation, session sidejacking, and cross-site scripting are some of the techniques for performing session hijacking, whereas DNS hijacking is not part of a session hijacking attack. DNS hijacking is a type of malicious attack that modifies or overrides a systems TCP/IP settings to redirect it at a rogue DNS server, thereby invalidating the default DNS settings.

Which of the following is a network based threat? Session hijacking Arbitrary code execution Buffer overflow Input validation flaw

Session hijacking

Which of the following is a network threat? Arbitrary code execution Session hijacking Privilege escalation SQL injection

Session hijacking

Which of the following is a network threat? Privilege escalation Arbitrary code execution Session hijacking SQL injection

Session hijacking

Which of the following is not a type of DNS attack? Domain Snipping Session Hijacking Domain Hijacking Cybersquatting

Session hijacking is not a type of DNS attack.

Which network-level evasion method is used to bypass IDS where an attacker splits the attack traffic in too many packets so that no single packet triggers the IDS? Overlapping fragments Fragmentation attack Session splicing Unicode evasion

Session splicing

An attacker runs a virtual machine on the same physical host as the victim's virtual machine and takes advantage of shared physical resources (processor cache) to steal data (cryptographic key) from the victim. Which of the following attacks he is performing? XSS Attack MITC Attack Side Channel Attack Cryptanalysis Attack

Side Channel Attack

Out of the following attacks, which attack is a physical attack that is performed on a cryptographic device/cryptosystem to gain sensitive information? Side channel attack MITM attack Hash collision attack DUHK attack

Side channel attack

Which initial procedure should an ethical hacker perform after being brought into an organization? Assess what the organization is trying to protect Begin security testing. Sign a formal contract with a non-disclosure clause or agreement Turn over deliverables

Sign a formal contract with a non-disclosure clause or agreement

Which of the following intrusion detection technique involves first creating models of possible intrusions and then comparing these models with incoming events to make a detection decision? Signature Recognition Anomaly Detection Protocol Anomaly Detection Obfuscating

Signature Recognition

An NMAP scan of a server shows port 25 is open. What risk could this pose? Open printer sharing Web portal data leak Clear text authentication Active mail relay

Simple Mail Transfer Protocol (SMTP) uses port 25 for email routing between mail servers.

SNMP

Simple network management protocol (SNMP) is widely used in network management systems to monitor network-attached devices such as routers, switches, firewalls, printers, servers, and so on.

Bad Pete would like to locally log onto a PC located inside a secure facility. He dresses like a delivery driver and holds a package outside of the secure facility and waits for someone to open the door. Once he gains entry, he finds an empty office with a PC and gains entry to the network. What is this type of activity known as? Personal attack Open door policy attack Social equity attack Social engineering

Social engineering

Which of the following vulnerabilities allows attackers to trick a processor to exploit speculative execution to read restricted data? Meltdown Dylib Hijacking Spectre DLL Hijacking

Spectre vulnerability is found in many modern processors such as AMD, ARM, Intel, Samsung, and Qualcomm processors. This vulnerability leads to tricking a processor to exploit speculative execution to read restricted data.

AckCmd

a backdoor client/server combination that lets you open a remote Command Prompt to another system (running the server part of AckCmd). It communicates using only TCP ACK segments.

teardrop attack

a denial of service (DoS) attack conducted by targeting TCP/IP fragmentation reassembly codes. This attack causes fragmented packets to overlap one another on the host receipt; the host attempts to reconstruct them during the process but fails

Wayback Machine

a digital archive of the World Wide Web and other information on the Internet.

TrueCrypt

a discontinued source-available freeware utility used for on-the-fly encryption.

PeerBlock

a free and open-source personal firewall that blocks packets coming from, or going to, a maintained list of black listed hosts.

TinyWall

a free, feature-rich, and lightweight firewall for Windows, known for its unique no-popup approach.

Burp Suite

a graphical tool for testing Web application security

nslookup

a network administration command-line tool available for many computer operating systems for querying the Domain Name System to obtain domain name or IP address mapping or for any other specific DNS record.

GFI LanGuard

a network security scanner and network monitor with vulnerability management, patch management and application security that performs over 60,000 vulnerability assessments to discover threats early.

Netcat

a networking utility that reads and writes data across network connections, using the TCP/IP protocol.

Authentication Header (AH)

a protocol and part of the Internet Protocol Security (IPsec) protocol suite, which authenticates the origin of IP packets (datagrams) and guarantees the integrity of the data.

Dynamic ARP inspection

a security feature that rejects invalid and malicious ARP packets. The feature prevents a class of man-in-the-middle attacks,

UrlScan

a security tool that restricts the types of HTTP requests that IIS will process. By blocking specific HTTP requests, the UrlScan 3.1 security tool helps to prevent potentially harmful

Wifi Inspector

a simple tool to see all the devices connected to our network (both wired and wifi, whether consoles, TVs, pcs, tablets, phones etc ...),

BinText

a small text extractor utility that can extract text from any kind of file and includes the ability to find plain ASCII text, Unicode (double byte ANSI) text and Resource strings, providing useful information for each item in the optional "advanced" view mode.

OpenVAS

a software framework of several services and tools offering vulnerability scanning and vulnerability management.

Havij

a tool that automates SQL injections (blind SQL, SQL errors, UNION) to reverse-engineer a database and gather relevant data on a server.

sslstrip

a tool that transparently hijacks HTTP traffic on a network, watch for HTTPS links and redirects, and then map those links into look-alike HTTP links or homograph-similar HTTPS links.

Which wireless standard has a bandwidth of 54Mbps and signals in a regulated frequency spectrum around 5GHz? a. 802.11a b. 802.11b c. 802.11g d. 802.11i

a. 802.11a

Which of the following tasks cannot be performed using cacls.exe, but is supported by xacls.exe? a. take ownership of a file b. assign permissions to a folder c. modify an ACL d. display permissions to a file

a. take ownership of a file

Identify the web application attack where attackers exploit webpage vulnerabilities to force an unsuspecting user's browser to send malicious requests they did not intent. The victim holds as active session with a trusted website and simultaneously visits a malicious site, which injects an HTTP request for the trusted site into the victim user's session, compromising it's integrity. a. Cross-Site Scripting (XSS) b. Cross-Site Request Forgery (CSRF) c. LDAP Injection attack d. SQL Injection attack

b. Cross-Site Request Forgery (CSRF)

IP spoofing refers to the procedure of an attacker changing his or her IP address so that he or she appears to be someone else. Which of the following IP Spoofing detection techniques succeed only when the attacker is in a different subnet? a. IP identification number technique b. Direct TTL probes technique c. TCP flow control method d. UDP flow control method

b. Direct TTL probes technique

Your company has implemented a virtualization solution to isolate software environments and establish access levels for internal employees. Which of the following software are vulnerable to a vm-level attack? Chose all that apply a. cygwin b. ESXi c. XCode d. Wine e. Hyper-V

b. ESXi e. Hyper-V

Which of the following hping command performs UDP scan on port 80? hping3 -F -P -U <IP Address> -p 80 hping3 -A <IP Address> -p 80 hping3 -1 <IP Address> -p 80 hping3 -2 <IP Address> -p 80

hping3 -2 <IP Address> -p 80

Which of the following hping command performs UDP scan on port 80? hping3 -2 <IP Address> -p 80 hping3 -1 <IP Address> -p 80 hping3 -A <IP Address> -p 80 hping3 -F -P -U <IP Address> -p 80

hping3 -2 <IP Address> -p 80

Which of the following Hping3 command is used to perform ACK scan? hping3 -A <IP Address> -p 80 hping3 -2 <IP Address> -p 80 hping3 -8 50-60 -S <IP Address> -V hping3 -1 <IP Address> -p 80

hping3 -A <IP Address> -p 80

Which of the following Hping3 command is used to perform ACK scan? hping3 -1 <IP Address> -p 80 hping3 -A <IP Address> -p 80 hping3 -2 <IP Address> -p 80 hping3 -8 50-60 -S <IP Address> -V

hping3 -A <IP Address> -p 80

Which of the following Hping3 command is used to perform ACK scan? hping3 -1 <IP Address> -p 80 hping3 -A <IP Address> -p 80 hping3 -2 <IP Address> -p 80 hping3 -8 50-60 -S <IP Address> -V

hping3 -A <IP Address> -p 80 : ACK scan on port 80

smurf attack

is a distributed denial-of-service attack in which large numbers of Internet Control Message Protocol (ICMP) packets with the intended victim's spoofed source IP are broadcast to a computer network using an IP broadcast address.

OpUtils

is an IP address & switch port management software that helps in managing IP's & switch ports along with rogue detection.

What is BeEF?

is short for The Browser Exploitation Framework. It is a penetration testing tool that focuses on the web browser.

Cloud sprawl

is the uncontrolled proliferation of an organization's cloud instances or cloud presence.

Once a TCP connection is established, which of the following can maintain the connection when there is no data sent across the wire?

keep-alive process

Penetration testing is a method of actively evaluating the security of an information system f network by simulation an attack from a malicious source.Which of the following techniques is used to simulate an attack from someone who is unfamiliar with the system? a. White box pen testing b. Black Box pen testing c. Grey box pen testing d. Announced pen testing

b. Black Box pen testing

Bluetooth hacking refers to exploitation of Bluetooth stack implementation vulnerabilities to compromise sensitive data in Bluetooth-enabled devices and networks. Which is the following Bluetooth attacks refers to sending unsolicited messages over Bluetooth to Bluetooth-enabled devices such as PDAs and mobile phones? a. Bluesmacking b. Bluejacking c. Blue Snarfing d. BlueSniff

b. Bluejacking

Some viruses affect computers as soon as their code is executed; other viruses lie dormant until a pre-determined logical circumstance is met. Identify the virus that modifies the directory table entries so that directory entries point to the virus code instead of the actual program. a. Macro b. Cluster c. Encryption d. Boot sector

b. Cluster

PE Explorer

lets you open, view and edit a variety of different 32-bit Windows executable file types (also called PE files) ranging from the common, such as EXE, DLL and ActiveX Controls, to the less familiar types, such as SCR (Screensavers), CPL (Control Panel Applets), SYS, MSSTYLES, BPL, DPL and more (including executable files that run on MS Windows Mobile platform).

The fast recovery process dictates that when a host receives three duplicate ACKs, it must immediately start re transmitting which of following without waiting for the retransmission timer to expire?

lost segments

Which of the following Bluetooth attack allows attacker to gain remote access to a target Bluetooth-enabled device without the victim being aware of it? Bluebugging Bluesmacking BluePrinting Bluejacking

luebugging is an attack in which an attacker gains remote access to a target Bluetooth-enabled device without the victim being aware of it. In this attack, an attacker sniffs sensitive information and might perform malicious activities.

With which of the following devices may the administrator explicitly assigns an IP address manually by associating a client's hardware address with a specific IP address to be leased to that client?

manual address lease

On a Linux device, which of the following commands will start the Nessus client in the background so that the Nessus server can be configured? nessus + nessus *s nessus & nessus -d

nessus &

On a Linux device, which of the following commands will start the Nessus client in the background so that the Nessus server can be configured? nessus + nessus *s nessus & nessus -d

nessus &

On a Linux device, which of the following commands will start the Nessus client in the background so that the Nessus server can be configured? nessus & nessus *s nessus -d nessus +

nessus &

The primary function of ____ layer protocols is to move datagrams through an internetwork connected by routers.

network

The ____ manages the way data is presented to the network (on its way down the protocol stack)

network layer

Which of the following command does an attacker use to enumerate common web applications? nmap -p80 --script http-userdir -enum localhost nmap --script http-trace -p80 localhost nmap -p80 --script http-trace <host> nmap --script http-enum -p80 <host>

nmap --script http-enum -p80 <host>

Which of the following Nmap command is used by attackers to identify IPv6 capabilities of an IoT device? nmap -n -Pn -sS -pT:0-65535 -v -A -oX <Name><IP> nmap -n -Pn -sSU -pT:0-65535,U:0-65535 -v -A -oX <Name><IP> nmap -6 -n -Pn -sSU -pT:0-65535,U:0-65535 -v -A -oX <Name><IP> nmap -sA -P0 <IP>

nmap -6 -n -Pn -sSU -pT:0-65535,U:0-65535 -v -A -oX <Name><IP>

Which of the following commands does an attacker use to detect HTTP Trace? nmap -p80 --script http-userdir -enum localhost nmap --script hostmap <host> nmap -p80 --script http-trace <host> nmap --script http-enum -p80 <host>

nmap -p80 --script http-trace <host>

Which of the following command is used by the attackers to query the ntpd daemon about its current state? ntptrace ntpdate ntpq ntpdc

ntpdc

Which of the following command is used by the attackers to query the ntpd daemon about its current state? ntpdate ntptrace ntpdc ntpq

ntpdc

Which of the following command is used by the attackers to query the ntpd daemon about its current state? ntpdate ntptrace ntpdc ntpq

ntpdc: This command queries the ntpd daemon about its current state and requests changes in that state

GlassWire

offers stylish views of network traffic and usage, controls Windows Firewall, and flags important network events, but understanding it requires considerable network knowledge.

Ostinato, WAN Killer and WireEdit are:

packet generating tools.

Which of the following is a command-line utility that uses ICMP echo packets to test router and link latency, as well as packet loss?

pathping

The ____ address is a six-byte numeric address, burned into firmware (on a chip) by network interface manufacturers.

physical numeric

Which of the following ports does Tiny Telnet Server Trojan use? 20 21 22 23

Which of the following ports does Tiny Telnet Server Trojan use? 23 22 21 20

RFC ____ is the proposed standard for the Flow Label specification and defines the minimum requirements for this field.

3697

The header can be between 20 and ____ bytes in length, with total packet size up to 65,535 bytes in length.

The header can be between 20 and how may bytes in length?

Kerberos Port

Which of the following techniques rely on tunneling to transmit one protocol data in another protocol? Scanning Steganography A covert channel Asymmetric routing

A covert channel

Which of the following cryptographic algorithms is used by CCMP? AES DES RC4 TKIP

AES

An attacker creates anonymous access to the cloud services to carry out various attacks such as password and key cracking, hosting malicious data, and DDoS attack. Which of the following threats is he posing to the cloud platform? Insecure Interface and APIs Data Breach/Loss Abuse and nefarious use of cloud services Insufficient due diligence

Abuse and nefarious use of cloud services

Which of the following is sent from the server to the client to indicate the completion of the four-packet DHCP Discovery process?

Acknowledgement Packet

What type of OS fingerprinting technique sends specially crafted packets to the remote OS and analyzes the received response? Distributive Reflective Active Passive

Active

What type of OS fingerprinting technique sends specially crafted packets to the remote OS and analyzes the received response? Passive Reflective Active Distributive

Active

Which among the following is not a metric for measuring vulnerabilities in common vulnerability scoring system (CVSS)? Temporal Metrics Base Metrics Environmental Metrics Active Metrics

Active Metrics

Which among the following is not a metric for measuring vulnerabilities in common vulnerability scoring system (CVSS)? Base Metrics Active Metrics Temporal Metrics Environmental Metrics

Active Metrics

Which of the following refers to a policy allowing an employee to bring his or her personal devices such as laptops, smartphones, and tablets to the workplace and using them for accessing the organization's resources as per their access privileges? BYOD Social Engineering Phishing Spear-Phishing

BYOD

Marina is a malware analyst with a bank in London. One day, she suspects a file to be a malware and tries to perform static analysis to identify its nature. She wants to analyze the suspicious file and extract the embedded strings in the file into a readable format. Which of the following tool can she use to perform this task? BinText UPX ASPack PE Explorer

BinText

CRLF Injection

Carriage Return Line Feed: A CRLF Injection attack occurs when a user manages to submit a CRLF into an application. This is most commonly done by modifying an HTTP parameter or URL.

Censys

Censys is a public search engine and data processing facility backed by data collected from ongoing Internet-wide scans. Censys supports full-text searches on protocol banners and queries a wide range of derived fields.

ICMP Type 3 Code 13

Communication administratively prohibited

Which of the statements concerning proxy firewalls is correct? Proxy firewalls increase the speed and functionality of a network. Firewall proxy servers decentralize all activity for an application. Proxy firewalls block network packets from passing to and from a protected network. Computers establish a connection with a proxy firewall that initiates a new network connection for the client.

Computers establish a connection with a proxy firewall that initiates a new network connection for the client.

Which of the following is the overloading of the network or a receiver?

Congestion

Which of the following channels is used by an attacker to hide data in an undetectable protocol? Classified Overt Encrypted Covert

Covert

Internet DNS spoofing

DNS spoofing with the help of Trojans when the victim's system connects to the Internet. It is an MITM attack in which the attacker changes the primary DNS entries of the victim's computer.

Sniffers work at which of the following open systems interconnect (OSI) layers? Data link layer Presentation layer Transport layer Application layer

Data link layer

ICMP Type 8

Echo Request

When analyzing the IDS logs, the system administrator notices connections from outside of the LAN have been sending packets where the source IP address and destination IP address are the same. However, no alerts have been sent via email or logged in the IDS. Which type of an alert is this? False positive False negative True positive True negative

False negative

Anonymous, a known hacker group, claim to have taken down 20,000 Twitter accounts linked to Islamic State in response to the Paris attacks that left 130 people dead. How can you categorize this attack by Anonymous? Hacktivism Spoofing Social engineering Cracking

Hacktivism

DNS footprinting: SOA

Indicate authority for domain

IPSEC IKE Protocol

Internet Key Exchange: Port 500

Medusa

Medusa is intended to be a speedy, massively parallel, modular, login brute-forcer.

Out of the following, identify the attack that is used for cracking a cryptographic algorithm using multiple keys for encryption. Meet-in-the-middle Attack Rainbow Table Attack Side Channel Attack DUHK Attack

Meet-in-the-middle Attack

zIPS

Mobile Intrusion Prevention System

port 139

Netbios port

Which of the following attacks can be performed by Spam messages? Denial-of-Service Attacks Phishing Attacks Bluesnarfing Attacks Wardriving Attacks

Phishing Attacks

intitle:" SPA Configuration"

Search Linksys phones

DNS footprinting: SRV

Service records

What is port 515 used for?

The protocols TCP and UDP uses port 515 to interact with the printer. As port 515 is open in the above Nmap output, probably the host is a printer.?

Devil

Trojan,Spyware,Backdoor,RAT,Hacker Tool

Which of the following tools is used to root the Android OS? zANTI LOIC TunesGo DroidSheep

TunesGo

tcp-over-dns

Utility to get you internet access where you had none before. It basically tunnels your TCP internet traffic "through" the DNS protocol and keeps it disguised so corporate firewalls don't know what's going on.

Which of the following is not a remote access Trojan? Theef Netwire Kedi RAT Wingbird

Wingbird

Nikto

an Open Source web server scanner which performs comprehensive tests against web servers for multiple items,

SQLiX

an SQL Injection scanner coded in Perl

Which of the following is a mutation technique used for writing buffer overflow exploits in order to avoid ISD and other filtering mechanisms? a. Assuming that a string function is exploited, send a long string as the input. b. Randomly replace the NOPs with functionally equivalent segments of the code (e.g.: X++, X-;? NOP NOP) c. Pad the beginning of the intended buffer overflow with long run of NOP instructions )a NOP slide or sled) so the CPU will do nothing until it gets to the "main event" d. Makes a buffer to overflow on the lower part of the heap, overwriting other dynamic variables, which can have unexpected and unwanted effects

b. Randomly replace the NOPs with functionally equivalent segments of the code (e.g.: X++, X-;? NOP NOP)

NMAP is a free open source utility, which is designed to rapidly scan large networks. Identify the NMAP scan method that is often referred to as half open scan because it does not open a full TCP connection. a. ACK Scan b. SYN Stealth c. Half open d. Windows Scan

b. SYN Stealth

Application layer DDOS attack

includes GET/POST floods, attacks that targets web server, application or OS vulnerabilities, Slowloris, and so on.

The term ____ refers to a single logical network composed of multiple physical networks, which may all be at a single physical location, or spread among multiple physical locations

internetwork

Cybersquatting

involves conducting phishing scams by registering a domain name that is similar to a cloud service provider.

Which of the following windows utilities allow an attacker to perform NetBIOS enumeration? GetRequest nbtstat SetRequest ntpdate

nbtstat

nmap -p80 --script http-trace <host>

replay attack

packets and authentication tokens are captured using a sniffer. After the relevant info is extracted, the tokens are placed back on the network to gain access. The attacker uses this type of attack to replay bank transactions or other similar types of data transfer, in the hope of replicating and/or altering activities, such as banking deposits or transfers.

____ is the process of tapping into the network communications system, capturing packets that cross the network, gathering network statistics, and decoding the packets into readable form.

protocol analysis

Which of the following can be used to replace internal network addresses with one or more different addresses so the traffic travels over the public Internet does not reveal the address structure of the internal network to outsiders?

proxy server

Which of the following mobile applications is used to perform Denial-of-Service Attacks? Low Orbit Ion Cannon (LOIC) DroidSheep Unrevoked MTK Droid

Low Orbit Ion Cannon (LOIC)

In a DHCP Discover packet, what is the client identifier field based on?

MAC address

Which of the following is not a remote access Trojan? Theef Wingbird Netwire Kedi RAT

Wingbird

Which of the following malware types restricts access to the computer system's files and folders, and demands a payment to the malware creator(s) in order to remove the restrictions? Ransomeware Adware Spyware Trojan Horse

Ransomeware

RF Scanning

Re-purposed access points that do only packet capturing and analysis (RF sensors) are plugged in all over the wired network to detect and warn the WLAN administrator about any wireless devices operating in the area.

Which of the following windows service vulnerability does the WannaCry ransomware exploit during the attack on any windows machine? SMB SMTP DNS SNMP

SMB (server message block) vulnerability via port 445

What method is used to obtain an IP address for an an associated data link address?

RARP

Which of the following is optimized for confidential communications, such as bidirectional voice and video? RC4 RC5 MD4 MD5

RC4

Eric, a professional hacker, is trying to perform a SQL injection attack on the back-end database system of the InfomationSEC, Inc. During the information gathering process, he identifies that MYSQL server is the back-end database engine used. Eric has tried various SQL injection attack attempts based on the information gathered but all of his attempts failed. Later, he discovered that IPS system is blocking all the SQL injection attack attempts. Eric decided to bypass the IPS using string concatenation IPS evasion technique where he needs to break the SQL query into a number of small pieces and concatenates the SQL query end-to-end. Which of the following string concatenation operator Eric need to use in the SQL query to concatenate the SQL query end-to-end? "+" operator "||" operator "concat(,)" operator "&" operator

"concat(,)" operator

FOCA

(Fingerprinting Organizations with Collected Archives) is a tool used mainly to find metadata and hidden information in the documents its scans.

LDAP

(Lightweight Directory Access Protocol), with links to more information. LDAP is the Internet standard for providing "white pages" (phone book-like) service to organizations, workgroups, or the public.

OnCloud, a UK-based cloud service provider hired Anthony, a cloud security professional. Anthony was asked to select cloud formations for secure collaboration. Anthony decides on the Jericho Cloud Cube Model for the organization. Which dimension defines the physical location of data in the Jericho Model? -Internal (I) / External (E) -Proprietary (P) / Open (O) -Perimeterised (Per) / De-perimeterised (D-p) Architectures -Insourced / Outsourced

-Internal (I) / External (E)

A hacker is attempting to see which ports have been left open on a network. Which NMAP switch would the hacker use? -sO -sP -sS -sU

-sO

A hacker is attempting to see which IP addresses are currently active on a network. Which NMAP switch would the hacker use? -sS -sT -sU -sn

-sn

A hacker is attempting to see which IP addresses are currently active on a network. Which NMAP switch would the hacker use? -sS -sn -sT -sU

-sn

netbios port

139

In IPv4, what is the maximum time to live value?

255

LDAP Port Number

389

LDAP port

389

Which of the following mobile Bluetooth attacks enables an attacker to gain remote access to the victims mobile and use its features without the victim's knowledge or consent? Bluesnarfing Bluesmacking Bluebugging BlueSniff

A Bluebugging attack involves gaining remote access to a target Bluetooth-enabled device and use its features without a victim's knowledge or consent.

Which of the following malware is a self-replicating program that produces its code by attaching copies of itself to other executable codes and operates without the knowledge of the user? Exploit kit Worm Trojan Virus

A computer virus is a self-replicating program that produces its code by attaching copies of itself to other executable codes and operates without the knowledge or desire of the user. Like a biological virus, a computer virus is contagious and can contaminate other files; however, viruses can infect outside machines only with the assistance of computer users.

Which of the following techniques rely on tunneling to transmit one protocol data in another protocol? A covert channel Asymmetric routing Steganography Scanning

A covert channel

Which statement best describes a server type under an N-tier architecture? A group of servers at a specific layer A single server with a specific role A group of servers with a unique role A single server at a specific layer

A group of servers with a unique role

A group of servers with a unique role: N-tier architecture is used to provide solutions on scalability, security, fault tolerance, reusability, and maintainability to support enterprise level client-server applications. N-tier architecture usually has three separate logical parts, each of which is located on a separate physical server.

The Open Web Application Security Project (OWASP) testing methodology addresses the need to secure web applications by providing which one of the following services? Web application patches A list of flaws and how to fix them An extensible security framework named COBIT A security certification for hardened web applications

A list of flaws and how to fix them

The Open Web Application Security Project (OWASP) testing methodology addresses the need to secure web applications by providing which one of the following services? An extensible security framework named COBIT. A list of flaws and how to fix them. Web application patches. A security certification for hardened web applications.

A list of flaws and how to fix them

A meet-in-the-middle attack is the best attack method for cryptographic algorithms using multiple keys for encryption. This attack reduces the number of brute force permutations needed to decode text encrypted by more than one key and conducted mainly for forging signatures on mixed type digital signatures. A meet-in-the-middle attack uses space-time tradeoff; it is a birthday attack because it exploits the mathematics behind the birthday paradox.

A privilege escalation threat is caused due to which of the following weaknesses? A mistake in the access allocation system causes a customer, third party, or employee to get more access rights than needed. Weak authentication and authorization controls could lead to illegal access thereby compromising confidential and critical data stored in the cloud. Due to isolation failure, cloud customers can gain illegal access to the data. Due to flaws while provisioning or de-provisioning networks or vulnerabilities in communication encryption.

A mistake in the access allocation system causes a customer, third party, or employee to get more access rights than needed.

Which of the following types of antennas is useful for transmitting weak radio signals over very long distances - on the order of 10 miles? Omnidirectional Parabolic grid Uni-directional Bi-directional

A parabolic grid antenna uses the same principle as that of a satellite dish, but it does not have a solid backing. It consists of a semidish that is in the form of a grid made of aluminum wire. These parabolic grid antennas can achieve very long-distance Wi-Fi transmissions by using a highly focused radio beam.

Metasploit

A penetration-testing tool that combines known scanning techniques and exploits to explore potentially new types of exploits.

A company is using Windows Server 2003 for its Active Directory (AD). What is the most efficient way to crack the passwords for the AD users? Perform a brute force attack. Perform an attack with a rainbow table. Perform a hybrid attack.

A rainbow table attack uses the cryptanalytic time-memory trade-off technique, which requires less time than some other techniques. It uses already-calculated information stored in memory to crack the cryptography. In the rainbow table attack, the attacker creates a table of all the possible passwords and their respective hash values, known as a rainbow table, in advance.

Which of the following is the advantage of adopting a single sign on (SSO) system? Impacts user experience when an application times out the user needs to login again reducing productivity Decreased security as the logout process is different across applications A reduction in overall risk to the system since network and application attacks can only happen at the SSO point A reduction in password fatigue for users because they do not need to know multiple passwords when accessing multiple applications

A reduction in password fatigue for users because they do not need to know multiple passwords when accessing multiple applications

Which of the following is the advantage of adopting a single sign on (SSO) system? A reduction in password fatigue for users because they do not need to know multiple passwords when accessing multiple applications Decreased security as the logout process is different across applications Impacts user experience when an application times out the user needs to login again reducing productivity A reduction in overall risk to the system since network and application attacks can only happen at the SSO point

A reduction in password fatigue for users because they do not need to know multiple passwords when accessing multiple applications

Which of the following contains a public key and the identity of the owner and the corresponding private key is kept secret by the certification authorities? a. Validation authority (VA) b. Self-signed certificate c. Signed certificates d. Registration authority (RA)

A self-signed certificate is an identity certificate signed by the same entity whose identity it certifies. Self-signed certificates are widely used for testing purposes. In self-signed certificates, a user creates a pair of public and private keys using a certificate creation tool such as Adobe Reader, Java's keytool, Apple's Keychain, and so on and signs the document with the public key.

What results will the following command yield? nmap -sS -O -p 123-153 192.168.100.3 A stealth scan, opening port 123 and 153. A stealth scan, checking open ports 123 to 153. A stealth scan, checking all open ports excluding ports 123 to 153. A stealth scan, determine operating system, and scanning ports 123 to 153.

A stealth scan, determine operating system, and scanning ports 123 to 153.

What results will the following command yield? nmap -sS -O -p 123-153 192.168.100.3 A stealth scan, checking all open ports excluding ports 123 to 153. A stealth scan, checking open ports 123 to 153. A stealth scan, determine operating system, and scanning ports 123 to 153. A stealth scan, opening port 123 and 153.

A stealth scan, determine operating system, and scanning ports 123 to 153.

When creating a security program, which approach would be used if senior management is supporting and enforcing the security policy? A senior creation approach. A bottom-up approach. An IT assurance approach. A top-down approach.

A top-down approach.

Sean who works as a network administrator has just deployed an IDS in his organization's network. Sean deployed an IDS that generates four types of alerts that include: true positive, false positive, false negative, and true negative. In which of the following conditions does the IDS generate a true positive alert? A true positive is a condition occurring when an event triggers an alarm and causes the IDS to react as if a real attack is in progress. A true positive is a condition occurring when an event triggers an alarm when no actual attack is in progress. A true positive is a condition occurring when an IDS fails to react to an actual attack event. A true positive is a condition occurring when an IDS identifies an activity as acceptable behavior and the activity is acceptable.

A true positive is a condition occurring when an event triggers an alarm and causes the IDS to react as if a real attack is in progress.

If an attacker is able to access the email contact list, text messages, photos, etc. on your mobile device, then what type of attack did the attacker employ? A: Bluesnarfing B: Bluesmacking C: Bluebugging D: BlueSniff

A: Bluesnarfing

Which of the following tools are useful in extracting information about the geographical location of routers, servers and IP devices in a network? A: Traceroute tools B: DNS Lookup tools C: WhoIs Lookup tools D: Email Tracking Tools

A: Traceroute tools

Which of the following regional internet registries (RIRs) provides services related to the technical coordination and management of Internet number resources in Canada, the United States, and many Caribbean and North Atlantic islands? LACNIC AFRINIC APNIC ARIN

ARIN

In order to protect a device against insecure network services vulnerability, which of the following solutions should be implemented? Enable two-factor authentication End-to-end encryption Disable UPnP Implement secure password recovery mechanisms

All answers apply: Close open network ports Disable UPnP Review network services for vulnerabilities

ND makes use of multicast addresses. Which multicast address is expressed using ff02::2?

All routers

Which of the following tools can be used to perform LDAP enumeration? SuperScan SoftPerfect Network Scanner JXplorer Nsauditor Network Security Auditor

Among the given options, JXplorer can be used to perform LDAP enumeration, whereas SoftPerfect network scanner, SuperScan, and Nsauditor network security auditor are tools that are used to perform NetBIOS enumeration.

Which of the following applications is used for Jailbreaking iOS? KingoRoot Pangu Anzhuang One Click Root Superboot

Among the given options, KingoRoot, One Click Root and Superboot are Android rooting tools whereas Pangu Anzuhang is the tool that is used to perform jailbreaking for iOS mobile devices.

Which of the following tools is not used to perform webserver information gathering? Nmap Netcraft Wireshark Whois

Among the options, Nmap, Netcraft and Whois are the tools used to perform footprinting of webservers, whereas Wireshark is a network sniffing tool.

Which of the following involves injection of malicious code through a web application? SQL Injection Command Injection LDAP Injection Shell Injection

An SQL Injection involves the injection of malicious SQL queries into user input forms. A LDAP injection involves the injection of malicious LDAP statements, and in a shell injection the attacker tries to craft an input string to gain shell access to a web server. A command injection involves the injection of malicious html code (or) command through a web application. In command injection attacks, a hacker alters the content of the web page by using HTML code and by identifying the form fields that lack valid constraints.

Which of the following statements correctly defines a zero-day attack? An attack that exploits vulnerabilities before the software developer releases a patch for the vulnerability. An attack that exploits vulnerabilities after the software developer releases a patch for the vulnerability. An attack that could not exploit vulnerabilities even though the software developer has not released a patch. An attack that exploits an application even if there are zero vulnerabilities.

An attack that exploits vulnerabilities before the software developer releases a patch for the vulnerability.

Which of the following statements correctly defines a zero-day attack? An attack that exploits vulnerabilities before the software developer releases a patch for the vulnerability. An attack that exploits vulnerabilities after the software developer releases a patch for the vulnerability. An attack that exploits an application even if there are zero vulnerabilities. An attack that could not exploit vulnerabilities even though the software developer has not released a patch.

An attack that exploits vulnerabilities before the software developer releases a patch for the vulnerability.

Intranet DNS spoofing:

An attacker can perform an intranet DNS spoofing attack on a switched LAN with the help of the ARP poisoning technique. To perform this attack, the attacker must be connected to the LAN and be able to sniff the traffic or packets.

A hacker wants to encrypt and compress 32-bit executables and .NET apps without affecting their direct functionality. Which of the following cryptor tools should be used by the hacker? BitCrypter Hidden sight crypter Cypherx Java crypter

An attacker can use BitCrypter to encrypt and compress 32-bit executables and .NET apps, without affecting their direct functionality. A Trojan or malicious software piece can be encrypted onto a legitimate software to bypass firewalls and antivirus software.

Rolling Code Attack

An attacker jams and sniffs the signal to obtain the code transferred to the vehicle's receiver and uses it to unlock and steal the vehicle.

Which of the following is considered to be a smurf attack? An attacker sends a large amount of ICMP traffic with a spoofed source IPaddress. An attacker sends a large amount TCP traffic with a spoofed source IPaddress. An attacker sends a large number of TCP connection requests with spoofed source IPaddress. An attacker sends a large number of TCP/user datagram protocol (UDP) connection requests.

An attacker sends a large amount of ICMP traffic with a spoofed source IPaddress.

An attacker identified that port 139 on the victim's Windows machine is open and he used that port to identify the resources that can be accessed or viewed on the remote system. What is the protocol that allowed the attacker to perform this enumeration? LDAP NetBIOS SMTP SNMP

An attacker who finds a Windows OS with port 139 open can check to see what resources can be accessed or viewed on the remote system. However, to enumerate the NetBIOS names, the remote system must have enabled file and printer sharing.

The use of alert thresholding in an IDS can reduce the volume of repeated alerts, but introduces which of the following vulnerabilities? An attacker, working slowly enough, can evade detection by the IDS. Network packets are dropped if the volume exceeds the threshold. Thresholding interferes with the IDS' ability to reassemble fragmented packets. The IDS will not distinguish among packets originating from different sources.

An attacker, working slowly enough, can evade detection by the IDS.

IoT Mobile

An ideal framework for the mobile interface should include proper authentication mechanism for the user, account lockout mechanism after a certain number of failed attempts, local storage security, encrypted communication channels and the security of the data transmitted over the channel.

Which of the following Jailbreaking techniques will make the mobile device jailbroken after each reboot? Untethered Jailbreaking Semi-Tethered Jailbreaking Tethered Jailbreaking None of the Above

An untethered jailbreak has the property that if the user turns the device off and back on, the device will start up completely, and the kernel will be patched without the help of a computer - in other words, it will be jailbroken after each reboot.

Which of the following is not an action present in Snort IDS? Alert Log Audit Pass

Auditing is not an action of Snort since Snort is an IDS and not an Audit tool. ? Alert - Generate an alert using the selected alert method, and then log the packet ? Log - Log the packet ? Pass - Drop (ignore) the packet

In a RIPv2 packet, which field contains a plain text password?

Authentication

Which of the following technique helps protect mobile systems and users by limiting the resources the mobile application can access on the mobile platform? Firewall Sandbox Anti-Malware Spam Filter

App sandboxing is a security mechanism that helps protect systems and users by limiting resources the app can access to its intended functionality on the mobile platform.

Which assessment focuses on transactional Web applications, traditional client-server applications, and hybrid systems? Passive Assessment Active Assessment Wireless network Assessment Application Assessment

Application Assessment

Which assessment focuses on transactional Web applications, traditional client-server applications, and hybrid systems? Passive Assessment Application Assessment Active Assessment Wireless network Assessment

Application Assessment

Highlander, Incorporated, is a medical insurance company with several regional company offices in North America. Employees, when in the office, utilize desktop computers that have Windows 10, Microsoft Office, anti-malware/virus software, and an insurance application developed by a contractor. All of the software updates and patches are managed by the IT department of Highlander, Incorporated. Group policies are used to lock down the desktop computers, including the use of Applocker to restrict the installation of any third-party applications. There are one hundred employees who work from their home offices. Employees who work from home use their own computers, laptops, and personal smartphones. They authenticate to a cloud-based domain service, which is synchronized with the corporate internal domain service. The computers are updated and patched through the cloud-based domain service. Applocker is not used to restrict the installation of third-party applications. The protocol that they have chosen is Authentication Header (AH). The database that hosts the information collected from the insurance application is hosted on a cloud-based file server, and their email server is hosted on Office 365. Other files created by employees get saved to a cloud-based file server and the company uses work folders to synchronize offline copies back to their devices. A competitor has finished the reconnaissance and scanning phases of their attack. They are going to try to gain access to the Highlander, Incorporated, laptops. Which would be the most likely level to gain access? Application Level Operating System Network Level Hardware Level

Application Level

When does the Payment Card Industry Data Security Standard (PCI-DSS) require organizations to perform external and internal penetration testing? At least twice a year or after any significant upgrade or modification At least once a year and after any significant upgrade or modification At least once every three years or after any significant upgrade or modification At least once every two years and after any significant upgrade or modification

At least once a year and after any significant upgrade or modification

When does the Payment Card Industry Data Security Standard (PCI-DSS) require organizations to perform external and internal penetration testing? -At least once a year and after any significant upgrade or modification. -At least once every three years or after any significant upgrade or modification. -At least twice a year or after any significant upgrade or modification. -At least once every two years and after any significant upgrade or modification.

At least once a year and after any significant upgrade or modification.

How can a rootkit bypass Windows 7 operating system's kernel mode, and code signing policy? -Defeating the scanner from detecting any code change at the kernel -Replacing patch system calls with its own version that hides the rootkit (attacker's) actions -Performing common services for the application process and replacing real applications with fake ones -Attaching itself to the master boot record in a hard drive and changing the machine's boot

Attaching itself to the master boot record in a hard drive and changing the machine's boot

A company is using Windows Server 2003 for its Active Directory (AD). What is the most efficient way to crack the passwords for the AD users?

Attack with Rainbow Table

Sybil attack

Attacker uses multiple forged identities to create a strong illusion of traffic congestion, affecting communication between neighboring nodes and networks.

Side Channel Attack:

Attackers perform side channel attacks by extracting information about encryption keys by observing the emission of signals i.e. "side channels" from IoT devices.

HackRF One

Attackers use HackRF One to perform attacks such as BlueBorne or AirBorne attacks such as replay, fuzzing, jamming, etc.

RFCrack

Attackers use the RFCrack tool to obtain the rolling code sent by the victim to unlock a vehicle and later use the same code for unlocking and stealing the vehicle.

Zigbee Framework

Attify ZigBee framework consists of a set of tools used to perform ZigBee penetration testing.

Which of the following is not an action present in Snort IDS? Alert Log Audit Pass

Audit

Which of the following is a detective control? Continuity of operations plan. Security policy. Smart card authentication. Audit trail.

Audit trail.

When analyzing the IDS logs, the system administrator notices connections from outside of the LAN have been sending packets where the Source IP address and Destination IP address are the same. There have been no alerts sent via email or logged in the IDS. Which type of an alert is this?

B. False negative

2 Which method of password cracking takes the most time and effort? A. Rainbow tables B. Brute force C. Shoulder surfing D. Dictionary attack

B. Brute force

Two examples of routing protocols that support multiple types of services are OSPF and which of the following?

BGP (Border Gateway Protocol)

BinText

An attacker collects the make and model of target Bluetooth-enabled devices analyzes them in an attempt to find out whether the devices are in the range of vulnerability to exploit. Identify which type of attack is performed on Bluetooth devices. BlueSniff Bluebugging BluePrinting

BluePrinting: a footprinting technique performed by an attacker in order to determine the make and model of the target Bluetooth-enabled device.

BlueScan

BlueScan is a bash script that implements a scanner to detect Bluetooth devices that are within the range of our system.

What is BlueSniff?

BlueSniff is a proof of concept code for a Bluetooth wardriving utility. It is useful for finding hidden and discoverable Bluetooth devices.

CommView

CommView for Wi-Fi is a wireless network monitor and analyzer for 802.11 a/b/g/n networks.

CommView for WiFi

CommView for Wi-Fi is a wireless network monitor and analyzer for 802.11 a/b/g/n networks.

Cain & Abel

Cain & Abel is a password recovery tool for Microsoft Operating Systems. It allows easy recovery of various kind of passwords by sniffing the network, cracking encrypted passwords using Dictionary, Brute-Force and Cryptanalysis attacks, recording VoIP conversations, decoding scrambled passwords, recovering wireless network keys, revealing password boxes, uncovering cached passwords and analyzing routing protocols.

DNS footprinting: CNAME

Canonical naming allows aliases to a host

Out of the following, which is not an active sniffing technique? MAC flooding Domain snipping Spoofing attack Switch port stealing

Domain snipping

Out of the following, which is not an active sniffing technique? Domain snipping Spoofing attack Switch port stealing MAC flooding

Domain snipping

What is the outcome of the command "nc -l -p 2222 | nc 10.1.0.43 1234"?

Netcat will listen on port 2222 and output anything received to a remote connection on 10.1.0.43 port 1234.

1 After trying multiple exploits, you've gained root access to a Centos 6 server. To ensure you maintain access, what would you do first? A. Download and Install Netcat B. Disable IP Tables C. Disable Key Services D. Create User Account

D. Create User Account

Which of the following is a symmetric cryptographic algorithm? A: DSA B: PKI C: RSA D: 3DES

D: 3DES

Which of the following tools can be used to protect private data and home networks while preventing unauthorized access using PKI-based security solutions for IoT devices? DigiCert IoT Security Solution SeaCat.io Censys Firmalyzer Enterprise

DigiCert IoT Security Solution

Which of the following backdoors is used by the WannaCry ransomware to perform remote code execution and further propagation on a victim machine? EternalBlue Doublepulsar Kovter satanz

Doublepulsar

Which of the following backdoors is used by the WannaCry ransomware to perform remote code execution and further propagation on a victim machine? EternalBlue Doublepulsar satanz Kovter

Doublepulsar

Which of the following backdoors is used by the WannaCry ransomware to perform remote code execution and further propagation on a victim machine? EternalBlue Doublepulsar Kovter

Doublepulsar

Which of the following backdoors is used by the WannaCry ransomware to perform remote code execution and further propagation on a victim machine? EternalBlue Doublepulsar satanz Kovter

Doublepulsar is the backdoor that is used by the WannaCry ransomware to perform remote code execution and further propagation on a victim machine. Eternalblue is a ransomware package that Wanacry uses for deploying the backdoor.

Doxing

Previously, IPv6 specified that interface identifiers followed the modified ____ format, which specifies a unique 64-bit interface identifier for each interface.

EUI-64

Which of the following SMTP in-built commands tells the actual delivery addresses of aliases and mailing lists? VRFY EXPN RCPT TO PSINFO

EXPN

Which of the following SMTP in-built commands tells the actual delivery addresses of aliases and mailing lists? PSINFO RCPT TO EXPN VRFY

EXPN

DHCP snooping binding database

Each database entry (binding) has an IP address, an associated MAC address, the lease time (in hexadecimal format), the interface to which the binding applies, and the VLAN to which the interface belongs.

Which of the following statements are true regarding N-tier architecture? (Choose two.) Each layer must be able to exist on a physically independent system. The N-tier architecture must have at least one logical layer. Each layer should exchange information only with the layers above and below it. When a layer is changed or updated, the other layers must also be recompiled or modified.

Each layer must be able to exist on a physically independent system. Each layer should exchange information only with the layers above and below it.

Which of the following statements are true regarding N-tier architecture? (Choose two.) Each layer must be able to exist on a physically independent system. The N-tier architecture must have at least one logical layer. When a layer is changed or updated, the other layers must also be recompiled or modified. Each layer should exchange information only with the layers above and below it.

Each layer must be able to exist on a physically independent system. Each layer should exchange information only with the layers above and below it.

Proper communication and storage encryption, no default credentials, strong passwords, and up-to-date components are the security considerations for which of the following component? Mobile Cloud Platform Edge Gateway

Edge

Providing a narrower address space is primary design goal for IPv6. T or F

Detective security controls detect and react appropriately to the incidents that happen on the cloud system. Which of the following is an example of detective security controls? Implementing strong authentication mechanism Restoring system backups Employing IDSs and IPSs Identifying warning sign on the fence

Employing IDSs and IPSs

Highlander, Incorporated, decides to hire an ethical hacker to identify vulnerabilities at the regional locations and ensure system security. What is the main difference between a hacker and an ethical hacker when they are trying to compromise the regional offices? Ethical Hackers have the permission of upper management. Ethical hackers have the permission of the regional server administrators. Hackers have more sophisticated tools. Hackers don't have any knowledge of the network before they compromise the network.

Ethical Hackers have the permission of upper management.

A network is usually said to be converged when all the routers know a lop-free path to get to all other networks. T or F

TCP keep-alives are enabled by default on Windows XP, Windows Vista, Windows 7, Windows Server 2003, and Windows Server 2008, although any application may disable TCP keep-alives, if desired by its programmer. T or F

What is the correct order of steps in the system hacking cycle? Escalating Privileges -> Gaining Access -> Executing Applications -> Covering Tracks -> Hiding Files Gaining Access -> Escalating Privileges -> Executing Applications -> Hiding Files -> Covering Tracks Executing Applications -> Gaining Access -> Covering Tracks -> Escalating Privileges -> Hiding Files Covering Tracks -> Hiding Files -> Escalating -> Privileges -> Executing Applications -> Gaining Access

Gaining Access -> Escalating Privileges -> Executing Applications -> Hiding Files -> Covering Tracks

If you are responsible for securing a network from any type of attack and if you have found that one of your employees is able to access any website that may lead to clickjacking, attacks, what would you do to avoid the attacks? Harden browser permission rules Delete Cookies Configure Application certification rules Enable Remote Management

Harden browser permission rules

To reduce the attack surface of a system, administrators should perform which of the following processes to remove unnecessary software, services, and insecure configuration settings? Windowing Harvesting Hardening Stealthing

Hardening

Which solution can be used to emulate computer services, such as mail and ftp, and to capture information related to logins or actions? Firewall Honeypot Intrusion Detection System (IDS) DeMilitarized Zone (DMZ)

Honeypot

Which extension header is designed to carry information that affects routers along a path?

Hop-by-hop options

If a tester is attempting to ping a target that exists but receives no response or a response that states the destination is unreachable, ICMP may be disabled and the network may be using TCP. Which other option could the tester use to get a response from a host using TCP? Hping Traceroute TCP ping Broadcast ping

Hping

Hping can be configured to perform an ACK scan by specifying the argument -A in the command line. Here, you are setting ACK flag in the probe packets and performing the scan. You perform this scan when a host does not respond to a ping request. By issuing this command, Hping checks if a host is alive on a network. If it finds a live host and an open port, it returns an RST response.

Don Parker, a security analyst, is hired to perform a DoS test on a company. Which of the following tools can he successfully utilize to perform this task? Hping3 Cain and Abel Recon-ng N-Stalker

Hping3

Don Parker, a security analyst, is hired to perform a DoS test on a company. Which of the following tools can he successfully utilize to perform this task? Hping3 Cain and Abel Recon-ng N-Stalker

Hping3 is a command-line tool that can be used to send custom TCP/IP packets such as a huge number of SYN packets that can crash the target machine.

Hping 3

Hping3 is a command-line tool that can be used to send custom TCP/IP packets such as a huge number of SYN packets that can crash the target machine.

You have retrieved the raw hash values from a Windows 2000 Domain Controller. Using social engineering, you know that they are enforcing strong passwords. You understand that all users are required to use passwords that are at least eight characters in length. All passwords must also use three of the four following categories: lower-case letters, capital letters, numbers, and special characters. With your given knowledge of users, likely user account names, and the possibility that they will choose the easiest passwords possible, what would be the fastest type of password cracking attack you can run against these hash values to get results? Replay attack Dictionary Attack Brute Force Attack Hybrid Attack

Hybrid Attack

Hydra

Hydra is a brute force password cracking tool.

An attacker injects the following SQL query: blah' AND 1=(SELECT COUNT(*) FROM mytable); -- What is the intention of the attacker? Updating Table Adding New Records Deleting a Table Identifying the Table Name

Identifying the Table Name

Which of the following attacks can be prevented by implementing token or biometric authentication as a defense strategy? Shoulder surfing Fake SMS Eavesdropping Impersonation

Impersonation

Which of the following attacks can be prevented by implementing token or biometric authentication as a defense strategy? Fake SMS Shoulder surfing Impersonation Eavesdropping

Impersonation

In which of the following attacks does an attacker use an ORDER BY clause to find the right number of columns in a database table? Piggybacked query In-line comments UNION SQL injection Tautology

In a UNION SQL injection, to find the right numbers of columns, the attacker first launches a query by using an ORDER BY clause, followed by a number to indicate the number of database columns selected: ORDER BY 10--

Out of the following attacks, which attack is a physical attack that is performed on a cryptographic device/cryptosystem to gain sensitive information? Side channel attack Hash collision attack DUHK attack

In a side channel attack, an attacker monitors channels (environmental factors) and tries to acquire the information useful for cryptanalysis. The information collected in this process is termed as side channel information.

In which type of fuzz testing does the protocol fuzzer send forged packets to the target application that is to be tested? Mutation-based Generation-based Protocol-based None of the above

In protocol-based type of testing, the protocol fuzzer sends forged packets to the target application that is to be tested. This type of testing requires detailed knowledge of the protocol format being tested.

Device-to-Gateway Communication Model

In the Device-to-Gateway communication, Internet of Things device communicates with an intermediate device called a Gateway, which in turn communicates with the cloud service.

Out of Band Exploitation

In the Out of Band exploitation technique, the tester creates an alternate channel to retrieve data from the server.

Proxy server DNS poisoning:

In the proxy server DNS poisoning technique, the attacker sets up a proxy server on the attacker's system. The attacker also configures a fraudulent DNS and makes its IP address a primary DNS entry in the proxy server.

Device-to-Cloud Communication Model:

In this type of communication, devices communicate with the cloud directly rather than directly communicating with the client in order to send or receive the data or commands.

Source Routing

In this,the sender of the packet designates the route (partially or entirely) that a packet should take through the network in such a way that the designated route should bypass the firewall node.

In which of the following attacks does an attacker use the same communication channel to perform the attack and retrieve the results? Blind SQL injection Out-of-band SQL injection In-band SQL injection Inferential SQL injection

In-band SQL injection

Which of the following approaches to vulnerability assessment is mainly focused on the hierarchical interdependent vulnerabilities, such as server-based vulnerabilities or device-based vulnerabilities? Product-based assessment solutions Service-based assessment solution Tree-based assessment Inference-based assessment

Inference-based assessment

Information Gathering Tools: Attackers use information gathering tools such as Shodan and Censys to gather basic information about the target device and network.

Anyone can send an encrypted message to Bob but only Bob can read it. Using PKI, when Alice wishes to send an encrypted message to Bob, she looks up Bob's public key in a directory, uses it to encrypt the message, and sends it off. Bob then uses his private key to decrypt the message and read it. No one listening in can decrypt the message. Thus, although many people may know the public key of Bob and use it to verify Bob's signatures, they cannot discover Bob's private key and use it to forge digital signatures. This is referred to as the principle of: Irreversibility Non-repudiation Symmetry Asymmetry

Irreversibility

In which of the following cloud computing threats does an attacker try to control operations of other cloud customers to gain illegal access to the data? Privilege Escalation Illegal Access to the cloud Isolation Failure Supply Chain Failure

Isolation Failure

Isolation Failure: Multi-tenancy and shared resources are the characteristics of cloud computing. Strong isolation or compartmentalization of storage, memory, routing, and reputation among different tenants is lacking. Because of isolation failure, attackers try to control operations of other cloud customers to gain illegal access to the data.

Netstat

It displays active TCP connections, ports on which the computer is listening, Ethernet statistics, the IP routing table, IPv4 statistics (for the IP, ICMP, TCP, and UDP protocols), and IPv6 statistics (for the IPv6, ICMPv6, TCP over IPv6, and UDP over IPv6 protocols).

HTTrack

It downloads a Website from the Internet to a local directory, building all directories recursively, getting HTML, images, and other files from the server.

RADIUS

It is a centralized authentication and authorization management system.

LEAP

It is a proprietary version of EAP developed by Cisco.

What is the primary drawback of using Advanced Encryption Standard (AES) algorithm with a 256-bit key to share sensitive data? -Due to the key size, the time it will take to encrypt and decrypt the message hinders efficient communication. -To get messaging programs to function with this algorithm requires complex configurations. -It is a symmetric key algorithm, meaning each recipient must receive the key through a different channel than the message.

It is a symmetric key algorithm, meaning each recipient must receive the key through a different channel than the message.

MoCA

It is a wired communication protocol.

Timing attack

It is based on repeatedly measuring the exact execution times of modular exponentiation operations. The attacker tries to break the ciphertext by analyzing the time taken to execute the encryption and decryption algorithm for various inputs.

Which of the following Encryption technique is used in WPA? RSA TKIP AES DES

It uses a Temporal Key Integrity Protocol (TKIP) that utilizes the RC4 stream cipher encryption with 128-bit keys and 64-bit MIC integrity check to provide stronger encryption, and authentication.

Rita is a security analyst in a firm and wants to check a new antivirus software by creating a virus so as to auto start and shutdown a system. Identify the virus maker tool she should use to check the reliability of new anti-virus software? JPS Virus Maker VirusTotal WannaCry DELmE's Batch Virus Generator

JPS Virus Maker

Rita is a security analyst in a firm and wants to check a new antivirus software by creating a virus so as to auto start and shutdown a system. Identify the virus maker tool she should use to check the reliability of new anti-virus software? DELmE's Batch Virus Generator JPS Virus Maker WannaCry VirusTotal

JPS Virus Maker

Rita is a security analyst in a firm and wants to check a new antivirus software by creating a virus so as to auto start and shutdown a system. Identify the virus maker tool she should use to check the reliability of new anti-virus software? DELmE's Batch Virus Generator JPS Virus Maker VirusTotal

JPS Virus Maker tool is used to create the own customized virus. There are many options in build in this tool which can be used to create the virus. Some of the features of this tool are auto start, shutdown, disable security center, lock mouse and keyboard, destroy protected storage, and terminate windows.

Which of the following protocols uses TCP or UDP as its transport protocol over port 389? LDAP SIP SMTP SNMP

LDAP

Least privilege is a security concept, which requires that a user is ... Limited to those functions which are required to do the job. Given root or administrative privileges. Trusted to keep all data and access to that data under their sole control. Given privileges equal to everyone else in the department.

Limited to those functions which are required to do the job.

A tester is attempting to capture and analyze the traffic on a given network and realizes that the network has several switches. What could be used to successfully sniff the traffic on this switched network? (Choose three.) Address Resolution Protocol (ARP) spoofing MAC duplication MAC flooding SYN flooding Reverse smurf attack ARP broadcasting

MAC duplication MAC flooding SYN flooding

Which of the following protocol uses magnetic field induction to enable communication between two electronic devices? LTE-Advanced Near Field Communication (NFC) Multimedia over Coax Alliance (MoCA) Ha-Low

Near Field Communication (NFC)

Which of the following uses ICMPv6 type 135 messages?

Neighbor Solicitation

John, a malicious attacker, was intercepting packets during transmission between the client and server in a TCP and UDP session, what is this type of attack called? Network level hijacking Application level hijacking Intrusion Session hijacking

Network level hijacking

What field in the basic IPv6 header is used to chain additional headers?

Next header

NotPetya Ransomeware

NotPetya infects the master boot record to execute a payload that encrypts a hard drive's file system table and stops Windows from booting. It can spread over the network using WMIC (Windows Management Instrumentation Command-line) by capturing all credentials from the local machine using Mimikatz.

MitB (Man in the Browser) is a session hijacking technique heavily used by e-banking Trojans. The most popular ones are Zeus and Gameover Zeus. Explain how MitB attack works. Malware is injected between the browser and OS API, enabling to see the data before encryption and after decryption . Malware is injected between the browser and keyboard driver, enabling to see all the keystrokes. Malware is injected between the browser and network.dll, enabling to see the data before it is sent to the network and while it is being received from the network.

On Windows OS, malware is injected between the browser and wininet.dll, which allows it to see the data before encryption (wininet.dll is exposing APIs to use https etc.)

Which of the following tools is not a NetBIOS enumeration tool? Hyena SuperScan NetScanTools Pro OpUtils

OpUtils

Which of the following tools is not a NetBIOS enumeration tool? Hyena SuperScan NetScanTools Pro OpUtils

OpUtils

Which of the following tools is not a NetBIOS enumeration tool? OpUtils NetScanTools Pro Hyena SuperScan

OpUtils

AlienVault

Open Source Security Information and Event Management (SIEM), provides you with a feature-rich open source SIEM complete with event collection, normalization and correlation.

OpenSSH or SSH is a more secure solution to which of the following protocol? HTTP IP Telnet, rlogin SMB

OpenSSH or SSH is a more secure solution to Telnet, rlogin. SSH sends encrypted data and makes it difficult for the attacker to send the correctly encrypted data if a session is hijacked.

Which of the following is a legal channel for the transfer of data or information in a company network securely? Overt Channel Covert Channel Covert Storage Channel Covert Timing Channel

Overt Channel

Which of the following techniques is used to place an executable in a particular path in such a way that it will be executed by the application in place of the legitimate target? Scheduled Task File System Permissions Weakness Path Interception Application Shimming

Path Interception

Which of the following can an administrator do to verify that a tape backup can be recovered in its entirety? Read the last 512 bytes of the tape. Restore a random file. Read the first 512 bytes of the tape. Perform a full restore.

Perform a full restore.

Identify the type of a DoS attack where an attacker sends e-mails, Internet relay chats (IRCs), tweets, and posts videos with fraudulent content for hardware updates to the victim with the intent of modifying and corrupting the updates with vulnerabilities or defective firmware. SYN flooding attack Internet control message protocol(ICMP) flood attack Ping of death attack Phlashing attack

Phlashing attack

DNS footprinting: A

Points to a host's IP address

Which of the following TCP/UDP port is used by the infected devices to spread malicious files to other devices in the network? Port 23 Port 48101 Port 22 Port 53

Port 48101: TCP/UDP port 48101 is used by the infected devices to spread malicious files to the other devices in the network. Monitor traffic on port 48101 as the infected devices attempt to spread the malicious file using port 48101

What is the default port used by IPSEC IKE protocol? Port 500 Port 4500 Port 50 Port 51

Port 500

ICMP reply of Code 3/Type 3

Port is unreachable

Process Monitor

Process Monitor is a monitoring tool for Windows that shows real-time file system, Registry, and process/thread activity.

What information is gathered about the victim using email tracking tools? Username of the clients, operating systems, email addresses, and list of software. Targeted contact data, extracts the URL and meta tag for website promotion. Recipient's IP address, Geolocation, Proxy detection, Operating system and Browser information. Information on an organization's web pages since their creation.

Recipient's IP address, Geolocation, Proxy detection, Operating system and Browser information.

Recon-ng

Recon-ng is a full-featured Web Reconnaissance framework written in Python

Replay Attack

In which phase of a social engineering attack does an attacker indulges in dumpster diving? Selecting target Develop the relationship Research on target Exploit the relationship

Research on target

In which phase of a social engineering attack does an attacker indulges in dumpster diving? Selecting target Develop the relationship Exploit the relationship Research on target

Research on target

What is the name of the code that is used in locking or unlocking a car or a garage and prevents replay attacks? Hex code Polymorphic code Rolling code Unicode

Rolling code

SPECTER

SPECTER is a honeypot. It automatically investigates attackers while they are still trying to break in. It provides massive amounts of decoy content, and it generates decoy programs that cannot leave hidden marks on the attacker's computer.

In which of the following hacking phases does an attacker try to detect listening ports to find information about the nature of services running on the target machine? Gaining access Clearing Tracks Scanning Maintaining access

Scanning

In which of the following hacking phases does an attacker try to detect listening ports to find information about the nature of services running on the target machine? Scanning Gaining access Maintaining access Clearing Track

Scanning

.SeaCat.io

SeaCat.io is a security-first SaaS technology to operate IoT products in a reliable, scalable and secure manner. It provides protection to end users, business, and data.

Which of the following is a network based threat? Buffer overflow Arbitrary code execution Input validation flaw Session hijacking

Session hijacking

When utilizing technical assessment methods to assess the security posture of a network, which of the following techniques would be most effective in determining whether end-user security training would be beneficial? Network sniffing. Application security testing. Vulnerability scanning. Social engineering.

Social engineering.

nslookup: NS

Specifies a DNS name server for the named zone

Validation authority (VA)

Stores certificates (with their public keys)

Which of the following is considered to be a session hijacking attack? Taking over a TCP session Taking over a UDP session Monitoring a TCP session Monitoring a UDP session

Taking over a TCP session

Which of the following defines the role of a root certificate authority (CA) in a public key infrastructure (PKI)? The root CA is the recovery agent used to encrypt data when a user's certificate is lost. The root CA stores the user's hash value for safekeeping. The CA is the trusted root that issues certificates. The root CA is used to encrypt e-mail messages to prevent unintended disclosure of data.

The CA is the trusted root that issues certificates.

DHCP Snooping Binding Table

The DHCP snooping process filters untrusted DHCP messages and helps to build and bind a DHCP binding table.

802.11n

The IEEE 802.11n is a revision that enhances the earlier 802.11g standards with multiple-input multiple-output (MIMO) antennas.

Krack Attack

The Key Reinstallation Attack (KRACK) breaks the WPA2 protocol by forcing nonce reuse in encryption algorithms used by Wi-Fi.

How many bit checksum is used by the TCP protocol for error checking of the header and data and to ensure that communication is reliable? 13-bit 14-bit 15-bit 16-bit

The TCP protocol uses 16-bit checksums for error checking of the header and data and to ensure that communication is reliable. It adds a checksum to every transmitted segment that is checked at the receiving end.

A technician is resolving an issue where a computer is unable to connect to the Internet using a wireless access point. The computer can transfer files locally to other machines, but cannot successfully reach the Internet. When the technician examines the IP address and default gateway, they are both on the 192.168.1.0/24. Which of the following has occurred? The gateway and the computer are not on the same network. The gateway is not routing to a public IP address. The computer is using an invalid IP address. The computer is not using a private IP address.

The gateway is not routing to a public IP address.

In a Windows system, an attacker was found to have run the following command: type C:\SecretFile.txt >C:\LegitFile.txt:SecretFile.txt What does the above command indicate? The attacker has used Alternate Data Streams to hide SecretFile.txt file into LegitFile.txt. The attacker has used Alternate Data Streams to copy the content of SecretFile.txt file into LegitFile.txt. The attacker was trying to view SecretFile.txt file hidden using an Alternate Data Stream. The attacker has used Alternate Data Streams to rename SecretFile.txt file to LegitFile.txt.

The attacker has used Alternate Data Streams to hide SecretFile.txt file into LegitFile.txt.

How does the SAM database in Windows operating system store the user accounts and passwords? The operating system stores all passwords in a protected segment of volatile memory. The operating system uses key distribution center (KDC) for storing all user passwords. The operating system stores the passwords in a secret file that users cannot find. The operating system performs a one-way hash of the passwords.

The operating system stores all passwords in a protected segment of volatile memory.

Dylib hijacking

This allows an attacker to inject a malicious dylib in one of the primary directories and simply load the malicious dylib at runtime.

Which NMAP feature can a tester implement or adjust while scanning for open ports to avoid detection by the network's IDS? Traceroute to control the path of the packets sent during the scan. Timing options to slow the speed that the port scan is conducted. Fingerprinting to identify which operating systems are running on the network. ICMP ping sweep to determine which hosts on the network are not available .

Timing options to slow the speed that the port scan is conducted.

MITMf

Tool which aims to provide a one-stop-shop for Man-In-The-Middle (MiTM) and network attacks while updating and improving existing attacks and techniques.

Which of the following utility uses the ICMP protocol concept and Time to Live ('TTL') field of IP header to find the path of the target host in the network? Traceroute WhoIs DNS Lookup TCP/IP

Traceroute

Which of the following utility uses the ICMP protocol concept and Time to Live ('TTL') field of IP header to find the path of the target host in the network? WhoIs Traceroute DNS Lookup TCP/IP

Traceroute

Which of the following tools are useful in extracting information about the geographical location of routers, servers and IP devices in a network?

Traceroute Tools

Which of the following tools are useful in extracting information about the geographical location of routers, servers and IP devices in a network? Email Tracking Tools DNS Lookup tools Traceroute tools WhoIs Lookup tools

Traceroute tools

Which of the following tools are useful in extracting information about the geographical location of routers, servers and IP devices in a network? Traceroute tools DNS Lookup tools WhoIs Lookup tools Email Tracking Tools

Traceroute tools

Which of the following fields contains a random number selected by the client and is used to match requests and responses between the client and server?

Transaction ID number

Which of the following is a simple protocol that is used by applications that contain their own connection-oriented timeout values and retry counters, similar to those provided by TCP?

UDP

UPnP

Universal Plug and Play is a set of networking protocols that permits networked devices, such as personal computers, printers, Internet gateways, Wi-Fi access points and mobile devices to seamlessly discover each other's presence on the network and establish functional network services for data sharing, communications, and entertainment.

A user wants to securely establish a remote connection to a system without any interference from perpetrators. Which of the following methods should he incorporate in order to do so? HTTPS VPN SMB Signing SFTP

VPN

inurl:"NetworkConfiguration" cisco

VoIP footprinting to extract Cisco phone details

Once an attacker gathers information about a target device in the first phase, what is the second phase in IoT device hacking? Gain access Information gathering Maintain access Vulnerability scanning

Vulnerability Scanning: Once the attackers gather information about a target device, they search for the attack surfaces of a device (identify the vulnerabilities) which they can attack.

Which of these is a preventive security control? Security incident handling Forensics Disaster recovery Vulnerability management

Vulnerability management

Once an attacker gathers information about a target device in the first phase, what is the second phase in IoT device hacking? Gain access Information gathering Maintain access Vulnerability scanning

Vulnerability scanning

If a threat detection software installed in any organization network either does not record the malicious event or ignores the important details about the event, then what kind of vulnerability is it? Insufficient Logging and Monitoring Security Misconfiguration Sensitive Data Exposure Broken Access Control

Web applications maintain logs to track usage patterns such as user login credentials and admin login credentials. Insufficient logging and monitoring refers to the scenario where the detection software either does not record the malicious event or ignores the important details about the event.

Which of the following is a web application that does not have the secure flag set and that is implemented by OWASP that is full of known vulnerabilities? WebBugs WebGoat VULN_HTML WebScarab

WebGoat

Which of the following attacks occurs when an intruder maliciously alters the visual appearance of a webpage by inserting or substituting provocative, and frequently, offending data? Man-in-the-middle attack Website defacement Directory traversal attack HTTP response splitting attack

Website defacement

Which of the following tools can be used to detect web server hacking attempts and alert you through emails? Nessus WebsiteCDS Nmap Netcraft

WebsiteCDS is a website change detection system that can detect hacking attempts on the web server. It is a script that goes through your entire web folder and detects any changes made to your code base and alerts you using email.

A pen tester is using Metasploit to exploit an FTP server and pivot to a LAN. How will the pen tester pivot using Metasploit? Issue the pivot exploit and set the meterpreter. Reconfigure the network settings in the meterpreter. Set the payload to propagate through the meterpreter. Create a route statement in the meterpreter.

When malicious activities are performed on the system with Metasploit Framework, the Logs of the target system can be wiped out by launching meterpreter shell prompt of the Metasploit Framework and typing clearev command in meterpreter shell prompt followed by typing Enter.

Which of the following is not a defensive measure for web server attacks? -Limit inbound traffic to port 80 for HTTP and port 443 for HTTPS (SSL) -Encrypt or restrict intranet traffic -Ensure that protected resources are mapped to HttpForbiddenHandler and unused HttpModules are removed -Configure IIS to accept URLs with "../"

While ensuring code access security, in order to avoid dictionary attacks on any web server, you have to configure the IIS to reject URLs with "../", and install new patches and updates. Configuring IIS to accept URLs with "../" allows attacks to perform dictionary attacks, directory traversal attacks, etc.

Which of the following is a query and response protocol used for querying databases that store the registered users or assignees of an Internet resource, such as a domain name, an IP address block, or an autonomous system? WhoIs Lookup Traceroute TCP/IP DNS Lookup

WhoIs Lookup

WiFish Finder

WiFish Finder is a tool for assessing whether WiFi devices active in the air are vulnerable to 'Wi-Fishing' attacks.

Which of the following tools is not used to perform OS banner grabbing? Nmap Wireshark Telnet Netcat

Wireshark

Which of the following tools is not used to perform webserver information gathering? Nmap Netcraft Wireshark Whois

Wireshark

Works higher up in the OS and usually patches, hooks, or supplants system calls with backdoor versions

Yancey is a network security administrator for a large electric company. This company provides power for over 100,000 people in Las Vegas. Yancey has worked for his company for more than 15 years and has become very successful. One day, Yancey comes into work and finds out that the company will be downsizing and he will be out of a job in two weeks. Yancey is very angry and decides to place logic bombs, viruses, Trojans, and backdoors all over the network to take down the company once he has left. Yancey does not care if his actions land him in jail for 30 or more years; he just wants the company to pay for what they are doing to him. What would Yancey be considered? Yancey would be considered a suicide hacker. Since he does not care about going to jail, he would be considered a black hat. Because Yancey works for the company currently, he would be a white hat. Yancey is a hacktivist hacker since he is standing up to a company that is downsizing.

Yancey would be considered a suicide hacker.

Steve is the new CISO for a global corporation; he hired Dayna as a security consultant to do a security assessment. Steve wants to protect the corporate webpage with encryption and asks Dayna about the procedure to do that. Which of the following is the correct option? You need to use digital certificates. You need to use digital signature. You need to use quantum encryption. You need to use Blowfish encryption.

You need to use digital certificates.

Which of the following fields contains the address being offered by the DHCP server?

Your IP Address

A newly discovered flaw in a software application would be considered as which kind of security vulnerability? Input validation flaw HTTP header injection vulnerability Zero-day vulnerability Time-to-check to time-to-use flaw

Zero-day vulnerability

A newly discovered flaw in a software application would be considered as which kind of security vulnerability? Time-to-check to time-to-use flaw HTTP header injection vulnerability Input validation flaw Zero-day vulnerability

Zero-day vulnerability

Which of the following protocols is a type of short-range wireless communication? ZigBee LTE-Advanced Very Small Aperture Terminal (VSAT) Power-line Communication (PLC)

ZigBee

Which of the following firewall solution tool has the following features: ● Two-way firewall that monitors and blocks inbound as well as outbound traffic ● Allows users to browse the web privately ● Identity protection services help to prevent identity theft by guarding crucial data of the users. It also offers PC protection and data encryption ● Through Do Not Track, it stops data-collecting companies from tracking the online users ● Online Backup to backs up files and restores the data in the event of loss, theft, accidental deletion or disk failure zIPS Wifi Inspector Vangaurd Enforcer ZoneAlarm PRO FIREWALL 2018

ZoneAlarm PRO FIREWALL 2018

Sub7

a Trojan horse program.

GrayFish Rootkit

a Windows kernel rootkit that runs inside the Windows operating system and provides an effective mechanism, hidden storage and malicious command execution while remaining invisible. It injects its malicious code into the boot record which handles the launching of Windows at each step. It implements its own Virtual File System (VFS) to store the stolen data and its own auxiliary information.

Which layers of the Fiber Channel stack are replaced with Ethernet when using FCoE? chose all a. FC-0 b. FC-2 c. FC-1 d. FC-4 e. FC-3

a. FC-0 c. FC-1

Which of the following DHCP processes relies heavily on broadcasts, but most routers do not forward broadcasts?

boot

Which of the following commands is used to disable the BASH shell from saving the history? history -c export HISTSIZE=0 history -w shred ~/.bash_history

export HISTSIZE=0

Out of the following, identify the attack that is used for cracking a cryptographic algorithm using multiple keys for encryption. Meet-in-the-middle Attack Rainbow Table Attack Side Channel Attack

meet-in-the-middle attack is the best attack method for cryptographic algorithms using multiple keys for encryption. This attack reduces the number of brute force permutations needed to decode text encrypted by more than one key and conducted mainly for forging signatures on mixed type digital signatures. Type of b-day attack

Which of the following windows utilities allow an attacker to perform NetBIOS enumeration? GetRequest ntpdate SetRequest nbtstat

nbtstat

What is the correct pcap filter to capture all transmission control protocol (TCP)traffic going to or from host 192.168.0.125 on port 25? tcp.src == 25 and ip.host == 192.168.0.125 host 192.168.0.125:25 port 25 and host 192.168.0.125 tcp.port == 25 and ip.addr == 192.168.0.125

tcp.port == 25 and ip.addr == 192.168.0.125

What is the correct pcap filter to capture all transmission control protocol (TCP)traffic going to or from host 192.168.0.125 on port 25? port 25 and host 192.168.0.125 tcp.src == 25 and ip.host == 192.168.0.125 tcp.port == 25 and ip.addr == 192.168.0.125 host 192.168.0.125:25

tcp.port == 25 and ip.addr == 192.168.0.125

How can telnet be used to fingerprint a web server? telnet webserverAddress 80 HEAD / HTTP/1.0 telnet webserverAddress 80 PUT / HTTP/1.0 telnet webserverAddress 80 HEAD / HTTP/2.0 telnet webserverAddress 80 PUT / HTTP/2.0

telnet webserverAddress 80 HEAD / HTTP/1.0

Dynamic ports are used as which of the following for specific communications while they are underway?

temporary ports

Inside channel attack

the attacker runs a virtual machine on the same physical host of the victim's virtual machine and takes advantage of shared physical resources (processor cache) to steal data (cryptographic key) from the victim.

hashcat

the self-proclaimed world's fastest password recovery tool. It had a proprietary code base until 2015, but is now released as free software.

All IPv4 packets have a predefined lifetime indicated in which field?

time to live

In networking terms, a packet's ____ is the remaining distance that the packet can travel.

time to live

The ____ field defines the length of the IP header and any valid data (although it does not include any data link padding).

total length

A(n) ____ is a holding area for packets copied off the network.

trace buffer

WIDS

wireless intrusion detection system ( WIDS)

An ICMPv6 type 136 messge is also known as which of the following?

Neighbor advertisement

An attacker wants to exploit a target machine. In order to do this, he needs to identify potential vulnerabilities that are present in the target machine. What tool should he use to achieve his objective? Nessus Hydra Netcraft HTTrack

Nessus

Which of the following tools will scan a network to perform vulnerability checks and compliance auditing? NMAP Metasploit Nessus BeEF

Nessus

Which of the following tools will scan a network to perform vulnerability checks and compliance auditing? Metasploit Nessus NMAP BeEF

Nessus

Which of the following tools would be the best choice for achieving compliance with PCI Requirement 11? Truecrypt Sub7 Nessus Clamwin

Nessus

Which of the following tools would be the best choice for achieving compliance with PCI Requirement 11? Nessus Clamwin Sub7 Truecrypt

Nessus

Sanya is a security analyst in a multinational company who wants to schedule scans across multiple scanners, use wizards to easily and quickly create policies and wants to send results via email to her boss. Which vulnerability assessment tool should she use to get the best results? Recon-ng FOCA Wireshark Nessus Professional

Nessus Professional

NetBIOS

Which of the following applications allows attackers to identify the target devices and block the access of Wi-Fi to the victim devices in a network? NetCut Network Spoofer KingoRoot DroidSheep

NetCut

John's company is facing a DDoS attack. While analyzing the attack, John has learned that the attack is originating from the entire globe, and filtering the traffic at the Internet Service Provider's (ISP) level is an impossible task to do. After a while, John has observed that his personal computer at home was also compromised similar to that of the company's computers. He observed that his computer is sending large amounts of UDP data directed toward his company's public IPs. John takes his personal computer to work and starts a forensic investigation. Two hours later, he earns crucial information: the infected computer is connecting to the C&C server, and unfortunately, the communication between C&C and the infected computer is encrypted. Therefore, John intentionally lets the infection spread to another machine in his company's secure network, where he can observe and record all the traffic between the Bot software and the Botnet. After thorough analysis he discovered an interesting thing that the initial process of infection downloaded the malware from an FTP server which consists of username and password in cleartext format. John connects to the FTP Server and finds the Botnet software including the C&C on it, with username and password for C&C in configuration file. What can John do with this information? After successfully stopping the attack against his network, and informing the CERT about the Botnet and new password which he used to stop the attack and kick off the attackers from C&C, John starts to analyze all the data collected during the incident and creating the so-called "Lessons learned" document. What is John doing? Postattack forensics Neutralize the handlers Prevent potential attacks Protect secondary victims

Postattack forensics

During a penetration test, Marin discovered a session token that had had the content: 20170801135433_Robert. Why is this session token weak, and what is the name used for this type of vulnerability? Unknown Session Token Predictable Session Token Captured Session Token Date/Time Session Token

Predictable Session Token

Highlander, Incorporated, is a medical insurance company with several regional company offices in North America. There are various types of employees working in the company, including technical teams, sales teams, and work-from-home employees. Highlander takes care of the security patches and updates of official computers and laptops; however, the computers or laptops of the work-from-home employees are to be managed by the employees or their ISPs. Highlander employs various group policies to restrict the installation of any third-party applications. As per Highlander's policy, all the employees are able to utilize their personal smartphones to access the company email in order to respond to requests for updates. Employees are responsible for keeping their phones up to date with the latest patches. The phones are not used to directly connect to any other resources in the Highlander, Incorporated, network. The database that hosts the information collected from the insurance application is hosted on a cloud-based file server, and their email server is hosted on Office 365. Other files created by employees get saved to a cloud-based file server, and the company uses work folders to synchronize offline copies back to their devices. Management at Highlander, Incorporated, has agreed to develop an incident management process after discovering laptops were compromised and the situation was not handled in an appropriate manner. What is the first phase that Highlander, Incorporated, needs to implement within their incident management process? Forensic Investigation. Containment. Preparation for Incident Handling and Response. Classification and Prioritization.

Preparation for Incident Handling and Response.

A person approaches a network administrator and wants advice on how to send encrypted e-mail from home. The end user does not want to have to pay for any license fees or manage server services. Which of the following is the most secure encryption protocol that the network administrator should recommend? IP Security (IPsec) Multipurpose Internet Mail Extensions (MIME) Pretty Good Privacy (PGP) Hyper Text Transfer Protocol with Secure Socket Layer (HTTPS)

Pretty Good Privacy (PGP)

Which security control role does encryption meet? Preventative Detective Offensive Defensive

Preventative

Which security control role does encryption meet? Detective Controls Both detective and corrective controls Preventative Controls Corrective controls

Preventative Controls

Which of the following categories of security controls strengthens the system against incidents by minimizing or eliminating vulnerabilities? Deterrent Controls Preventive Controls Detective Controls Corrective Controls

Preventive Controls

Which of the following types of cloud platforms is most secure? Private Hybrid Public Internal

Private

Highlander, Incorporated, is a medical insurance company with several regional company offices in North America. There are various types of employees working in the company, including technical teams, sales teams, and work-from-home employees. Highlander takes care of the security patches and updates of official computers and laptops; however, the computers or laptops of the work-from-home employees are to be managed by the employees or their ISPs. Highlander employs various group policies to restrict the installation of any third-party applications. As per Highlander's policy, all the employees are able to utilize their personal smartphones to access the company email in order to respond to requests for updates. Employees are responsible for keeping their phones up to date with the latest patches. The phones are not used to directly connect to any other resources in the Highlander, Incorporated, network. The database that hosts the information collected from the insurance application is hosted on a cloud-based file server, and their email server is hosted on Office 365. Other files created by employees get saved to a cloud-based file server, and the company uses work folders to synchronize offline copies back to their devices. Apart from Highlander employees, no one can access the cloud service. What type of cloud service is Highlander using? Hybrid cloud Public cloud Community cloud Private cloud

Private cloud

Routers periodically send which type of message to inform hosts of link prefixes, settings for address autoconfiguration, link MTU, valid and preferred lifetimes, and other possible options?

Router advertisement

Select all correct answers. To defend against SQL injection, a developer needs to take proper actions in configuring and developing an application. Select all correct statements that help in defending against SQL injection attacks. Avoid constructing dynamic SQL with concatenated Input values Ensure that the Web configuration files for each application do not contain sensitive information Keep untrusted data separate from commands and queries Apply input validation only on the client-side

Avoid constructing dynamic SQL with concatenated Input values Ensure that the Web configuration files for each application do not contain sensitive information Keep untrusted data separate from commands and queries

Upon start-up, Neighbor Discovery collects information about how nodes configure their IPv6 addresses to communicate on the network. T or F

When a packet is fragmented, all fragments are given different TTL values. T or F

When a packet is sent between two ECN-capable routers, the packet is usually marked ECT (0) or ECT (10) for ECN Capable Transport. T or F

With router advertising, the default lifetime value for route entries is 10 minutes. T or F

FOCA

FOCA (Fingerprinting Organizations with Collected Archives) is a tool used mainly to find metadata and hidden information in the documents its scans.

In IoT hacking, which of the following component is used to send some unwanted commands in order to trigger some events which are not planned? Eavesdropper Fake Server Wi-Fi Device Bluetooth Device

Fake Server

A network administrator received an administrative alert at 3:00 a.m. from the intrusion detection system. The alert was generated because a large number of packets were coming into the network over ports 20 and 21. During analysis, there were no signs of attack on the FTP servers. How should the administrator understand this situation? True negatives False negatives True positives False positives

False positives

When analyzing the IDS logs, the system administrator noticed an alert was logged when the external router was accessed from the administrator's computer to update the router configuration. What type of an alert is this? False-positive False-negative True-positive True-negative

False-positive

Which of the following tools can be used by a pentester to test the security of web applications? Fiddler BetterCAP MITMf Cain & Abel

Fiddler

Which of the following tools can be used by a pentester to test the security of web applications? Fiddler BetterCAP MITMf Cain & Abel

Fiddler is a free web debugging tool which logs all HTTP(S) traffic between your computer and the Internet.

Which of the following android applications allows you to find, lock or erase a lost or stolen device? X-Ray Find My Device Find My iPhone Faceniff

Find My Device

Which of the following android applications allows you to find, lock or erase a lost or stolen device? X-Ray Find My Device Find My iPhone Faceniff

Find My Device

A pen tester was hired to perform penetration testing on an organization. The tester was asked to perform passive footprinting on the target organization. Which of the following techniques comes under passive footprinting? Finding the top-level domains (TLDs) and sub-domains of a target through web services Performing traceroute analysis Performing social engineering Querying published name servers of the target

Finding the top-level domains (TLDs) and sub-domains of a target through web services

Foren6

Foren6 uses sniffers to capture 6LoWPAN traffic and renders the network state in a graphical user interface.

IoT Edge

Framework consideration for edge would be proper communications and storage encryption, no default credentials, strong passwords, use latest up to date components and so on.

Which of the following is considered as the method of transmitting radio signals by rapidly switching a carrier among many frequency channels? -Orthogonal Frequency-division Multiplexing (OFDM) -Multiple input, multiple output orthogonal frequency-division multiplexing (MIMO-OFDM) -Direct-sequence Spread Spectrum (DSSS) -Frequency-hopping Spread Spectrum (FHSS)

Frequency-hopping Spread Spectrum (FHSS)

Which of the following is considered as a quality checking and assurance technique used to identify coding errors and security loopholes in web applications? Sandboxing Fuzz Testing Hash Stealing Session Hijacking

Fuzz Testing

Robert, a penetration tester is trying to perform SQL penetration testing on the SQL database of the company to discover coding errors and security loopholes. Robert sends massive amounts of random data to the SQL database through the web application in order to crash the web application of the company. After observing the changes in the output, he comes to know that web application is vulnerable to SQL injection attacks. Which of the following testing techniques is Robert using to find out the loopholes? Fuzzing Testing Stored Procedure Injection Out of Band Exploitation Alternate Encodings

Fuzzing Testing

A security administrator is looking for a patch management tool which scans the organization's network and manages security and non-security patches. Which of the following patch management tool, he/she can use in order to perform the required task? GFI LanGuard Netscan Pro Nikto Burp suite

GFI LanGuard

The target link layer address option is used in neighbor advertisement and in which of the following messages?

Router advertisement

What type of message does an IPv6 node send when an interface becomes active and the node wants to find routers connected to the local link?

Router solicitation

When a host's interface initializes, it may send which of the following messages to determine if any IPv6 routers are on the network segment?

Router solicitation

Which of the following uses ICMPv6 type 133 messages?

Router solicitation

Which of the following have static IP addresses because their addresses are key parts of any subnet's IP configuration?

Routers

Which of the following cryptography attack methods is usually performed without the use of a computer? Ciphertext-only attack Chosen key attack Rubber hose attack Rainbow table attack

Rubber hose attack

Which of the following ICMP packet fields provide error detection for the ICMP header only?

checksum

Which class of IP addresses are used for multicast communications, in which a single address may be associated with more than one network host machine?

class D

Which of the following use dynamic IP addresses because they initiate the connections to the servers, and the servers simply respond to the clients based on the clients' IP addresses?

clients

Which technique is known as the simplest form of subnet masking in which each subnet includes the same number of stations and represents a simple division of the address space made available by subnetting into multiple equal segments?

constant-length subnet masking

During a pen test, a tester conducts the following scan: hping3 -A 209.15.13.135 -p 80 You receive back o response, indicating the port is filtered. Which type of network interface is being scanned? a. external interface of public web server b. internal interface of public web server c. internal interface of DMZ firewall d. External interface of DMZ firewall

d. External interface of the DMZ firewall

Rootkits are kernel programs having the ability to hide themselves and cover up traces of activities. It replaces certain operating system calls and utilities with its own modified version of those routines. Which of the following rootkits modifies the boot sequence of the machine to load themselves instead to the original machine monitor or operating system? a. Kernel b. Boot loader c. Library d. Hypervisor

d. Hypervisor

Which of the following scans only work if the operation system's TCP/IP implementation is based on RFC 793? a. IDLE scan b. TCP connect scan c. FTP bounce scan d. NULL scan

d. NULL scan

Which of the following cryptographic attacks refers to extraction of cryptographic secrets (e.g. the password to an encrypted file) from a person by coercion or torture? a. Ciphertext-only attack b. Chosen-ciphertext attack c. Adaptive Chosen-plaintext attack d. Rubber Hose attack

d. Rubber Hose attack

One of your company's IT techs provides you with a report that lists SNMP-enabled devices on a network. Which tool most likely provided this information? a. NetBus b. Foundstone c. Ecora d. SNScan

d. SNScan

Disabling directed broadcasts on all routers is a mitigation for which attack? a. Routing table poisoning b. SYN flood c. MAC flood d. Smurf attack

d. Smurf attack

You have invested millions of dollars protecting your corporate network. You have the best IDS, firewall which strict rules and routers with no configuration errors. Which of the following techniques practices by an attacker exploits human behavior to make your network vulnerable to attack? a. Buffer overflow b. Denial-of-service c. SQL injection d. Social Engineering

d. Social Engineering

Firewalls are categorized into two; namely hardware firewall and software firewall. Identify the correct statement for a software firewall. a. Software firewall is placed between the desktop and the software components of the operating system. b. Software firewall is placed between the router and the networking components of the operating system. c. Software firewall is placed between the anti-virus application and the IDS components of the operating system d. Software firewall is placed between the normal application and the networking components of the operating system

d. Software firewall is placed between the normal application and the networking components of the operating system

Which of the following is used to detect bugs and irregularities in web applications? a. Mutation-based fuzz testing b. Generation-based fuzz testing c. Protocol-based fuzz testing d. Source code review

d. Source code review

In which step of the CEH hacking methodology (CHM) do you recover the credentials for a system account? a. escalating privileges b. pen testing c. covering tracks d. cracking passwords e. hiding files f. executing applications

d. cracking passwords

What is the term for the process of determining two numbers that can be multiplied together to equal a given starting value? a. trapdooring b. hashing c. derivation d. factorization

d. factorization

When an attack by a hacker is politically motivated, the hacker is said to be participating in which of the following? a. black-hate hacking b. grey-box attacks c. gray-hat attacks d. hacktivist

d. hacktivist

Which of the following versions of the Linux firewall is required for Linux kernel versions 2.4x and above? a. ipfwadm b. ipchains c. npf d. iptables

d. iptables

Which of the following statements is NOT true about RSA SecureID? a. it uses a password only once b. passwords stolen through a phishing attacks will fail c. it is a form of two-factor authentication d. it is a form of mutual authentication

d. it is a form of mutual authentication

The fields of the Fragment extension header are almost identical to the IPv4 fragment fields except for the use of which field?

flags

Which command lets a tester enumerate live systems in a class C network via ICMP using native Windows tools?

for /L %V in (1 1 254) do PING -n 1 192.168.2.%V | FIND /I "Reply"

Which command lets a tester enumerate live systems in a class C network via ICMP using native Windows tools? ping 192.168.2.255 ping 192.168.2. for /L %V in (1 1 254) do PING -n 1 192.168.2.%V | FIND /I "Reply" for %V in (1 1 255) do PING 192.168.2.%V

for /L %V in (1 1 254) do PING -n 1 192.168.2.%V | FIND /I "Reply"

Which command lets a tester enumerate live systems in a class C network via ICMP using native Windows tools? ping 192.168.2. ping 192.168.2.255 for %V in (1 1 255) do PING 192.168.2.%V for /L %V in (1 1 254) do PING -n 1 192.168.2.%V | FIND /I "Reply"

for /L %V in (1 1 254) do PING -n 1 192.168.2.%V | FIND /I "Reply"

On a network that is low on available bandwidth, which of the the following processes causes more traffic on the wire?

fragment retransmission

ngineer is learning to write exploits in C++ and is using Kali Linux. The engineer wants to compile the newest C++ exploit and name it calc.exe. Which command would the engineer use to accomplish this? g++ hackersExploit.py -o calc.exe g++ --compile -i hackersExploit.cpp -o calc.exe g++ -i hackersExploit.pl -o calc.exe g++ hackersExploit.cpp -o calc.exe

g++ hackersExploit.cpp -o calc.exe

The value in the 8-bit ____ field decrements by one each time it is forwarded by a network node, and the IPv6 packet is discarded if the value in this field reaches 0.

hop count

Which of the following utilities use route tracing to identify a path from the sender to the target host?

traceroute

Traceroute

traceroute is a computer network diagnostic tool for displaying the route and measuring transit delays of packets across an Internet Protocol network.

Many PDUs include a characteristic closing component called a ____ that provides data integrity checks for the data portion of the PDU, known as the payload.

trailer

To be valid, an domain name must correspond to at least one of which of the following?

unique numeric IP address

DDOS: Volumetric

volume-based attack which includes UDP floods, ICMP floods, and other spoofed packet floods.

Which of the following does TCP support, which is defined as the process of sending numerous data packets in sequence without waiting for an intervening acknowledgement?

windowing

Which of the following commands has to be disabled to prevent exploitation at the OS level? execute xp_cmdshell cat ping

xp_cmdshell

What is the SQL Server built-in extended stored procedure to execute commands and return their standard output on the underlying operating system

xp_cmdshell()

What is the length of ID number of an organization in a MAC address? 26 bits 24 bits 48 bits 12 bits

24 bits

The specifications for IPv6, including the header format, were established in RFC 1883, which was subsequently made obsolete by RFC ____.

2460

Which RFC is used to define a method for differentiating services for network traffic using the six high-order bits of the byte that was formerly the 3-bit Precedence field and the first bit of the TOS field?

2474

Which of the following tools can be used to perform LDAP enumeration? A: SuperScan B: SoftPerfect Network Scanner C: JXplorer D: Nsauditor Network Security Auditor

C: JXplorer

Which of the following protocols is responsible for synchronizing clocks of networked computers? A: LDAP B: DNS C: NTP D: SMTP

C: NTP

Which of the following tools will scan a network to perform vulnerability checks and compliance auditing? A: NMAP B: Metasploit C: Nessus D: BeEF

C: Nessus

Which type of access control is used on a router or firewall to limit network activity? Rule-based. Role-based. Mandatory Discretionary.

Rule-based.

SQLDict

SQL Injection. A dictionary attack tool for SQL Server

Sublist3r

Sublist3r is a python tool designed to enumerate subdomains of websites using OSINT

Which of the following tools can not be used to perform SNMP enumeration? SuperScan SNScan SoftPerfect Network Scanner Nsauditor Network Security Auditor

SuperScan

An attacker wants to monitor a target network traffic on one or more ports on the switch. In such a case, which of the following methods can he use? Lawful interception Wiretapping Active sniffing Port mirroring

Switched port analyzer (SPAN) is a Cisco switch feature, also known as "port mirroring," that monitors network traffic on one or more ports on the switch. It is a port that is configured to receive a copy of every packet that passes through a switch. It helps to analyze and debug data, identify errors, and investigate unauthorized network access on a network.

If your web application sets any cookie with a secure attribute, what does this mean? The cookie can not be accessed by JavaScript The cookie will not be sent cross-domain The client will send the cookie only over an HTTPS connection Cookies will be sent cross-domain

The client will send the cookie only over an HTTPS connection

Which of the following is a client-server tool utilized to evade firewall inspection? TCP-over-dns kismet nikto hping

TCP-over-dns

If an attacker intercepts an established connection between two communicating parties using spoofed packets, and then pretends to be one of them, then which network-level hijacking is he performing? RST hijacking IP spoofing Man-in-the-middle: packet sniffer TCP/IP hijacking

TCP/IP hijacking

What is the port number used by DNS servers to perform DNS zone transfer? UDP 137 TCP/UDP 53 TCP 139 TCP/UDP 135

TCP/UDP 53

What is the port number used by DNS servers to perform DNS zone transfer? TCP/UDP 135 UDP 137 TCP 139 TCP/UDP 53

TCP/UDP 53

TCPView

TCPView is a Windows program that shows detailed listings of all TCP and UDP endpoints on the system, including the local and remote addresses, and the state of TCP connections. It provides a subset of the Netstat program that ship with Windows.

A consultant is hired to do a physical penetration test at a large financial company. On the first day of his assessment, the consultant goes to the company's building dressed as an electrician and waits in the lobby for an employee to pass through the main access gate, and then the consultant follows the employee behind to get into the restricted area. Which type of attack did the consultant perform? Mantrap Tailgating Social engineering Shoulder surfing

Tailgating

Tcsh

This shell is based on the earlier C shell (csh). It's a fairly popular shell in some circles, but no major Linux distributions make it the default shell. Although it's similar to bash in many respects, some operational details differ. For instance, you don't assign environment variables in the same way in tcsh as in bash.

Which of the following short range wireless communication protocol is used for home automation that allows devices to communicate with each other on local wireless LAN? VSAT Cellular MoCA Thread

Thread

Which of the following short range wireless communication protocol is used for home automation that allows devices to communicate with each other on local wireless LAN? Cellular MoCA Thread

Thread is an IPv6 based networking protocol for IoT devices. Its main aim is home automation, so that the devices can communicate with each other on local wireless networks.

JXplorer

can be used to perform LDAP enumeration

Which one of the following is a Google search query used for VPN footprinting to find Cisco VPN client passwords ? filetype:pcf "cisco" "GroupPwd" "Config" intitle:"Index of" intext:vpn inurl:/remote/login?lang=en "[main]" "enc_GroupPwd=" ext:txt

"[main]" "enc_GroupPwd=" ext:txt

Which of the following is not an OWASP Top 10-2016 Mobile Risks? Insecure Communication Reverse Engineering Buffer Overflow Insecure Cryptography

1. Improper platform usage 2. Insecure data storage 3. Insecure communication 4. Insecure authentication 5. Insufficient cryptography 6. Insecure authorization 7. Client code quality 8. Code tampering 9. Reverse engineering 10. Extraneous functionality

A hacker was able to sniff packets on a company's wireless network. The following information was discovered: the Key 10110010 01001011 and the Ciphertext 01100101 01011010. 00101000 11101110 11010111 00010001 00001101 10100100 11110010 01011011

11010111 00010001

A hacker was able to sniff packets on a company's wireless network. The following information was discovered: the Key 10110010 01001011 and the Ciphertext 01100101 01011010. 00001101 10100100 11010111 00010001 11110010 01011011 00101000 11101110

11010111 00010001

A hacker was able to sniff packets on a company's wireless network. The following information was discovered: the Key 10110010 01001011 and the Ciphertext 01100101 01011010.

11010111 00010001 XOR or Exclusive OR function is a binary logical operation that results in true (1) only when one input is true (1) and the other is false (0). It returns false (0) when both the inputs are true (1) or false (0).

Which RFC defines a method for discovering a path MTU (PMTU) using ICMP?

1191

What is the default port on which the Nessus daemon listens to the connections?

1241

The default TTL in Windows Server 2008, Windows Vista, and Windows 7 is ____.

128

WPA2 uses AES for wireless data encryption at which of the following encryption levels? 64 bit and CCMP 128 bit and CCMP 128 bit and TKIP

128 bit and CCMP

WPA2 uses AES for wireless data encryption at which of the following encryption levels? 64 bit and CCMP 128 bit and CRC 128 bit and CCMP 128 bit and TKIP

128 bit and CCMP

WPA uses RC4 for wireless data encryption at which of the following encryption levels? 128 bit and CRC 128 bit and CCMP 128 bit and TKIP

128 bit and TKIP

The last bit of the entire Type Of Service field is reserved and set at 0, as specified by RFC ____.

1349

How many bit checksum is used by the TCP protocol for error checking of the header and data and to ensure that communication is reliable? 13-bit 14-bit 15-bit 16-bit

16-bit

Which RFC reserves three ranges of IP addresses for private use - a single Class A (10.0.0.0-10.255.255.255), 16 Class Bs (172.16.0.0-172.31.255.255), and

1918

What is the length of ID number of an organization in a MAC address? 24 bits 12 bits 48 bits 26 bits

24 bits

Which vital role does the U.S. Computer Security Incident Response Team (CSIRT) provide? Registration of critical penetration testing for the Department of Homeland Security and public and private sectors. Measurement of key vulnerability assessments on behalf of the Department of Defense (DoD) and State Department, as well as private sectors. 24x7 CSIRT Services to any user, company, government agency, or organization. Maintenance of the nation's Internet infrastructure, builds out new Internet infrastructure, and decommissions old Internet infrastructure.

24x7 CSIRT Services to any user, company, government agency, or organization.

Check Point's FireWall-1 listens to which of the following TCP ports? 1072 259 1080 1745

259

Check Point's FireWall-1 listens to which of the following TCP ports? 1072 259 1080 1745

259

IPv6 jumbograms are specified as a proposed standard in which of the following RFCs?

2675

TCP/IP Model

4 -Transport

The fixed IPv6 header of an IPv6 packet is made up of how many octets?

What is the recommended starting TTL value?

Which of the following is a standard for Wireless Local Area Networks (WLANs) that provides improved encryption for networks that use 802.11a, 802.11b, and 802.11g standards? 802.11n 802.11i 802.11d 802.11e

802.11i

Which of the following is a standard for Wireless Local Area Networks (WLANs) that provides improved encryption for networks that use 802.11a, 802.11b, and 802.11g standards? 802.11i 802.11d 802.11e

802.11i: The IEEE 802.11i standard improves WLAN security by implementing new encryption protocols such as TKIP and AES.

Which element in a vulnerability scanning report allows the system administrator to obtain additional information about the scanning such as the origin of the scan? Scan information Target information Services Classification

? Classification: This subtopic allows the system administrator to obtain additional information about the scanning such as origin of the scan.

RFCRACK Commands (See Back)

? Live Replay: python RFCrack.py -i ? Rolling Code: python RFCrack.py -r -M MOD_2FSK -F 314350000 ? Adjust RSSI Range: python RFCrack.py -r -U "-75" -L "-5" -M MOD_2FSK -F 314350000 ? Jamming: python RFCrack.py -j -F 31400000

In IoT hacking, which of the following component is used to send some unwanted commands in order to trigger some events which are not planned? Eavesdropper Fake Server Wi-Fi Device Bluetooth Device

A Fake Server can be used to send some unwanted commands in order to trigger some events which are not planned.

Fraggle Attack

A Fraggle Attack is a denial-of-service (DoS) attack that involves sending a large amount of spoofed UDP traffic to a router's broadcast address within a network. It is very similar to a Smurf Attack, which uses spoofed ICMP traffic rather than UDP traffic to achieve the same goal.

What is the length of ID number of an organization in a MAC address? 24 bits 12 bits 48 bits 26 bits

A MAC address is 48 bits, which splits into two sections, each containing 24 bits. The first section contains the ID number of the organization that manufactured the adapter and is called the organizationally unique identifier. The next section contains the serial number assigned to the NIC adapter and is called the network interface controller (NIC) specific.

An attacker sniffs encrypted traffic from the network and is subsequently able to decrypt it. Which cryptanalytic technique can the attacker use now in his attempt to discover the encryption key? A: Chosen ciphertext attack B: Meet in the middle attack C: Known plaintext attack D: Birthday attack

A: Chosen ciphertext attack

Which property ensures that a hash function will not produce the same hashed value for two different messages? A: Collision resistance B: Bit length C: Key Strength D: Entropy

A: Collision resistance

Which of the following countermeasure helps organizations to prevent information disclosure through banner grabbing? A: Configure IIS B: Configure web servers C: TCP/IP and IPSec D: Implement VPN

A: Configure IIS

Which of the following SMTP in-built commands tells the actual delivery addresses of aliases and mailing lists? A: EXPN B: VRFY C: RCPT TO D: PSINFO

A: EXPN

You want to carry out session hijacking on a remote server. The server and the client are communicating via TCP after a successful TCP three-way handshake. The server has just received packet #120 from the client. The client has a receive window of 200 and the server has a receive window of 250. What is the range of packet sequence numbers that would be accepted by the server? A. 121-371 B. 120-370 C. 200-250 D. 121-231 E. 120-321

A. 121-371 Package number 120 have already been received by the server and the window is 250 packets, so any package number from 121 (next in sequence) to 371 (121+250).

Steve scans the network for SNMP enabled devices. Which port number Steve should scan? A. 161 B. 169 C. 150 D. 69

A. 161 The default SNMP port is 161. Port 69 is for TFTP, Port 150 is for SQL-NET and 169 is for SEND.

17 Bob learned that his username and password for a popular game has been compromised. He contacts the company and resets all the information. The company suggests he use two-factor authentication, which option below offers that? A. A fingerprint scanner and his username and password B. His username and a stronger password C. A new username and password D. Disable his username and use just a fingerprint scanner.

A. A fingerprint scanner and his username and password

Which type of scan does not open a full TCP connection? A. Stealth Scan B. XMAS Scan C. Null Scan D. FIN Scan

A. A stealth scan. Instead of completing the full TCP three-way-handshake a full connection is not made. A SYN packet is sent to the system and if a SYN/ACK packet is received it is assumed that the port on the system is active. In that case a RST/ACK will be sent which will determined the listening state the system is in. If a RST/ACK packet is received, it is assumed that the port on the system is not active.

3 Which of the following parameters describe LM Hash: I - The maximum password length is 14 characters. II - There are no distinctions between uppercase and lowercase. III - It's a simple algorithm, so 10,000,000 hashes can be generated per second A. I and II B. I C. I, II, and III D. II

A. I - The maximum password length is 14 characters. II - There are no distinctions between uppercase and lowercase.

19 Shellshock had the potential for an unauthorized user to gain access to a server. It affected many internet facing services, which OS did it not directly affect? A. OS X B. Windows C. Linux D. Unix

A. OS X

13 How can rainbow tables be defeated? A. Password salting B. All upper case character passwords C. Lock out accounts under brute force password cracking attempts D. Use of non-dictionary words

A. Password salting

18 Eve stole a file named secret.txt, transferred it to her computer and she just entered these commands: [eve@localhost ~]$ john secret.txt Loaded 2 password hashes with no different salts (LM [DES 128/128 SSE2-16]) Press 'q' or Ctrl-C to abort, almost any other key for status 0g 0:00:00:03 3/3 0g/s 86168p/s 86168c/s 172336C/s MERO..SAMPLUI 0g 0:00:00:04 3/3 0g/s 3296Kp/s 3296Kc/s 6592KC/s GOS..KARIS4 0g 0:00:00:07 3/3 0g/s 8154Kp/s 8154Kc/s 16309KC/s NY180K..NY1837 0g 0:00:00:10 3/3 0g/s 7958Kp/s 7958Kc/s 15917KC/s SHAGRN..SHENY9 What is she trying to achieve? A. She is using John the Ripper to crack the passwords in the secret.txt file. B. She is using John the Ripper to view the contents of the file. C. She is using ftp to transfer the file to another hacker named John. D. She is encrypting the file.

A. She is using John the Ripper to crack the passwords in the secret.txt file.

Data is sent over the network as clear text (unencrypted) when Basic Authentication is configured on Web Servers. A. True B. False

A. True. Using HTTP basic authentication will result in your PW being sent over the internet as clear-text. Don't use this technique unless you understand what the ramifications of this are.

Your company has a doc that spells out exactly what employees are aloud to do on their computer system. It also defines what is prohibited and what consequences await those who break the rules. A copy of this doc is signed by all employees prior to their network access. Which of the following best describes this policy? A. information security policy b. special access policy c. information audit policy d. network connections policy

A. information security policy

A privilege escalation threat is caused due to which of the following weaknesses? A: A mistake in the access allocation system causes a customer, third party, or employee to get more access rights than needed. B: Weak authentication and authorization controls could lead to illegal access thereby compromising confidential and critical data stored in the cloud. C: Due to isolation failure, cloud customers can gain illegal access to the data. D: Due to flaws while provisioning or de-provisioning networks or vulnerabilities in communication encryption.

A: A mistake in the access allocation system causes a customer, third party, or employee to get more access rights than needed.

A privilege escalation threat is caused due to which of the following weaknesses? A: A mistake in the access allocation system causes a customer, third party, or employee to get more rights than needed B: Weak authentication and authorization controls could lead to illegal access thereby compromising confidential and critical data stored in the cloud. C: Due to isolation failure, cloud customers can gain illegal access to the data D: Due to flaws while provisioning or de-provisioning networks or vulnerabilities in communication encryption

A: A mistake in the access allocation system causes a customer, third party, or employee to get more rights than needed

A: BYOD

An attacker tries to recover the plaintext of a message without knowing the required key in advance. For this, he may first try to recover the key or may go after the message itself by trying every possible combination of characters. Which code-breaking method is he using? A: Brute force B: Frequency analysis C: One-time pad D: Trickery and deceit

A: Brute force

Which of the following steps in enumeration penetration testing serves as an input to many of the ping sweep and port scanning tools for further enumeration? A: Calculate the subnet mask B: Perform competitive intelligence C: Perform email footprinting D: Perform ARP poisoning

A: Calculate the subnet mask

A network administrator discovers several unknown files in the root directory of his Linux FTP server. One of the files is a tarball, two are shell script files, and the third is a binary file is named "nc." The FTP server's access logs show that the anonymous user account logged in to the server, uploaded the files, and extracted the contents of the tarball and ran the script using a function provided by the FTP server's software. The ps command shows that the nc file is running as process, and the netstat command shows the nc process is listening on a network port. What kind of vulnerability must be present to make this remote attack possible? A: File system permissions B: Privilege escalation C: Directory traversal D: Brute force login

A: File system permissions

A pen tester was hired to perform penetration testing on an organization. The tester was asked to perform passive footprinting on the target organization. Which of the following techniques comes under passive footprinting? A: Finding the top-level domains (TLDs) and sub-domains of a target through web services B: Performing traceroute analysis C: Performing social engineering D: Querying published name servers of the target

A: Finding the top-level domains (TLDs) and sub-domains of a target through web services

If you are responsible for securing a network from any type of attack and if you have found that one of your employees is able to access any website that may lead to clickjacking, attacks, what would you do to avoid the attacks? A: Harden browser permission rules B: Delete Cookies C: Configure Application certification rules D: Enable Remote Management

A: Harden browser permission rules

You are a security engineer for a cloud-based startup, XYZ Partners LLC, and they would like you to choose the best platform to run their environment from. The company stores sensitive PII and must be SOC 2 compliant. They would like to run their Windows server VMs and directory services from the cloud. Which of the following services and deployment models would meet the company's requirements? A: IaaS and Private B: PaaS and Public C: SaaS and Hybrid D: XaaS and Community

A: IaaS and Private

A: Irreversibility

Which of the following protocols is responsible for accessing distributed directories and access information such as valid usernames, addresses, departmental details, and so on? A: LDAP B: DNS C: NTP D: SMTP

A: LDAP

Which of the following protocols uses TCP or UDP as its transport protocol over port 389? A: LDAP B: SNMP C: SMTP D: SIP

A: LDAP

Which of the following mechanisms should be incorporated into the cloud services to facilitate networks and resources to improve the response time of a job with maximum throughput? A: Load balancing B: Encryption mechanism C: Lockout mechanism D: Two-factor authentication

A: Load balancing

Which of the following mobile applications is used to perform Denial-of-Service Attacks? A: Low Orbit Ion Cannon (LOIC) B: DroidSheep C: Unrevoked D: MTK Droid

A: Low Orbit Ion Cannon (LOIC)

An attacker attaches a rogue router in a network. He wants to redirect traffic to a LAN attached to his router as part of a man-in-the-middle attack. What measure on behalf of the legitimate admin can mitigate this attack? A: Make sure that legitimate network routers are configured to run routing protocols with authentication. B: Disable all routing protocols and only use static routes C: Only using OSPFv3 will mitigate this risk. D: Redirection of the traffic cannot happen unless the admin allows it explicitly.

A: Make sure that legitimate network routers are configured to run routing protocols with authentication.

Rebecca commonly sees an error on her Windows system that states that a Data Execution Prevention (DEP) error has taken place. Which of the following is most likely taking place? Malicious code is attempting to execute instruction a non-executable memory region. A: Malicious code is attempting to execute instruction a non-executable memory region. B: A page fault is occurring, which forces the operating system to write data from the hard drive. C: A race condition is being exploited, and the operating system is containing the malicious process. D: Malware is executing in either ROM or a cache memory area.

A: Malicious code is attempting to execute instruction a non-executable memory region.

Out of the following, identify the attack that is used for cracking a cryptographic algorithm using multiple keys for encryption. A: Meet-in-the-middle Attack B: Rainbow Table Attack C: Side-Channel Attack D: DUHK Attack

A: Meet-in-the-middle Attack

A large mobile telephony and data network operator has a data that houses network elements. These are essentially large computers running on Linux. The perimeter of the data center is secured with firewalls and IPS systems. What is the best security policy concerning this setup? A: Network elements must be hardened with user ids and strong passwords. Regular security tests and audits should be performed. B: As long as the physical access to the network elements is restricted, there is no need for additional measures. C: There is no need for specific security measures on the network elements as long as firewalls and IPS systems exist. D: The operator knows that attacks and downtime are inevitable and should have a backup site.

A: Network elements must be hardened with user ids and strong passwords. Regular security tests and audits should be performed.

Which of the following information is collected using enumeration? A: Network resources, network shares, and machine names. B: Open ports and services. C: Email Recipient's system IP address and geolocation. D: Operating systems, location of web servers, users and passwords.

A: Network resources, network shares, and machine names.

When using Wireshark to acquire packet capture on a network, which device would enable the capture of all traffic on the wire? A: Network tap B: Layer 3 switch C: Network bridge D: Application firewall

A: Network tap

Which of the following is a Mobile Device Management Software? A: XenMobile B: Phonty C: SpyBubble D: GadgetTrak

A: XenMobile

A regional bank hires your company to perform a security assessment on their network after a recent data breach. The attacker was able to steal financial data from the bank by compromising only a single server. Based on this information, what should be one of your key recommendations to the bank? A: Place a front-end web server in a demilitarized zone that only handles external web traffic B: Require all employees to change their passwords immediately C: Move the financial data to another server on the same IP subnet D: Issue new certificates to the web servers from the root certificate authority

A: Place a front-end web server in a demilitarized zone that only handles external web traffic

What is the default port used by IPSEC IKE protocol? A: Port 500 B: Port 4500 C: Port 50 D: Port 51

A: Port 500

Which of the following is not a legitimate cloud computing attack? A: Port Scanning B: Denial-Of- Service (DoS) C: Privilege Escalation D: Man-In- The-Middle (MiTM)

A: Port Scanning

Which of the following types of cloud platforms is most secure? A: Private B: Hybrid C: Public D: Internal

A: Private

To send a PGP-encrypted message, which piece of information from the recipient must the sender have before encrypting the message? A: Recipient's public key B: Recipient's private key C: Master encryption key D: Sender's public key

A: Recipient's public key

Which of the following tools can be used to perform SNMP enumeration? A: SNScan B: SoftPerfect Network Scanner C: SuperScan D: Nsauditor Network Security Auditor

A: SNScan

You are doing a research on SQL injection attacks. Which of the following combination of Google operators will you use to find all Wikipedia pages that contain information about SQL, injection attacks or SQL injection techniques? A: SQL injection site:Wikipedia.org B: site:Wikipedia.org intitle:"SQL Injection" C: allinurl: Wikipedia.org intitle:"SQL Injection" D: site:Wikipedia.org related:"SQL Injection"

A: SQL injection site:Wikipedia.org

Which of the following protocols is used for secure information passage between two endpoints? A: SSL B: TCP C: UDP D: FTP

A: SSL

Sean works as a professional ethical hacker and penetration tester. He is assigned a project for information gathering on a client's network. He started penetration testing and was trying to find out the company's internal URLs, looking for any information about the different departments and business units. Sean was unable find any information. What should Sean do to get the information he needs? A: Sean should use Sublist3r tool B: Sean should use WayBackMachine in Archive.org C: Sean should use website mirroring tools D: Sean should use email tracking tools

A: Sean should use Sublist3r tool

What is the output returned by search engines when extracting critical details about a target from the Internet? A: Search Engine Results Pages ('SERPs') B: Advanced search operators C: Open ports and Services D: Operating systems, location of web servers, users and passwords

A: Search Engine Results Pages ('SERPs')

Sean works as a penetration tester in ABC firm. He was asked to gather information about the target company. Sean begins with social engineering by following the steps: ● Secretly observes the target to gain critical information ● Looks at employee's password or PIN code with the help of binoculars or a low-power telescope Based on the above description, identify the social engineering technique. A: Shoulder surfing B: Dumpster diving C: Phishing D: Tailgating

A: Shoulder surfing

Out of the following attacks, which attack is a physical attack that is performed on a cryptographic device/cryptosystem to gain sensitive information? A: Side channel attack B: MITM attack C: Hash collision attack D: DUHK attack

A: Side channel attack

Smith works as a professional Ethical Hacker with a large MNC. He is a CEH certified professional and was following the CEH methodology to perform the penetration testing. He is assigned a project for information gathering on a client's network. He started penetration testing and was trying to find out the company's internal URLs, (mostly by trial and error), looking for any information about the different departments and business units. Smith was unable to find any information. What should Smith do to get the information he needs? A: Smith should use online services such as netcraft.com to find the company's internal URLs B: Smith should use WayBackMachine in Archive.org to find the company's internal URLs. C: Smith should use website mirroring tools such as HTTrack Website Copier to find the company's internal URLs. D: Smith should use email tracking tools such as eMailTrackerPro to find the company's internal URLs.

A: Smith should use online services such as netcraft.com to find the company's internal URLs

You are manually conducting Idle Scanning using Hping2. During your scanning you notice that almost every query increments the IPID regardless of the port being queried. One or two of the queries cause the IPID to increment by more than one value. Why do you think this occurs? A: The zombie you are using is not truly idle. B: A stateful inspection firewall is resetting your queries. C: Hping2 cannot be used for idle scanning. D: These ports are actually open on the target system.

A: The zombie you are using is not truly idle.

Which of the following Jailbreaking techniques will make the mobile device jailbroken after each reboot? A: Untethered Jailbreaking B: Semi-Tethered Jailbreaking C: Tethered Jailbreaking D: None of the Above

A: Untethered Jailbreaking

Which of the following types of jailbreaking allows user-level access but does not allow iboot-level access? A: Userland Exploit B: iBoot Exploit C: Bootrom Exploit D: None of the above

A: Userland Exploit

Which system consists of a publicly available set of databases that contain domain name registration contact information? A: WHOIS B: IANA C: CAPTCHA D: IETF

A: WHOIS

Which of the following tools consists of a publicly available set of databases that contain personal information of domain owners? A: WHOIS lookup tools B: Traceroute tools C: Web spidering tools D: Metadata extraction tools

A: WHOIS lookup tools

A: WhoIs Lookup

Steve is the new CISO for a global corporation; he hired Dayna as a security consultant to do a security assessment. Steve wants to protect the corporate webpage with encryption and asks Dayna about the procedure to do that. Which of the following is the correct option? A: You need to use digital certificates. B: You need to use digital signature. C: You need to use quantum encryption D: You need to use Blowfish encryption.

A: You need to use digital certificates.

Which Metasploit Framework tool can help penetration tester for evading Anti-virus Systems? A: msfencode B: msfpayload C: msfcli D: msfd

A: msfencode

The configuration allows a wired or wireless network interface controller to pass all traffic it receives to the central processing unit (CPU), rather than passing only the frames that the controller is intended to receive. Which of the following is being described? A: promiscuous mode B: port forwarding C: multi-cast mode D: WEM

A: promiscuous mode

When you are collecting information to perform a data analysis, Google commands are very useful to find sensitive information and files. These files may contain information about passwords, system functions, or documentation. What command will help you to search files using Google as a search engine? A: site: target.com filetype:xls username password email B: inurl: target.com filename:xls username password email C: domain: target.com archive:xls username password email D: site: target.com file:xls username password email

A: site: target.com filetype:xls username password email

You are a Network Security Officer. You have two machines. The first machine (192.168.0.99) has snort installed, and the second machine (192.168.0.150) has kiwi syslog installed. You perform a syn scan in your network, and you notice that kiwi syslog is not receiving the alert message from snort. You decide to run wireshark in the snort machine to check if the messages are going to the kiwi syslog machine. What wireshark filter will show the connections from the snort machine to kiwi syslog machine? A: tcp.dstport==514 && ip.dst==192.168.0.150 B: tcp.srcport==514 && ip.src==192.168.0.99 C: tcp.dstport==514 && ip.dst==192.168.0.0/16 D: tcp.srcport==514 && ip.src==192.168.150

A: tcp.dstport==514 && ip.dst==192.168.0.150

Arturo is the leader of information security professionals of a small financial corporation that has a few branch offices in Africa. The company suffered an attack of USD 10 million through an interbanking system. The CSIRT explained to Arturo that the incident occurred because 6 months ago the hackers came in from the outside through a small vulnerability, then they did a lateral movement to the computer of a person with privileges in the interbanking system. Finally, the hackers got access and did the fraudulent transactions. What is the most accurate name for the kind of attack in this scenario? APT Internal Attack External Attack Backdoor

APT

Arturo is the leader of information security professionals of a small financial corporation that has a few branch offices in Africa. The company suffered an attack of USD 10 million through an interbanking system. The CSIRT explained to Arturo that the incident occurred because 6 months ago the hackers came in from the outside through a small vulnerability, then they did a lateral movement to the computer of a person with privileges in the interbanking system. Finally, the hackers got access and did the fraudulent transactions.What is the most accurate name for the kind of attack in this scenario? External Attack APT Internal Attack Backdoor

APT

ARIN

____ is used to permit computers to translate numeric IP addresses to MAC layer addresses

ARP

IPv6 Router Advertisement protocol can be compared with with IPv4 protocol function?

ARP request

During the penetration testing, Marin identified a web application that could be exploited to gain the root shell on the remote machine. The only problem was that in order to do that he would have to know at least one username and password usable in the application. Unfortunately, guessing usernames and brute-forcing passwords did not work. Marin does not want to give up his attempts. Since this web application,was being used by almost all users in the company and was using http protocol, so he decided to use Cain & Abel tool in order to identify at least one username and password. After a few minutes, the first username and password popped-up and he successfully exploited the web application and the physical machine. What type of attack did he use in order to find the username and password to access the web application? ARP spoofing DNS spoofing TCP protocol hijacking UDP protocol hijacking

ARP spoofing

Which of the following security policies protects the organizational resources and enables organizations to track their assets? User account policy Remote access policy Information protection policy Access control policy

Access control policy

Robert is a user with a privileged account and he is capable of connecting to the database. Rock wants to exploit Robert's privilege account. How can he do that? Access the database and perform malicious activities at the OS level Reject entries that contain binary data, escape sequences, and comment characters Use the most restrictive SQL account types for applications Design the code in such a way it traps and handles exceptions appropriately

Access the database and perform malicious activities at the OS level

Account lockout mechanism

An NMAP scan of a server shows port 25 is open. What risk could this pose? Open printer sharing Web portal data leak Clear text authentication Active mail relay

Active mail relay is an SMTP server configured in such a way that it allows anyone on the Internet to send email through it, not just mail destined to or originating from known users. Simple Mail Transfer Protocol (SMTP) uses port 25 for email routing between mail servers. In the above scenario, Nmap scan shows port 25 is open; it is vulnerable to active mail relay.

Sarah is facing one of the biggest challenges in her career—she has to design the early warning DDoS detection techniques for her employer. She starts with the network analysis and detection of an increase in activity levels and analyzing the network flows (focusing on network's packet header information). Her idea is to try to spot the increase in specific traffic, which is above normal traffic rate for this specific network flow. Which DDoS detection technique is she trying to implement? Activity profiling Change-point detection Wavelet-based signal analysis NetFlow detection

Activity profiling

Which of the following is an attack detection technique that monitors the network packet's header information? This technique also determines the increase in overall number of distinct clusters and activity levels among the network flow clusters? Activity profiling Wavelet-based signal analysis Sequential Change-point detection Ping of death attack

Activity profiling

Activity profiling is done based on the average packet rate for a network flow, which consists of consecutive packets with similar packet header information. Packet header information includes the destination and sender IP addresses, ports, and transport protocols used.

Registration authority (RA)

Acts as the verifier for the certificate authority

Acunetix Vulnerability Scanner

Acunetix are the pioneers of automated web application security testing.

Which of the following tools provides automated web application security testing with innovative technologies including DeepScan and AcuSensor technology? IBM Security AppScan Hping2 / Hping3 SoftPerfect network scanner Acunetix web vulnerability scanner

Acunetix web vulnerability scanner

Jamie has been informed by the local helpdesk team that there has been a security issue related to some detected malware. The helpdesk has asked Jamie to help in finding out the location of the malware on the network. Jamie knows that the deployed firewall log data can show various bits of information about files moving through the network. What can Jamie do to help the team to match the file actually causing the malware concern given the sha256 of the suspected file by the team? Of the below, what should Jamie do to help the team? Sort by the hash value and provide all the matching filenames to the team. Submit the sha56 to the antivirus company for matching, and then give the findings to the team. Add a sha256 certificate to the firewall to find the sha256 of the file. Add the same sha256 certificate from the malware to the firewall so that it can defend against it.

Add a sha256 certificate to the firewall to find the sha256 of the file.

When a node wants to send a packet to an on-link neighbor but the sender does not know the link-layer address for the target node, which process is invoked by the node?

Address resolution

Out of the following options, identify the function of the following command performed on a Cisco switch. "switchport port-security mac-address sticky" Adds all secure MAC addresses that are dynamically learned to the running configuration Configures the secure MAC address aging time on the port Configures the switch port parameters to enable port security Configures the maximum number of secure MAC addresses for the port

Adds all secure MAC addresses that are dynamically learned to the running configuration

Out of the following options, identify the function of the following command performed on a Cisco switch. "switchport port-security mac-address sticky" Configures the switch port parameters to enable port security Configures the maximum number of secure MAC addresses for the port Configures the secure MAC address aging time on the port Adds all secure MAC addresses that are dynamically learned to the running configuration

Adds all secure MAC addresses that are dynamically learned to the running configuration

Which of the following is one of the four critical components of an effective risk assessment? DMZ. Logical interface. Physical security. Administrative safeguards.

Administrative safeguards.

Which of the following is a component of a risk assessment? -Physical security. -Administrative safeguards. -DMZ. -Logical interface.

Administrative safeguards. Risk assessment include: The total process of identifying, measuring, and minimizing uncertain events affecting AIS resources. Itincludes risk analysis, cost benefit analysis, safeguard selection, security test and evaluation,safeguard implementation, and systems review.

Highlander, Incorporated, is a medical insurance company with several regional company offices in North America. Employees, when in the office, utilize desktop computers that have Windows 10, Microsoft Office, anti-malware/virus software, and an insurance application developed by a contractor. All of the software updates and patches are managed by the IT department of Highlander, Incorporated. Group policies are used to lock down the desktop computers, including the use of Applocker to restrict the installation of any third-party applications. There are one hundred employees who work from their home offices. Employees who work from home use their own computers, laptops, and personal smartphones. They authenticate to a cloud-based domain service, which is synchronized with the corporate internal domain service. The computers are updated and patched through the cloud-based domain service. Applocker is not used to restrict the installation of third-party applications. The database that hosts the information collected from the insurance application is hosted on a cloud-based file server, and their email server is hosted on Office 365. Other files created by employees get saved to a cloud-based file server, and the company uses work folders to synchronize offline copies back to their devices. A competitor learns that employees use their own personal smartphones to communicate with other employees of Highlander, Incorporated. Which information security attack vector should the competitor use to gather information over a long period of time from the phones, without the victim being aware that he or she has been compromised? Viruses and Worms Advanced Persistent Threat Mobile Threats Botnet

Advanced Persistent Threat

Highlander, Incorporated, is a medical insurance company with several regional company offices in North America. Employees, when in the office, utilize desktop computers that have Windows 10, Microsoft Office, anti-malware/virus software, and an insurance application developed by a contractor. All of the software updates and patches are managed by the IT department of Highlander, Incorporated. Group policies are used to lock down the desktop computers, including the use of Applocker to restrict the installation of any third-party applications. There are one hundred employees who work from their home offices. Employees who work from home use their own computers, laptops, and personal smartphones. They authenticate to a cloud-based domain service, which is synchronized with the corporate internal domain service. The computers are updated and patched through the cloud-based domain service. Applocker is not used to restrict the installation of third-party applications. The database that hosts the information collected from the insurance application is hosted on a cloud-based file server, and their email server is hosted on Office 365. Other files created by employees get saved to a cloud-based file server, and the company uses work folders to synchronize offline copies back to their devices. A competitor learns that employees use their own personal smartphones to communicate with other employees of Highlander, Incorporated. Which information security attack vector should the competitor use to gather information over a long period of time from the phones, without the victim being aware that he or she has been compromised? Advanced Persistent Threat Viruses and Worms Mobile Threats Botnet

Advanced Persistent Threat

Which of the following attack vectors is a network attack in which an unauthorized person gains access to a network and stays there undetected for a long period of time? The intention of this attack is to steal data rather than to cause damage to the network or organization. Advanced Persistent Threats Mobile Threats Botnet Insider Attack

Advanced Persistent Threats

Which of the following attack vectors is a network attack in which an unauthorized person gains access to a network and stays there undetected for a long period of time? The intention of this attack is to steal data rather than to cause damage to the network or organization. Botnet Advanced Persistent Threats Insider Attack Mobile Threats

Advanced Persistent Threats

Which of the following .dll file is used by the Zeus Trojan to access and manipulate Service Manager and Registry on a victim machine? Advapi32.dll n32dll.dll User32.dll Kernel32.dll

Advapi32.dll

Which of the following .dll file is used by the Zeus Trojan to access and manipulate Service Manager and Registry on a victim machine? Kernel32.dll Advapi32.dll User32.dll n32dll.dll

Advapi32.dll

Which of the following .dll file is used by the Zeus Trojan to access and manipulate Service Manager and Registry on a victim machine? Kernel32.dll Advapi32.dll User32.dll n32dll.dll

Advapi32.dll - To access/manipulate Service Manager and Registry

Which option is used in Mobile IPv6 by mobile nodes receiving Router Advertisement messages for their movement detection algorithm?

Advertisement Interval

Highlander, Incorporated, is a medical insurance company with several regional company offices in North America. Employees, when in the office, utilize desktop computers that have Windows 10, Microsoft Office, anti-malware/virus software, and an insurance application developed by a contractor. All of the software updates and patches are managed by the IT department of Highlander, Incorporated. Group policies are used to lock down the desktop computers, including the use of Applocker to restrict the installation of any third-party applications. There are one hundred employees who work from their home offices. Employees who work from home use their own computers, laptops, and personal smartphones. They authenticate to a cloud-based domain service, which is synchronized with the corporate internal domain service. The computers are updated and patched through the cloud-based domain service. Applocker is not used to restrict the installation of third-party applications. The protocol that they have chosen is Authentication Header (AH). The database that hosts the information collected from the insurance application is hosted on a cloud-based file server, and their email server is hosted on Office 365. Other files created by employees get saved to a cloud-based file server and the company uses work folders to synchronize offline copies back to their devices. A competitor has finished the reconnaissance and scanning phases of their attack. They are going to try to gain access to the Highlander, Incorporated, laptops. Which would be the most likely level to gain access? Hardware Level Network Level Application Level Operating System

Application Level

A session hijacking attack that gains control over the HTTP's user session by obtaining the session IDs, is known as_______________. Application Level Hijacking Network Level Hijacking Passive attack Active hijacking

Application Level Hijacking

Which of the following techniques do attackers use to escalate privileges in the Windows operating system? Launch Daemon Plist Modification Setuid and Setgid Application Shimming

Application Shimming

Which of the following techniques do attackers use to escalate privileges in the Windows operating system? Launch Daemon Application Shimming Setuid and Setgid Plist Modification

Application Shimming

Martha is a network administrator in company named "Dubrovnik Walls Ltd." She realizes that her network is under a DDoS attack. After careful analysis, she realizes that large amount of HTTP POST requests are being sent to the web servers behind the WAF. The traffic is not legitimate, since the web application requires workflow to be finished in order to send the data with the POST request, and this workflow data is missing. So, What type of DDoS attack is this? Application layer attack Volume (volumetric) attack Protocol attack SYN flood attack

Application layer attack

Which of the following items is unique to the N-tier architecture method of designing software applications? Application layers can be separated, allowing each layer to be upgraded independently from other layers. Data security is tied into each layer and must be updated for all layers when an upgrade is performed. Application layers can be written in C, ASP.NET, or Delphi without any performance loss. It is compatible with various databases including Access, Oracle, and SQL.

Application layers can be separated, allowing each layer to be upgraded independently from other layers.

Which of the following provide the simplest kind of transport services because they simply package messages, taken as is from the TCP/IP Application layer, into datagrams?

Connectionless protocols

6 You've gained physical access to a Window 2008 R2 server which has an accessible disc drive. When you attempt to boot the server and log in, you are unable to guess the password. In your tool kit you have an Ubuntu 9.10 Linux LiveCD. Which Linux based tool has the ability to change any user's password or to activate disabled Windows accounts? A. SET B. CHNTPW C. John the Ripper D. Cain & Abel

B. CHNTPW

SNMP is a protocol used to query hosts, servers, and devices about performance or health status data. Hackers have used this protocol for a long time to gather great amount of information about remote hosts. Which of the following features makes this possible? A. It uses TCP as the underlying protocol B. It uses a community string sent as clear text C. It is susceptible to sniffing D. It is used by ALL devices on the market

B. It uses a community string sent as cleartext C. It is susceptible to sniffing. SNMP uses UDP, not TCP, and even though many devices use SNMP, not all devices use it and it can be disabled on most of the devices that do use it. However, SNMP is susceptible to sniffing and the community string (which can be said to act as a password) is sent in cleartext.

8 John the Ripper is a technical assessment tool used to test the weakness of which of the following? A. Usernames B. Passwords C. Firewall rulesets D. File permissions

B. Passwords

Bryce the bad boy is purposely sending fragmented ICMP packets to a remote target. The total size of this ICMP packet once reconstructed is over 65,536 bytes. From the information given, what type of attack is Bryce attempting to perform? A. Smurf B. Ping of Death C. Fraggle D. SYN Flood

B. Ping of Death

Matthew re-injects a captured wireless packet back onto the network. He does this hundreds of times within a second. The packet is correctly encrypted and Matthew assumes it is an ARP request packet. The wireless host responds with a stream of responses, all individually encrypted with different IVs. What is this attack most appropriately called?

B. Replay attack. A replay attack is a form of network attack in which a valid data transmission is maliciously or fraudulently repeated or delayed. This is carried out either by the originator or by an adversary who intercepts the data and re-transmits it, possibly as part of a masquerade attack by IP packet substitution (such as stream cipher attack.)

15 By using a smart card and pin, you are using a two-factor authentication that satisfies A. Something you are and something you remember B. Something you have and something you know C. Something you know and something you are D. Something you have and something you are

B. Something you have and something you know

4 Ricardo wants to send secret messages to a competitor company. To secure these messages, he uses a technique of hiding a secret message within an ordinary message. The technique provides "security through obscurity". What technique is Ricardo using? A. RSA algorithm B. Steganography C. Public-key cryptography D. Encryption

B. Steganography

A program that defends against a port scanner will attempt to: A. Log a violation and recommend use of security-auditing tools B. Update a firewall rule in real time to prevent the port scan from being completed C. Sends back bogus data to the port scanner D. Limit access by the scanning system to publicly available ports only

B. Update a firewall rule in realtime to prevent the port scan from being completed.

Which of the following is not a type of DNS attack? A: Domain Snipping B: Session Hijacking C: Domain Hijacking D: Cybersquatting

B: Session Hijacking

While doing web application testing, you might be required to look through multiple web pages online which can take a long time. Which process below would be a more efficient way of doing this type of validation? A. Useget utility to download all pages locally for further inspection B. Use wget utility to download all pages locally for further inspection C. Use mget utility to download all pages locally for further inspection D. Use get * utility to download all pages locally for further inspection

B. Use wget utility to download all pages locally for further inspection. Wget is a utility used for mirroring websites, get* doesn't work, as for the actual FTP command to work there needs to be a space between get and *. get( ); is just bogus, that's a C function that's written 100% wrong. mget dis a command used from "within" ftp itself, ruling out A. Which leaves B use wget which is designed for mirroring and download files, especially webpages if used with the -R option (i.e. wget -R) it could mirror a site, all except the protected portions, of course. GNU Wget is a free network utility to retrieve files from teh Web using FTP and HTTP, and can be used to make mirrors of archives and home pages, thus enabling work in the background after logging off.

Windump is a Windows port of the famous TCPDump packet sniffer available on a variety of platforms. In order to use this tool on the Windows platform you must install a packet capture library. What is the name of this library? A. NTPCAP B. WinPCAP C. PCAP D. LibPCAP

B. WinPCAP Win PCAP is the industry standard tool for link-layer network access in Windows environments. It allows applications to capture and transmit network packets bypassing the protocol stack, and has additional useful features, including kernel-level packet filtering, a network statistics engine, and support for remote packet capture.

Which one of the following is a Google search query used for VPN footprinting to find Cisco VPN client passwords ? A: filetype:pcf "cisco" "GroupPwd" B: "[main]" "enc_GroupPwd=" ext:txt C: "Config" intitle:"Index of" intext:vpn D: inurl:/remote/login?lang=en

B: "[main]" "enc_GroupPwd=" ext:txt

If you want only to scan fewer ports than the default scan using Nmap tool, which option would you use? A: -sP B: -P C: -r D: -F

B: -P

B: ARIN

Which of the PKI components is responsible for issuing and verifying digital certificate? A: Validation authority (VA) B: Certificate authority (CA) C: Registration authority (RA) D: End user

B: Certificate authority (CA)

Which of the following processes of PKI (public key infrastructure) ensures that a trust relationship exists and that a certificate is still valid for specific operations? A: Certificate issuance B: Certificate validation C: Certificate cryptography D: Certificate revocation

B: Certificate validation

An attacker breaks an n bit key cipher into 2 n/2 number of operations in order to recover the key. Which cryptography attack is he performing? A: Timing attack B: Chosen-key attack C: Rubber hose attack D: Known-plaintext attack

B: Chosen-key attack

You are a security engineer for XYZ Inc. Your company is based on a private cloud infrastructure and discovers a potential breach through a vulnerability that was not properly patched. XYZ Inc. wants to perform a root cause analysis and discover if any data was exfiltrated and if so, what type of information did it contain? How would XYZ Inc. find out this information? A: Data Analysis B: Cloud Forensics C: Vulnerability Scanning D: Penetration Testing

B: Cloud Forensics

Company A and Company B have just merged and each has its own public key infrastructure (PKI). What must the certificate authorities (CAs) establish so that the private PKIs for Company A and Company B trust one another and each private PKI can validate digital certificates from the other company? A: Poly key exchange B: Cross certification C: Poly key reference D: Cross-site exchange

B: Cross certification

Which of the following attacks mainly affects any hardware/software using an ANSI X9.31 random number generator (RNG)? A: Rainbow table attack B: DUHK attack C: Hash collision attack D: Side-channel attack

B: DUHK attack

Which of the following cryptanalysis methods is applicable to symmetric key algorithms? A: Linear cryptanalysis B: Differential cryptanalysis C: Integral cryptanalysis D: Frequency Cryptanalysis

B: Differential cryptanalysis

Which of the following statements is not true for securing iOS devices? A: Do not jailbreak or root your device if used within enterprise environments B: Disable Jailbreak detection C: Do not store sensitive data on client-side database D: Disable Javascript and add-ons from web browser

B: Disable Jailbreak detection

Which of the following is not a countermeasure for phishing attacks? A: Do not click on any links included in the SMS B: Disable the "block texts from the internet" feature from your provider C: Never reply to a SMS that urges you to act or respond quickly D: Review the bank's policy on sending SMS

B: Disable the "block texts from the internet" feature from your provider

What is the most secure way to mitigate the theft of corporate information from a laptop that was left in a hotel room? A: Set a BIOS password. B: Encrypt the data on the hard drive. C: Use a strong logon password to the operating system. D: Back up everything on the laptop and store the backup in a safe place.

B: Encrypt the data on the hard drive.

Which of the following android applications allows you to find, lock or erase a lost or stolen device? A: X-Ray B: Find My Device C: Find My iPhone D: Faceniff

B: Find My Device

Which of the following act requires employer's standard national numbers to identify them on standard transactions? A: SOX B: HIPAA C: DMCA D: PCI-DSS.

B: HIPAA

Which of the following is not a characteristic of virtualization in cloud computing technology? A: Partitioning B: Storage C: Isolation D: Encapsulation

B: Storage

Which of the following protocols provides reliable multiprocess communication service in a multinetwork environment? A: UDP B: TCP C: SMTP D: SNMP

B: TCP

A specific site received 91 ICMP_ECHO packets within 90 minutes from 47 different sites. 77 of the ICMP_ECHO packets had an ICMP ID:39612 and Seq:57072. 13 of the ICMP_ECHO packets had an ICMP ID:0 and Seq:0. What can you infer from this information? A: The packets were sent by a worm spoofing the IP addresses of 47 infected sites B: ICMP ID and Seq numbers were most likely set by a tool and not by the operating system C:All 77 packets came from the same LAN segment and hence had the same ICMP ID and Seq number D: 13 packets were from an external network and probably behind a NAT, as they had an ICMP ID 0 and Seq 0

B: ICMP ID and Seq numbers were most likely set by a tool and not by the operating system

Which of the following protocols is the technology for both gateway-to-gateway (LAN-to-LAN) and host to gateway (remote access) enterprise VPN solutions? A: SMTP B: IPSec C: SNMP D: NetBios

B: IPSec

Which of the following processes is supposed to install a modified set of kernel patches that allows users to run third-party applications not signed by the OS vendor? A: WarDriving B: JailBreaking C: Spear-Phishing D: Sandboxing

B: JailBreaking

In Risk Management, how is the term "likelihood" related to the concept of "threat?" A: Likelihood is the likely source of a threat that could exploit a vulnerability. B: Likelihood is the probability that a threat-source will exploit a vulnerability. C: Likelihood is a possible threat-source that may exploit a vulnerability. D: Likelihood is the probability that a vulnerability is a threat-source.

B: Likelihood is the probability that a threat-source will exploit a vulnerability.

When conducting a penetration test, it is crucial to use all means to get all available information about the target network. One of the ways to do that is by sniffing the network. Which of the following cannot be performed by the passive network sniffing? A: Identifying operating systems, services, protocols and devices B: Modifying and replaying captured network traffic C: Collecting unencrypted information about usernames and passwords D: Capturing a network traffic for further analysis

B: Modifying and replaying captured network traffic

B: NetBios

What is the outcome of the command "nc -l -p 2222 | nc 10.1.0.43 1234"? A: Netcat will listen on the 10.1.0.43 interface for 1234 seconds on port 2222. B: Netcat will listen on port 2222 and output anything received to a remote connection on 10.1.0.43 port 1234. C: Netcat will listen for a connection from 10.1.0.43 on port 1234 and output anything received to port 2222. D: Netcat will listen on port 2222 and then output anything received to local interface 10.1.0.43.

B: Netcat will listen on port 2222 and output anything received to a remote connection on 10.1.0.43 port 1234.

Which of the following applications is used for Jailbreaking iOS? A: KingoRoot B: Pangu Anzhuang C: One Click Root D: Superboot

B: Pangu Anzhuang

Which of the following attacks can be performed by Spam messages? A: Denial-of-Service Attacks B: Phishing Attacks C: Bluesnarfing Attacks D: Wardriving Attacks

B: Phishing Attacks

Which of the following categories of security controls strengthens the system against incidents by minimizing or eliminating vulnerabilities? A: Deterrent Controls B: Preventive Controls C: Detective Controls D: Corrective Controls

B: Preventive Controls

The Heartbleed bug was discovered in 2014 and is widely referred to under MITRE's Common Vulnerabilities and Exposures (CVE) as CVE-2014-0160. This bug affects the OpenSSL implementation of the transport layer security (TLS) protocols defined in RFC6520. What type of key does this bug leave exposed to the Internet making exploitation of any compromised system very easy? A: Public B: Private C: Shared D: Root

B: Private

A certificate authority (CA) generates a key pair that will be used for encryption and decryption of e-mails. The integrity of the encrypted e-mail is dependent on the security of which of the following? A: Public key B: Private key C: Modulus length D: Email server certificate

B: Private key

Which of the following is a characteristic of public key infrastructure (PKI)? A: Public-key cryptosystems are faster than symmetric-key cryptosystems. B: Public-key cryptosystems distribute public-keys within digital signatures. C: Public-key cryptosystems do not require a secure key distribution channel. D: Public-key cryptosystems do not provide technical nonrepudiation via digital signatures.

B: Public-key cryptosystems distribute public-keys within digital signatures.

Which results will be returned with the following Google search query? site:target.com -site:Marketing.target.com accounting A: Results matching all words in the query B: Results matching "accounting" in domain target.com but not on the site Marketing.target.com C: Results from matches on the site marketing.target.com that are in the domain target.com but do not include the word accounting D: Results for matches on target.com and Marketing.target.com that include the word "accounting"

B: Results matching "accounting" in domain target.com but not on the site Marketing.target.com

Which of the following algorithms provides better protection against brute force attacks by using a 160-bit message digest? A: MD5 B: SHA-1 C: RC4 D: MD4

B: SHA-1

Which protocol enables an attacker to enumerate user accounts and devices on a target system? A: SMTP B: SNMP C: NetBios D: TCP

B: SNMP

Which of the following three service models are the standard cloud service models? A: XaaS, Private, and Public B: SaaS, PaaS, and IaaS C: SaaS, IaaS, and Hybrid D: Private, Public, and Community

B: SaaS, PaaS, and IaaS

Which of the following technique helps protect mobile systems and users by limiting the resources the mobile application can access on the mobile platform? A: Firewall B: Sandbox C: Anti-Malware D: Spam Filter

B: Sandbox

In which of the following attacks does an attacker steal a CSP's or client's credentials by methods such as phishing, pharming, social engineering, and exploitation of software vulnerabilities? A: Wrapping Attack B: Service Hijacking Using Social Engineering Attacks C: DNS Attack D: Side Channel Attack

B: Service Hijacking Using Social Engineering Attacks

The "white box testing" methodology enforces what kind of restriction? A: Only the internal operation of a system is known to the tester. B: The internal operation of a system is completely known to the tester. C: The internal operation of a system is only partly accessible to the tester. D: Only the external operation of a system is accessible to the tester.

B: The internal operation of a system is completely known to the tester.

Which of the following utility uses the ICMP protocol concept and Time to Live ('TTL') field of IP header to find the path of the target host in the network? A: WhoIs B: Traceroute C: DNS Lookup D: TCP/IP

B: Traceroute

In order to have an anonymous Internet surf, which of the following is best choice? A: Use SSL sites when entering personal information B: Use Tor network with multi-node C: Use shared WiFi D: Use public VPN

B: Use Tor network with multi-node

Which of the following database is used to delete the history of the target website? A: TCP/IP and IPSec filters B: archive.org C: WhoIs Lookup database D: Implement VPN

B: archive.org

Which of the following windows utilities allow an attacker to perform NetBIOS enumeration? A: GetRequest B: nbtstat C: SetRequest D: ntpdate

B: nbtstat

You have successfully comprised a server having an IP address of 10.10.0.5. You would like to enumerate all machines in the same network quickly. What is the best nmap command you will use? A: nmap -T4 -q 10.10.0.0/24 B: nmap -T4 -F 10.10.0.0/24 C: nmap -T4 -r 10.10.1.0/24 D: nmap -T4 -O 10.10.0.0/24

B: nmap -T4 -F 10.10.0.0/24

Which command lets a tester enumerate live systems in a class C network via ICMP using native Windows tools? A: ping 192.168.2. B: ping 192.168.2.255 C: for %V in (1 1 255) do PING 192.168.2.%V D: for /L %V in (1 1 254) do PING -n 1 192.168.2.%V | FIND /I "Reply"

B: ping 192.168.2.255

Which Google search query will search for any configuration files a target certifiedhacker.com may have? A: allinurl: certifiedhacker.com ext:xml | ext:conf | ext:cnf | ext:reg | ext:inf | ext:rdp | ext:cfg | ext:txt | ext:ora | ext:ini B: site: certifiedhacker.com filetype:xml | filetype:conf | filetype:cnf | filetype:reg | filetype:inf | filetype:rdp | filetype:cfg | filetype:txt | filetype:ora | filetype:ini C: site: certifiedhacker.com ext:xml || ext:conf || ext:cnf || ext:reg || ext:inf || ext:rdp || ext:cfg || ext:txt || ext:ora || ext:ini D: site: certifiedhacker.com intext:xml | intext:conf | intext:cnf | intext:reg | intext:inf | intext:rdp | intext:cfg | intext:txt | intext:ora | intext:ini

Which Google search query can you use to find mail lists dumped on pastebin.com? A: allinurl: pastebin.com intitle:"mail lists" B: site:pastebin.com intext:*@*.com:* C: cache: pastebin.com intitle:*@*.com:* D: allinurl: pastebin.com intitle:*@*.com:*

B: site:pastebin.com intext:*@*.com:*

As an Ethical Hacker you are capturing traffic from your customer network with Wireshark and you need to find and verify just SMTP traffic. What command in Wireshark will help you to find this kind of traffic? A: request smtp 25 B: tcp.port eq 25 C: smtp port D: tcp.contains port 25

B: tcp.port eq 25

Which of the following is an sh-compatible shell that stores command history in a file? Zsh Tcsh/Csh BASH ksh

BASH

Which of the following is an sh-compatible shell that stores command history in a file? BASH Tcsh/Csh Zsh ksh

BASH: is an sh-compatible shell which stores command history in a file called bash history. You can view the saved command history using more ~/.bash_history command. This feature of BASH is a problem for hackers as the bash_history file could be used by investigators in order to track the origin of an attack and the exact commands used by an intruder in order to compromise a system.

Which of the following is a program that is installed without the user's knowledge and can bypass the standard system authentication or conventional system mechanism like IDS, firewalls, etc. without being detected? Remote Access Trojans Backdoor Trojans Proxy Server Trojans Covert Channel Trojans

Backdoor Trojans

Which of the following is a program that is installed without the user's knowledge and can bypass the standard system authentication or conventional system mechanism like IDS, firewalls, etc. without being detected? Backdoor Trojans Covert Channel Trojans Proxy Server Trojans Remote Access Trojans

Backdoor Trojans

Which term is used to refer service announcements provided by services in response to connection requests and often carry vendor's version of information? Port Banner Network discovery phase Scanning phase

Banner

A security engineer at a medium-sized accounting firm has been tasked with discovering how much information can be obtained from the firm's public facing webservers. The engineer decides to start by using netcat to port 80. The engineer receives this output: HTTP/1.1 200 OK Server: Microsoft-IIS/6 Expires: Tue, 17 Jan 2017 01:41:33 GMT Date: Mon, 16 Jan 2017 01:41:33 GMT Content-Type: text/html Accept-Ranges: bytes Last-Modified: Wed, 28 Dec 2010 15:32:21 GMT ETag: "b0aac0542e25c31:89d" Content-Length: 7369 Which of the following is an example of what the engineer performed? Cross-site scripting Banner grabbing SQL injection Whois database query

Banner grabbing

BitCrypter

A hacker wants to encrypt and compress 32-bit executables and .NET apps without affecting their direct functionality. Which of the following cryptor tools should be used by the hacker? Java crypter BitCrypter Cypherx Hidden sight crypter

BitCrypter

A penetration tester is hired to do a risk assessment of a company's DMZ. The rules of engagement state that the penetration test has to be done from an external IP address with no prior knowledge of the internal IT systems. What kind of test is being performed? Red box. Black box. White box. Grey box.

Black box.

Which of the following terms is used to refer the technique that uses aggressive SEO tactics such as keyword stuffing, doorway pages, page swapping, and adding unrelated keywords to get higher search engine ranking for their malware pages? Drive-by Downloads Blackhat Search Engine Optimization (SEO) Malvertising Spear Phishing

Blackhat Search Engine Optimization (SEO)

Which of the following terms is used to refer the technique that uses aggressive SEO tactics such as keyword stuffing, doorway pages, page swapping, and adding unrelated keywords to get higher search engine ranking for their malware pages? Malvertising Blackhat Search Engine Optimization (SEO) Drive-by Downloads Spear Phishing

Blackhat Search Engine Optimization (SEO)

Out of the following, which network-level session hijacking technique can be used to inject malicious data or commands into the intercepted communications in a TCP session? UDP Hijacking RST Hijacking Blind Hijacking TCP/IP Hijacking

Blind Hijacking

Which of the following attacks is time-intensive because the database should generate a new statement for each newly recovered bit? Blind SQL Injection UNION SQL Injection Error Based SQL Injection In-band SQL Injection

Blind SQL Injection

Steve works as a penetration tester in a firm named InfoSecurity. Recently, Steve was given an assignment to test the security of the company's web applications and backend database. While conducting the test, he sends a malicious SQL query with conditional timing delays to the backend database through the web application. This conditional time delay forces the database to wait for a specified amount of time before responding. He performs the same task using different malicious SQL queries. By observing various query responses from the database, Steve came to know that the web application is vulnerable to an SQL injection attack. What type of SQL injection attack is Steve most likely performing? Blind SQL injection Error-based SQL injection Union-based SQL injection Out-of-band SQL Injection

Blind SQL injection

Blind SQL injection is identical to a normal SQL Injection except that when an attacker attempts to exploit an application rather than seeing a useful error message, a generic custom page is displayed. In blind SQL injection, an attacker poses a true or false question to the database to see if the application is vulnerable to SQL injection.

Ivan works as security consultant at "Ask Us Intl." One of his clients is under a large-scale protocol-based DDoS attack, and they have to decide how to deal with this issue. They have some DDoS appliances that are currently not configured. They also have a good communication channel with providers, and some of the providers have fast network connections. In an ideal scenario, what would be the best option to deal with this attack. Bear in mind that this is a protocol-based DDoS attack with at least 10 000 bots sending the traffic from the entire globe! Block the traffic at the provider level Absorb the attack Block the attack at the client site Filter the traffic at the company Internet facing routers

Block all traffic at the provider level

Javier works as a security analyst for a small company. He has heard about a new threat; a new malware that the antivirus does not detect yet. Javier has the hash for the new virus. What can Javier do to proactively protect his company? Block with the antivirus anything that presents the same hash of the malware Wait for the antivirus company to release a new version Generate his own new version of the antivirus with the malware hash Send the hash information to the antivirus company

Block with the antivirus anything that presents the same hash of the malware

Javier works as a security analyst for a small company. He has heard about a new threat; a new malware that the antivirus does not detect yet. Javier has the hash for the new virus. What can Javier do to proactively protect his company? Send the hash information to the antivirus company Wait for the antivirus company to release a new version Generate his own new version of the antivirus with the malware hash Block with the antivirus anything that presents the same hash of the malware

Block with the antivirus anything that presents the same hash of the malware

Name an attack where the attacker connects to nearby devices and exploits the vulnerabilities of the Bluetooth protocol to compromise the device? Rolling code attack Jamming attack DDoS attack BlueBorne attack

BlueBorne attack

Bluebugging

What is Blue bugging?

Bluebugging is an attack in which an attacker gains remote access to a target Bluetooth-enabled device without the victim being aware of it. In this attack, an attacker sniffs sensitive information and might perform malicious activities such as intercepting phone calls and messages, forwarding calls and text messages, etc.

How can a policy help improve an employee's security awareness? By using informal networks of communication, establishing secret passing procedures, and immediately terminating employees By implementing written security procedures, enabling employee security training, and promoting the benefits of security By decreasing an employee's vacation time, addressing ad hoc employment clauses, and ensuring that managers know employee strengths By sharing security secrets with employees, enabling employees to share secrets, and establishing a consultative helpline

By implementing written security procedures, enabling employee security training, and promoting the benefits of security

How does an attacker perform a "social engineered clickjacking" attack? By mimicking legitimate institutions, such as banks, in an attempt to steal passwords and credit card By injecting malware into legitimate-looking websites to trick users by clicking them By attaching a malicious file to an e-mail and sending the e-mail to a multiple target address By exploiting flaws in browser software to install malware merely by visiting a website

By injecting malware into legitimate-looking websites to trick users by clicking them

How does an attacker perform a "social engineered clickjacking" attack? By attaching a malicious file to an e-mail and sending the e-mail to a multiple target address By exploiting flaws in browser software to install malware merely by visiting a website By injecting malware into legitimate-looking websites to trick users by clicking them By mimicking legitimate institutions, such as banks, in an attempt to steal passwords and credit card

By injecting malware into legitimate-looking websites to trick users by clicking them

In what way do the attackers identify the presence of layer 7 tar pits? By looking at the latency of the response from the service By analyzing the TCP window size By looking at the responses with unique MAC address 0:0:f:ff:ff:ff By looking at the IEEE standards for the current range of MAC addresses

By looking at the latency of the response from the service

An attacker sends an e-mail containing a malicious Microsoft office document to target WWW/FTP servers and embed Trojan horse files as software installation files, mobile phone software, and so on to lure a user to access them. Identify by which method the attacker is trying to bypass the firewall. Bypassing firewall through external systems Bypassing firewall through MITM attack Bypassing firewall through content Bypassing WAF using XSS attack

Bypassing firewall through content

The components such as NIDS/NIPS, firewalls, DPI, Anti-DDoS, QoS, DNSSEC, and OAuth are included in which of the following cloud security control layers? A: Applications Layer B: Management Layer C: Network Layer D: Computer and Storage

C: Network Layer

Which of the following commands will you run in Linux to check for the presence of rootkits? A. $ sudo runvirus B. $ sudo avcheck C. $ sudo chrootkit D. $ sudo rootvirus

C. $ sudochrootkit

ARP poisoning is achieved in _____ steps A. 1 B. 3 C. 2 D. 4

C. 2 The hacker begins by sending a malicious ARP reply (for which there was no previous request) to your router, associating his computer's MAC address with your IP address. Now, your router thinks the hacker's computer is your computer. Next, the hacker sends a malicious ARP reply to your computer, associating his MAC address with the router's IP address. Now, your machine thinks the hacker's computer is your router. The hacker has now used ARP poisoning to accomplish a MITM attack.

7 Todd has been asked by the security officer to purchase a counter-based authentication system. Which of the following that best describes this type of system? A. An authentication system that uses passphrases that are converted into virtual passwords B. A biometric system that bases authentication decisions on behavioral attributes C. An authentication system that creates one-time passwords that are encrypted with secret keys D. A biometric system that bases authentication decisions on physical attributes

C. An authentication system that creates one-time passwords that are encrypted with secret keys

What is Cygwin? A. Cygwin isa X Windows GUI subsytem that runs on top of Linux GNOME environment B. Cygwin is a free C++ compiler that runs on Windows C. Cygwin is a freeUnix subsystem that runs on top of Windows D. Cygwin is a free Windows subsystem that runs on top of Linux

C. Cygwin is a free Unix subsystem that runs on top of windows. Cygwin is a Linux-like environment for Windows. It consists of two parts: A DLL (cygwin1.dll) which acts as a Linux API emulation layer providing substantial Linux API functionality, and a collection of tools which provide Linux look and feel.

After successfully executing a buffer overflow attack on a windows machine, which of the following actions is NOT allowed in the security context of the LOCAL_SYSTEM account? a. Spawning a shell b. Changing the time zone c. Installing a driver d. Debugging an application

C. Installing a driver

16 What attack is used to crack passwords by using a precomputed table of hashed passwords? A. Hybrid Attack B. Dictionary Attack C. Rainbow Table Attack D. Brute Force Attack

C. Rainbow Table Attack

10 A hacker has managed to gain access to a Linux host and stolen the password file from /etc/passwd. How can he use it? A. The file reveals the passwords to the root user only. B. He cannot read it because it is encrypted. C. The password file does not contain the passwords themselves. D. He can open it and read the user IDs and corresponding passwords.

C. The password file does not contain the passwords themselves.

Which of the following would be the best example of a deterrent control? a. A log aggregation system b. Hidden cameras onsite c. A guard posted outside the door d. Backup recovery systems

C. a guard posted outside the door

Diffie-Hellman (DH) groups determine the strength of the key used in the key exchange process. Which of the following is the correct bit size of the Diffie-Hellman (DH) group 5? A: 768 bit key B: 1025 bit key C: 1536 bit key D: 2048 bit key

C: 1536 bit key

Which of the following mobile Bluetooth attacks enables an attacker to gain remote access to the victims mobile and use its features without the victim's knowledge or consent? A: Bluesnarfing B: Bluesmacking C: Bluebugging D: BlueSniff

C: Bluebugging

You are working as a Security Analyst in a company XYZ that owns the whole subnet range of 23.0.0.0/8 and 192.168.0.0/8. While monitoring the data, you find a high number of outbound connections. You see that IP's owned by XYZ (Internal) and private IP's are communicating to a Single Public IP. Therefore, the Internal IP's are sending data to the Public IP. After further analysis, you find out that this Public IP is a blacklisted IP, and the internal communicating devices are compromised. What kind of attack does the above scenario depict? A: Spear Phishing Attack B: Advanced Persistent Threats C: Botnet Attack D: Rootkit Attack

C: Botnet Attack

Which of the following is not an OWASP Top 10-2016 Mobile Risks? A: Insecure Communication B: Reverse Engineering C: Buffer Overflow D: Insecure Cryptography

C: Buffer Overflow

Advanced encryption standard is an algorithm used for which of the following? A: Data integrity B: Discovery C: Bulk data encryption D: Recovery

C: Bulk data encryption

Which of the following NIST cloud reference architecture factors manages cloud services in terms of use, performance, and delivery, and who also maintains a relationship between cloud providers and consumers? A: Cloud Consumer B: Cloud Provider C: Cloud Broker D: Cloud Carrier

C: Cloud Broker

Out of the following, which is not a type of side-channel attack? A: Timing Attack B: Data Remanence C: Cybersquatting D: Acoustic Cryptanalysis

C: Cybersquatting

When Jason installed a malicious application on his mobile, the application modified the content in other applications on Jason's mobile phone. What process did the malicious application perform? A: Data Exfiltration B: Data Mining C: Data Tampering D: Data Loss

C: Data Tampering

In the OSI model, where does PPTP encryption take place? A: Transport layer B: Application layer C: Data link layer D: Network layer

C: Data link layer

Detective security controls detect and react appropriately to the incidents that happen on the cloud system. Which of the following is an example of detective security controls? A: Implementing a strong authentication mechanism B: Restoring system backups C: Employing IDSs and IPSs D: Identifying warning sign on the fence

C: Employing IDSs and IPSs

Which of the following enumeration techniques is used by a network administrator to replicate domain name system (DNS) data across many DNS servers, or to backup DNS files? A: Extract user names using email IDs B: Extract information using default passwords C: Extract information using DNS Zone Transfer D: Brute force Active Directory

C: Extract information using DNS Zone Transfer

Which of the following iOS applications allow you to find, lock, or erase a lost or stolen device? A: X-ray B: Find my device C: Find my Iphone D: Faceniff

C: Find my Iphone

Which of the following techniques is used to create complex search engine queries? A: Yahoo Search B: Bing Search C: Google hacking D: DuckDuckGo

C: Google hacking

The components such as DLP, CMF, database activity monitoring, and encryption are included in which of the following cloud security control layers? A: Applications Layer B: Management Layer C: Information Layer D: Computer and Storage

C: Information Layer

In which of the following cloud computing threats does an attacker try to control operations of other cloud customers to gain illegal access to the data? A: Privilege Escalation B: Illegal Access to the cloud C: Isolation Failure D: Supply Chain Failure

C: Isolation Failure

What information is gathered about the victim using email tracking tools? A: Username of the clients, operating systems, email addresses, and list of software B: Information on an organization's web pages since their creation. C: Recipient's IP address, Geolocation, Proxy detection, Operating system and Browser information. D: Targeted contact data, extracts the URL and meta tag for website promotion.

C: Recipient's IP address, Geolocation, Proxy detection, Operating system and Browser information.

In which phase of the ethical hacking process can Google hacking be employed? This is a technique that involves manipulating a search string with specific operators to search for vulnerabilities. Example: allintitle: root passwd A: Maintaining Access B: Gaining Access C: Reconnaissance D: Scanning and Enumeration

C: Reconnaissance

Which element of public key infrastructure (PKI) verifies the applicant? A: Certificate authority B: Validation authority C: Registration authority D: Verification authority

C: Registration authority

In which of the following attacks, can an attacker obtain ciphertexts encrypted under two different keys and gather plaintext and matching ciphertext? A: Ciphertext-only attack B: Adaptive chosen-plaintext attack C: Related-key attack D: Chosen-plaintext attack

C: Related-key attack

A network security administrator is worried about potential man-in-the-middle attacks when users access a corporate website from their workstations. Which of the following is the best remediation against this type of attack? A: Implementing server-side PKI certificates for all connections B: Mandating only client-side PKI certificates for all connections C: Requiring client and server PKI certificates for all connections D: Requiring strong authentication for all DNS queries

C: Requiring client and server PKI certificates for all connections

Which of the following processes allows Android users to attain privileged control within Android's subsystem? A: Jailbreaking B: Wardriving C: Rooting D: Warchalking

C: Rooting

Which of the following cryptography attack methods is usually performed without the use of a computer? A: Ciphertext-only attack B: Chosen key attack C: Rubber hose attack D: Rainbow table attack

C: Rubber hose attack

As an Ethical Hacker, you were contracted by a private firm to conduct an external security assessment. What document describes the specifics of the testing, violations, and essentially protects both the organization and the tester? A: Service Level Agreement B: Project Scope C: Rules of Engagement D: Non-Disclosure Agreement

C: Rules of Engagement

C: SaaS

At a Windows server command prompt, which command could be used to list the running services? A: Sc query type= running B: Sc query \\servername C: Sc query D: Sc config

C: Sc query

Out of the following types of virtualizations, which type of virtualization is used in increasing space utilization and reducing the hardware maintenance cost? A: Storage Virtualization B: Network Virtualization C: Server Virtualization D: Resource Virtualization

C: Server Virtualization

Out of the following types of virtualizations, which type of virtualization us used in increasing space utilization and reducing the hardware maintenance cost? A: Storage Virtualization B: Network Virtualization C: Server Virtualization D: Resource Virtualization

C: Server Virtualization

Which of the following is a network threat? A: Privilege escalation B: Arbitrary code execution C: Session hijacking D: SQL injection

C: Session hijacking

A hacker is attempting to use nslookup to query Domain Name Service (DNS). The hacker uses the nslookup interactive mode for the search. Which command should the hacker type into the command shell to request the appropriate records? A: Locate type=ns B: Request type=ns C: Set type=ns D: Transfer type=ns

C: Set type=ns

Which of the following is not a feature of Mobile Device Management Software? A: Enforce policies and track inventory B: Remotely wipe data in the lost or stolen device C: Sharing confidential data among devices and networks D: Perform real-time monitoring and reporting

C: Sharing confidential data among devices and networks

An attacker runs a virtual machine on the same physical host as the victim's virtual machine and takes advantage of shared physical resources (processor cache) to steal data (cryptographic key) from the victim. Which of the following attacks he is performing? A: XSS Attack B: MITC Attack C: Side Channel Attack D: Cryptanalysis Attack

C: Side Channel Attack

Which of the following contains a public key and the identity of the owner and the corresponding private key is kept secret by the certification authorities? A: Validation authority (VA) B: Self-signed certificate C: Signed certificates D: Registration authority (RA)

C: Signed certificates

Information gathered from social networking websites such as Facebook, Twitter, and LinkedIn can be used to launch which of the following types of attacks? A: Smurf attack B: SQL injection attack C: Social engineering attack D: DDoS attack

C: Social engineering attack

Which of the following defines the role of a root certificate authority (CA) in a public key infrastructure (PKI)? A: The root CA is the recovery agent used to encrypt data when a user's certificate is lost. B: The root CA stores the user's hash value for safekeeping. C: The CA is the trusted root that issues certificates. D: The root CA is used to encrypt e-mail messages to prevent unintended disclosure of data.

C: The CA is the trusted root that issues certificates.

Which of the following command is used by the attackers to query the ntpd daemon about its current state? A: ntpdate B: ntptrace C: ntpdc D: ntpq

C: ntpdc

What is the command used by an attacker to establish a null session with the target machine? C :\>auditpol \\<ip address of target> /disable C:\>auditpol \\<ip address of target> auditpol /get /category:* C:\clearlogs.exe -app

C:\>auditpol \\<ip address of target>

C:\>auditpol \\<ip address of target> Auditpol.exe is the command-line utility tool to change Audit Security settings at the category and sub-category levels. Attackers can use AuditPol to enable or disable security auditing on local or remote systems and to adjust the audit criteria for different categories of security events.

C:\>auditpol \\<ip address of target> This will reveal the current audit status of the system. He or she can choose to disable the auditing by: C :\>auditpol \\<ip address of target> /disable

Fill in the blank: ______ function is an IDS evasion technique that can be used to inject SQL statements into MySQL database without using double quotes. CHAR() CONV() ASCIISTR() CHR()

CHAR()

Which of the following is a primary service of the U.S. CSIRT? CSIRT provides penetration testing service to support exception reporting on incidents worldwide by individuals and multinational corporations. CSIRT provides computer security surveillance service to supply a government with important intelligence information on individuals traveling abroad. CSIRT provides vulnerability assessment service to assist law enforcement agencies with profiling an individual's property or a company's asset. CSIRT provides an incident response service to enable a reliable and trusted single point of contact for reporting computer security incidents worldwide.

CSIRT provides an incident response service to enable a reliable and trusted single point of contact for reporting computer security incidents worldwide.

Cristine is the CEO of a global corporation that has several branch offices around the world. The company employs over 300 workers, half of whom use computers. Recently, the company suffered from a ransomware attack that disrupted many services, and many people have written to Cristine with questions about why it happened. She asks Edwin, the systems administrator, about servers that have encrypted information. Edwin explains to Cristine that the servers have a screen asking about bitcoins to pay to decrypt the information, but he does not know why. What team does the company lack? unencrypt team. CSIRT. Administrators team. Vulnerability Management team.

CSIRT.

Which among the following is not a metric for measuring vulnerabilities in common vulnerability scoring system (CVSS)? Base Metrics Active Metrics Temporal Metrics Environmental Metrics

CVSS assessment consists of three metrics for measuring vulnerabilities: ? Base metrics: It represents the inherent qualities of a vulnerability. ? Temporal metrics: It represents the features that keep on changing during the lifetime of a vulnerability. ? Environmental metrics: It represents the vulnerabilities that are based on a particular environment or implementation.

A hacker is sniffing the network traffic and trying to crack the encrypted passwords using Dictionary, Brute-Force, and Cryptanalysis attacks. Which of the following tool helps the hacker to recover the passwords? Hoovers Nessus Cain and Abel Metagoofil

Cain and Abel

Pentest results indicate that voice over IP traffic is traversing a network. Which of the following tools will decode a packet capture and extract the voice conversations? Cain and Abel John the Ripper Nikto Hping

Cain and Abel

Pentest results indicate that voice over IP traffic is traversing a network. Which of the following tools will decode a packet capture and extract the voice conversations? Hping Cain and Abel Nikto John the Ripper

Cain and Abel

Which of the following steps in enumeration penetration testing serves as an input to many of the ping sweep and port scanning tools for further enumeration? Perform competitive intelligence Perform ARP poisoning Calculate the subnet mask Perform email footprinting

Calculate the subnet mask

Which of the following steps in enumeration penetration testing serves as an input to many of the ping sweep and port scanning tools for further enumeration? Calculate the subnet mask Perform competitive intelligence Perform email footprinting Perform ARP poisoning

Calculate the subnet mask

A corporation hired an ethical hacker to test if it is possible to obtain users' login credentials using methods other than social engineering. The ethical hacker is working on Windows system and trying to obtain login credentials. He decided to sniff and capture network traffic using an automated tool and use the same tool to crack the passwords of users. Which of the following techniques can be employed by the ethical hacker? Capture every users' traffic with Ettercap. Capture LANMAN Hashes and crack them with L0phtCrack. Guess passwords using Medusa or Hydra against a network service. Capture administrators' RDP traffic and decode it with Cain and Abel.

Capture administrators' RDP traffic and decode it with Cain and Abel.

Which element in a vulnerability scanning report allows the system administrator to obtain additional information about the scanning such as the origin of the scan? Target information Classification Services Scan information

Classification

A corporation hired an ethical hacker to test if it is possible to obtain users' login credentials using methods other than social engineering. The ethical hacker is working on Windows system and trying to obtain login credentials. He decided to sniff and capture network traffic using an automated tool and use the same tool to crack the passwords of users. Which of the following techniques can be employed by the ethical hacker? Capture LANMAN Hashes and crack them with L0phtCrack. Capture every users' traffic with Ettercap. Guess passwords using Medusa or Hydra against a network service. Capture administrators' RDP traffic and decode it with Cain and Abel.

Capture administrators' RDP traffic and decode it with Cain and Abel.

An organization hires a tester to do a wireless penetration test. Previous reports indicate that the last test did not contain management or control packets in the submitted traces. Which of the following is the most likely reason for lack of management or control packets? -The wireless card was not turned on. -The wrong network card drivers were in use by Wireshark. -On Linux and Mac OS X, only 802.11 headers are received in promiscuous mode. -Certain operating systems and adapters do not collect the management or control packets.

Certain operating systems and adapters do not collect the management or control packets.

Which of the PKI components is responsible for issuing and verifying digital certificate? Validation authority (VA) Certificate authority (CA) Registration authority (RA) End user

Certificate authority (CA)

Which of the following processes of PKI (public key infrastructure) ensures that a trust relationship exists and that a certificate is still valid for specific operations? Certificate issuance Certificate validation Certificate cryptography Certificate revocation

Certificate validation

Which of the following ensures that updates to policies, procedures, and configurations are made in a controlled and documented manner? Peer review Regulatory compliance Penetration testing Change management

Change management

During the penetration testing of the MyBank public website, Marin discovered a credit/interest calculator running on server side, which calculates a credit return plan. The application accepts the following parameters: amount=100000&duration=10&scale=month Assuming that parameter amount is the amount of credit, the user is calculating the interest and credit return plan (in this case for 100,000 USD), parameter duration is the timeframe the credit will be paid off, and scale defines how often the credit rate will be paid (year, month, day, ...). How can Marin proceed with testing weather this web application is vulnerable to DoS? Change the parameter duration to a large number and change scale value to "day" and resend the packet few times to observe the delay. Change the parameter duration to a small number and leave scale value on "month" and resend the packet few times to observe the delay. Leave the parameter duration as is and change the scale value to "year" and resend the packet few times to observe the delay. Change the parameter duration to a small number and change scale value to "day" and resend the packet few times to observe the delay.

Change the parameter duration to a large number and change scale value to "day" and resend the packet few times to observe the delay.

An attacker sniffs encrypted traffic from the network and is subsequently able to decrypt it. Which cryptanalytic technique can the attacker use now in his attempt to discover the encryption key? Birthday attack Known plaintext attack Meet in the middle attack Chosen ciphertext attack

Chosen ciphertext attack

An attacker has captured a target file that is encrypted with public key cryptography. Which of the attacks below is likely to be used to crack the target file? Timing attack Replay attack Memory trade-off attack Chosen plain-text attack

Chosen plain-text attack

An attacker has captured a target file that is encrypted with public key cryptography. Which of the attacks below is likely to be used to crack the target file? -Timing attack -Replay attack -Memory trade-off attack -Chosen plain-text attack

Chosen plain-text attack

An attacker breaks an n bit key cipher into 2 n/2 number of operations in order to recover the key. Which cryptography attack is he performing? Known-plaintext attack Rubber hose attack Chosen-key attack Timing attack

Chosen-key attack

Chosen-key attack: The attacker obtains the plaintexts corresponding to an arbitrary set of ciphertexts of his own choice. Using this information, the attacker tries to recover the key used to encrypt the plaintext.

While conducting a penetration test, the tester determines that there is a firewall between the tester's machine and the target machine. The firewall is only monitoring TCP handshaking of packets at the session layer of the OSI model. Which type of firewall is the tester trying to traverse? Packet filtering firewall Application-level firewall Circuit-level gateway firewall Stateful multilayer inspection firewall

Circuit-level gateway firewall

filetype: "cisco" "GroupPwd"

Cisco VPN with Group Passwords for remote access

Which of the following tools is an antivirus program that is used to detect viruses? ClamWin WannaCry ZeuS DriverView

ClamWin

Which of the following tools is an antivirus program that is used to detect viruses? DriverView ClamWin WannaCry ZeuS

ClamWin

ClamWin is a free and open-source antivirus tool for Windows.

Classification

Highlander, is a medical insurance company with several regional company offices in North America. Employees, when in the office, utilize desktop computers that have Windows 10, Microsoft Office, anti-malware/virus software, and an insurance application developed by a contractor. All the software updates and patches are managed by the IT department of Highlander, Incorporated. Group policies are used to lock down the desktop computers, including the use of Applocker to restrict the installation of any third-party applications. There are one hundred employees who work from their home offices. Employees who work from home use their own computers, laptops, and personal smartphones. They authenticate to a cloud-based domain service, which is synchronized with the corporate internal domain service. The computers are updated and patched through the cloud-based domain service. Applocker is not used to restrict the installation of third-party applications. The database that hosts the information collected from the insurance application is hosted on a cloud-based file server, and their email server is hosted on Office 365. Other files created by employees get saved to a cloud-based file server, and the company uses work folders to synchronize offline copies back to their devices. Based on the knowledge of the network topology and trends in network security, what would be the primary target of a hacker trying to compromise Highlander? Cloud Based File Server Company Desktops Personal Laptops Personal Smartphones

Cloud Based File Server

Highlander, is a medical insurance company with several regional company offices in North America. Employees, when in the office, utilize desktop computers that have Windows 10, Microsoft Office, anti-malware/virus software, and an insurance application developed by a contractor. All the software updates and patches are managed by the IT department of Highlander, Incorporated. Group policies are used to lock down the desktop computers, including the use of Applocker to restrict the installation of any third-party applications.There are one hundred employees who work from their home offices. Employees who work from home use their own computers, laptops, and personal smartphones. They authenticate to a cloud-based domain service, which is synchronized with the corporate internal domain service. The computers are updated and patched through the cloud-based domain service. Applocker is not used to restrict the installation of third-party applications. The database that hosts the information collected from the insurance application is hosted on a cloud-based file server, and their email server is hosted on Office 365. Other files created by employees get saved to a cloud-based file server, and the company uses work folders to synchronize offline copies back to their devices. Based on the knowledge of the network topology and trends in network security, what would be the primary target of a hacker trying to compromise Highlander? Personal Smartphones Cloud Based File Server Personal Laptops Company Desktops

Cloud Based File Server

Which of the following NIST cloud reference architecture factors manages cloud services in terms of use, performance, and delivery, and who also maintains a relationship between cloud providers and consumers? Cloud Consumer Cloud Provider Cloud Broker Cloud Carrier

Cloud Broker

Cloud Broker: The cloud broker is an entity that manages cloud services regarding use, performance, and delivery, and maintains the relationship between CSPs and cloud consumers.

You are a security engineer for XYZ Inc. Your company is based on a private cloud infrastructure and discovers a potential breach through a vulnerability that was not properly patched. XYZ Inc. wants to perform a root cause analysis and discover if any data was exfiltrated and if so, what type of information did it contain? How would XYZ Inc. find out this information? Cloud Forensics Data Analysis Vulnerability Scanning Penetration Testing

Cloud Forensics

Encrypted communications, strong authentication credentials, secure web interface, encrypted storage, and automatic updates are the security considerations for which of the following components? Mobile Cloud Platform Edge Gateway

Cloud Platform

Which of the following IoT technology components collects data that undergoes data analysis, from the gateway? Sensing technology IoT gateway Cloud server/data storage Remote control using mobile app

Cloud Server/Data Storage: The collected data after travelling through the gateway arrives at the cloud, where it is stored and undergoes data analysis. The processed data is then transmitted to the user where he/she takes certain action based on the information received by him/her.

Which of the following IoT technology components collects data that undergoes data analysis, from the gateway? Sensing technology IoT gateway Cloud server/data storage Remote control using mobile app

Cloud server/data storage

A host or router can send which of the following error message to indicate that the protocol defined in the IP header cannot be proccessed?

Code 2: Protocol unreachable

Of which of the following ICMP replies are there two versions, which are: the standard version that simply states the packet had the don't fragment bit set when it reached a router that needed to fragment it, and the PMTU version that includes information about the restricting link?

Code 4

Which of the following is the most effective technique in identifying vulnerabilities or flaws in the web page code? Traffic Analysis Packet Analysis Code Analysis Data Analysis

Code Analysis

Which of the following tools can be used to perform RST hijacking on a network? FOCA Nmap Colasoft's Packet Builder Recon-ng

Colasoft's Packet Builder

Which property ensures that a hash function will not produce the same hashed value for two different messages? Collision resistance Bit length Key strength Entropy

Collision resistance

Which of the following involves injection of malicious code through a web application? SQL Injection Command Injection LDAP Injection Shell Injection

Command Injection

Highlander, Incorporated, is a medical insurance company with several regional company offices in North America. Employees, when in the office, utilize desktop computers that have Windows 10, Microsoft Office, anti-malware/virus software, and an insurance application developed by a contractor. All the software updates and patches are managed by the IT department of Highlander, Incorporated. Group policies are used to lock down the desktop computers, including the use of Applocker to restrict the installation of any third-party applications. There are one hundred employees who work from their home offices. Employees who work from home use their own computers, laptops, and personal smartphones. They authenticate to a cloud-based domain service, which is synchronized with the corporate internal domain service. The computers are updated and patched through the cloud-based domain service. Applocker is not used to restrict the installation of third-party applications. The laptops utilize direct access to automatically connect their machines to the Highlander, Incorporated, network when they are not in the regional offices. The laptops are set up to use IPsec when communicating with the cloud-based file server. The protocol that they have chosen is Authentication Header (AH). The database that hosts the information collected from the insurance application is hosted on a cloud-based file server, and their email server is hosted on Office 365. Other files created by employees get saved to a cloud-based file server, and the company uses work folders to synchronize offline copies back to their devices. Based on the knowledge of the network topology, which of the main elements of information security has Highlander, Incorporated, NOT addressed in its plans for its laptops? Confidentiality Integrity Availability Authenticity

Confidentiality

Highlander, Incorporated, is a medical insurance company with several regional company offices in North America. Employees, when in the office, utilize desktop computers that have Windows 10, Microsoft Office, anti-malware/virus software, and an insurance application developed by a contractor. All the software updates and patches are managed by the IT department of Highlander, Incorporated. Group policies are used to lock down the desktop computers, including the use of Applocker to restrict the installation of any third-party applications. There are one hundred employees who work from their home offices. Employees who work from home use their own computers, laptops, and personal smartphones. They authenticate to a cloud-based domain service, which is synchronized with the corporate internal domain service. The computers are updated and patched through the cloud-based domain service. Applocker is not used to restrict the installation of third-party applications. The laptops utilize direct access to automatically connect their machines to the Highlander, Incorporated, network when they are not in the regional offices. The laptops are set up to use IPsec when communicating with the cloud-based file server. The protocol that they have chosen is Authentication Header (AH). The database that hosts the information collected from the insurance application is hosted on a cloud-based file server, and their email server is hosted on Office 365. Other files created by employees get saved to a cloud-based file server, and the company uses work folders to synchronize offline copies back to their devices. Based on the knowledge of the network topology, which of the main elements of information security has Highlander, Incorporated, NOT addressed in its plans for its laptops? Confidentiality Availability Integrity Authenticity

Confidentiality

Which fundamental element of information security refers to an assurance that the information is accessible only to those authorized to have access? Authenticity Confidentiality Integrity Availability

Confidentiality

Which fundamental element of information security refers to an assurance that the information is accessible only to those authorized to have access? Confidentiality Integrity Availability Authenticity

Confidentiality

Which of the following countermeasure helps organizations to prevent information disclosure through banner grabbing? Configure IIS Configure web servers TCP/IP and IPSec Implement VPN

Configure IIS

Which of the following countermeasure helps organizations to prevent information disclosure through banner grabbing? Configure IIS Configure web servers TCP/IP and IPSec Implement VPN

Configure IIS

Which of the following is not a defensive measure for web server attacks? Limit inbound traffic to port 80 for HTTP and port 443 for HTTPS (SSL) Encrypt or restrict intranet traffic Ensure that protected resources are mapped to HttpForbiddenHandler and unused HttpModules are removed Configure IIS to accept URLs with "../"

Configure IIS to accept URLs with "../"

You are performing a port scan with Nmap. You are in hurry and conducting the scans at the fastest possible speed. However, you don't want to sacrifice reliability for speed. If stealth is not an issue, what type of scan should you run to get very reliable results? Fragmented packet scan Connect scan XMAS scan Stealth scan

Connect scan

You are performing a port scan with Nmap. You are in hurry and conducting the scans at the fastest possible speed. However, you don't want to sacrifice reliability for speed. If stealth is not an issue, what type of scan should you run to get very reliable results? Stealth scan XMAS scan Fragmented packet scan Connect scan

Connect scan

Which of the following can pose a risk to mobile platform security? Install applications from trusted application stores Securely wipe or delete the data when disposing of the device Disable wireless access such as Wi-Fi and Bluetooth, if not in use Connecting two separate networks such as Wi-Fi and Bluetooth simultaneously

Connecting two separate networks such as Wi-Fi and Bluetooth simultaneously

In which of the following layers of wireless security does per frame/packet authentication provide protection against MITM attacks? Device Security Data Protection Connection Security Wireless Signal Security

Connection Security: Per frame/packet authentication provides protection against MITM attacks. It does not allow the attacker to sniff data when two genuine users are communicating with each other, thereby securing the connection.

When an alert rule is matched in a network-based IDS like snort, the IDS does which of the following. Drops the packet and moves on to the next one Continues to evaluate the packet until all rules are checked Stops checking rules, sends an alert, and lets the packet continue Blocks the connection with the source IP address in the packet

Continues to evaluate the packet until all rules are checked

Which of the following categories of security controls minimizes the consequences of an incident by limiting the damage? Deterrent Controls Preventive Controls Detective Controls Corrective Controls

Corrective Controls

Which of the following categories of security controls minimizes the consequences of an incident by limiting the damage? Deterrent Controls Preventive Controls Detective Controls Corrective Controls

Corrective controls: These controls minimize the consequences of an incident, probably by limiting the damage. Example: Restoring system backups.

Which of the following attacks are not performed by an attacker who exploits SQL injection vulnerabilities? Authentication Bypass Remote Code Execution Covering Tracks Information Disclosure

Covering Tracks

Which of the following channels is used by an attacker to hide data in an undetectable protocol? Covert Encrypted Classified Overt

Covert

Create a route statement in the meterpreter.

What is the correct order for vulnerability management life cycle? Monitor → risk assessment → remediation → verification → creating baseline → vulnerability assessment a. Creating baseline → vulnerability assessment → risk assessment → remediation → verification → monitor b. Verification → vulnerability assessment → monitor → remediation → creating baseline → risk assessment c. Verification → risk assessment → monitor → remediation → creating baseline → vulnerability assessment

Creating baseline → vulnerability assessment → risk assessment → remediation → verification → monitor

Company A and Company B have just merged and each has its own public key infrastructure (PKI). What must the certificate authorities (CAs) establish so that the private PKIs for Company A and Company B trust one another and each private PKI can validate digital certificates from the other company? Poly key exchange Cross certification Poly key reference Cross-site exchange

Cross certification

Company A and Company B have just merged and each has its own public key infrastructure (PKI). What must the certificate authorities (CAs) establish so that the private PKIs for Company A and Company B trust one another and each private PKI can validate digital certificates from the other company? Poly key exchange Cross certification Cross-site exchange

Cross certification enables entities in one PKI to trust entities in another PKI.

Marin is performing penetration testing on the target organization. He discovered some vulnerabilities in the organization's website. He decided to insert malicious JavaScript code into a vulnerable dynamic web page to collect information such as credentials, cookies, etc. Identify the attack performed by Marin? Cross-site Scripting Attack Cross-site Request Forgery Attack Session Replay Attack Man-in-the-Browser Attack

Cross-site Scripting Attack

Which of the following attacks exploits vulnerabilities in dynamically generated webpages, which enables malicious attackers to inject client-side scripts into webpages viewed by other users? Cross-site scripting Security misconfiguration Sensitive data exposure Broken access control

Cross-site scripting

Which algorithm does the "sequential change-point detection" technique use to identify and locate the DoS attacks? Cumulative Sum Obfuscation BlackShades Advanced Encryption Standard

Cumulative Sum

Out of the following, which is not a type of side-channel attack? Timing Attack Data Remanence Out of the following, which is not a type of side-channel attack? Timing Attack Data Remanence Cybersquatting Acoustic Cryptanalysis Acoustic Cryptanalysis

Cybersquatting

Out of the following, which is not a type of side-channel attack? Timing Attack Data Remanence Cybersquatting Acoustic Cryptanalysis

Cybersquatting: Attacker compromises the cloud by placing a malicious virtual machine near a target cloud server and then launches side-channel attack.

11 In cryptanalysis and computer security, 'pass the hash' is a hacking technique that allows an attacker to authenticate to a remote server/service by using the underlying NTLM and/or LanMan hash of a user's password, instead of rquiring the associated plaintext password as is normally the case. Metasploit Framework of the has a module for this technique; psexec. The psexec module is often ussed by penetration testers to obtain access to a given system that you already know the credentials for. It was written by sysinternals and has been integrated within the framework. Often is penetration testers, successfully gain access to a system through some exploit, use meterpreter to grab the passwords or other methods like fgdump, pwdump, or chachedump and then utilize rainbowtables to crack those hash values. Which of the following is true hash type and sort order that is using in the psexec module's 'smbpass' A. NTLM:LM B. NT:LM C. LM:NT D. LM:NTLM

9 Even stole a file named a secret.text, transferred it to your computer and she just entered these commands:[eve@localhost ~] john secret.txt Loaded 2 password hashes with no different salts (LM [DES 128/128 SSE2-16]) Press 'q' or Ctrl-C to abort, almost any other key for status What is she trying to acheive? A. She is using FTP to transfer the file to another hacker named John. B. She is encrypting the file. C. She is using john the ripper to view the contents of the file. D. She's using john the ripper to crack the passwords in the secrets.txt file.

Which of the following steganography techniques allows the user to add white spaces and tabs at the end of the lines? Image Steganography Document steganography Folder Steganography Video steganography

Document steganography

Routing protocols are layer 1 protocols that are used to get packets through an internetwork. T or F

The DHCP specification, RFC 2131, defines the default value for T1 as: 0.95 * duration_of_lease T or F

What is the command used to create a binary log file using tcpdump? A. tcpdump -r log B. tcpdump -l /var/log/ C. tcpdump -vde log D. tcpdump -w ./log

D. tcpdump -w ./log

12 A computer science student needs to fill some information into a secured Adobe PDF job application that was received from a prospective employer. Instead of requesting a new document that allows the forms to be completed, the student decides to write a script that pulls passwords from a list of commonly used passwords to try a against the secured PDF until the correct password is found or the list is exhausted. Which cryptography attack is the student attempting? A. Brute force attack B. Man in the middle attack C. Session hijacking D. Dictionary attack

D. Dictionary attack

What type of port scan is shown below? Scan directed at open port: ClientServer 192.5.2.92:4079 ---------FIN--------->192.5.2.110:23 192.5.2.92:4079 <----NO RESPONSE------192.5.2.110:23 Scan directed at closed port: ClientServer 192.5.2.92:4079 ---------FIN--------->192.5.2.110:23 192.5.2.92:4079<-----RST/ACK----------192.5.2.110:23

D. FIN scan

14 In an internal security audit, the white hat hacker gains control over a user account and attempts to acquire access to another account's confidential files and information; How can he achieve this? A. Shoulder-Surfing B. Hacking Active Directory C. Port Scanning D. Privilege Escalation

D. Privilege Escalation

5 A network administrator discovers several unknown files in the roof directory of his Linux FTP server. One of the files is a tarball, two are shell script files, and the third is a binary file is named "nc". The FTP server's access logs show that the anonymous user account logged into the server, uploaded the files, and extracted the contents of the tarball and ran the script using a function provided by the FTP server' software. The ps command shows that the nc file is running as process, and the netstat command shows the nc process is listening on a network port. What kind of vulnerability must be present of make this remote attack possible? A. File system permissions B. Directory traversal C. Brute force login D. Privilege escalation

D. Privilege escalation

What is the primary drawback of using the Advanced Encryption Standard (AES) algorithm with a 256-bit key to share sensitive data? A: Due to the key size, the time it will take to encrypt and decrypt the message hinders efficient communication. B: To get messaging programs to function with this algorithm requires complex configurations. C: It has been proven to be a weak cipher; therefore, should not be trusted to protect sensitive data. D: It is a symmetric key algorithm, meaning each recipient must receive the key through a different channel than the message.

D: It is a symmetric key algorithm, meaning each recipient must receive the key through a different channel than the message.

Which of the following describes a component of public key infrastructure (PKI) where a copy of a private key is stored to provide third-party access and to facilitate recovery operations? A: Key registry B: Recovery agent C: Directory D: Key escrow

D: Key escrow

Which of the following DNS record type helps in DNS footprinting to determine domain's mail server? A: A B: NS C: CNAME D: MX

D: MX

Which of the following browser applications encrypts your Internet traffic and then hides it by bouncing through a series of computers around the world? A: Google Chrome B: UC Browser C: Mozilla FireFox D: ORBOT

D: ORBOT

Which of the following tools is not a NetBIOS enumeration tool? A: Hyena B: SuperScan C: NetScanTools Pro D: OpUtils

D: OpUtils

A penetration tester was hired to perform a penetration test for a bank. The tester began searching for IP ranges owned by the bank, performing lookups on the bank's DNS servers, reading news articles online about the bank, watching the bank employees time in and out, searching the bank's job postings (paying special attention to IT-related jobs), and visiting the local dumpster for the bank's corporate office. What phase of the penetration test is the tester currently in? A: Information reporting B: Vulnerability assessment C: Active information gathering D: Passive information gathering

D: Passive information gathering

Some passwords are stored using specialized encryption algorithms known as hashes. Why is this an appropriate method? A: It is impossible to crack hashed user passwords unless the key used to encrypt them is obtained. B: If a user forgets the password, it can be easily retrieved using the hash key stored by administrators. C: Hashing is faster when compared to more traditional encryption algorithms. D: Passwords stored using hashes are non-reversible, making finding the password much more difficult.

D: Passwords stored using hashes are nonreversible, making finding the password much more difficult.

In order to avoid data loss from a Mobile device, which of the following Mobile Device Management security measures should you consider? A: Encrypt Storage B: Configure Application certification rules C: Enable Remote Management D: Perform periodic backup and synchronization

D: Perform periodic backup and synchronization

Does passive reconnaissance involve collecting information through which of the following? A: Social engineering B: Traceroute analysis C: Email tracking D: Publicly accessible sources

D: Publicly accessible sources

Identify the services provided by the application layer of the cloud security control model? A: DLP, CMF, Database Activity Monitoring, Encryption B: Hardware and software RoT and API's C: Physical Plant Security, CCTV, Guards D: SDLC, Binary Analysis, Scanners, Web App Firewalls, Transactional Sec

D: SDLC, Binary Analysis, Scanners, Web App Firewalls, Transactional Sec

Which of the following is not a mobile platform risk? A: Malicious Apps in App Store B: Mobile Malware C: Jailbreaking and Rooting D: Sandboxing

D: Sandboxing

For messages sent through an insecure channel, a properly implemented digital signature gives the receiver reason to believe the message was sent by the claimed sender. While using a digital signature, the message digest is encrypted with which key? A: Sender's public key B: Receiver's private key C: Receiver's public key D: Sender's private key

D: Sender's private key

In which of the following attacks does an attacker ride an active computer session by sending an email or tricking the user into visiting a malicious web page while they are logged into the targeted site? A: Side Channel Attack B: Wrapping Attack C: DNS Attack D: Session Hijacking Using Session Riding

D: Session Hijacking Using Session Riding

What is the port number used by DNS servers to perform DNS zone transfers? A: TCP/UDP 135 B: UDP 137 C:TCP 139 D: TCP/UDP 53

D: TCP/UDP 53

The fundamental difference between symmetric and asymmetric key cryptographic systems is that symmetric key cryptography uses__________________? A: Multiple keys for non-repudiation of bulk data B: Different keys on both ends of the transport medium C: Bulk encryption for data transmission over fiber D: The same key on each end of the transmission medium

D: The same key on each end of the transmission medium

InfoTech Security hired a penetration tester Sean to do physical penetration testing. On the first day of his assessment, Sean goes to the company posing as a repairman and starts checking trash bins to collect the sensitive information. What is Sean trying to do? A: Trying to attempt social engineering using phishing B: Trying to attempt social engineering by eavesdropping C: Trying to attempt social engineering by shoulder surfing D: Trying to attempt social engineering by dumpster diving

D: Trying to attempt social engineering by dumpster diving

Which of the following tools is not used for iOS Jailbreaking? A: Yalu B: Velonzy C: TaiG D: Unrevoked

D: Unrevoked

Shellshock allowed an unauthorized user to gain access to a server. It affected many Internet-facing services, which OS did it not directly affect? A: Linux B: Unix C: OS X D: Windows

D: Windows

You want to do an ICMP scan on a remote computer using hping2. What is the proper syntax? A: hping2-i host.domain.com B: hping2 -set-ICMP host.domain.com C: hping2 host.domain.com D: hping2 -1 host.domain.com

D: hping2 -1 host.domain.com

Which one of the following is a Google search query used for VoIP footprinting to extract Cisco phone details? A: inurl:"ccmuser/logon.asp" B: intitle:"D-Link VoIP Router" "Welcome" C: inurl:/voice/advanced/ intitle:Linksys SPA configuration D: inurl:"NetworkConfiguration" cisco

D: inurl:"NetworkConfiguration" cisco

A systems administrator in a small company named "We are Secure Ltd." has a problem with their Internet connection. The following are the symptoms: The speed of the Internet connection is slow (so slow that it is unusable). The router connecting the company to the Internet is accessible and it is showing large amount of router solicitation messages from neighboring routers even though the router is not supposed to receive any of these messages. What type of attack is this? DRDoS (Distributed Reflected Denial of Service) DoS (Denial of Service) DDoS (Distributed Denial of Service) MitM (Man in the Middle)

DRDoS (Distributed Reflected Denial of Service)

Which of the following is a special marker with which traffic can be prioritized by an end device or boundary device and queued and forwarded according to this value?

DSCP

Direct-sequence Spread Spectrum

DSSS is a spread spectrum technique that multiplies the original data signal with a pseudo random noise spreading code. Also referred to as a data transmission scheme or modulation scheme, the technique protects signals against interference or jamming.

Direct-sequence Spread Spectrum (DSSS)

Which of the following attacks mainly affects any hardware/software using an ANSI X9.31 random number generator (RNG)? Hash collision attack DUHK attack Side channel attack

DUHK (don't use hard-coded keys) is a cryptographic vulnerability that allows attackers to obtain encryption keys used to secure VPNs and web sessions. This attack mainly affects any hardware/software using ANSI X9.31 random number generator (RNG).

Which of the following attacks mainly affects any hardware/software using an ANSI X9.31 random number generator (RNG)? Hash collision attack DUHK attack Rainbow table attack Side channel attack

DUHK attack

Which of the following terms refers to gaining access to one network and/or computer and then using the same to gain access to multiple networks and computers that contain desirable information? Doxing Daisy Chaining Social Engineering Kill Chain

Daisy Chaining

Which of the following terms refers to gaining access to one network and/or computer and then using the same to gain access to multiple networks and computers that contain desirable information? Social Engineering Doxing Daisy Chaining Kill Chain

Daisy Chaining

Which of the following Trojan construction kits is used to create user-specified Trojans by selecting from the various options available? Trojan.Gen Senna Spy Trojan Generator Win32.Trojan.BAT DarkHorse Trojan Virus Maker

DarkHorse Trojan Virus Maker

Which of the following Trojan construction kits is used to create user-specified Trojans by selecting from the various options available? Win32.Trojan.BAT DarkHorse Trojan Virus Maker Senna Spy Trojan Generator Trojan.Gen

DarkHorse Trojan Virus Maker

Which of the following Trojan construction kits is used to create user-specified Trojans by selecting from the various options available? -Trojan.Gen -Senna Spy Trojan Generator -Win32.Trojan.BAT -DarkHorse Trojan Virus Maker

DarkHorse Trojan Virus Maker is used to creates user-specified Trojans by selecting from various options available.

DarkHorse Trojan Virus Maker

DarkHorse Trojan Virus Maker is used to creates user-specified Trojans by selecting from various options available. The Trojans created to act as per the options selected while creating them.

Out of the following, which layer is responsible for encoding and decoding data packets into bits? Application layer Session layer Data Link layer Network layer

Data Link layer

Out of the following, which layer is responsible for encoding and decoding data packets into bits? Data Link layer Application layer Session layer Network layer

Data Link layer

When Jason installed a malicious application on his mobile, the application modified the content in other applications on Jason's mobile phone. What process did the malicious application perform? Data Exfiltration Data Mining Data Tampering Data Loss

Data Tampering

Sniffers work at which of the following open systems interconnect (OSI) layers? Data link layer Presentation layer Transport layer Application layer

Data link layer

Sniffers work at which of the following open systems interconnect (OSI) layers? Data link layer Transport layer Application layer Presentation layer

Data link layer

Which tool is used to automate SQL injections and exploit a database by forcing a given web application to connect to another database controlled by a hacker? DataThief NetCat Cain and Abel Nmap

DataThief

DataThief is a tool used to demonstrate to web administrators and developers how to steal data from a web application that is vulnerable to SQL Injection. Data Thief is designed to retrieve the data from a Microsoft SQL Server back-end behind a web application with a SQL Injection vulnerability.

The security analyst for Danels Company arrives this morning to his office and verifies the primary home page of the company. He notes that the page has the logo of the competition and writings that do not correspond to the true page. What kind of attack do the observed signals correspond to? Defacement DDoS Phishing Http Attack

Defacement

Which security strategy requires using several, diverse methods to protect IT systems against attacks? Three-way handshake Defense in depth Exponential backoff algorithm Covert channels

Defense in depth

Which of the following tasks DOES NOT fall under the scope of ethical hacking? Pen testing Vulnerability scanning Defense-in-depth implementation Risk assessment

Defense-in-depth implementation

Which of the following tasks DOES NOT fall under the scope of ethical hacking? Risk assessment Vulnerability scanning Pen testing Defense-in-depth implementation

Defense-in-depth implementation

An ethical hacker for a large security research firm performs penetration tests, vulnerability tests, and risk assessments. A friend recently started a company and asks the hacker to perform a penetration test and vulnerability assessment of the new company as a favor. What should the hacker's next step be before starting work on this job? Use social engineering techniques on the friend's employees to help identify areas that may be susceptible to attack. Define the penetration testing scope. Start by footprinting the network and mapping out a plan of attack. Begin the reconnaissance phase with passive information gathering and then move into active information gathering.

Define the penetration testing scope.

Which of the following DoS/DDoS countermeasures strategy can you implement using a honeypot? Deflecting attacks Absorbing attacks Mitigating attacks Degrading services

Deflecting attacks

Which of the following DoS/DDoS countermeasures strategy can you implement using a honeypot? Deflecting attacks Absorbing attacks Mitigating attacks Degrading services

Deflecting attacks

What is the DoS/DDoS countermeasure strategy to at least keep the critical services functional?

Degrading services

Which of the following availability attacks involve exploiting the CSMA/CA Clear Channel Assessment (CCA) mechanism to make a channel appear busy? Routing Attack Authenticate Flood Denial-of-Service

Denial-of-Service

Which type of assessment tools are used to find and identify previously unknown vulnerabilities in a system? Depth assessment tools Scope assessment tools Application-layer vulnerability assessment tools Active Scanning Tools

Depth Assessment Tools Depth assessment tools are used to find and identify previously unknown vulnerabilities in a system. Generally, these tools are used to identify vulnerabilities to an unstable degree of depth. Such types of tools include fuzzers that give arbitrary input to a system's interface. Many of these tools use a set of vulnerability signatures for testing that the product is resistant to a known vulnerability or not.

Which type of assessment tools are used to find and identify previously unknown vulnerabilities in a system? Scope assessment tools Application-layer vulnerability assessment tools Depth assessment tools Active Scanning Tools

Depth assessment tools

In the software security development lifecycle, threat modeling occurs in which phase? Implementation Design Requirements Verification

Design

ICMP Type 3 Code 6

Destination network unknown

ICMP Type 3 Code 0

Destination network unreachable

The ___ extension header provides a method for extending the IPv6 header to support options for packet handling and preferences.

Destination options

The ____ extension header provides a method for extending the IPv6 header to support options for packet handling and preferences.

Destination options

Which of the following is true for automated patch management process? Assess -> Detect -> Acquire -> Deploy -> Test -> Maintain Detect -> Assess -> Acquire -> Test -> Deploy -> Maintain Acquire -> Assess -> Detect -> Deploy -> Test -> Maintain Acquire -> Assess -> Detect -> Test -> Deploy -> Maintain

Detect -> Assess -> Acquire -> Test -> Deploy -> Maintain

Name the communication model, where the IoT devices use protocols such as ZigBee, Z-Wave or Bluetooth, to interact with each other? Device-to-Device Communication Model Device-to-Cloud Communication Model Device-to-Gateway Communication Model Back-End Data-Sharing Communication Model

Device-to-Device Communication Model

Name the communication model where the IoT devices communicate with the cloud service through gateways? Device-to-device communication model Device-to-cloud communication model Device-to-gateway communication model Back-end data-sharing communication model

Device-to-Gateway Communication Model: In the Device-to-Gateway communication, Internet of Things device communicates with an intermediate device called a Gateway, which in turn communicates with the cloud service.

Device-to-gateway communication model

A computer science student needs to fill some information into a password protected Adobe PDF job application that was received from a prospective employer. Instead of requesting the password, the student decides to write a script that pulls passwords from a list of commonly used passwords to try against the secured PDF until the correct password is found or the list is exhausted. Identify the type of password attack. Man-in-the-middle attack Dictionary attack Session hijacking Brute-force attack

Dictionary attack

Which of the following cryptanalysis methods is applicable to symmetric key algorithms? Linear cryptanalysis Differential cryptanalysis Integral cryptanalysis Frequency Cryptanalysis

Differential cryptanalysis

Which of the following cryptanalysis methods is applicable to symmetric key algorithms? Linear cryptanalysis Differential cryptanalysis Integral cryptanalysis

Differential cryptanalysis is a form of cryptanalysis applicable to symmetric key algorithms. It is the examination of differences in an input and how that affects the resultant difference in the output. It originally worked only with chosen plaintext. It can also work only with known plaintext and ciphertext.

Which of the following stores critical HTML files related to the webpages of a domain name that will be served in response to requests? Document root Server root Virtual document tree Web proxy

Document root

Which of the following cryptanalysis methods is applicable to symmetric key algorithms? Linear cryptanalysis Differential cryptanalysis Integral cryptanalysis Frequency Cryptanalysis

Diffie-Hellman (DH) groups determine the strength of the key used in the key exchange process. Which of the following is the correct bit size of the Diffie-Hellman (DH) group 5? 768 bit key 1025 bit key 1536 bit key 2048 bit key

Diffie-Hellman group 1—768 bit group Diffie-Hellman group 2 —1024 bit group Diffie-Hellman group 5—1536 bit group Diffie-Hellman group 14—2048 bit group Diffie-Hellman group 19—256 bit elliptic curve Diffie-Hellman group 20—384 bit elliptic curve group

DigiCert Home and Consumer IoT Security Solutions protect private data and home networks while preventing unauthorized access using PKI-based security solutions for consumer IoT devices.

Which of the following is an example of two-factor authentication? Username and Password Password and fingerprint PIN Number and Birth Date Digital Certificate and Hardware Token

Digital Certificate and Hardware Token

In which of the following is the original data signal multiplied with a pseudo random noise spreading code? -Orthogonal Frequency-division Multiplexing (OFDM) -Direct-sequence Spread Spectrum (DSSS) Frequency-hopping Spread Spectrum (FHSS)

Direct-sequence Spread Spectrum (DSSS)

If an attacker uses ../ (dot-dot-slash) sequence to access restricted directories outside of the webserver root directory, then which attack did he perform? DNS amplification attack DoS attack Directory traversal attack HTTP response splitting attack

Directory traversal attack

"Config" intitle:"Index of" intext:vpn

Directory with keys of VPN servers

Which of the following statements is not true for securing iOS devices? Do not jailbreak or root your device if used within enterprise environments Disable Jailbreak detection Do not store sensitive data on client-side database Disable Javascript and add-ons from web browser

Disable Jailbreak detection

Disable UPnP

Which of the following techniques do attackers use to cover the tracks? Steganography Steganalysis Disable auditing Scanning

Disable auditing

Which of the following techniques do attackers use to cover the tracks? Steganalysis Scanning Disable auditing Steganography

Disable auditing

Which of the following techniques is used by the attackers to clear online tracks? Disable LAN manager Disable the user account Disable LMNR and NBT-NS services Disable auditing

Disable auditing

Which of the following techniques is used by the attackers to clear online tracks? Disable auditing Disable the user account Disable LAN manager Disable LMNR and NBT-NS services

Disable auditing

Which of the following is not a countermeasure for phishing attacks? Do not click on any links included in the SMS Disable the "block texts from the internet" feature from your provider Never reply to a SMS that urges you to act or respond quickly Review the bank's policy on sending SMS

Disable the "block texts from the internet" feature from your provider

Which of the following is NOT an objectives of network scanning? Discover the network's live hosts Discover the services running Discover usernames and passwords Discover the services running

Discover usernames and passwords

Which of the following is NOT an objectives of network scanning? Discover usernames and passwords Discover the network's live hosts Discover the services running Discover the services running

Discover usernames and passwords

What are Routing Attacks

Distributing routing information within the network. Tools: RIP protocol

A systems administrator in a small company named "We are Secure Ltd." has a problem with their Internet connection. The following are the symptoms: the speed of the Internet connection is slow (so slow that it is unusable). The router connecting the company to the Internet is accessible and it is showing a large amount of SYN packets flowing from one single IP address. The company's Internet speed is only 5 Mbps, which is usually enough during normal working hours. What type of attack is this? DoS DDoS DRDoS MitM

DoS

An attacker sends numerous fake requests to the webserver from various random systems that results in the webserver crashing or becoming unavailable to the legitimate users. Which attack did the attacker perform? DNS server hijacking DoS attack DNS amplification attack HTTP response splitting attack

DoS attack

Bluesmacking

DoS attack which overflows Bluetooth-enabled devices with random packets causing the device to crash

Explain how the sequence and acknowledgment numbers are incremented during the 3-way handshake process. Sequence and acknowledgment numbers are incremented by one during the 3-way handshake process Sequence and acknowledgment numbers are incremented by two during the 3-way handshake process Sequence number is incremented by one and acknowledge number is not incremented during the 3-way handshake process

During the 3-way handshake, sequence and acknowledgment numbers are (relatively) incremented by one. After that acknowledge number will be incremented for the size of the packet received.

The system checks the IP to MAC address binding for each ARP packet in a network. While performing a Dynamic ARP inspection, the system will automatically drop invalid IP to MAC address bindings.

Dynamic ARP Inspection

Ramon is a security professional for xsecurity. During an analysis process, he has identified a suspicious .exe file. Ramon executed the suspicious malicious file in a sandbox environment where the malware cannot affect other machines in the network. What type of analysis does Ramon conduct? Static Malware Analysis Sheep Dipping Dynamic Malware Analysis Preparing Testbed

Dynamic Malware Analysis

Ramon is a security professional for xsecurity. During an analysis process, he has identified a suspicious .exe file. Ramon executed the suspicious malicious file in a sandbox environment where the malware cannot affect other machines in the network. What type of analysis does Ramon conduct? Static Malware Analysis Dynamic Malware Analysis Preparing Testbed Sheep Dipping

Dynamic Malware Analysis

Dynamic malware analysis is also known as behavioral analysis, which involves executing the malware code to know how it interacts with the host system and its impact on the system after it has been infected.

Which of the following IoT architecture layers consists of all the hardware parts like sensors, RFID tags, readers or other soft sensors, and the device itself? Access gateway layer Edge technology layer Internet layer

Edge Technology Layer: This layer consists of all the hardware parts like sensors, RFID tags, readers or other soft sensors and the device itself.

Edge technology layer

Which of the following tools allows an attacker to extract information such as sender identity, mail server, sender's IP address, location, and so on? Website Mirroring Tools Web Updates Monitoring Tools Metadata Extraction Tools Email Tracking Tools

Email Tracking Tools

Which of the following tools allows an attacker to extract information such as sender identity, mail server, sender's IP address, location, and so on? Web Updates Monitoring Tools Metadata Extraction Tools Website Mirroring Tools Email Tracking Tools

Email Tracking Tools

How do employers protect assets with security policies pertaining to employee surveillance activities? Employers provide employees with written statements that clearly discuss the boundaries of monitoring activities and the consequences. Employers use informal verbal communication channels to explain employee monitoring activities to employees. Employers use network surveillance to monitor employee e-mail traffic and network access, and to record employee keystrokes. Employers promote monitoring activities of employees as long as the employees demonstrate trustworthiness.

Employers provide employees with written statements that clearly discuss the boundaries of monitoring activities and the consequences.

How do employers protect assets with security policies pertaining to employee surveillance activities? Employers promote monitoring activities of employees as long as the employees demonstrate trustworthiness. Employers use informal verbal communication channels to explain employee monitoring activities to employees. Employers use network surveillance to monitor employee e-mail traffic and network access, and to record employee keystrokes. Employers provide employees with written statements that clearly discuss the boundaries of monitoring activities and the consequences.

Employers provide employees with written statements that clearly discuss the boundaries of monitoring activities and the consequences.

Which of the following is NOT a best approach to protect your firm against web server files and directories? Eliminate unnecessary files within the .jar files Avoid mapping virtual directories between two different servers, or over a network Enable serving of directory listings Disable serving certain file types by creating a resource mapping

Enable serving of directory listings

In IPv6, which extension header should be used to encrypt data?

Encapsulating Security Payload

You are the security administrator of Xtrinity, Inc. You write security policies and conduct assessments to protect the company's network. During one of your periodic checks to see how well policy is being followed by the employees, you discover that an employee has attached his laptop to his personal 4G Wi-Fi device. He has used this 4G connection to download certain files from the Internet, thereby bypassing your firewall. A security policy breach has occurred as a direct result of this activity. The employee explains that he used the modem because he had to download software for a department project. How would you resolve this situation? Enforce the corporate security policy. Conduct a needs analysis. Reconfigure the firewall. Install a network-based IDS.

Enforce the corporate security policy.

Which of the following is not a defensive measure for web server attacks while implementing Machine.config? Limit inbound traffic to port 80 for HTTP and port 443 for HTTPS (SSL) Encrypt or restrict intranet traffic Ensure that tracing is enabled <trace enable="true"/> and debug compiles are turned on Restrict code access security policy settings

Ensure that tracing is enabled <trace enable="true"/> and debug compiles are turned on

Jonathan, a solutions architect with a start-up, was asked to redesign the company's web infrastructure to meet the growing customer demands. He proposed the following architecture to the management: What is Jonathan's primary objective? Proper user authentication Ensuring high availability Ensuring integrity of the application servers Ensuring confidentiality of the data

Ensuring high availability

Jonathan, a solutions architect with a start-up, was asked to redesign the company's web infrastructure to meet the growing customer demands. He proposed the following architecture to the management: What is Jonathan's primary objective? Ensuring high availability Ensuring confidentiality of the data Proper user authentication Ensuring integrity of the application servers

Ensuring high availability

Which of the following Rootkit Trojans performs targeted attacks against various organizations and arrives on the infected system by being downloaded and executed by the Trickler dubbed "DoubleFantasy," covered by TSL20110614-01 (Trojan.Win32.Micstus.A)? GrayFish rootkit Hardware/firmware rootkit Boot loader level rootkitc EquationDrug rootkit

EquationDrug is a dangerous computer rootkit that attacks the Windows platform. It allows a remote attacker to execute shell commands on the infected system.

Which of the following Rootkit Trojans performs targeted attacks against various organizations and arrives on the infected system by being downloaded and executed by the Trickler dubbed "DoubleFantasy," covered by TSL20110614-01 (Trojan.Win32.Micstus.A)? Hardware/firmware rootkit Boot loader level rootkitc EquationDrug rootkit

EquationDrug is a dangerous computer rootkit that attacks the Windows platform. It performs targeted attacks against various organizations and arrives on the infected system by being downloaded and executed by the Trickler dubbed "DoubleFantasy", covered by TSL20110614-01.

Which of the following Rootkit Trojans performs targeted attacks against various organizations and arrives on the infected system by being downloaded and executed by the Trickler dubbed "DoubleFantasy," covered by TSL20110614-01 (Trojan.Win32.Micstus.A)? EquationDrug rootkit GrayFish rootkit Hardware/firmware rootkit Boot loader level rootkitc

EquationDrug rootkit

Highlander, Incorporated, decides to hire an ethical hacker to identify vulnerabilities at the regional locations and ensure system security. What is the main difference between a hacker and an ethical hacker when they are trying to compromise the regional offices? Hackers don't have any knowledge of the network before they compromise the network. Ethical Hackers have the permission of upper management. Ethical hackers have the permission of the regional server administrators. Hackers have more sophisticated tools.

Ethical Hackers have the permission of upper management.

Why is ethical hacking necessary? (Select two.) Ethical hackers are responsible for incident handling and response in the organization. Ethical hackers try to find if all the components of information systems are adequately protected, updated, and patched Ethical hackers try to find what an intruder can see on the system under evaluation. Ethical hackers are responsible for selecting security solutions and try to verify the ROI of security systems.

Ethical hackers try to find if all the components of information systems are adequately protected, updated, and patched Ethical hackers try to find what an intruder can see on the system under evaluation.

Unlike IPv4 packets, IPv6 packets ensure that data or application information is successfully transported from a source to a destination on a network. (T or F)

Why is ethical hacking necessary? (Select two.) Ethical hackers try to find what an intruder can see on the system under evaluation. Ethical hackers are responsible for selecting security solutions and try to verify the ROI of security systems. Ethical hackers try to find if all the components of information systems are adequately protected, updated, and patched Ethical hackers are responsible for incident handling and response in the organization.

Ethical hackers try to find what an intruder can see on the system under evaluation. Ethical hackers try to find if all the components of information systems are adequately protected, updated, and patched

Ettercap

Ettercap is a comprehensive suite for man in the middle attacks. It features sniffing of live connections, content filtering on the fly and many other interesting tricks.

A security policy is more acceptable to employees if it is consistent and has the support of: A supervisor. The security officer. Executive management. Coworkers.

Executive management.

In which of the following attacks does an attacker use a malicious script to exploit poorly patched vulnerabilities in an IoT device? Sybil attack Side channel attack Replay attack Exploit kits

Exploit Kits: Exploit kit is a malicious script used by the attackers to exploit poorly patched vulnerabilities in an IoT device. These kits are designed in such a way that whenever there are new vulnerabilities, new ways of exploitation and add on functions will be added to the device automatically.

In which of the following attacks does an attacker use a malicious script to exploit poorly patched vulnerabilities in an IoT device? Sybil attack Side channel attack Replay attack Exploit kits

Exploit kits

Which of the following enumeration techniques is used by a network administrator to replicate domain name system (DNS) data across many DNS servers, or to backup DNS files? Brute force Active Directory Extract information using DNS Zone Transfer Extract user names using email IDs Extract information using default passwords

Extract information using DNS Zone Transfer

Which of the following enumeration techniques is used by a network administrator to replicate domain name system (DNS) data across many DNS servers, or to backup DNS files? Extract user names using email IDs Extract information using default passwords Extract information using DNS Zone Transfer Brute force Active Directory

Extract information using DNS Zone Transfer

Clients have static IP addresses because their DNS entries must stay consistent. T or F

Neighbor discovery makes abundant use of messages? T or F

A pen tester was hired to perform penetration testing on an organization. The tester was asked to perform passive footprinting on the target organization. Which of the following techniques comes under passive footprinting? Finding the top-level domains (TLDs) and sub-domains of a target through web services Performing social engineering Performing traceroute analysis Querying published name servers of the target

Finding the top-level domains (TLDs) and sub-domains of a target through web services

"[Main]" "enc_GroupPwd=" ext:txt

Finds Cisco VPN client passwords (encrypted but easily cracked!)

inurl"/remote/login?lang=en

Finds FortiGate Firewall's SSL-VPN login portal

!Host=*.*intext:enc_UserPassword=*ext:pcf

Finds Sonicwall Global VPN Client files containing sensitive information and login

filetype:pcf vpn OR Group

Finds publicly accessible profile configuration files (.pcf) used by VPN clients

inurl:/voice/advanced/ intitle:Linksys SPA configuration

Finds the Linksys VoIP router configuration page

Which method of firewall identification has the following characteristics: uses TTL values to determine gateway ACL filters maps networks by analyzing IP packet response probes ACLs on packet filtering routers/firewalls using the same method as trace-routing sends TCP or UDP packets into the firewall with TTL value is one hop greater than the targeted firewall Port Scanning Firewalking Banner Grabbing Source Routing

Firewalking

uses TTL values to determine gateway ACL filters maps networks by analyzing IP packet response probes ACLs on packet filtering routers/firewalls using the same method as trace-routing sends TCP or UDP packets into the firewall with TTL value is one hop greater than the targeted firewall Port Scanning Firewalking Source Routing

Firewalking is a method of collecting information about remote networks behind firewalls. It is a technique that uses TTL values to determine gateway ACL filters and map networks by analyzing IP packet response.

If an attacker wants to reconstruct malicious firmware from a legitimate firmware in order to maintain access to the victim device, which of the following tools can he use to do so? Zigbee Framework RIoT Vulnerability Scanner RFCrack Firmware Mod Kit

Firmware Mod Kit

Firmware Mod Kit: Attackers remain undetected by clearing the logs, updating firmware and using malicious programs such as backdoor, Trojans, etc. to maintain access. Attackers use tools such as Firmware Mod Kit, Firmalyzer Enterprise, Firmware Analysis Toolkit, etc. to exploit firmware.

A certified ethical hacker (CEH) completed a penetration test of the main headquarters of a company almost two months ago but has yet to get paid. The customer is suffering from financial problems, and the CEH is worried that the company will go out of business and end up not paying. What actions should the CEH take? Follow proper legal procedures against the company to request payment. Exploit some of the vulnerabilities found on the company webserver to deface it. Threaten to publish the penetration test results if not paid. Tell other customers of the financial problems with payments from this company.

Follow proper legal procedures against the company to request payment.

A certified ethical hacker (CEH) completed a penetration test of the main headquarters of a company almost two months ago but has yet to get paid. The customer is suffering from financial problems, and the CEH is worried that the company will go out of business and end up not paying. What actions should the CEH take? Threaten to publish the penetration test results if not paid. Follow proper legal procedures against the company to request payment. Tell other customers of the financial problems with payments from this company. Exploit some of the vulnerabilities found on the company webserver to deface it.

Follow proper legal procedures against the company to request payment.

What is the correct order of steps in the system hacking cycle? Gaining Access -> Escalating Privileges -> Executing Applications -> Hiding Files -> Covering Tracks Covering Tracks -> Hiding Files -> Escalating -> Privileges -> Executing Applications -> Gaining Access Executing Applications -> Gaining Access -> Covering Tracks -> Escalating Privileges -> Hiding Files Escalating Privileges -> Gaining Access -> Executing Applications -> Covering Tracks -> Hiding Files

Gaining Access -> Escalating Privileges -> Executing Applications -> Hiding Files -> Covering Tracks

IoT Gateways

Gateways are used to bridge the gap between the IoT device (internal network) and the end user (external network) and thus allowing them to connect and communicate with each other.

What is the objective of a reconnaissance phase in a hacking life-cycle? Gathering as much information as possible about the target. Identifying specific vulnerabilities in the target network. Gaining access to the target system and network. Gaining access to the target system with admin/root level privileges.

Gathering as much information as possible about the target.

What is the objective of a reconnaissance phase in a hacking life-cycle? Identifying specific vulnerabilities in the target network. Gaining access to the target system with admin/root level privileges. Gathering as much information as possible about the target. Gaining access to the target system and network

Gathering as much information as possible about the target.

During a penetration test, a tester finds that the web application being analyzed is vulnerable to Cross Site Scripting (XSS). Which of the following conditions must be met to exploit this vulnerability? -The web application does not have the secure flag set. -The session cookies do not have the HttpOnly flag set. -The victim user should not have an endpoint security solution -The victim's browser must have ActiveX technology enabled.

Generally, the XSS attacks target stealing session cookies. If for a web application the HttpOnly flag is not set then it is vulnerable XSS attack.

James works as a cloud security professional with XSecurity Consultant. He is performing a security assessment on a small healthcare provider's cloud network. James started penetration testing by searching for virtual machines on the client host network to identify all the machines, appliances, and services running in the virtual environment. What will help James discover all the virtual machines on the client's network? -Use the ping utility to discover the virtual environments -Use the Nmap tool to detect virtual machines -Check IP address information on virtual NICs -Use the Google search engine to discover the virtual environments

Get Answer

Which of the following techniques is used to create complex search engine queries? Bing Search Yahoo Search Google hacking DuckDuckGo

Google hacking

Which of the following techniques is used to create complex search engine queries? Yahoo Search Bing Search Google hacking DuckDuckGo

Google hacking

IPv6 Duplicate address detection protocol can be compared with which IPv4 protocol function?

Gratuitous ARP

Juan is the administrator of a Windows domain for a global corporation. He uses his knowledge to scan the internal network to find vulnerabilities without the authorization of his boss; he tries to perform an attack and gain access to an AIX server to show the results to his boss. What kind of role is shown in the scenario? Black Hat hacker Annoying employee Gray Hat hacker White Hat hacker

Gray Hat hacker

Juan is the administrator of a Windows domain for a global corporation. He uses his knowledge to scan the internal network to find vulnerabilities without the authorization of his boss; he tries to perform an attack and gain access to an AIX server to show the results to his boss. What kind of role is shown in the scenario? Gray Hat hacker Black Hat hacker White Hat hacker Annoying employee

Gray Hat hacker

International Organization for Standardization (ISO) standard 27002 provides guidance for compliance by outlining Standard best practice for configuration management Contract agreement writing standards Guidelines and practices for security controls Financial soundness and business viability metrics

Guidelines and practices for security controls

Sohum is carrying out a security check on a system. This security check involves carrying out a configuration-level check through the command line in order to identify vulnerabilities such as incorrect registry and file permissions, as well as software configuration errors. Which type of assessment is performed by Sohum? External Assessment Network based Assessment Host based Assessment Internal Assessment

Host based Assessment

Which of the following registry entry you will delete to clear Most Recently Used (MRU) list? HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\AppKey HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\RecentDocs HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\AppKey - stores the hotkeys. HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts - is responsible for file extension association. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\RecentDocs - key maintains a list of recently opened or saved files via Windows Explorer-style dialog boxes. HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2 - stores the network locations.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\RecentDocs

Which of the following registry entry you will delete to clear Most Recently Used (MRU) list? HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\RecentDocs HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\AppKey

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\RecentDocs

The DDoS tool created by anonymous sends junk HTTP GET and POST requests to flood the target, and its second version of the tool (the first version had different name) that was used in the so-called Operation Megaupload is called _______. HOIC BanglaDOS Dereil Pandora DDoS

HOIC

Out of the following, which is not a component of the IPsec protocol? IPsec policy agent Oakley HPKP IKE

HPKP

Which of the following technique allows users to authenticate web servers? HTTPS HPKP SSH SFTP

HPKP

Which of the following methods carries the requested data to the webserver as a part of the message body? HTTP GET HTTP POST IBM DB2 Cold Fusion

HTTP POST

Which of the following technique allows users to authenticate web servers? HTTPS HPKP SSH SFTP

HTTP Public Key Pinning (HPKP) is a security feature that tells a web client to associate a specific cryptographic public key with a certain web server to decrease the risk of MITM attacks with forged certificates. Using HTTP Public Key Pinning (HPKP) allows users authenticate web servers.

HSTS

HTTP Strict Transport Security is a web security policy mechanism that helps to protect websites against protocol downgrade attacks and cookie hijacking.

Which of the following tools is used by an attacker to perform website mirroring? Nessus Hydra Netcraft HTTrack

HTTrack

Which of the following IoT devices is included in the buildings service sector? HVAC, transport, fire and safety, lighting, security, access, etc. Turbines, windmills, UPS, batteries, generators, meters, drills, fuel cells, etc. Digital cameras, power systems, MID, e-readers, dishwashers, desktop computers, etc. MRI, PDAs, implants, surgical equipment, pumps, monitors, telemedicine, etc.

HVAC, transport, fire and safety, lighting, security, access, etc.

Using which one of the following tools can an attacker perform BlueBorne or airborne attacks such as replay, fuzzing, and jamming? Zigbee framework RIoT vulnerability scanning HackRF one Foren6

HackRF One: Attackers use HackRF One to perform attacks such as BlueBorne or AirBorne attacks such as replay, fuzzing, jamming, etc.

Using which one of the following tools can an attacker perform BlueBorne or airborne attacks such as replay, fuzzing, and jamming? Zigbee framework RIoT vulnerability scanning HackRF one Foren6

HackRF one

Hacktivism

Individuals who promote security awareness or a political agenda by performing hacking are known as: Hacktivist Cyber terrorists Script kiddies Suicide hackers

Hacktivist

Individuals who promote security awareness or a political agenda by performing hacking are known as: Suicide hackers Hacktivist Script kiddies Cyber terrorists

Hacktivist

The value in which of the following fields will decrement by one each time it is forwarded by a network node, and the IPv6 packet is discarded if the value in this field reaches 0?

Hop Limit

Jumbograms use which of the following extension headers to add an alternate Packet Length field of 32 bytes?

Hop-by-hop options

Which of the following fields is set to 0 by the client and may be used by relay agents as they assist a client in obtaining an IP address and/or configuration information?

Hops Field

In which of the following techniques does an unauthorized user try to access the resources, functions, and other privileges that belong to the authorized user who has similar access permissions? Kerberos Authentication Horizontal Privilege Escalation Rainbow Table Attack Vertical Privilege Escalation

Horizontal Privilege Escalation

In which of the following techniques does an unauthorized user try to access the resources, functions, and other privileges that belong to the authorized user who has similar access permissions? Vertical Privilege Escalation Rainbow Table Attack Horizontal Privilege Escalation Kerberos Authentication

Horizontal Privilege Escalation

Highlander, Incorporated, is a medical insurance company with several regional company offices in North America. There are various types of employees working in the company, including technical teams, sales teams, and work-from-home employees. Highlander takes care of the security patches and updates of official computers and laptops; however, the computers or laptops of the work-from-home employees are to be managed by the employees or their ISPs. Highlander employs various group policies to restrict the installation of any third-party applications. As per Highlander's policy, all the employees are able to utilize their personal smartphones to access the company email in order to respond to requests for updates. Employees are responsible for keeping their phones up to date with the latest patches. The phones are not used to directly connect to any other resources in the Highlander, Incorporated, network. The company is concerned about the potential vulnerabilities that could exist on their devices. What would be the best type of vulnerability assessment for the employees' smartphones? Active Assessment. Passive Assessment. Host-Based Assessment. Wireless Network Assessment.

Host-Based Assessment.

Which of the following is defined as a package that is used to address a critical defect in a live environment, and contains a fix for a single issue? Hotfix Patch Vulnerability Penetration test

Hotfix

An attacker wants to crack passwords using attack techniques like brute-forcing, dictionary attack, and password guessing attack. What tool should he use to achieve his objective? Nessus Hydra Burp suite Netcraft

Hydra

IP Source Guard is a security feature in switches that restricts the IP traffic on untrusted Layer 2 ports by filtering traffic based on the DHCP snooping binding database.

Out of the following, which network-level session hijacking technique is useful in gaining unauthorized access to a computer with the help of a trusted host's IP address? IP Spoofing: Source Routed Packets TCP/IP Hijacking UDP Hijacking Bling Hijacking

IP Spoofing: Source Routed Packets

Which of the following processes is one method of obtaining a list of the active hosts on a network?

IP address scanning

Which of the following is a hijacking technique where an attacker masquerades as a trusted host to conceal his identity, hijack browsers or websites, or gain unauthorized access to a network? Port-scanning Firewalking IP address spoofing Source routing

IP address spoofing

A(n) ____ is a device that interconnects multiple IP networks or subnets.

IP gateway

When a computer on one subnet wishes to communicate with a computer on another subnet, traffic must be forwarded from the sender to a nearby ____ to send the message on its way from one subnet to another.

IP gateway

Which of the following typically learn about routes through manual configuration of the default gateway parameter and redirection messages?

IP hosts

A security engineer has been asked to deploy a secure remote access solution that will allow employees to connect to the company's internal network. Which of the following can be implemented to minimize the opportunity for a man-in-the-middle attack to occur? SSL Mutual authentication IPSec Static IP addresses

IPSec

Which of the following protocols is the technology for both gateway-to-gateway (LAN-to-LAN) and host to gateway (remote access) enterprise VPN solutions? SMTP IPSec SNMP NetBios

IPSec

Which of the following protocols is the technology for both gateway-to-gateway (LAN-to-LAN) and host to gateway (remote access) enterprise VPN solutions? NetBios IPSec SNMP SMTP

IPSec

IPSec is a protocol suite developed by the IETF for securing IP communications by authenticating and encrypting each IP packet of a communication session. It is deployed widely to implement virtual private networks (VPNs) and for remote user access through dial-up connection to private networks.

What protocol protects the authentication and confidentiality of ICMPv6 exchanges?

IPsec

Which of the following protocols is used to implement virtual private networks (VPNs)? HTTPS IPsec HPKP Token binding

IPsec

IPsec DOI instantiates ISAKMP for use with IP when IP uses ISAKMP to negotiate security associations.

Which of the following steps in enumeration penetration testing extracts information about encryption and hashing algorithms, authentication type, key distribution algorithms, SA LifeDuration, etc.? Perform SMTP enumeration Perform DNS enumeration Perform IPsec enumeration Perform NTP enumeration

IPsec provides data security by employing various components like ESP (Encapsulation Security Payload), AH (Authentication Header), and IKE (Internet Key Exchange) to secure communication between VPN end-points. Attacker can perform a simple direct scanning for ISAKMP at UDP port 500 with tools like Nmap, etc. to acquire the information related to the presence of a VPN gateway.

An attacker is sending spoofed router advertisement messages so that all the data packets travel through his system. Then the attacker is trying to sniff the traffic to collect valuable information from the data packets to launch further attacks such as man-in-the-middle, denial-of-service, and passive sniffing attacks on the target network. Which of the following technique is the attacker using in the above scenario? IRDP Spoofing DHCP Starvation Attack MAC Flooding ARP Spoofing

IRDP Spoofing

An attacker is sending spoofed router advertisement messages so that all the data packets travel through his system. Then the attacker is trying to sniff the traffic to collect valuable information from the data packets to launch further attacks such as man-in-the-middle, denial-of-service, and passive sniffing attacks on the target network. Which of the following technique is the attacker using in the above scenario? ARP Spoofing MAC Flooding DHCP Starvation Attack IRDP Spoofing

IRDP Spoofing

IaaS

You are a security engineer for a cloud-based startup, XYZ Partners LLC, and they would like you to choose the best platform to run their environment from. The company stores sensitive PII and must be SOC 2 compliant. They would like to run their Windows server VMs and directory services from the cloud. Which of the following services and deployment models would meet the company's requirements? IaaS and Private PaaS and Public SaaS and Hybrid XaaS and Community

IaaS and Private

An attacker wants to exploit a webpage. From which of the following points does he start his attack process? Identify server-side technologies Map the attack surface Identify entry points for user input Identify server-side functionality

Identify entry points for user input

What method should be incorporated by a network administrator to prevent the organization's network against ARP poisoning? Use SSL for secure traffic Implement dynamic arp inspection (DAI) using the dynamic host configuration protocol (DHCP) snooping binding table Resolve all DNS queries to local DNS server Use secure shell (SSH) encryption

Implement dynamic arp inspection (DAI) using the dynamic host configuration protocol (DHCP) snooping binding table

What method should be incorporated by a network administrator to prevent the organization's network against ARP poisoning? Use SSL for secure traffic Implement dynamic arp inspection (DAI) using the dynamic host configuration protocol (DHCP) snooping binding table Use secure shell (SSH) encryption Resolve all DNS queries to local DNS server

Implement dynamic arp inspection (DAI) using the dynamic host configuration protocol (DHCP) snooping binding table

Roy is a network administrator at an organization. He decided to establish security policies at different levels in the organization. He decided to restrict the installation of USB drives in the organization and decided to disable all the USB ports. Which of the following countermeasure Roy must employ? Implement proper access privileges Ensure a regular update of software Adopt documented change management Use multiple layers of antivirus defenses

Implement proper access privileges

Roy is a network administrator at an organization. He decided to establish security policies at different levels in the organization. He decided to restrict the installation of USB drives in the organization and decided to disable all the USB ports. Which of the following countermeasure Roy must employ? Adopt documented change management Implement proper access privileges Use multiple layers of antivirus defenses Ensure a regular update of software

Implement proper access privileges

Which of the following is an appropriate defense strategy to prevent attacks such as piggybacking and tailgating? Implement strict badge, token or biometric authentication, employee training, and security guards Train technical support executives and system administrators never to reveal passwords or other information by phone or email Employee training, best practices, and checklists for using passwords Educate vendors about social engineering

Implement strict badge, token or biometric authentication, employee training, and security guards

Which of the following is an appropriate defense strategy to prevent attacks such as piggybacking and tailgating? Implement strict badge, token or biometric authentication, employee training, and security guards Educate vendors about social engineering Train technical support executives and system administrators never to reveal passwords or other information by phone or email Employee training, best practices, and checklists for using passwords

Implement strict badge, token or biometric authentication, employee training, and security guards

What method should be incorporated by a network administrator to prevent the organization's network against ARP poisoning? Use SSL for secure traffic -Implement dynamic arp inspection (DAI) using the dynamic host configuration protocol (DHCP) snooping binding table -Resolve all DNS queries to local DNS server -Use secure shell (SSH) encryption

Implementation of DAI prevents poisoning attacks. DAI is a security feature that validates ARP packets in a network.

In which of the following attacks does the attacker exploit the vulnerability in the Object Exchange (OBEX) protocol that Bluetooth uses to exchange information? BlueSniff Bluesnarfing Bluejacking Bluebugging

In Bluesnarf, an attacker exploits the vulnerability in the Object Exchange (OBEX) protocol that Bluetooth uses to exchange information. The attacker connects with the target and performs a GET operation for files with correctly guessed or known names, such as /pb.vcf for the device's phonebook or telecom /cal.vcs for the device's calendar file.

In an automated patch management process, detect -> assess -> acquire -> test -> deploy -> maintain is the process that is followed.

Session fixation

In computer network security, session fixation attacks attempt to exploit the vulnerability of a system that allows one person to fixate another person's session identifier. Most session fixation attacks are web based, and most rely on session identifiers being accepted from URLs or POST data.

In cryptography, an Initialization Vector or starting variable is a fixed-size input to a cryptographic primitive that is typically required to be random or pseudorandom.

What technique is used to perform a Connection Stream Parameter Pollution (CSPP) attack? Injecting parameters into a connection string using semicolons as a separator Inserting malicious Javascript code into input parameters Setting a user's session identifier (SID) to an explicit known value Adding multiple parameters with the same name in HTTP requests

Injecting parameters into a connection string using semicolons as a separator

Name the IoT security vulnerability that gives rise to issues such as weak credentials, lack of account lockout mechanism, and account enumeration? Insufficient authentication/authorization Insecure network services Insecure web interface Privacy concerns

Insecure Web Interface: Insecure web interface occurs when certain issues arise such as weak credentials, lack of account lockout mechanism and account enumeration.

Secure update server, verify updates before installation, and sign updates are the solutions for which of the following IoT device vulnerabilities? Insecure network services Privacy concerns Insecure software / firmware Insecure cloud interface

Insecure software / firmware

An attacker can perform attacks such as CSRF, SQLi, and XSS attack by exploiting which of the following IoT device vulnerability? Insecure web interface Insecure cloud interface Insecure network services Insecure software/firmware

Insecure web interface

Where should a web server be placed in a network in order to provide the most security? Inside an unsecured network Outside an unsecured network Inside DeMilitarized Zones (DMZ) Outside a secure network

Inside DeMilitarized Zones (DMZ)

Identify the technique used by the attackers to execute malicious code remotely? Install malicious programs Rootkits and steganography Modify or delete logs Sniffing network traffic

Install malicious programs

Insufficient Logging and Monitoring

Which of the following threats is closely related to medical identity theft? Criminal identity theft Insurance identity theft Synthetic identity theft Social identity theft

Insurance identity theft

Which of the following threats is closely related to medical identity theft? Criminal identity theft Insurance identity theft Synthetic identity theft Social identity theft

Insurance identity theft

Which of the following category of information warfare is a sensor-based technology that directly corrupts technological systems? Command and control warfare (C2 warfare) Economic warfare Intelligence-based warfare Electronic warfare

Intelligence-based warfare

Which of the following category of information warfare is a sensor-based technology that directly corrupts technological systems? Electronic warfare Intelligence-based warfare Command and control warfare (C2 warfare) Economic warfare

Intelligence-based warfare

The ____ is the parent organization for all the various Internet boards and task forces.

Internet Society

Which of the following IoT architecture layers carries out communication between two end points such as device-to-device, device-to-cloud, device-to-gateway, and back-end data-sharing? Access gateway layer Edge technology layer Internet layer Middleware layer Application layer

Internet layer

Which of the following DNS poisoning techniques uses ARP poisoning against switches to manipulate routing table? Intranet DNS Spoofing Internet DNS Spoofing Proxy Server DNS Poisoning DNS Cache Poisoning

Intranet DNS Spoofing

Which of the following DNS poisoning techniques uses ARP poisoning against switches to manipulate routing table? DNS Cache Poisoning Intranet DNS Spoofing Internet DNS Spoofing Proxy Server DNS Poisoning

Intranet DNS Spoofing

Intranet DNS spoofing: An attacker can perform an intranet DNS spoofing attack on a switched LAN with the help of the ARP poisoning technique. To perform this attack, the attacker must be connected to the LAN and be able to sniff the traffic or packets. An attacker who succeeds in sniffing the ID of the DNS request from the intranet can send a malicious reply to the sender before the actual DNS server.

The intrusion detection system at a software development company suddenly started generating multiple alerts regarding attacks against the company's external webserver, VPN concentrator, and DNS servers. What should the security team do to determine which alerts to check first? Investigate based on the maintenance schedule of the affected systems. Investigate based on the service-level agreements of the systems. Investigate based on the potential effect of the incident. Investigate based on the order that the alerts arrived in.

Investigate based on the potential effect of the incident.

During a penetration test, a tester finds a target that is running MS SQL 2000 with default credentials. The tester assumes that the service is running with a local system account. How can this weakness be exploited to access the system? Using the Metasploit psexec module setting the SA/admin credential Invoking the stored procedure xp_shell to spawn a Windows command shell Invoking the stored procedure cmd_shell to spawn a Windows command shell Invoking the stored procedure xp_cmdshell to spawn a Windows command shell

Invoking the stored procedure xp_cmdshell to spawn a Windows command shell

Domain snipping

Involves registering an elapsed domain name.

Which of the following IoT technology components bridges the gap between the IoT device and the end user? Sensing technology IoT gateway Cloud server/data storage Remote control using mobile app

IoT gateway

NotPetya ransomware targets all the versions of Windows OSs and can infect the entire network, including known server names. Which of the following statement is true for NotPetya? It spreads through an exposed, vulnerable SMB port instead of phishing or social engineering. It can spread over the network using WMIC (Windows Management Instrumentation Command-line) by capturing all credentials from the local machine using Mimikatz. It spreads as a malicious Word document named invoice J-[8 random numbers].doc that is attached to spam emails. It is a dreadful data encrypting parasite that not only infects the computer system but also has the ability to corrupt data on unmapped network shares.

It can spread over the network using WMIC (Windows Management Instrumentation Command-line) by capturing all credentials from the local machine using Mimikatz.

NotPetya ransomware targets all the versions of Windows OSs and can infect the entire network, including known server names. Which of the following statement is true for NotPetya? It is a dreadful data encrypting parasite that not only infects the computer system but also has the ability to corrupt data on unmapped network shares. It can spread over the network using WMIC (Windows Management Instrumentation Command-line) by capturing all credentials from the local machine using Mimikatz. It spreads as a malicious Word document named invoice J-[8 random numbers].doc that is attached to spam emails. It spreads through an exposed, vulnerable SMB port instead of phishing or social engineering.

It can spread over the network using WMIC (Windows Management Instrumentation Command-line) by capturing all credentials from the local machine using Mimikatz.

What is a radius?

It is a centralized authentication and authorization management system.

What is the primary drawback of using Advanced Encryption Standard (AES) algorithm with a 256-bit key to share sensitive data? Due to the key size, the time it will take to encrypt and decrypt the message hinders efficient communication. To get messaging programs to function with this algorithm requires complex configurations. It has been proven to be a weak cipher; therefore, should not be trusted to protect sensitive data. It is a symmetric key algorithm, meaning each recipient must receive the key through a different channel than the message.

It is a symmetric key algorithm, meaning each recipient must receive the key through a different channel than the message.

Which of the following tool is used for cracking passwords? OpenVAS John the Ripper Nikto Havij

John the Ripper

Which of the following tool is used for cracking passwords? Nikto John the Ripper OpenVAS Havij

John the Ripper

Kerberos

Kerberos is a network protocol that uses secret-key cryptography to authenticate client-server applications. Kerberos requests an encrypted ticket via an authenticated server sequence to use services.

Fill in the blank _________________ type of rootkit is most difficult to detect. Hardware/Firmware Rootkit Application Rootkit Hypervisor Rootkit Kernel Level Rootkit

Kernel Level Rootkit

Fill in the blank _________________ type of rootkit is most difficult to detect. Hardware/Firmware Rootkit Application Rootkit Hypervisor Rootkit Kernel Level Rootkit

Kernel Level Rootkit

Fill in the blank _________________ type of rootkit is most difficult to detect. Hardware/Firmware Rootkit Kernel Level Rootkit Hypervisor Rootkit Application Rootkit

Kernel Level Rootkit

Which of the following .dll file is used by the Zeus Trojan to access and manipulate Service Manager and Registry on a victim machine? Kernel32.dll Advapi32.dll User32.dll n32dll.dll

Kernel32.dll - To access/manipulate memory files and hardware Advapi32.dll - To access/manipulate Service Manager and Registry User32.dll - To display and manipulate graphics

Zues Manipulation

Kernel32.dll - To access/manipulate memory files and hardware Advapi32.dll - To access/manipulate Service Manager and Registry User32.dll - To display and manipulate graphics

kismet

Kismet is a wireless network and device detector, sniffer, wardriving tool, and WIDS (wireless intrusion detection) framework.

Ksh

Ksh: It improved version of the Bourne shell that includes floating-point arithmetic, job control, command aliasing, and command completion.

L0phtCrack

L0phtCrack is a tool designed to audit password and recover applications. It recovers lost Microsoft Windows passwords with the help of dictionary, hybrid, rainbow table, and brute-force attacks, and it also checks the strength of the password.

Logical link control and adaptation protocol (L2CAP

L2CAP passes packets to either the Host Controller Interface (HCI) or on a hostless system, directly to the Link Manager/ACL link.

Logical link control and adaptation protocol (L2CAP)

L2CAP passes packets to either the Host Controller Interface (HCI) or on a hostless system, directly to the Link Manager/ACL link.

Which of the following protocols is responsible for accessing distributed directories and access information such as valid usernames, addresses, departmental details, and so on? LDAP DNS NTP SMTP

LDAP

Which of the following protocols is responsible for accessing distributed directories and access information such as valid usernames, addresses, departmental details, and so on? DNS NTP LDAP SMTP

LDAP

Which of the following protocols uses TCP or UDP as its transport protocol over port 389? LDAP SNMP SMTP SIP

LDAP

What statement is true regarding LAN Manager (LM) hashes? LM hashes consist in 48 hexadecimal characters. LM hashes are based on AES128 cryptographic standard. Uppercase characters in the password are converted to lowercase. LM hashes limit the password length to a maximum of 14 characters.

LM hashes limit the password length to a maximum of 14 characters.

The DDoS tool used by anonymous in the so-called Operation Payback is called _______ LOIC HOIC BanglaDOS Dereil

LOIC

SecTech Inc. is worried about the latest security incidents and data theft reports. The management wants a comprehensive vulnerability assessment of the complete information system at the company. However, SecTech does not have the required resources or capabilities to perform a vulnerability assessment. They decide to purchase a vulnerability assessment tool to test a host or application for vulnerabilities. Which of the following factors should the organization NOT consider while purchasing a vulnerability assessment tool? Types of vulnerabilities being assessed Test run scheduling Functionality for writing own tests Links to patches

Links to patches

SecTech Inc. is worried about the latest security incidents and data theft reports. The management wants a comprehensive vulnerability assessment of the complete information system at the company. However, SecTech does not have the required resources or capabilities to perform a vulnerability assessment. They decide to purchase a vulnerability assessment tool to test a host or application for vulnerabilities. Which of the following factors should the organization NOT consider while purchasing a vulnerability assessment tool? Test run scheduling Links to patches Types of vulnerabilities being assessed Functionality for writing own tests

Links to patches

Which of the following mechanisms should be incorporated into the cloud services to facilitate networks and resources to improve the response time of a job with maximum throughput? Load balancing Encryption mechanism Lockout mechanism Two-factor authentication

Load balancing

Which configuration option allows a router to watch for traffic on its LAN that does match its own IP address, so the router can add entries for that traffic in its ARP cache and routing table?

Local Area Mobility

A Company called "We are Secure Ltd." has a router that has eight I/O ports, of which, the port one is connected to WAN and the other seven ports are connected to various internal networks. Network Administrator has observed a malicious DoS activity against the router through one of the eight networks. The DoS attack uses 100% CPU utilization and shuts down the Internet connection. The systems administrator tried to troubleshoot the router by disconnect ports one-by-one in order to identify the source network of the DoS attack. After disconnecting port number 6, the CPU utilization normalized and Internet connection resumes. With this information complete the system administrator came to a conclusion that the source of the attack was from _______________ network. Local Area network (LAN) Wide Area Network (WAN) Metropolitan Area Network (MAN) Campus Area Network (CAN)

Local Area network (LAN)

Which feature of Secure Pipes tool open application communication ports to remote servers without opening those ports to public networks? Remote forwards Local forwards SOCKS proxies Remote backwards

Local forwards

Which feature of Secure Pipes tool open application communication ports to remote servers without opening those ports to public networks? Remote forwards Local forwards SOCKS proxies Remote backwards

Local forwards open application communication ports to remote servers without opening those ports to public networks.

Which of the following ransomware is a dreadful data-encrypting parasite that not only infects the computer system but also has the ability to corrupt data on unmapped network shares? WannaCry Petya -NotPetya Mischa Locky

Locky

Locky Ransomeware

Locky is a dreadful data encrypting parasite that not only infects the computer system but also has the ability to corrupt data on unmapped network shares. This ransomware spreads as a malicious Word document named invoice J-[8 random numbers].doc that is attached to spam emails.

A tester wants to test an organization's network against session hijacking attacks. Which of the following tools can he use to detect session hijacking attacks? LogRhythm Nmap FOCA Recon-ng

LogRhythm

A tester wants to test an organization's network against session hijacking attacks. Which of the following tools can he use to detect session hijacking attacks? LogRhythm Nmap FOCA Recon-ng

LogRhythm's Advanced Intelligence Engine can be used to detect session hijacking attacks.

The implementation of a BYOD policy that prohibits employees from bringing personal computing devices into a facility falls under what type of security controls? Procedural Physical Logical Technical

Logical

Which of the following tools is used to execute commands of choice by tunneling them inside the payload of ICMP echo packets if ICMP is allowed through a firewall? Anonymizer AckCmd HTTPTunnel Loki

Loki

Riya wants to defend against the polymorphic shellcode problem. What countermeasure should she take against this IDS evasion technique? Configure a remote syslog server and apply strict measures to protect it from malicious users. Disable all FTP connections to or from the network Catalog and review all inbound and outbound traffic Look for the nop opcode other than 0x90

Look for the nop opcode other than 0x90

MitB (Man in the Browser) is a session hijacking technique heavily used by e-banking Trojans. The most popular ones are Zeus and Gameover Zeus. Explain how MitB attack works. Malware is injected between the browser and OS API, enabling to see the data before encryption (when data is sent from the machine) and after decryption (when data is being received by the machine). Malware is injected between the browser and keyboard driver, enabling to see all the keystrokes. Malware is injected between the browser and network.dll, enabling to see the data before it is sent to the network and while it is being received from the network. Man-in-the-Browser is just another name for sslstrip MitM attack.

Malware is injected between the browser and OS API, enabling to see the data before encryption (when data is sent from the machine) and after decryption (when data is being received by the machine).

Which of the following attacks allows an attacker to access sensitive information by intercepting and altering communications between an end user and webservers? Man-in-the-middle attack DoS attack Directory traversal attack HTTP response splitting attack

Man-in-the-middle attack

Out of the following, which session hijacking detection technique involves using packet-sniffing software such as Wireshark and SteelCentral packet analyzer to monitor session hijacking attacks? Normal Telnet session Manual method Forcing an ARP entry Automatic method

Manual method

DNS footprinting: PTR

Maps IP address to a hostname

Michel, a professional hacker, is trying to perform time-based blind SQL injection attacks on the MySQL backend database of RadioTV Inc. He decided to use an SQL injection tool to perform this attack. Michel surfed the Internet and finally found a tool which has the following features: Sends heavy queries to the target database to perform a Time-Based Blind SQL Injection attack. Database Schema extraction from SQL Server, Oracle and MySQL. Data extraction from Microsoft Access 97/2000/2003/2007 databases. Parameter Injection using HTTP GET or POST. Which of the following tools does Michael use to perform time-based blind SQL injection attacks on the MySQL backend database? Marathon Tool SQLiX SQLDict WebCruiser

Marathon Tool

Which of the following tools does Michael use to perform time-based blind SQL injection attacks on the MySQL backend database? Marathon Tool SQLiX SQLDict WebCruiser

Marathon Tool: a POC for using heavy queries to perform a Time-Based Blind SQL Injection attack

During a penetration test, Marin exploited a blind SQLi and exfiltrated session tokens from the database. What can he do with this data? Marin can do Session hijacking Marin can do SQLi (SQL injection) Marin can do XSS (Cross-Site Scripting) Marin can do CSRF (Cross-Site Request Forgery)

Marin can do Session hijacking

Marin is a penetration tester in XYZ organization and while performing penetration testing using MITMF tool, he captured the Microsoft NTLMv2 hash file as shown in the screenshot. What can Marin do with it? Marin can try to crack it Marin can use it in the pass-the-hash attack Marin cannot crack it since it's salted Marin can crack it with rainbow tables

Marin can try to crack it

During the penetration testing of e-banking application, Marin is using burp to analyze the traffic. Unfortunately intercepting the traffic between the website and the browser that Marin is testing does not work with his burp installation. Website is using HSTS (HTTP Strict Transport Security). What can Marin do to fix this issue? Marin has to install burp certificate into trusted CA's in order to intercept the traffic between website and the browser is protected with HSTS. He can do that by configuring the web browser with burp as the proxy server and then navigating to https://burp website. There he has to download burp CA certificate and install it in browser trust pool. Marin has to install burp certificate into trusted CA's in order to intercept the traffic between website protected with HSTS. He can do that automatically by navigating to https://burp website Marin has to install burp certificate into trusted CA's in order to intercept the traffic between website protected with HSTS. He can do that automatically by configuring web browser with burp as the proxy server and then navigating to https://burp website That's impossible. HSTS prevents any type of MitM or traffic analysis

Marin has to install burp certificate into trusted CA's in order to intercept the traffic between website and the browser is protected with HSTS. He can do that by configuring the web browser with burp as the proxy server and then navigating to https://burp website. There he has to download burp CA certificate and install it in browser trust pool.

Meltdown

During a penetration test, Marin identified a web application that could be exploited to gain a root shell on the remote machine. The only problem was that in order to do that he would have to know at least one valid username and password that could be used in the application. Unfortunately, guessing usernames and brute-forcing passwords did not work. Marin does not want to give up his attempts. Since this web application is being used by almost all users in the company, and moreover it was using the http protocol, so he decided to use the Cain&Abel tool in order to identify at least one username and password. Morin found that the network was using layer 2 switches with no configuration or management features. What could be the easiest way to start an attack in this case? MitM (Man in the Middle) ARP spoofing DNS spoofing MitB (Man in the Browser)

MitM (Man in the Middle)

Which of the following is considered an acceptable option when managing a risk? Reject the risk. Mitigate the risk. Initiate the risk. Deny the risk.

Mitigate the risk.

Which of the following is a security consideration for the gateway component of IoT architecture? Local storage security, encrypted communications channels Multi-directional encrypted communications, strong authentication of all the components, automatic updates Secure web interface, encrypted storage Storage encryption, update components, no default passwords

Multi-directional encrypted communications, strong authentication of all the components, automatic updates

Cloud: Isolation Failure

Multi-tenancy and shared resources are the characteristics of cloud computing. Strong isolation or compartmentalization of storage, memory, routing, and reputation among different tenants is lacking. Because of isolation failure, attackers try to control operations of other cloud customers to gain illegal access to the data.

In which type of fuzz testing do the current data samples create new test data and the new test data again mutates to generate further random data? Mutation-based Generation-based Protocol-based None of the above

Mutation-based

SoftPerfect network scanner, SuperScan, and Nsauditor network security auditor, hyena, SuperScan

NETBIOS Enumeration

Which of the following open source tools would be the best choice to scan a network for potential targets? hashcat John the Ripper Cain & Abel NMAP

NMAP

Which of the following open source tools would be the best choice to scan a network for potential targets? NMAP hashcat Cain & Abel John the Ripper

NMAP

Which of the following parameters enables NMAP's operating system detection feature? NMAP -O NMAP -sV NMAP -oS NMAP -sC

NMAP -O

Which of the following parameters enables NMAP's operating system detection feature? NMAP -sV NMAP -oS NMAP -sC NMAP -O

NMAP -O

A company has five different subnets: 192.168.1.0, 192.168.2.0, 192.168.3.0, 192.168.4.0 and 192.168.5.0. How can NMAP be used to scan these adjacent Class C networks? NMAP -P 192.168.1-5. NMAP -P 192.168.0.0/16 NMAP -P 192.168.1.0,2.0,3.0,4.0,5.0 NMAP -P 192.168.1/17

NMAP -P 192.168.1-5.

Which NMAP command combination would let a tester scan every TCP port from a class C network that is blocking ICMP with fingerprinting and service detection? NMAP -PN -A -O -sS 192.168.2.0/24 NMAP -P0 -A -O -p1-65535 192.168.0/24 NMAP -P0 -A -sT -p0-65535 192.168.0/16 NMAP -PN -O -sS -p 1-1024 192.168.0/8

NMAP -P0 -A -O -p1-65535 192.168.0/24

Which NMAP command combination would let a tester scan every TCP port from a class C network that is blocking ICMP with fingerprinting and service detection? NMAP -PN -O -sS -p 1-1024 192.168.0/8 NMAP -P0 -A -sT -p0-65535 192.168.0/16 NMAP -P0 -A -O -p1-65535 192.168.0/24 NMAP -PN -A -O -sS 192.168.2.0/24

NMAP -PN -A -O -sS 192.168.2.0/24

Which of the following resources does NMAP need to be used as a basic vulnerability scanner covering several vectors like SMB, HTTP and FTP? NMAP scripting engine Metasploit scripting engine SAINT scripting engine Nessus scripting engine

NMAP scripting engine

Which of the following resources does NMAP need to be used as a basic vulnerability scanner covering several vectors like SMB, HTTP and FTP? Metasploit scripting engine Nessus scripting engine NMAP scripting engine SAINT scripting engine

NMAP scripting engine

Which one of the following techniques is used by attackers to hide their programs? Scanning NTFS Stream Enumeration Footprinting

NTFS Stream

Which one of the following techniques is used by attackers to hide their programs? Scanning NTFS Stream Enumeration Footprinting

NTFS Stream

Microsoft NTLMv2 hash file

NTLMv2 is a is a default authentication scheme that performs authentication using a challenge/response strategy. Marin can try to crack it since NTLMv2 hash can be cracked with a dictionary or brute-force.

Which of the following protocols is responsible for synchronizing clocks of networked computers? LDAP DNS NTP SMTP

NTP

h of the following protocols is responsible for synchronizing clocks of networked computers? DNS NTP SMTP LDAP

NTP

What is the outcome of the command "nc -l -p 2222 | nc 10.1.0.43 1234"? Netcat will listen on port 2222 and then output anything received to local interface 10.1.0.43. Netcat will listen on the 10.1.0.43 interface for 1234 seconds on port 2222. Netcat will listen on port 2222 and output anything received to a remote connection on 10.1.0.43 port 1234. Netcat will listen for a connection from 10.1.0.43 on port 1234 and output anything received to port 2222.

Netcat will listen on port 2222 and output anything received to a remote connection on 10.1.0.43 port 1234.

What is the outcome of the command "nc -l -p 2222 | nc 10.1.0.43 1234"? Netcat will listen on the 10.1.0.43 interface for 1234 seconds on port 2222. Netcat will listen on port 2222 and output anything received to a remote connection on 10.1.0.43 port 1234. Netcat will listen for a connection from 10.1.0.43 on port 1234 and output anything received to port 2222. Netcat will listen on port 2222 and then output anything received to local interface 10.1.0.43.

Netcat will listen on port 2222 and output anything received to a remote connection on 10.1.0.43 port 1234.

Which of the following is not a webserver security tool? Fortify WebInspect Retina CS NetIQ Secure configuration manager Netcraft

Netcraft

Which of the following tool determines the OS of the queried host by looking in detail at the network characteristics of the HTTP response received from the website? Netcraft Nmap Wireshark Netcat

Netcraft

Which of the following toolbars is used to provide an open application program interface (API) for developers and researchers to integrate anti-phishing data into their applications? DroidSheep SET Netcraft Metasploit

Netcraft

Which of the following tool determines the OS of the queried host by looking in detail at the network characteristics of the HTTP response received from the website? Netcraft Nmap Wireshark Netcat

Netcraft determines the OS of the queried host by looking in detail at the network characteristics of the HTTP response received from the website. Netcraft identifies vulnerabilities in the web server via indirect methods: fingerprinting the OS, the software installed, and the configuration of that software gives enough information to determine whether the server may be vulnerable to an exploit.

Which of the following is not a webserver security tool? Fortify WebInspect Retina CS NetIQ Secure configuration manager Netcraft

Netcraft provide internet security services including anti-fraud and anti-phishing services, application testing and PCI scanning.We also analyse many aspects of the internet, including the market share of web servers, operating systems, hosting providers and SSL certificate authorities.

A pentester gains access to a Windows application server and needs to determine the settings of the built-in Windows firewall. Which command would be used? Netsh firewall show config WMIC firewall show config Net firewall show config Ipconfig firewall show config

Netsh firewall show config

Network Access Control

Network Access Control is an approach to computer security that attempts to unify endpoint security technology, user or system authentication and network security enforcement.

NetBIOS

Network Basic Input/Output System. It provides services related to the session layer of the OSI model allowing applications on separate computers to communicate over a local area network.

The components such as NIDS/NIPS, firewalls, DPI, Anti-DDoS, QoS, DNSSEC, and OAuth are included in which of the following cloud security control layers? Applications Layer Management Layer Network Layer Computer and Storage

Network Layer

Stephany is the leader of an information security team of a global corporation that has several branch offices around the world. In the past six months, the company has suffered several security incidents. The CSIRT explains to Stephany that the incidents have something in common: the source IP addresses of all the incidents are from one of the new branches. A lot of the outsourcing staff come to this office to connect their computers to the LAN. What is the most accurate security control to implement to resolve the primary source of the incidents? Network access control (NAC) Internal Firewall Awareness to employees Antimalware application

Network access control (NAC)

Stephany is the leader of an information security team of a global corporation that has several branch offices around the world. In the past six months, the company has suffered several security incidents. The CSIRT explains to Stephany that the incidents have something in common: the source IP addresses of all the incidents are from one of the new branches. A lot of the outsourcing staff come to this office to connect their computers to the LAN. What is the most accurate security control to implement to resolve the primary source of the incidents? Internal Firewall Network access control (NAC) Awareness to employees Antimalware application

Network access control (NAC)

Which statement is TRUE regarding network firewalls preventing Web Application attacks? Network firewalls can prevent attacks because they can detect malicious HTTP traffic. Network firewalls cannot prevent attacks because ports 80 and 443 must be kept opened. Network firewalls can prevent attacks if they are properly configured. Network firewalls cannot prevent attacks because they are too complex to configure.

Network firewalls cannot prevent attacks because ports 80 and 443 must be kept opened.

You have been hired to do an ethical hacking (penetration Testing) for a company. Which is the first thing you should do in this process? Perimeter Testing Acquiring Target Escalating Privileges Network information gathering

Network information gathering

You have been hired to do an ethical hacking (penetration Testing) for a company. Which is the first thing you should do in this process? Network information gathering Perimeter Testing Escalating Privileges Acquiring Target

Network information gathering

John's company is facing a DDoS attack. While analyzing the attack, John has learned that the attack is originating from the entire globe, and filtering the traffic at the Internet Service Provider's (ISP) level is an impossible task to do. After a while, John has observed that his personal computer at home was also compromised similar to that of the company's computers. He observed that his computer is sending large amounts of UDP data directed toward his company's public IPs. John takes his personal computer to work and starts a forensic investigation. Two hours later, he earns crucial information: the infected computer is connecting to the C&C server, and unfortunately, the communication between C&C and the infected computer is encrypted. Therefore, John intentionally lets the infection spread to another machine in his company's secure network, where he can observe and record all the traffic between the Bot software and the Botnet. After thorough analysis he discovered an interesting thing that the initial process of infection downloaded the malware from an FTP server which consists of username and password in cleartext format. John connects to the FTP Server and finds the Botnet software including the C&C on it, with username and password for C&C in configuration file. What can John do with this information? Neutralize handlers Deflect the attack Mitigate the attack Protect Secondary Victims

Neutralize handlers

An ethical hacker is performing penetration testing on the target organization. He decided to test the organization's network to identify the systems running in promiscuous mode. Identify the tool that the ethical hacker needs to employ? FaceNiff FOCA Nmap Recon-ng

Nmap

Paul has been contracted to test a network, and he intends to test for any DoS vulnerabilities of the network servers. Which of the following automated tools can be used to discover systems that are vulnerable to DoS? Nmap John the ripper Cain and Abel Netcraft

Nmap

Which of the following tool a tester can use to detect a system that runs in promiscuous mode, which in turns helps to detect sniffers installed on the network? Nmap FaceNiff OmniPeek shARP

Nmap

Which of the following tool a tester can use to detect a system that runs in promiscuous mode, which in turns helps to detect sniffers installed on the network? shARP Nmap FaceNiff OmniPeek

Nmap

Which of the following tools can an attacker use to gather information such as open ports and services of IoT devices connected to the network? RFCrack Multiping Foren6 Nmap

Nmap

Nmap is a security scanner for network exploration. It allows you to discover hosts and services on a computer network, thus creating a "map" of the network. It sends specially crafted packets to the target host and then analyzes the responses to accomplish its goal.

A computer technician is using the latest version of a word-processing software and discovers that a particular sequence of characters is causing the entire computer to crash. The technician researches the bug and discovers that no one else has experienced the problem. What is the appropriate next step? Notify the vendor of the bug and do not disclose it until the vendor gets a chance to issue a fix. Create a document that will crash the computer when opened and send it to friends. Ignore the problem completely and let someone else deal with it. Find an underground bulletin board and attempt to sell the bug to the highest bidder.

Notify the vendor of the bug and do not disclose it until the vendor gets a chance to issue a fix.

A computer technician is using the latest version of a word-processing software and discovers that a particular sequence of characters is causing the entire computer to crash. The technician researches the bug and discovers that no one else has experienced the problem. What is the appropriate next step? Ignore the problem completely and let someone else deal with it. Create a document that will crash the computer when opened and send it to friends. Find an underground bulletin board and attempt to sell the bug to the highest bidder. Notify the vendor of the bug and do not disclose it until the vendor gets a chance to issue a fix.

Notify the vendor of the bug and do not disclose it until the vendor gets a chance to issue a fix.

Which of the following protocols is used by BlueJacking to send anonymous messages to other Bluetooth-equipped devices? LMB OBEX L2CAP SDP

OBEX

Which of the following protocols is used by BlueJacking to send anonymous messages to other Bluetooth-equipped devices? LMB OBEX L2CAP SDP

OBEX: Object Exchange protocol is used for communicating binary objects between devices. BlueJacking is sending anonymous messages to other Bluetooth-equipped devices via the OBEX protocol.

Orthogonal Frequency-division Multiplexing

OFDM is a method of digital modulation of data in which a signal, at a chosen frequency, is split into multiple carrier frequencies that are orthogonal (occurring at right angles) to each other.

Orthogonal Frequency-division Multiplexing (OFDM)

OFDM is a method of digital modulation of data in which a signal, at a chosen frequency, is split into multiple carrier frequencies that are orthogonal (occurring at right angles) to each other.

Which of the following browser applications encrypts your Internet traffic and then hides it by bouncing through a series of computers around the world? Google Chrome UC Browser Mozilla FireFox ORBOT

ORBOT

Which of the following operating systems allows loading of weak dylibs dynamically that is exploited by attackers to place a malicious dylib in the specified location? Unix Android Linux OS X

OS X

Obfuscation means to make the code harder to understand or read, generally for privacy or security purposes. A tool called an obfuscator converts a straightforward program into that works the same way but is much harder to understand.

Which component of the malware conceals the malicious code via various techniques, thus making it hard for security mechanisms to detect or remove it? Downloader Crypter Obfuscator Payload

Obfuscator

Which component of the malware conceals the malicious code via various techniques, thus making it hard for security mechanisms to detect or remove it? Downloader Crypter Obfuscator Payload

Obfuscator

Which component of the malware conceals the malicious code via various techniques, thus making it hard for security mechanisms to detect or remove it? Downloader Crypter Obfuscator Payload

Obfuscator: Obfuscation means to make code harder to understand or read, generally for privacy or security purposes. A tool called an obfuscator converts a straightforward program into that works the same way but is much harder to understand.

Obex

Object Exchange protocol is used for communicating binary objects between devices. BlueJacking is sending anonymous messages to other Bluetooth-equipped devices via the OBEX protocol.

OmniPeek

Omnipeek is a packet analyzer software tool from Savvius, for network troubleshooting and protocol analysis. It supports an application programming interface for plugins.

Which of the following is a legal channel for the transfer of data or information in a company network securely? Covert Timing Channel Covert Channel Covert Storage Channel Overt Channel

Overt Channel

Which of the following protocol encapsulates the EAP within an encrypted and authenticated Transport Layer Security (TLS) tunnel? RADIUS PEAP LEAP CCMP

PEAP: It is a protocol that encapsulates the EAP within an encrypted and authenticated Transport Layer Security (TLS) tunnel.

Which of the following is an example of an asymmetric encryption implementation? SHA1 PGP 3DES MD5

PGP

Which of the following enables a source to learn the currently supported MTU across an entire path, without requiring fragmentation?

PMTU discovery

Which of the following types of firewall inspects only header information in network traffic?

Packet filter

Which of the following applications is used for Jailbreaking iOS? KingoRoot Pangu Anzhuang One Click Root Superboot

Pangu Anzhuang

Which of the following is not a characteristic of virtualization in cloud computing technology? Partitioning Storage Isolation Encapsulation

Partitioning, isolation, and encapsulation are the characteristics of virtualization in cloud computing technology. Storage is not a characteristic of virtualization in cloud computing technology, as it is a type of virtualization.

Which of the following technique is used to gather information about the target without direct interaction with the target? Active Footprinting Passive Footprinting Scanning Enumeration

Passive Footprinting

Which of the following technique is used to gather information about the target without direct interaction with the target? Active Footprinting Scanning Passive Footprinting Enumeration

Passive Footprinting

A penetration tester was hired to perform a penetration test for a bank. The tester began searching for IP ranges owned by the bank, performing lookups on the bank's DNS servers, reading news articles online about the bank, watching the bank employees time in and out, searching the bank's job postings (paying special attention to IT-related jobs), and visiting the local dumpster for the bank's corporate office. What phase of the penetration test is the tester currently in? Active information gathering Vulnerability assessment Passive information gathering Information reporting

Passive information gathering

A penetration tester was hired to perform a penetration test for a bank. The tester began searching for IP ranges owned by the bank, performing lookups on the bank's DNS servers, reading news articles online about the bank, watching the bank employees time in and out, searching the bank's job postings (paying special attention to IT-related jobs), and visiting the local dumpster for the bank's corporate office. What phase of the penetration test is the tester currently in? Information reporting Vulnerability assessment Active information gathering Passive information gathering

Passive information gathering

Which of the following technique involves sending no packets and just capturing and monitoring the packets flowing in the network? Active sniffing Passive sniffing Port sniffing Network scanning

Passive sniffing

Which of the following technique involves sending no packets and just capturing and monitoring the packets flowing in the network? Passive sniffing Network scanning Port sniffing Active sniffing

Passive sniffing

Which of the following is an example of two-factor authentication? PIN Number and Birth Date Username and Password Digital Certificate and Hardware Token Password and fingerprint

Password and fingerprint

How can rainbow tables be defeated? Use of non-dictionary words All uppercase character passwords Password salting Lockout accounts under brute force password cracking attempts

Password salting

John the Ripper is a technical assessment tool used to test the weakness of which of the following? Firewall rulesets Passwords File permissions Usernames

Passwords

ohn the Ripper is a technical assessment tool used to test the weakness of which of the following? Usernames File permissions Firewall rulesets Passwords

Passwords

Which of the following is considered as a repair job to a programming problem? Vulnerability Patch Assessment Penetration Test

Patch

Andrew, a software developer in CyberTech organization has released a security update that acts as a defensive technique against the vulnerabilities in the software product the company has released earlier. Identify the technique used by Andrew to resolve the software vulnerabilities? Product Management Vulnerability Management Risk Management

Patch Management

Which of the following teams has the responsibility to check for updates and patches regularly? Red Team Vulnerability assessment team Patch management team Security software development team

Patch management team

Which of the following techniques is used to place an executable in a particular path in such a way that it will be executed by the application in place of the legitimate target? File System Permissions Weakness Path Interception Application Shimming Scheduled Task

Path Interception

Ransomware encrypts the files and locks systems, thereby leaving the system in an unusable state. The compromised user has to pay ransom to the attacker to unlock the system and get the files decrypted. Petya delivers malicious code can that even destroy the data with no scope of recovery. What is this malicious code called? Honeypot Payload Bot Vulnerability

Payload

Which of the following guidelines or standards governs the credit card industry? Health Insurance Portability and Accountability Act (HIPAA) Payment Card Industry Data Security Standards (PCI DSS) Control Objectives for Information and Related Technology (COBIT) Sarbanes-Oxley Act (SOX)

Payment Card Industry Data Security Standards (PCI DSS)

Identify the DoS attack that does not use botnets for the attack. Instead, the attackers exploit flaws found in the network that uses the DC++ (direct connect) protocol, which allows the exchange of files between instant messaging clients. DRDoS attack Peer-to-peer attack Bandwidth attack Service request flood attack

Peer-to-peer attack

Peer-to-peer attack is a form of DDoS attack. In this kind of attack, the attacker exploits a number of bugs in peer-to-peer servers to initiate a DDoS attack.

Which method can provide a better return on IT security investment and provide a thorough and comprehensive assessment of organizational security covering policy, procedure design, and implementation? Penetration testing Social engineering Vulnerability scanning Access control list reviews

Penetration testing

Which of the following policies addresses the areas listed below: Issue identification (ID) cards and uniforms, along with other access control measures to the employees of a particular organization. Office security or personnel must escort visitors into visitor rooms or lounges. Restrict access to certain areas of an organization in order to prevent unauthorized users from compromising security of sensitive data. Defense strategy Password security policies Special-access policies Physical security policies

Physical security policies

In which of the following attacks, does an attacker inject an additional malicious query to the original query? In-line Comments Piggybacked Query Tautology UNION SQL Injection

Piggybacked Query

Ping of Death

Ping of Death (PoD) is a type of network attack in which an attacker sends a network packet that is larger than what the target computer can handle. This can crash the computer, or freeze or degrade computer service.

Which of the following network attacks relies on sending an abnormally large packet size that exceeds TCP/IP specifications? TCP hijacking Smurf attack Ping of death SYN flooding

Ping of death

Which of the following is a general-purpose protocol that provided WAN data link encapsulation services similar to those available for LAN encapsulations?

Point-to-Point Protocol

DNS footprinting: MX

Points to domain's mail server

DNS footprinting: NS

Points to host's name server

Highlander, Incorporated, is a medical insurance company with several regional company offices in North America. There are various types of employees working in the company, including technical teams, sales teams, and work-from-home employees. Highlander takes care of the security patches and updates of official computers and laptops; however, the computers or laptops of the work-from-home employees are to be managed by the employees or their ISPs. Highlander employs various group policies to restrict the installation of any third-party applications. As per Highlander's policy, all the employees are able to utilize their personal smartphones to access the company email in order to respond to requests for updates. Employees are responsible for keeping their phones up to date with the latest patches. The phones are not used to directly connect to any other resources in the Highlander, Incorporated, network. The database that hosts the information collected from the insurance application is hosted on a cloud-based file server, and their email server is hosted on Office 365. Other files created by employees get saved to a cloud-based file server, and the company uses work folders to synchronize offline copies back to their devices. Highlander, Incorporated, is concerned about their defense in depth. The scope of their concern is especially the users with mobile phones. In order to provide appropriate security, which layer of defense in depth should they focus the most attention on? Internal Network. Perimeter. Policies, Procedures, and Awareness. Physical.

Policies, Procedures, and Awareness.

An attacker hides the shellcode by encrypting it with an unknown encryption algorithm and by including the decryption code as part of the attack packet. He encodes the payload and then places a decoder before the payload. Identify the type of attack executed by attacker. ASCII Shellcode Preconnection SYN Polymorphic Shellcode Post-Connection SYN

Polymorphic Shellcode

During malware reverse engineering and analysis, Sheena has identified following characteristics present in the malware: • Self-replicating • Reprograms itself • Cannot be detected by antivirus • Changes the malicious code with each infection What is the type of malware identified by Sheena? Polymorphic Virus Metamorphic Virus Covert Channel Trojan Botnet Trojan

Polymorphic Virus

During malware reverse engineering and analysis, Sheena has identified following characteristics present in the malware:• Self-replicating• Reprograms itself• Cannot be detected by antivirus• Changes the malicious code with each infectionWhat is the type of malware identified by Sheena? Botnet Trojan Polymorphic Virus Metamorphic Virus Covert Channel Trojan

Polymorphic Virus

Which of the following TCP/UDP port is used by the infected devices to spread malicious files to other devices in the network? Port 23 Port 48101 Port 22 Port 53

Port 48101

Which statement is TRUE regarding network firewalls preventing Web Application attacks? -Network firewalls can prevent attacks because they can detect malicious HTTP traffic. -Network firewalls cannot prevent attacks because ports 80 and 443 must be kept opened. -Network firewalls can prevent attacks if they are properly configured. -Network firewalls cannot prevent attacks because they are too complex to configure.

Port 80 and 443 are linked with "the Internet." Port 443 is the HTTP protocol and Port 80/HTTP is the World Wide Web. By default, these ports are left open to allow outbound traffic on your network and since these ports are kept open, network firewalls cannot prevent attacks.

Which of the following is not a legitimate cloud computing attack? Port Scanning Denial-Of- Service (DoS) Privilege Escalation Man-In- The-Middle (MiTM)

Port Scanning

Which of the following techniques can be used to mitigate the risk of an on-site attacker from connecting to an unused network port and gaining full access to the network? (Choose two)

Port Security Network Admission Control (NAC)

Port mirroring

An attacker wants to monitor a target network traffic on one or more ports on the switch. In such a case, which of the following methods can he use? Lawful interception Port mirroring Active sniffing Wiretapping

Port mirroring

Highlander, Incorporated, is a medical insurance company with several regional company offices in North America. There are various types of employees working in the company, including technical teams, sales teams, and work-from-home employees. Highlander takes care of the security patches and updates of official computers and laptops; however, the computers or laptops of the work-from-home employees are to be managed by the employees or their ISPs. Highlander employs various group policies to restrict the installation of any third-party applications. As per Highlander's policy, all the employees are able to utilize their personal smartphones to access the company email in order to respond to requests for updates. Employees are responsible for keeping their phones up to date with the latest patches. The phones are not used to directly connect to any other resources in the Highlander, Incorporated, network. The database that hosts the information collected from the insurance application is hosted on a cloud-based file server, and their email server is hosted on Office 365. Other files created by employees get saved to a cloud-based file server, and the company uses work folders to synchronize offline copies back to their devices. Apart from Highlander employees, no one can access the cloud service. What type of cloud service is Highlander using? Private cloud Public loud Community cloud Hybrid cloud

Private cloud

Which of the following can be categorized as a host-based threat? IDS bypass Distributed Denial-of Service Privilege escalation Man-in-the-Middle attack

Privilege escalation

Which of the following can be categorized as a host-based threat? Privilege escalation IDS bypass Man-in-the-Middle attack Distributed Denial-of Service

Privilege escalation

Which type of security documents provides specific step-by-step details? Process Procedure Paradigm Policy

Procedure

Identify the monitoring tool that exhibits the following features: Reliable capture of process details, including image path, command line, user and session ID. Configurable and moveable columns for any event property. Filters can be set for any data field, including fields not configured as columns. Advanced logging architecture scales to tens of millions of captured events and gigabytes of log data. Process tree tool shows the relationship of all processes referenced in a trace. Native log format preserves all data for loading in a different Process Monitor instance Process Monitor Netstat TCP View IDA Pro

Process Monitor

John's company is facing a DDoS attack. While analyzing the attack, John has learned that the attack is originating from entire globe and filtering the traffic at the Internet Service Provider's (ISP) level is an impossible task to do. After a while, John has observed that his personal computer at home was also compromised similar to that of the company's computers. He observed that his computer is sending large amounts of UDP data directed toward his company's public IPs. John takes his personal computer to work and starts a forensic investigation. Two hours later, he earns crucial information: the infected computer is connecting to the C&C server, and unfortunately, the communication between C&C and the infected computer is encrypted. Therefore, John intentionally lets the infection spread to another machine in his company's secure network, where he can observe and record all the traffic between the Bot software and the Botnet. After thorough analysis he discovered an interesting thing that the initial process of infection downloaded the malware from an FTP server which consists of username and password in cleartext format. John connects to the FTP Server and finds the Botnet software including the C&C on it, with username and password for C&C in configuration file. What can John do with this information? After successfully stopping the attack against his network, John connects to the C&C again, dumps all the IPs the C&C is managing, and sends this information to the national CERT. What is John trying to do? Protect secondary victims Neutralize handlers Deflect the attack Mitigate the attack

Protect secondary victims

Martha is a network administrator in a company named "Dubrovnik Walls Ltd.". She realizes that her network is under a DDoS attack. After careful analysis, she realizes that a large amount of fragmented packets are being sent to the servers present behind the "Internet facing firewall." What type of DDoS attack is this? Protocol attack Volume (volumetric) attack Application layer attack SYN flood attack

Protocol attack

In which type of fuzz testing does the protocol fuzzer send forged packets to the target application that is to be tested? Mutation-based Generation-based Protocol-based None of the above

Protocol-based

Which of the following is NOT a best practice for cloud security? Verify one's cloud in public domain blacklists Undergo AICPA SAS 70 Type II audits Provide unauthorized server access using security checkpoints Disclose applicable logs and data to customers

Provide unauthorized server access using security checkpoints

Attackers use GET and CONNECT requests to use vulnerable web servers as which of the following? Proxies DNS Servers Application Servers None of the above

Proxies

Which of the statements concerning proxy firewalls is correct? -Firewall proxy servers decentralize all activity for an application. -Proxy firewalls block network packets from passing to and from a protected network. -Computers establish a connection with a proxy firewall that initiates a new network connection for the client.

Proxy firewalls serve a role similar to stateful firewalls. The proxy then initiates a new network connection on behalf of the request. This provides significant security benefits because it prevents any direct connections between systems on either side of the firewall.

In which of the following cloud deployment models does the provider make services such as applications, servers, and data storage available to the public over the Internet? Public Cloud Private Cloud Community Cloud Hybrid Cloud

Public Cloud

Which of the following is a characteristic of public key infrastructure (PKI)? Public-key cryptosystems are faster than symmetric-key cryptosystems. Public-key cryptosystems distribute public-keys within digital signatures. Public-key cryptosystems do not require a secure key distribution channel. Public-key cryptosystems do not provide technical nonrepudiation via digital signatures.

Public-key cryptosystems distribute public-keys within digital signatures.

Passive reconnaissance involves collecting information through which of the following? Publicly accessible sources Traceroute analysis Email tracking Social engineering

Publicly accessible sources

Passive reconnaissance involves collecting information through which of the following? Social engineering Traceroute analysis Email tracking Publicly accessible sources

Publicly accessible sources

Which of the following tools is used to perform a rolling code attack by obtaining the rolling code sent by the victim? Zigbee framework HackRF one RF crack RIoT vulnerability scanning

RF crack

Which of the following tools is used to perform a rolling code attack by obtaining the rolling code sent by the victim? Zigbee framework HackRF one RF crack RIoT vulnerability scanning

RF crack

What information is gathered about the victim using email tracking tools? Username of the clients, operating systems, email addresses, and list of software. Information on an organization's web pages since their creation. Recipient's IP address, Geolocation, Proxy detection, Operating system and Browser information. Targeted contact data, extracts the URL and meta tag for website promotion.

Recipient's IP address, Geolocation, Proxy detection, Operating system and Browser information.

To send a PGP-encrypted message, which piece of information from the recipient must the sender have before encrypting the message? Recipient's private key Recipient's public key Master encryption key Sender's public key

Recipient's public key

Neighbor Discovery performs many of the functions that ICMP Router Discovery and ICMP ____ handles in IPv4.

Redirect

Which of the following messages do router send to inform a host of a better first-hop router for a destination?

Redirect

STP Manipulation

Redirects traffic to attacker's computer.

Which of the following settings enables Nessus to detect when it is sending too many packets and the network pipe is approaching capacity? Netstat WMI Scan Silent Dependencies Consider unscanned ports as closed Reduce parallel connections on congestion

Reduce parallel connections on congestion

Which of the following settings enables Nessus to detect when it is sending too many packets and the network pipe is approaching capacity? Silent Dependencies Consider unscanned ports as closed Netstat WMI Scan Reduce parallel connections on congestion

Reduce parallel connections on congestion

Reduce parallel connections on congestion The Netstat WMI scan finds open ports in the Windows system. Silent dependencies limit the amount of plugin data. According to Nessus Network Auditing, edited by Russ Rogers, 'Consider unscanned ports as closed' will tell Nessus that all other ports not included in the port range scan to be considered as closed. This prevents ports that are targeted against ports outside that range from running."

Which element of public key infrastructure (PKI) verifies the applicant? Certificate authority Validation authority Registration authority Verification authority

Registration authority

Which element of public key infrastructure (PKI) verifies the applicant? Certificate authority Validation authority Registration authority Verification authority

Registration authority

In which of the following attacks, can an attacker obtain ciphertexts encrypted under two different keys and gather plaintext and matching ciphertext? Ciphertext-only attack Adaptive chosen-plaintext attack Related-key attack Chosen-plaintext attack

Related-key attack

Which of the following term refers to the process of reducing the severity of vulnerabilities in vulnerability management life cycle? Remediation Vulnerability Assessment Verification Risk Assessment

Remediation

Which of the following term refers to the process of reducing the severity of vulnerabilities in vulnerability management life cycle? Vulnerability Assessment Remediation Verification Risk Assessment

Remediation

Which of the following term refers to the process of reducing the severity of vulnerabilities in vulnerability management life cycle? Remediation Vulnerability Assessment Verification Risk Assessment

Remediation Remediation is the process of reducing the severity of vulnerabilities. This phase is initiated after the successful implementation of the baseline and assessment steps.

Reputation.

What is the correct order of phases of social engineering attack? Research on target company → selecting target → develop the relationship → exploit the relationship Selecting target → develop the relationship → research on target company → exploit the relationship Develop the relationship → research on target company → selecting target → exploit the relationship Selecting target → research on target company → develop the relationship → exploit the relationship

Research on target company → selecting target → develop the relationship → exploit the relationship

What is the correct order of phases of social engineering attack? Develop the relationship → research on target company → selecting target → exploit the relationship Selecting target → develop the relationship → research on target company → exploit the relationship Selecting target → research on target company → develop the relationship → exploit the relationship Research on target company → selecting target → develop the relationship → exploit the relationship

Research on target company → selecting target → develop the relationship → exploit the relationship

In the ICMPv6 Router Solicitation message, which field is an unused field that is set to 0 by the source node and ignored by the destination node?

Reserved

Which results will be returned with the following Google search query? site:target.com -site:Marketing.target.com accounting Results matching all words in the query Results matching "accounting" in domain target.com but not on the site Marketing.target.com Results from matches on the site marketing.target.com that are in the domain target.com but do not include the word accounting Results for matches on target.com and Marketing.target.com that include the word "accounting"

Results matching "accounting" in domain target.com but not on the site Marketing.target.com

Which results will be returned with the following Google search query? site:target.com -site:Marketing.target.com accounting Results for matches on target.com and Marketing.target.com that include the word "accounting" Results from matches on the site marketing.target.com that are in the domain target.com but do not include the word accounting Results matching "accounting" in domain target.com but not on the site Marketing.target.com Results matching all words in the query

Results matching "accounting" in domain target.com but not on the site Marketing.target.com

Which of the following tools provides comprehensive vulnerability management for mobile devices, smartphones, and tablets? zANTI FaceNiff Retina CS for Mobile Pamn IP Scanner

Retina CS for Mobile

Which of the following tools provides comprehensive vulnerability management for mobile devices, smartphones, and tablets? Pamn IP Scanner FaceNiff zANTI Retina CS for Mobile

Retina CS for Mobile

Which of the following tools provides comprehensive vulnerability management for mobile devices, smartphones, and tablets? zANTI FaceNiff Retina CS for Mobile Pamn IP Scanner

Retina CS for Mobile is the industry's innovative approach to security, policy, and health management for mobile devices. It provides comprehensive vulnerability management for mobile devices, smartphones, and tablets. It integrates mobile device assessment and vulnerability management for proactively discovering, prioritizing, and fixing smartphone security weaknesses. zANTI, FaceNiff, and Pamn IP Scanner are the scanning tools for mobile devices used to identify all active machines and Internet devices on the network.

Which type of scan is used on the eye to measure the layer of blood vessels? Facial recognition scan Iris scan Signature kinetics scan Retinal scan

Retinal scan

In which phase of risk management process does an analyst calculate the organization's risks and estimate the likelihood and impact of those risks? Risk assessment Risk identification Risk treatment Risk monitoring and review

Risk assessment

Riya wants to defend against the polymorphic shellcode problem. What countermeasure should she take against this IDS evasion technique? -Configure a remote syslog server and apply strict measures to protect it from malicious users. -Disable all FTP connections to or from the network -Catalog and review all inbound and outbound traffic -Look for the nop opcode other than 0x90

Riya should look for the nop opcode other than 0x90 to defend against the polymorphic shellcode problem. Rest of the countermeasures are used for firewall evasion.

Which one of the following software program helps the attackers to gain unauthorized access to a remote system and perform malicious activities? Anti-spyware Keylogger Rootkit Antivirus

Rootkit

Which one of the following software program helps the attackers to gain unauthorized access to a remote system and perform malicious activities? Rootkit Keylogger Anti-spyware Antivirus

Rootkit

An ICMPv6 type 134 message is also known as which of the following?

Router advertisement

What is the best defense against a privilege escalation vulnerability? Never place executables in write-protected directories. Never perform debugging using bounds checkers and stress tests and increase the amount of code that runs with particular privilege. Run services with least privileged accounts and implement multifactor authentication and authorization. Review user roles and administrator privileges for maximum utilization of automation services.

Run services with least privileged accounts and implement multifactor authentication and authorization.

What is the best defense against a privilege escalation vulnerability? Never perform debugging using bounds checkers and stress tests and increase the amount of code that runs with particular privilege. Run services with least privileged accounts and implement multifactor authentication and authorization. Never place executables in write-protected directories. Review user roles and administrator privileges for maximum utilization of automation services.

Run services with least privileged accounts and implement multifactor authentication and authorization.

Identify the services provided by the application layer of the cloud security control model? DLP, CMF, Database Activity Monitoring, Encryption Hardware and software RoT and API's Physical Plant Security, CCTV, Guards SDLC, Binary Analysis, Scanners, Web App Firewalls, Transactional Sec

SDLC, Binary Analysis, Scanners, Web App Firewalls, Transactional Sec

Which of the following is used by an attacker to manipulate the log files? SECEVENT.EVT Auditpol.exe Clear_Event_Viewer_Logs.bat clearlogs.exe

SECEVENT.EVT

Which of the following is used by an attacker to manipulate the log files? Auditpol.exe Clear_Event_Viewer_Logs.bat SECEVENT.EVT clearlogs.exe

SECEVENT.EVT: Attackers may not wish to delete an entire log to cover their tracks, as doing so may require admin privileges. If attackers are able to delete only attack event logs, they will still be able to escape detection.

Which of the following SQL queries is an example of a heavy query used in SQL injection? SELECT Name, Price, Description FROM ITEM_DATA WHERE ITEM_ID = 67 AND 1 = 1 SELECT Name, Phone, Address FROM Users WHERE Id=1 UNION ALL SELECT creditCardNumber,1,1 FROM CreditCardTable SELECT * FROM products WHERE id_product=$id_product SELECT * FROM products WHERE id=1 AND 1 < SELECT count(*) FROM all_users A, all_users B, all_users C

SELECT * FROM products WHERE id=1 AND 1 < SELECT count(*) FROM all_users A, all_users B, all_users C

SQL: Used in order to retrieve the DBMS version.

SELECT @@VERSION

After gaining access to the password hashes used to protect access to a web-based application, the knowledge of which cryptographic algorithms would be useful to gain access to the application? SHA1 Diffie-Helman RSA AES

SHA-1 is a 160-bit hash function that resembles the former MD5 algorithm developed by Ron Rivest. It produces a 160-bit digest from a message with a maximum length of (264 − 1) bits.

Which of the following windows service vulnerability does the WannaCry ransomware exploit during the attack on any windows machine? SNMP DNS SMTP SMB

SMB

Which of the following windows service vulnerability does the WannaCry ransomware exploit during the attack on any windows machine? SMB SMTP DNS SNMP

SMB

Which of the following SMTP in-built commands tells the actual delivery addresses of aliases and mailing lists? VRFY EXPN RCPT TO PSINFO

SMTP provides 3 built-in-commands: ? VRFY - Validates users ? EXPN - Tells the actual delivery addresses of aliases and mailing lists ? RCPT TO - Defines the recipients of the message

Which protocol enables an attacker to enumerate user accounts and devices on a target system? SMTP SNMP NetBIOS TCP

SNMP

Which protocol enables an attacker to enumerate user accounts and devices on a target system? NetBIOS TCP SNMP SMTP

SNMP

Which protocol enables an attacker to enumerate user accounts and devices on a target system? SMTP SNMP NetBIOS TCP

SNMP (Simple Network Management Protocol) is an application layer protocol that runs on UDP and maintains and manages routers, hubs, and switches on an IP network. SNMP agents run on Windows and UNIX networks on networking devices.

Which of the following tools can be used to perform SNMP enumeration? SNScan SoftPerfect Network Scanner SuperScan Nsauditor Network Security Auditor

SNScan

Which of the following tools can be used to perform SNMP enumeration? SNScan SoftPerfect Network Scanner SuperScan Nsauditor Network Security Auditor

SNScan is the only tool among the given options that can perform SNMP enumeration. SoftPerfect network scanner, SuperScan, and Nsauditor network security auditor are tools used to perform NetBIOS enumeration.

Stephany is worried because in the past six weeks she has received two and three times the amount of e-mails that she usually receives, and most of it is not related to her work. What kind of problem is Stephany facing? SPAM Malware Phishing External Attack

SPAM

Manav wants to simulate a complete system and provide an appealing target to push hackers away from the production systems of his organization. By using some honeypot detection tool, he offers typical Internet services such as SMTP, FTP, POP3, HTTP, and TELNET, which appear perfectly normal to attackers. However, it is a trap for an attacker by messing them so that he leaves some traces knowing that they had connected to a decoy system that does none of the things it appears to do; but instead, it logs everything and notifies the appropriate people. Can you identify the tool? Glasswire TinyWall PeerBlock SPECTER

SPECTER

A CEH is approached by a friend who believes her husband is cheating. She offers to pay to break into her husband's email account in order to find proof so she can take him to court. What is the ethical response? Say no; the friend is not the owner of the account. Say yes; the friend needs help to gather evidence. Say yes; do the job for free. Say no; make sure that the friend knows the risk she's asking the CEH to take.

Say no; the friend is not the owner of the account.

A CEH is approached by a friend who believes her husband is cheating. She offers to pay to break into her husband's email account in order to find proof so she can take him to court. What is the ethical response? Say no; the friend is not the owner of the account. Say yes; do the job for free. Say yes; the friend needs help to gather evidence. Say no; make sure that the friend knows the risk she's asking the CEH to take.

Say no; the friend is not the owner of the account.

At a Windows server command prompt, which command could be used to list the running services? Sc query type= running Sc query \\servername Sc config Sc query

Sc query

At a Windows server command prompt, which command could be used to list the running services? Sc query type= running Sc query \\servername Sc query Sc config

Sc query

Which of the following is an active reconnaissance technique? Collecting contact information from yellow pages Scanning a system by using tools to detect open ports Collecting information about a target from search engines Performing dumpster diving

Scanning a system by using tools to detect open ports

Which of the following is an active reconnaissance technique? Collecting information about a target from search engines Performing dumpster diving Scanning a system by using tools to detect open ports Collecting contact information from yellow pages

Scanning a system by using tools to detect open ports

Scope Assessment Tools

Scope assessment tools provides assessment of the security by testing vulnerabilities in the applications and operating system. These tools provide a standard control and a reporting interface that allows the user to select a suitable scan.

Which of the following terms refers to unskilled hackers who compromise systems by running scripts, tools, and software developed by real hackers? They usually focus on the quantity of attacks rather than the quality of the attacks that they initiate. Gray Hats Suicide Hackers Script Kiddies Hacktivist

Script Kiddies

Which of the following terms refers to unskilled hackers who compromise systems by running scripts, tools, and software developed by real hackers? They usually focus on the quantity of attacks rather than the quality of the attacks that they initiate. Hacktivist Script Kiddies Gray Hats Suicide Hackers

Script Kiddies

Which of the following tools offers SaaS technology and assists in operating IoT products in a reliable, scalable, and secure manner? SeaCat.io DigiCert IoT Security Solution Firmalyzer Enterprise beSTORM

SeaCat.io

SeaCat.io is a security-first SaaS technology to operate IoT products in a reliable, scalable and secure manner. It provides protection to end users, business, and data.

Sean works as a professional ethical hacker and penetration tester. He is assigned a project for information gathering on a client's network. He started penetration testing and was trying to find out the company's internal URLs, looking for any information about the different departments and business units. Sean was unable find any information. What should Sean do to get the information he needs? Sean should use Sublist3r tool Sean should use WayBackMachine in Archive.org Sean should use website mirroring tools Sean should use email tracking tools

Sean should use Sublist3r tool

Sean works as a professional ethical hacker and penetration tester. He is assigned a project for information gathering on a client's network. He started penetration testing and was trying to find out the company's internal URLs, looking for any information about the different departments and business units. Sean was unable find any information. What should Sean do to get the information he needs? Sean should use Sublist3r tool Sean should use email tracking tools Sean should use WayBackMachine in Archive.org Sean should use website mirroring tools

Sean should use Sublist3r tool

What is the output returned by search engines when extracting critical details about a target from the Internet? Advanced search operators Open ports and Services Search Engine Results Pages ('SERPs') Operating systems, location of web servers, users and passwords

Search Engine Results Pages ('SERPs')

What is the output returned by search engines when extracting critical details about a target from the Internet? Search Engine Results Pages ('SERPs') Advanced search operators Open ports and Services Operating systems, location of web servers, users and passwords

Search Engine Results Pages ('SERPs')

Search engines play a major role in extracting critical details about a target from the Internet. It returns a list of Search Engine Results Pages ('SERPs'). Many search engines can extract target organization information such as employee details, login pages, intranet portals, contact information and so on.

Which of the following protocols is not vulnerable to sniffing? Telnet and Rlogin Post Office Protocol (POP) Hyper Text Transfer Protocol (HTTP) Secure Sockets Layer (SSL)

Secure Sockets Layer (SSL)

Which of the following protocols is not vulnerable to sniffing? Post Office Protocol (POP) Secure Sockets Layer (SSL) Hyper Text Transfer Protocol (HTTP) Telnet and Rlogin

Secure Sockets Layer (SSL)

Which of the following markup languages enables SSO delegation and risk-based authentication in the cloud environment specifically preventing phishing and MitM attacks? -Security Assertion Markup Language (SAML) -Service Provisioning Markup Language (SPML) -eXensible Access Control Markup Language (XACML) -Open Authentication (OAuth)

Security Assertion Markup Language (SAML)

Bayron is the CEO of a medium size company with regional operations in America. He recently hired a security analyst to implement an ISMS. This analyst will design and implement Patch Management, Vulnerability Management and Security Incident Handler procedures for the company. Which of these is a reactive process? Patch Management. A and B are correct. Security Incident Handler. Vulnerability Management.

Security Incident Handler.

What information should an IT system analysis provide to the risk assessor? Threat statement Impact analysis Management buy-in Security architecture

Security architecture

Which of the following processes evaluates the adherence of an organization to its stated security policy? Vulnerability assessment Penetration testing Security auditing Risk assessment

Security auditing

An attacker exploits a web application by tampering with the form and parameter of the web application and he is successful in exploiting the web application and gaining access. Which type of vulnerability did the attacker exploit? SQL injection Security misconfiguration Sensitive data exposure Broken access control

Security misconfiguration

Which of the following examples best represents a logical or technical control? Security tokens Heating and air conditioning Smoke and fire alarms Corporate security policy

Security tokens

Which of the following examples best represents a logical or technical control? Corporate security policy. Security tokens. Heating and air conditioning. Smoke and fire alarms.

Security tokens.

A network administrator is promoted as chief security officer at a local university. One of his new responsibilities is to manage the implementation of an RFID card access system to a new server room on campus. The server room will house student enrollment information that is securely backed up to an off-site location.During a meeting with an outside consultant, the chief security officer explains that he is concerned that the existing security controls have not been designed properly. Currently, the network administrator is responsible for approving and issuing RFID card access to the server room, as well as reviewing the electronic access logs on a weekly basis.Which of the following is an issue with the situation? Lack of experience Segregation of duties Undue influence An inadequate disaster recovery plan

Segregation of duties

Which honeypot detection tools has following features: Checks lists of HTTPS, SOCKS4, and SOCKS5 proxies with any ports Checks several remote or local proxylists at once Can upload "Valid proxies" and "All except honeypots" files to FTP Can process proxylists automatically every specified period May be used for usual proxylist validating as well Ostinato WAN Killer WireEdit Send-Safe Honeypot Hunter

Send-Safe Honeypot Hunter

For messages sent through an insecure channel, a properly implemented digital signature gives the receiver reason to believe the message was sent by the claimed sender. While using a digital signature, the message digest is encrypted with which key? Sender's public key Receiver's public key Sender's private key

Sender's Private Key: The two types of keys in public key cryptography are the private key (only signer knows this key and uses it to create digital signature) and the public key (more widely known and a relying party uses it to verify the digital signature).

What is an Authenticate Flood

Sending forged authenticates or associates from random MACs to fill a target AP's association table. Tools: AirJack, File2air, Macfld, void11

Which of the following attacks can take place due to flaws such as insecure cryptographic storage and information leakage? SQL injection Command injection Sensitive data exposure Shell injection

Sensitive data exposure

In order to hijack TCP traffic, an attacker has to understand the next sequence and the acknowledge number that the remote computer expects. Explain how the sequence and acknowledgment numbers are incremented during the 3-way handshake process. Sequence and acknowledgment numbers are incremented by one during the 3-way handshake process Sequence and acknowledgment numbers are incremented by two during the 3-way handshake process Sequence number is incremented by one and acknowledge number is not incremented during the 3-way handshake process Sequence number is not incremented and acknowledgment number is incremented by one during the 3-way handshake process

Sequence and acknowledgment numbers are incremented by one during the 3-way handshake process

Out of the following types of virtualizations, which type of virtualization is used in increasing space utilization and reducing the hardware maintenance cost? Storage Virtualization Network Virtualization Server Virtualization Resource Virtualization

Server Virtualization

Which of the following stores a server's configuration, error, executable, and log files? Document root Server root Virtual document tree Web proxy

Server root

In which of the following attacks does an attacker steal a CSP's or client's credentials by methods such as phishing, pharming, social engineering, and exploitation of software vulnerabilities? Service Hijacking Using Social Engineering Attacks Wrapping Attack DNS Attack Side Channel Attack

Service Hijacking Using Social Engineering Attacks

Which of the following terms refers to a set of hotfixes packed together? Patch Hotfix pack Service pack Repair pack

Service pack

When a person (or software) steals, can calculate, or can guess part of the communication channel between client and the server application or protocols used in the communication, he can hijack the ______. Session Channel TCP protocol UDP protocol

Session

Which of the following is not a type of DNS attack? Domain Snipping Session Hijacking Domain Hijacking Cybersquatting

Session Hijacking

Which of the following is not a type of network-level hijacking? Blind Hijacking Man-in-the-Middle: Packet Sniffer Session Hijacking UDP Hijacking

Session Hijacking

In which of the following attacks does an attacker ride an active computer session by sending an email or tricking the user into visiting a malicious web page while they are logged into the targeted site? Session Hijacking Using Session Riding Wrapping Attack DNS Attack Side Channel Attack

Session Hijacking Using Session Riding

Session splicing is an IDS evasion technique that exploits how some IDSs do not reconstruct sessions before pattern-matching the data. It is a network-level evasion method used to bypass IDS where an attacker splits the attack traffic in too many packets such that no single packet triggers the IDS.

Jamie is an on-call security analyst. He had a contract to improve security for the company's firewall. Jamie focused specifically on some of the items on the security of the Company's firewall. After working for some time on the items, Jamie creates the following list to fix them: 1. Set ssh timeout to 30 minutes. 2. Set telnet timeout to 30 minutes. 3. Set console timeout to 30 minutes. 4. Set login password retry lockout. Which task should Jamie perform if he has time for just one change before leaving the organization? Set login password retry lockout. Set telnet timeout to 30 minutes. Set ssh timeout to 30 minutes. Set console timeout to 30 minutes.

Set login password retry lockout.

A hacker is attempting to use nslookup to query Domain Name Service (DNS). The hacker uses the nslookup interactive mode for the search. Which command should the hacker type into the command shell to request the appropriate records? Request type=ns Locate type=ns Set type=ns Transfer type=ns

Set type=ns

A hacker is attempting to use nslookup to query Domain Name Service (DNS). The hacker uses the nslookup interactive mode for the search. Which command should the hacker type into the command shell to request the appropriate records? Locate type=ns Request type=ns Set type=ns Transfer type=ns

Set type=ns

Which of the following is not a feature of Mobile Device Management Software? Enforce policies and track inventory Remotely wipe data in the lost or stolen device Sharing confidential data among devices and networks Perform real time monitoring and reporting

Sharing confidential data among devices and networks

A computer installed with port monitoring, file monitoring, network monitoring, and antivirus software and connected to network only under strictly controlled conditions is known as: Sheep Dip Droidsheep Sandbox Malwarebytes

Sheep Dip

Sheep Dip: Sheep dipping refers to the analysis of suspect files, incoming messages, etc. for malware. The users isolate the sheep-dipped computer from other computers on the network to block any malware from entering the system.

Sheep dipping refers to the analysis of suspect files, incoming messages, etc. for malware. The users isolate the sheep-dipped computer from other computers on the network to block any malware from entering the system.

If an attacker wants to gather information such as IP address, hostname, ISP, device's location, and the banner of the target IoT device, which of the following tools should he use to do so? Nmap Shodan RIoT vulnerability scanner Foren6

Shodan

Shodan is a search engine that provides information about all the internet connected devices such as routers, traffic lights, CCTV cameras, servers, smart home devices, industrial devices, etc.

In which of the following attacks is the practice of spying on the user of a cash-dispensing machine or other electronic device performed in order to obtain their personal identification number, password, and so on? Dumpster diving Piggybacking Tailgating Shoulder surfing

Shoulder surfing

In which of the following attacks is the practice of spying on the user of a cash-dispensing machine or other electronic device performed in order to obtain their personal identification number, password, and so on? Piggybacking Shoulder surfing Dumpster diving Tailgating

Shoulder surfing

Sean works as a penetration tester in ABC firm. He was asked to gather information about the target company. Sean begins with social engineering by following the steps: Secretly observes the target to gain critical information Looks at employee's password or PIN code with the help of binoculars or a low-power telescope Based on the above description, identify the social engineering technique. Shoulder surfing Tailgating Phishing Dumpster diving

Shoulder surfing

Sean works as a penetration tester in ABC firm. He was asked to gather information about the target company. Sean begins with social engineering by following the steps: ● Secretly observes the target to gain critical information ● Looks at employee's password or PIN code with the help of binoculars or a low-power telescope Based on the above description, identify the social engineering technique. Shoulder surfing Dumpster diving Phishing Tailgating

Shoulder surfing

Ron, a customer support intern, exploited default configurations and settings of the off-the-shelf libraries and code used in the company's CRM platform. How will you categorize this attack? Mis-configuration attack Operating System attack Application-level attack Shrink-wrap code attack

Shrink-wrap code attack

Ron, a customer support intern, exploited default configurations and settings of the off-the-shelf libraries and code used in the company's CRM platform. How will you categorize this attack? Operating System attack Mis-configuration attack Application-level attack Shrink-wrap code attack

Shrink-wrap code attack

An engineer is learning to write exploits in C++ and is using Kali Linux. The engineer wants to compile the newest C++ exploit and name it calc.exe. Which command would the engineer use to accomplish this? g++ hackersExploit.cpp -o calc.exe g++ hackersExploit.py -o calc.exe g++ -i hackersExploit.pl -o calc.exe g++ --compile -i hackersExploit.cpp -o calc.exe

Since the engineer is writing exploit in C++, the command should be g++ hackersExploit.cpp -o calc.exe g++ hackersExploit.py -o calc.exe is for python exploit g++ -i hackersExploit.pl -o calc.exe is for perl exploit. In g++ --compile -i hackersExploit.cpp -o calc.exe, the command should be --c and not --compile. So the answer is "g++ hackersExploit.cpp -o calc.exe."

A tester has been hired to do a web application security test. The tester notices that the site is dynamic and must make use of a back-end database. In order for the tester to see if an SQL injection is possible, what is the first character that the tester should use to attempt breaking a valid SQL request? Semicolon Single quote Exclamation mark Double quote

Single quote

William has been hired by the ITSec, Inc. to perform web application security testing. He was asked to perform black box penetration testing to test the security of the company's web applications. No information is provided to William about the company's network and infrastructure. William notices that the company website is dynamic and must make use of a backend database. He wants to see if an SQL injection would be possible. As part of the testing, he tries to catch instances where the user input is used as part of an SQL identifier without any input sanitization. Which of the following characters should William use as the input data to catch the above instances? Right square bracket Single quote Double quote Semicolon

Single quote Double quote

Which of the following is a preventive control? Smart card authentication Security policy Audit trail Continuity of operations plan

Smart card authentication

Which of the following is a preventive control? Continuity of operations plan Performance review. Audit trail. Smart card authentication.

Smart card authentication.

Smith works as a professional Ethical Hacker with a large MNC. He is a CEH certified professional and was following the CEH methodology to perform the penetration testing. He is assigned a project for information gathering on a client's network. He started penetration testing and was trying to find out the company's internal URLs, (mostly by trial and error), looking for any information about the different departments and business units. Smith was unable to find any information. What should Smith do to get the information he needs? Smith should use online services such as netcraft.com to find the company's internal URLs. Smith should use WayBackMachine in Archive.org to find the company's internal URLs. Smith should use website mirroring tools such as HTTrack Website Copier to find the company's internal URLs. Smith should use email tracking tools such as eMailTrackerPro to find the company's internal URLs.

Smith should use online services such as netcraft.com to find the company's internal URLs.

Smith works as a professional Ethical Hacker with a large MNC. He is a CEH certified professional and was following the CEH methodology to perform the penetration testing. He is assigned a project for information gathering on a client's network. He started penetration testing and was trying to find out the company's internal URLs, (mostly by trial and error), looking for any information about the different departments and business units. Smith was unable to find any information. What should Smith do to get the information he needs? Smith should use website mirroring tools such as HTTrack Website Copier to find the company's internal URLs. Smith should use WayBackMachine in Archive.org to find the company's internal URLs. Smith should use email tracking tools such as eMailTrackerPro to find the company's internal URLs. Smith should use online services such as netcraft.com to find the company's internal URLs.

Smith should use online services such as netcraft.com to find the company's internal URLs.

An attacker is using session hijacking on the victim system to perform further exploitation on the target network. Identify the type of attacks an attacker can perform using session hijacking? Sniffing Piggybacking Dumpster Diving Tailgating

Sniffing

Which of the following tools is used to build rules that aim to detect SQL injection attacks? Nmap Snort Masscan SuperScan

Snort

Jack a malicious hacker wants to break into Brown Co.'s computers and obtain their secret information related to Company's quotations. Jack calls Jane, an accountant at Brown Co., pretending to be an administrator from Brown Co. Jack tells Jane that there has been a problem with some accounts and asks her to verify her password with him "just to double check our records." Jane does not suspect anything amiss, and reveals her password. Jack can now access Brown Co.'s computers with a valid username and password, to steal the confidential company's quotations. Identify the attack performed by Jack? Footprinting Reverse Engineering Social Engineering Scanning

Social Engineering

Jacob Hacker wants to infect the network of a competitor with a worm virus. He sets the worm to autoexecute and loads 50 copies of the worm onto 50 separate USB drives. He drives to the competitor's campus and drops the USB keys at various locations around the campus. He waits for random employees to pick it up and who might check to see what is on them by plugging them into their computer. Once an employee has inserted the key, the worm autoexecutes and the network is infected. What type of attack is described here? Social engineering Virus attack Distributed Denial-of-Service (DDoS) attack Brute force attack

Social Engineering

Bad Pete would like to locally log onto a PC located inside a secure facility. He dresses like a delivery driver and holds a package outside of the secure facility and waits for someone to open the door. Once he gains entry, he finds an empty office with a PC and gains entry to the network. What is this type of activity known as? Social engineering Social equity attack Open door policy attack Personal attack

Social engineering

Jacob Hacker wants to infect the network of a competitor with a worm virus. He sets the worm to autoexecute and loads 50 copies of the worm onto 50 separate USB drives. He drives to the competitor's campus and drops the USB keys at various locations around the campus. He waits for random employees to pick it up and who might check to see what is on them by plugging them into their computer. Once an employee has inserted the key, the worm autoexecutes and the network is infected. What type of attack is described here? Virus attack Brute force attack Social engineering Distributed Denial-of-Service (DDoS) attack

Social engineering

A security consultant decides to scrutinize the information by categorizing information as top secret, proprietary, for internal use only, for public use, etc. Which of the following attack can be mitigated using such countermeasure? Forensic attack Address Resolution Protocol (ARP) spoofing attack Social engineering attack Scanning attack

Social engineering attack

A security consultant decides to scrutinize the information by categorizing information as top secret, proprietary, for internal use only, for public use, etc. Which of the following attack can be mitigated using such countermeasure? Social engineering attack Address Resolution Protocol (ARP) spoofing attack Scanning attack Forensic attack

Social engineering attack

Information gathered from social networking websites such as Facebook, Twitter, and LinkedIn can be used to launch which of the following types of attacks? SQL injection attack Smurf attack Distributed denial of service attack Social engineering attack

Social engineering attack

Information gathered from social networking websites such as Facebook, Twitter, and LinkedIn can be used to launch which of the following types of attacks? Smurf attack Social engineering attack SQL injection attack Distributed denial of service attack

Social engineering attack

Bad Pete would like to locally log onto a PC located inside a secure facility. He dresses like a delivery driver and holds a package outside of the secure facility and waits for someone to open the door. Once he gains entry, he finds an empty office with a PC and gains entry to the network. What is this type of activity known as? Social engineering Social equity attack Open door policy attack Personal attack

Social engineering is correct. Known as a confidence trick or "con job," social engineering is an act of manipulating humans.

Which of the following is a generic exploit designed to perform advanced attacks against human elements to compromise a target to offer sensitive information? NetScanTools Pro Social-engineer toolkit (SET) Wireshark Cain and Abel

Social-engineer toolkit (SET)

Which of the following is a generic exploit designed to perform advanced attacks against human elements to compromise a target to offer sensitive information? NetScanTools Pro Wireshark Social-engineer toolkit (SET) Cain and Abel

Social-engineering Toolkit

Network security auditor are tools that are used to perform NetBIOS enumeration.

SoftPerfect network scanner, SuperScan, and Nsauditor, Hyena,

Some of the application layer controls include SDLC, binary analysis, scanners, web app firewalls, transactional sec, etc.

Which of the following may a router or host use as a way to indicate that it is becoming congested or overloaded?

Source Quench

Which of the following viruses infect only occasionally upon satisfying certain conditions or when the length of the file falls within a narrow range? Cluster viruses Sparse infector viruses Encryption viruses Stealth virus

Sparse infector viruses

Which of the following viruses infect only occasionally upon satisfying certain conditions or when the length of the file falls within a narrow range? Sparse infector viruses Encryption viruses Cluster viruses Stealth virus

Sparse infector viruses

John is a college dropout and spends most of his time on social networking sites looking for the people living in the city and gather their details. One day, he saw a girl's profile and found her email ID from her timeline. John sent her a mail stating that he possessed her private photos and if she fails to provide him with her bank account details, he will upload those images to social networking sites. Whaling Vishing Spear Phishing Pharming

Spear Phishing

Which of the following vulnerabilities allows attackers to trick a processor to exploit speculative execution to read restricted data? Meltdown Dylib Hijacking Spectre DLL Hijacking

Spectre

Which of the following vulnerabilities allows attackers to trick a processor to exploit speculative execution to read restricted data? Dylib Hijacking DLL Hijacking Spectre Meltdown

Spectre

Spectre vulnerability:

Which of the following is a two-way HTTP tunneling software tool that allows HTTP, HTTPS, and SOCKS tunneling of any TCP communication between any client-server systems? Super network tunnel Bitvise Secure Pipes Loki

Super network tunnel

During the penetration testing in company "Credit Cards Rus Ltd." Marin was using sslstrip tool in order to sniff HTTP traffic. Unfortunately, no data was received. Marin double checked the setup, tested the setup between his virtual machines, and was successful in intercepting the traffic here, but when he tried to do it against other machines on the same network, nothing happened. Marin was puzzled with that and he did not understand why that was happening. Help Marin and explain why he was unsuccessful with intercepting the traffic with sslstrip? Sslstrip can show the data only if the initial request to the server is sent as HTTP. Marin cannot use sslstrip on the real network—it works only between virtual machines Marin was using the wrong tool. To decrypt the https traffic, he should have used httpsdecrypt instead Sslstrip can show only GET requests—in this case, all the client/server communication was using POST requests

Sslstrip can show the data only if the initial request to the server is sent as HTTP.

During the penetration testing in company "Credit Cards Rus Ltd." Marin was using the sslstrip tool in order to sniff HTTPS traffic. Knowing that HTTPS traffic is encrypted and cannot be sniffed normally, explain the reason why it is possible to see the traffic in cleartext. Sslstrip tool is exploiting user behavior and if a user does not type https:// in front of the link, and the website has redirection from HTTP to HTTPS, it will intercept HTTP 302 redirection and send the user exactly what the user asked for, i.e. HTTPsite Sslstrip tool is exploiting an older or in HTTPS protocol, allowing it to gracefully decrypt http traffic by intercepting HTTP 403 denied messages and sending user HTTP 200 OK messages Sslstrip tool is exploiting certificate signing and it is sending its own certificate instead of the original one, allowing for the traffic to be easily decrypted Sslstrip tool is exploiting network bug, which allows it to decrypt HTTPS protocols (TLS and SSL) by sending gratuitous ARP packets to all the nodes on the network

Sslstrip tool is exploiting user behavior and if a user does not type https:// in front of the link, and the website has redirection from HTTP to HTTPS, it will intercept HTTP 302 redirection and send the user exactly what the user asked for, i.e. HTTPsite

When a DHCP client boots up, which of the following will it perform in order to enable it to communicate on the network.

Standard Address Discovery

Low humidity in a data center can cause which of the following problems? Corrosion Airborne contamination Static electricity Heat

Static electricity

Which of the following analysis techniques involves going through the executable binary code without actually executing it to have a better understanding of the malware and its purpose? Spectrum analysis Dynamic malware analysis Static malware analysis System baselining

Static malware analysis

Which of the following analysis techniques involves going through the executable binary code without actually executing it to have a better understanding of the malware and its purpose? Dynamic malware analysis Spectrum analysis Static malware analysis System baselining

Static malware analysis

A security engineer is attempting to perform scanning on a company's internal network to verify security policies of their networks. The engineer uses the following NMAP command: nmap -n -sS -P0 -p 80 ***.***.**.** What type of scan is this? Quick scan Intense scan Stealth scan Comprehensive scan

Stealth scan

A security engineer is attempting to perform scanning on a company's internal network to verify security policies of their networks. The engineer uses the following NMAP command: nmap -n -sS -P0 -p 80 ***.***.**.** What type of scan is this? Stealth scan Quick scan Comprehensive scan Intense scan

Stealth scan

Which of the following viruses tries to hide from anti-virus programs by actively altering and corrupting the chosen service call interruptions when they are being run? Cavity virus Polymorphic virus Metamorphic virus Stealth virus

Stealth virus

Which of the following viruses tries to hide from anti-virus programs by actively altering and corrupting the chosen service call interruptions when they are being run? Stealth virus Polymorphic virus Metamorphic virus Cavity virus

Stealth virus

Stealth virus: These viruses try to hide from antivirus programs by actively altering and corrupting the service call interrupts while running.

Which of the following techniques refers to the art of hiding data "behind" other data without the target's knowledge? Scanning Enumeration Footprinting Steganography

Steganography

Which of the following techniques refers to the art of hiding data "behind" other data without the target's knowledge? Footprinting Enumeration Steganography Scanning

Steganography

Which of the following is not a characteristic of virtualization in cloud computing technology? Partitioning Storage Isolation Encapsulation

Storage

Which cipher encrypts the plain text digit (bit or byte) one by one? Classical cipher Block cipher Modern cipher Stream cipher

Stream cipher

Which cipher encrypts the plain text digit (bit or byte) one by one? Classical cipher Block cipher Modern cipher Stream cipher

Stream ciphers: Symmetric key ciphers are plaintext digits combined with a key stream (pseudorandom cipher digit stream). Here, the user applies the key to each bit, one at a time. Examples include RC4, SEAL, etc.

Michel, a professional hacker, is trying to perform an SQL injection attack on the MS SQL database system of the CityInfo, Inc. by bypassing the signature-based IDS. He tried various IDS evasion techniques and finally succeeded with one where he breaks the SQL query into a number of small pieces and uses the + sign to join SQL query end to end. Which of the following IDS evasion techniques he uses to bypass the signature-based IDS? String concatenation Char encoding Hex encoding URL encoding

String concatenation

In which of the following attacks does an attacker use multiple forged identities to create a strong illusion of traffic congestion, affecting communication between neighboring nodes and networks? Rolling code attack Sybil attack Replay attack DoS attack

Sybil Attack: Attacker uses multiple forged identities to create a strong illusion of traffic congestion, affecting communication between neighboring nodes and networks. Sybil attacks in VANETs (Vehicular Ad hoc Networks) are regarded as the most serious attacks which puts a great impact on network's performance.

Sybil attack

In which of the following identity thefts does an attacker acquire information from different victims to create a new identity? Tax identity theft Identity cloning and concealment Synthetic identity theft Social identity theft

Synthetic identity theft

In which of the following identity thefts does an attacker acquire information from different victims to create a new identity? Social identity theft Identity cloning and concealment Synthetic identity theft Tax identity theft

Synthetic identity theft

Which of the following processes refers to taking a snapshot of the system at the time the malware analysis begins? API call monitoring Sandboxing System baselining Windows services monitoring

System baselining

Which of the following processes refers to taking a snapshot of the system at the time the malware analysis begins? Sandboxing System baselining Windows services monitoring API call monitoring

System baselining

Clients ordinarily attempt to renew existing releases by default, but you can instruct a DHCP server to deny lease renewals, or even cancel leases, when necessary. T or F

DHCP delivers the necessary configuration information to clients to tell them the addresses of their IP gateways. T or F

ICMP packets contain only three required fields after the IP header: Type, Code, and checksum. T or F

If a packet with TTL=1 arrives at a router, the router must discard the packet because it cannot decrement the TTL to 0 and forward the packet. T or F

ND takes over the functions that ARP and Reverse ARP handled in IPv4. T or F

Neighbor Discovery uses five ICMPv6 messages types. T or F

Routers can use ICMP to provide default gateway setting to a host (if the host requests assistance). T or F

The internet protocol (IP) primarily works to transmit and deliver data between devices on internetworks. T or F

When a host uses a service that employs a multicast address, it registers itself to "listen" on that address, as well as on its own unique host address (and the broadcast address). T or F

When the Protocol field of an IP header contains the value 17 (0x11), the UDP header follows the IP header. T or F

Which of the following terms is defined as the time that the client tries to renew its network address by contacting the DHCP server that sent the original address to the client?

Which of the following terms is defined as the time that the client begins to broadcast a renewal request for an extended lease time from another DHCP server.

Which of the following protocols provides reliable multiprocess communication service in a multinetwork environment? SNMP TCP UDP SMTP

TCP

Which of the following protocols provides reliable multiprocess communication service in a multinetwork environment? UDP TCP SMTP SNMP

TCP

Smith, a network security administrator, is configuring routers in his organization to protect the network from DoS attacks. Which router feature can he use to prevent SYN flooding effectively? Ingress Filtering Egress Filtering TCP Intercept Mac Address Filtering

TCP Intercept - In the TCP intercept mode, the router intercepts the SYN packets sent by the clients to the server and matches with an extended access list

Which of the following technique is used by the attacker to distribute the payload and to create covert channels? TCP Parameters Clear online tracks Covering tracks Performing steganalysis

TCP Parameters

Which of the following technique is used by the attacker to distribute the payload and to create covert channels? TCP Parameters Clear online tracks Performing steganalysis Covering tracks

TCP Parameters

Which of the following technique is used by the attacker to distribute the payload and to create covert channels? TCP Parameters Clear online tracks Covering tracks Performing steganalysis

TCP Parameters: TCP parameters can be used by the attacker to distribute the payload and to create covert channels.

Which of the following technique is used by the attacker to distribute the payload and to create covert channels? TCP Parameters Clear online tracks Covering tracks Performing steganalysis

TCP parameters can be used by the attacker to distribute the payload and to create covert channels.

In what way do the attackers identify the presence of layer 7 tar pits? -By looking at the latency of the response from the service -By analyzing the TCP window size -By looking at the responses with unique MAC address 0:0:f:ff:ff:ff

Tar pits are the security entities that are similar to honeypots that are designed to respond slowly to the incoming requests. The layer 7 tar pits react slowly to the incoming SMTP commands by the attackers/spammers. Attackers can identify the presence of layer 7 tar pits by looking at the latency of the response from the service.

An attacker uses the following SQL query to perform an SQL injection attack SELECT * FROM users WHERE name = '' OR '1'='1'; Identify the type of SQL injection attack performed. Tautology Illegal/Logically Incorrect Query UNION SQL Injection End-of-Line Comment

Tautology

In which of the following attacks does an attacker use a conditional OR clause in such a way that the condition of the WHERE clause will always be true? UNION SQL injection Illegal/logically incorrect query End-of-line comment Tautology

Tautology

Which of the following network attacks takes advantage of weaknesses in the fragment reassembly functionality of the transmission control protocol (TCP) or Internet protocol (IP) stack? Teardrop attack SYN flood attack Smurf attack Ping of death attack

Teardrop attack

OpenSSH or SSH is a more secure solution to which of the following protocol? HTTP IP Telnet, rlogin SMB

Telnet, rlogin

Which of the following countermeasures prevent buffer overruns? Use the most restrictive SQL account types for applications Keep untrusted data separate from commands and queries Test the size and data type of the input and enforce appropriate limits Apply the least privilege rule to run the applications that access the DBMS

Test the size and data type of the input and enforce appropriate limits

The "nmap --script http-enum -p80 <host>" command is used to enumerate common web applications where as the "nmap -p80 --script http-userdir -enum localhost" command is used to enumerate users; the "nmap --script http-trace -p80 localhost" command is used to detect a vulnerable server that uses the TRACE method and the "nmap -p80 --script http-trace <host>" command is used to detect HTTP Trace.

The 80 specified in the telnet command is the port that you are hitting and the HEAD command "HEAD / HTTP/1.0" will return the header of the victim server to the Telnet screen. The PUT / HTTP/1.0 command allows you to upload files, so cannot be used for fingerprinting. Remaining commands are invalid.

IRDP

The ICMP Router Discovery Protocol (IRDP) is a routing protocol that allows a host to discover the IP addresses of active routers on its subnet by listening to router advertisement and solicitation messages on its network. The attacker can add default route entries on a system remotely by spoofing router advertisement messages. Since IRDP does not require any authentication, the target host will prefer the default route defined by the attacker to the default route provided by the DHCP server. The attacker accomplishes this by setting the preference level and the lifetime of the route at high values to ensure that the target hosts will choose it as the preferred route.

There is a WEP encrypted wireless access point (AP) with no clients connected. In order to crack the WEP key, a fake authentication needs to be performed. What information is needed when performing fake authentication to an AP? (Choose two ) The IP address of the AP The MAC address of the AP The SSID of the wireless network A failed authentication packet

The MAC address of the AP The SSID of the wireless network

Mischa Ransomeware

The Mischa Ransomware is the standard garden variety ransomware that encrypts your files and then demands a ransom payment to get the decryption key.

Which of the following techniques do attackers use to escalate privileges in the Windows operating system? Launch Daemon Plist Modification Setuid and Setgid Application Shimming

The Windows operating system uses Windows application compatibility framework called Shim to provide compatibility between the older and newer versions of Windows. An attacker can use these shims to perform different attacks such as disabling Windows defender, privilege escalation, installing backdoors, and so on.

In a Windows system, an attacker was found to have run the following command:type C:\SecretFile.txt >C:\LegitFile.txt:SecretFile.txtWhat does the above command indicate? The attacker has used Alternate Data Streams to copy the content of SecretFile.txt file into LegitFile.txt. The attacker was trying to view SecretFile.txt file hidden using an Alternate Data Stream. The attacker has used Alternate Data Streams to hide SecretFile.txt file into LegitFile.txt. The attacker has used Alternate Data Streams to rename SecretFile.txt file to LegitFile.txt.

The attacker has used Alternate Data Streams to hide SecretFile.txt file into LegitFile.txt.

The calculated subnet mask can serve as an input to many of the ping sweep and port scanning tools for further enumeration, which includes discovering hosts and open ports.

While performing a UDP scan of a subnet, you receive an ICMP reply of Code 3/Type 3 for all the pings you have sent out. What is the most likely cause of this? The firewall is dropping the packets. UDP port is closed. UDP port is open The host does not respond to ICMP packets.

UDP port is closed.

The command below will ping all IP addresses on the 192.168.2.0 network and help the tester to determine live systems in the network along with replies. for /L %V in (1 1 254) do PING -n 1 192.168.2.%V | FIND /I "Reply" Ping 192.168.2. and ping 192.168.2.255 will just ping the target IPs for %V in (1 1 255) do PING 192.168.2.%V command does not consist of reply from the host machines

A security consultant is trying to bid on a large contract that involves penetration testing and reporting. The company accepting bids wants proof of work, so the consultant prints out several audits that they have performed for previous companies. Which of the following is likely to occur as a result? The consultant will ask for money on the bid because of great work. The consultant may expose vulnerabilities of other companies. The company accepting bids will hire the consultant because of the great work performed. The company accepting bids will want the same type of format of testing.

The consultant may expose vulnerabilities of other companies.

A security consultant is trying to bid on a large contract that involves penetration testing and reporting. The company accepting bids wants proof of work, so the consultant prints out several audits that they have performed for previous companies. Which of the following is likely to occur as a result? The consultant will ask for money on the bid because of great work. The consultant may expose vulnerabilities of other companies. The company accepting bids will want the same type of format of testing. The company accepting bids will hire the consultant because of the great work performed.

The consultant may expose vulnerabilities of other companies.

The correct answer is session (session hijacking). Channel hijacking is not the correct term used for this and TCP/UDP protocol hijacking is just a subset of the answer.

Which algorithm does the "sequential change-point detection" technique use to identify and locate the DoS attacks? Cumulative Sum Obfuscation BlackShades Advanced Encryption Standard

The cumulative sum control chart (CUSUM) is a sequential analysis technique developed by E. S. Page of the University of Cambridge. It is typically used in monitoring change detection.

An attacker wants to exploit a webpage. From which of the following points does he start his attack process? -Identify server-side technologies -Map the attack surface -Identify entry points for user input -Identify server-side functionality

The first step in analyzing a web app is to check for the application entry point, which can later serve as a gateway for attacks.

You need to do an ethical hack for BAYARA Company, and the manager says that you need to obtain the password of the root account of the main server to hire you. You are in possession of a rainbow table, what else do you need to obtain the password of the root? The hash of the root password Do a vulnerability assessment Inject an SQL script into the database Perform a network recognition

The hash of the root password

You need to do an ethical hack for BAYARA Company, and the manager says that you need to obtain the password of the root account of the main server to hire you. You are in possession of a rainbow table, what else do you need to obtain the password of the root? Do a vulnerability assessment The hash of the root password Inject an SQL script into the database Perform a network recognition

The hash of the root password

A penetration tester is conducting a port scan on a specific host. The tester found several open ports that were confusing in concluding the operating system (OS) version installed. Considering the NMAP result below, which of the following is likely to be installed on the target machine by the OS? Starting NMAP 7.70 at 2018-03-15 11:06 NMAP scan report for 172.16.40.65 Host is up (1.00s latency). Not shown: 993 closed ports PORT STATE SERVICE 21/tcp open ftp 23/tcp open telnet 80/tcp open http 139/tcp open netbios-ssn 515/tcp open 631/tcp open ipp 9100/tcp open MAC Address: 00:00:48:0D:EE:89 The host is likely a Linux machine. The host is likely a printer. The host is likely a Windows machine. The host is likely a router.

The host is likely a printer.

When setting up a wireless network, an administrator enters a preshared key for security. Which of the following is true? The key entered is a symmetric key used to encrypt the wireless data. The key entered is a hash that is used to prove the integrity of the wireless data. The key entered is based on the Diffie-Hellman method. The key is an RSA key used to encrypt the wireless data.

The key entered is a symmetric key used to encrypt the wireless data.

Which of the following windows utilities allow an attacker to perform NetBIOS enumeration? GetRequest nbtstat SetRequest ntpdate

The nbtstat utility in Windows displays NetBIOS over TCP/IP (NetBT) protocol statistics, NetBIOS names tables for both the local and remote computers, and the NetBIOS name cache. An attacker can run the nbtstat command, "nbtstat.exe -c" to get the contents of the NetBIOS name cache, the table of NetBIOS names, and their resolved IP addresses.

The related-key attack is similar to the chosen plaintext attack, except that the attacker can obtain ciphertexts encrypted under two different keys. This is actually a very useful attack if one can obtain the plaintext and matching ciphertext.

Firewalk has just completed the second phase (the scanning phase) and a technician receives the output shown below. What conclusions can be drawn based on these scan results? TCP port 21—no response TCP port 22—no response TCP port 23—Time-to-live exceeded The firewall itself is blocking ports 21 through 23 and a service is listening on port 23 of the target host. The lack of response from ports 21 and 22 indicate that those services are not running on the destination server. The scan on port 23 passed through the filtering device. This indicates that port 23 was not blocked at the firewall. The scan on port 23 was able to make a connection to the destination host prompting the firewall to respond with a TTL error.

The scan on port 23 passed through the filtering device. This indicates that port 23 was not blocked at the firewall.

During a penetration test, a tester finds that the web application being analyzed is vulnerable to Cross Site Scripting (XSS). Which of the following conditions must be met to exploit this vulnerability? The web application does not have the secure flag set. The session cookies do not have the HttpOnly flag set. The victim user should not have an endpoint security solution The victim's browser must have ActiveX technology enabled.

The session cookies do not have the HttpOnly flag set.

The source-routed packets technique is useful in gaining unauthorized access to a computer with the help of a trusted host's IP address. This type of hijacking allows attackers to create their own acceptable packets to insert into the TCP session. First, the attacker spoofs the trusted host's IP address so that the server managing a session with the host, accepts the packets from the attacker.

What happens when a switch CAM table becomes full? The CAM overflow table will cause the switch to crash causing denial-of-service (DoS). The switch then acts as a hub by broadcasting packets to all machines on the network. The switch replaces outgoing frame switch factory default MAC address of FF:FF:FF:FF:FF:FF. Every packet is dropped and the switch sends out simple network management protocol (SNMP) alerts to the intrusion detection system (IDS) port.

The switch then acts as a hub by broadcasting packets to all machines on the network.

What happens when a switch CAM table becomes full? The CAM overflow table will cause the switch to crash causing denial-of-service (DoS). The switch replaces outgoing frame switch factory default MAC address of FF:FF:FF:FF:FF:FF. Every packet is dropped and the switch sends out simple network management protocol (SNMP) alerts to the intrusion detection system (IDS) port. The switch then acts as a hub by broadcasting packets to all machines on the network.

The switch then acts as a hub by broadcasting packets to all machines on the network.

Which protocol and port number might be needed to send log messages to a log analysis tool that resides behind a firewall? UDP 123 UDP 541 UDP 514 UDP 415

The syslog server gathers information sent over the network over UDP port 514 using a syslog listener.

Dynamic ARP Inspection

The system checks the IP to MAC address binding for each ARP packet in a network. While performing a Dynamic ARP inspection, the system will automatically drop invalid IP to MAC address bindings.

During a wireless penetration test, a tester detects an AP using the WPA2 encryption. Which of the following attacks should be used to obtain the key? -The tester must capture the WPA2 authentication handshake and then crack it. -The tester must use the tool inSSIDer to crack it using the ESSID of the network. -The tester cannot crack WPA2 because it is in full compliance with the IEEE 802.11i standard.

The tester must capture the WPA2 authentication handshake and then crack it: An attacker may succeed in unauthorized access to the target network by trying various method such as launching various wireless attacks, placing rogue APs, evil twins, etc.

A tester has been hired to perform source code review of a web application to detect SQL injection vulnerabilities. As part of the testing process, he needs to get all the information about the project from the development team. During the discussion with the development team, he comes to know that the project is in the initial stage of the development cycle. As per the above scenario, which of the following processes does the tester need to follow in order to save the company's time and money? The tester needs to perform static code analysis as it covers the structural and statement coverage testing The tester needs to perform static code analysis as it covers the executable file of the code The tester needs to perform dynamic code analysis as it uncovers bugs in the software system The tester needs to perform dynamic code analysis as it finds and fixes the defects

The tester needs to perform static code analysis as it covers the structural and statement coverage testing

Bluesnarfing

The unauthorized access of information from a wireless device through a Bluetooth connection.

Cluster virus

The virus has only a single copy of virus in hard disk but modifies directory table entries of each file, so that each user or system process points to virus code instead of the original program.

What is the main difference between a "Normal" SQL injection and a "Blind" SQL injection vulnerability? The request to the webserver is not visible to the administrator of the vulnerable application. The attack is called "Blind" because, although the application properly filters user input, it is still vulnerable to code injection. A successful attack does not show an error message to the administrator of the affected application. The vulnerable application does not display errors with information about the injection results to the attacker.

The vulnerable application does not display errors with information about the injection results to the attacker.

Which of the following conditions must be given to allow a tester to exploit a Cross-Site Request Forgery (CSRF) vulnerable web application? The victim user must open a malicious link with an Internet Explorer prior to version 8. The session cookies generated by the application do not have the HttpOnly flag set. The victim user must open a malicious link with Firefox prior to version 3. The web application should not use random tokens.

The web application should not use random tokens.

xp_cmdshell

The xp_cmdshell option is a SQL Server server configuration option that enables system administrators to control whether the xp_cmdshell extended stored procedure can be executed on a system.

Which of the following business challenges could be solved by using a vulnerability scanner? Auditors want to discover if all systems are following a standard naming convention. A web server was compromised and management needs to know if any further systems were compromised. There is an urgent need to remove administrator access from multiple machines for an employee who quit. There is a monthly requirement to test corporate compliance with host application usage and security policies.

There is a monthly requirement to test corporate compliance with host application usage and security policies.

Which of the following business challenges could be solved by using a vulnerability scanner? Auditors want to discover if all systems are following a standard naming convention. There is an urgent need to remove administrator access from multiple machines for an employee who quit. A web server was compromised and management needs to know if any further systems were compromised. There is a monthly requirement to test corporate compliance with host application usage and security policies.

There is a monthly requirement to test corporate compliance with host application usage and security policies.

What is the main advantage that a network-based IDS/IPS system has over a host-based solution? -They do not use host system resources. -They are placed at the boundary, allowing them to inspect all traffic. -They are easier to install and configure. -They will not interfere with user interfaces.

They do not use host system resources.

What is the main advantage that a network-based IDS/IPS system has over a host-based solution? They do not use host system resources. They are placed at the boundary, allowing them to inspect all traffic. They are easier to install and configure. They will not interfere with user interfaces.

They do not use host system resources.

Which technical characteristic do Ethereal/Wireshark, TCPDump, and Snort have in common? They are written in Java. They send alerts to security monitors. They use the same packet analysis engine. They use the same packet capture utility.

They use the same packet capture utility.

They use the same packet capture utility. - Snort is an open source network intrusion detection system, capable of performing real time traffic analysis and packet logging on IP networks.They use the same packet capture utility.

Marin is using the mitmf tool during a penetration test and after few minutes this is what pops up on the screen. A few seconds later though, the hash is different. Why? This is Microsoft NTLMv2 hash—it's salted, so it will be different for every new request. This is Microsoft NTLMv2 hash. It's different because this is another user accessing the website. This is Microsoft NTLMv2 hash. It's different because user is visiting another website. Each website will have its own unique hash. This is Microsoft NTLMv2 hash. It's different because user changed the password in the meantime.

This is Microsoft NTLMv2 hash—it's salted, so it will be different for every new request.

Senna Spy Trojan Generator

This is a Trojan that comes hidden in malicious programs. Once you install the source (carrier) program is installed, this Trojan attempts to gain "root" access (administrator level access) to your computer without your knowledge.

Edge Technology Layer

This layer consists of all the hardware parts like sensors, RFID tags, readers or other soft sensors and the device itself.

Access Gateway Layer

This layer helps to bridge the gap between two endpoints like a device and a client.

Zsh

This shell can be used as an interactive login shell as well as a command-line interpreter for writing shell scripts. It is an extension of the Bourne shell and includes a vast number of improvements.

Which NMAP feature can a tester implement or adjust while scanning for open ports to avoid detection by the network's IDS? Timing options to slow the speed that the port scan is conducted. Fingerprinting to identify which operating systems are running on the network. ICMP ping sweep to determine which hosts on the network are not available . Traceroute to control the path of the packets sent during the scan.

Timing options to slow the speed that the port scan is conducted.

Siya is using a tool to defend critical data and applications without affecting performance and productivity. Following are the features of the tool: Pre-built, real-time reports that display big-picture analyses on traffic, top applications, and filtered attack events. Permits to see, control, and leverage the rules, shared services, and profiles of all the firewall devices throughout the network. Comprises of in-line, bump-in-the-wire intrusion prevention system with layer two fallback capabilities. Gives an overview of current performance for all HP systems in the network, including launch capabilities into targeted management applications by using monitors. Identify the tool used by Siya- TippingPoint IPS AlienVault® OSSIM™ Zimperium's zIPS™ Wifi Inspector

TippingPoint IPS

Kernel32.dll

To access/manipulate memory files and hardware

Which of the following is NOT a best approach to protect your firm against web server files and directories? -Eliminate unnecessary files within the .jar files -Avoid mapping virtual directories between two different servers, or over a network -Enable serving of directory listings -Disable serving certain file types by creating a resource mapping

To defend web server files and directories, you must eliminate unnecessary files within the .jar files, avoid mapping virtual directories between two different servers, or over a network, disable serving certain file types by creating a resource mapping, and also disable serving of directory listings.

User32.dll

To display and manipulate graphics

What is the sole purpose of writing destructive Trojans? To stop the working of security programs such as firewall and IDS To trick the victim to install the malicious application To randomly delete files, folders, registry entries, and local and network drives To copying itself to the system and create a scheduled task that executes the copied payload

To randomly delete files, folders, registry entries, and local and network drives

What is the sole purpose of writing destructive Trojans? To copying itself to the system and create a scheduled task that executes the copied payload To randomly delete files, folders, registry entries, and local and network drives To stop the working of security programs such as firewall and IDS To trick the victim to install the malicious application

To randomly delete files, folders, registry entries, and local and network drives

A covert channel is a channel that: Transfers information over, within a computer system, or network that is outside of the security policy. Transfers information over, within a computer system, or network that is within the security policy. Transfers information via a communication path within a computer system, or network for transfer of data. Transfers information over, within a computer system, or network that is encrypted.

Transfers information over, within a computer system, or network that is outside of the security policy.

A covert channel is a channel that: Transfers information over, within a computer system, or network that is encrypted. Transfers information via a communication path within a computer system, or network for transfer of data. Transfers information over, within a computer system, or network that is within the security policy. Transfers information over, within a computer system, or network that is outside of the security policy.

Transfers information over, within a computer system, or network that is outside of the security policy.

An NMAP scan of a server shows port 69 is open. What risk could this pose? Unauthenticated access Weak SSL version Cleartext login Web portal data leak

Trivial File Transfer Protocol (TFTP) is a File Transfer Protocol that allows a client to get a file from or put a file onto a remote host. This protocol includes no login or access control mechanisms, and therefore it is recommended to take care when using this protocol for file transfers where authentication, access control, confidentiality, or integrity checking are needed. Otherwise, it may result in unauthorized access to remote host.

Tina downloaded and installed a 3D screensaver. She is enjoying watching the 3D screensaver, but whenever the screensaver gets activated, her computer is automatically scanning the network and sending the results to a different IP address on the network. Identify the malware installed along with the 3D screensaver? Trojan Horse Virus Worm Beacon

Trojan Horse

Which of the following problems can be solved by using Wireshark? Tracking version changes of source code Checking creation dates on all webpages on a server Resetting the administrator password on multiple systems Troubleshooting communication resets between two systems

Troubleshooting communication resets between two systems

Which of the following problems can be solved by using Wireshark? Tracking version changes of source code Troubleshooting communication resets between two systems Resetting the administrator password on multiple systems Checking creation dates on all webpages on a server

Troubleshooting communication resets between two systems

SQL injection attacks do not exploit a specific software vulnerability; instead they target websites that do not follow secure coding practices for accessing and manipulating data stored in a relational database. True False

True

InfoTech Security hired a penetration tester Sean to do physical penetration testing. On the first day of his assessment, Sean goes to the company posing as a repairman and starts checking trash bins to collect the sensitive information. What is Sean trying to do? Trying to attempt social engineering using phishing Trying to attempt social engineering by eavesdropping Trying to attempt social engineering by shoulder surfing Trying to attempt social engineering by dumpster diving

Trying to attempt social engineering by dumpster diving

InfoTech Security hired a penetration tester Sean to do physical penetration testing. On the first day of his assessment, Sean goes to the company posing as a repairman and starts checking trash bins to collect the sensitive information. What is Sean trying to do? Trying to attempt social engineering by eavesdropping Trying to attempt social engineering by shoulder surfing Trying to attempt social engineering using phishing Trying to attempt social engineering by dumpster diving

Trying to attempt social engineering by dumpster diving

Which of the following tools is used to root the Android OS? zANTI LOIC TunesGo DroidSheep

TunesGo is an android tool that has an advanced android root module that recognize and analyzes your Android device and choose an appropriate Android-root-plan for it automatically.

A penetration tester is attempting to scan an internal corporate network from the Internet without alerting the border sensor. Which of the following techniques should the tester consider using? Tunneling over high port numbers Tunneling scan over SSH Scanning using fragmented IP packets Spoofing an IP address

Tunneling scan over SSH

Which of the following countermeasure helps in defending against KRACK attack? -Enable MAC address filtering on access points or routers -Turn On auto-updates for all the wireless devices and patch -Choose Wired Equivalent Privacy (WEP) instead of Wi-Fi Protected Access (WPA) -Enable SSID broadcasts

Turn On auto-updates for all the wireless devices and patch the device firmware

Which of the following countermeasure helps in defending against KRACK attack? -Enable MAC address filtering on access points or routers -Turn On auto-updates for all the wireless devices and patch the device firmware -Choose Wired Equivalent Privacy (WEP) instead of Wi-Fi Protected Access (WPA) -Enable SSID broadcasts

Turn On auto-updates for all the wireless devices and patch the device firmware

Which of the following are variants of mandatory access control (MAC) mechanisms? (Choose two.) Two factor authentication Acceptable use policy Username / password User education program Sign in register

Two factor authentication Username / password

Which protocol and port number might be needed to send log messages to a log analysis tool that resides behind a firewall? UDP 123 UDP 541 UDP 514 UDP 415

UDP 514

While performing a UDP scan of a subnet, you receive an ICMP reply of Code 3/Type 3 for all the pings you have sent out. What is the most likely cause of this? The host does not respond to ICMP packets. UDP port is closed. UDP port is open The firewall is dropping the packets.

UDP port is closed.

UDP port scanners use the UDP protocol instead of the TCP. There is no three-way handshake for UDP scan. The UDP protocol can be more challenging to use than the TCP scanning because you can send a packet, but you cannot determine whether the host is alive, dead, or filtered. However, you can use one ICMP that checks for open or closed ports.

Which of the following hping command performs UDP scan on port 80? hping3 -2 <IP Address> -p 80 hping3 -1 <IP Address> -p 80 hping3 -A <IP Address> -p 80 hping3 -F -P -U <IP Address> -p 80

UDP scan on port 80: hping3 -2 <IP Address> -p 80

Which of the following hping command performs UDP scan on port 80? hping3 -2 <IP Address> -p 80 hping3 -1 <IP Address> -p 80 hping3 -A <IP Address> -p 80 hping3 -F -P -U <IP Address> -p 80

UDP scan on port 80: hping3 -2 <IP Address> -p 80 - Hping uses TCP as its default protocol. Using the argument -2 in the command line specifies that Hping operates in UDP mode.

Which of the following technique defends servers against blind response forgery? -UDP source port randomization -Removal of carriage returns (CRs) and linefeeds (LFs) -Restriction of web application access to unique IPs -Disallow carriage return (%0d or \r) and line feed (%0a or \n) characters

UDP source port randomization technique defends servers against blind response forgery. Limit the number of simultaneous recursive queries and increase the times-to-live (TTL) of legitimate records.

In which of the following attacks does an attacker use an ORDER BY clause to find the right number of columns in a database table? Piggybacked query In-line comments UNION SQL injection Tautology

UNION SQL injection

Which tool can be used to silently copy files from USB devices? USB Grabber USB Dumper USB Sniffer USB Snoopy

USB Dumper copies the files and folders from the flash drive silently when it connected to the pc. It transfer the data from a removable USB drive to a directory named 'USB' by default, with an option to change it.

An NMAP scan of a server shows port 69 is open. What risk could this pose? Unauthenticated access Weak SSL version Cleartext login Web portal data leak

Unauthenticated access

An NMAP scan of a server shows port 69 is open. What risk could this pose? Weak SSL version Cleartext login Web portal data leak Unauthenticated access

Unauthenticated access

An IT security engineer notices that the company's web server is currently being hacked. What should the engineer do next? Determine the origin of the attack and launch a counterattack. Perform a system restart on the company's web server. Unplug the network connection on the company's web server. Record as much information as possible from the attack.

Unplug the network connection on the company's web server.

Which of the following tools is not used for iOS Jailbreaking? Yalu Velonzy TaiG Unrevoked

Unrevoked

A network administrator has observed that the computers in his network have Windows 7 operating system. The administrator has learned that the WannaCry ransomeware is affecting Windows 7 Systems across the globe. Which of the following is the best option that the network administrator has to provide efficient security and defend his network? Remove all the Windows 7 machines from the network Update Security Patches and fixes provided by Microsoft Perform penetration testing on all the Machines in the network Conduct vulnerability assessment of all the machines in the network

Update Security Patches and fixes provided by Microsoft

Susan works for "CustomData Intl." and she has to deploy a guest Wi-Fi. She did everything by the manual and deployed the guest Wi-Fi successfully. The deployed guest Wi-Fi is separated from the company network, it is protected with WPA2 and every user wants to use the Wi-Fi has to ask for a username and password. There is one problem though—after a few months she noticed that the users connecting to the guest Wi-Fi are being attacked with MitM attacks. She identified that the MitM attack was initiated with ARP spoofing. She found that someone is stealing users' web application credentials, including Windows system credentials in some cases. Unfortunately, internal users have also become prey to these attacks since they used guest Wi-Fi because it was more open than their internal network. So, only external guests are not being compromised. She wanted to mitigate this issue and the first step she took was to ban all internal users from guest using Wi-Fi network. What, according to you, is the easiest and probably the best way to prevent the ARP spoofing attacks on Wi-Fi networks? Use Client isolation WiFi feature Use IPsec on WiFi Use HTTPS all the time It's impossible to protect WiFi from ARP spoofing

Use Client isolation WiFi feature

AAA (Authentication, Authorization and Accounting)

Use of AAA (Authentication, Authorization and Accounting) server mechanism in order to filter MAC addresses subsequently.

LOIC

Used in Operation Payback - Low Orbit Ion Cannon is an open-source network stress testing and denial-of-service attack application, written in C#.

HOIC

Used in the Operation Megaupload - High Orbit Ion Cannon is an open-source network stress testing and denial-of-service attack application written in BASIC designed to attack as many as 256 URLs at the same time. It was designed to replace the Low Orbit Ion Cannon

Which of the following types of jailbreaking allows user-level access but does not allow iboot-level access? Userland Exploit iBoot Exploit Bootrom Exploit None of the above

Userland Exploit

Which of the following types of jailbreaking allows user-level access but does not allow iboot-level access? Userland Exploit iBoot Exploit Bootrom Exploit None of the above

Userland Exploit uses a loophole in the system application. It allows user-level access but does not allow iboot-level access. You cannot secure iOS devices against this exploit, as nothing can cause a recovery mode loop.

An attacker tries to enumerate the username and password of an account named "rini Mathew" on wordpress.com. On the first attempt, the attacker tried to login as "rini.mathews," which resulted in the login failure message "invalid email or username." On the second attempt, the attacker tried to login as "rinimathews," which resulted in a message stating that the password entered for the username was incorrect, thus confirming that the username "rinimathews" exists. What is the attack that is performed by the attacker? Brute-forcing Username enumeration Man-in-the-middle Phishing

Username enumeration

Using misconfiguration vulnerabilities such as unvalidated inputs, parameter/form tampering, improper error handling, insufficient transport layer protection, and so on, attackers gain unauthorized accesses to default accounts, read unused pages, read/write unprotected files and directories, and so on.

While performing data validation of web content, a security technician is required to restrict malicious input. Which of the following processes is an efficient way of restricting malicious input? Validate web content input for query strings Validate web content input with scanning tools Validate web content input for type, length, and range Validate web content input for extraneous queries

Validate web content input for type, length, and range

Identify the component of the web server that provides storage on a different machine or a disk after the original disk is filled-up? Server root Document root Virtual hosting Virtual document tree

Virtual document tree

Which of the following provides storage on a different machine or disk after the original disk is filled up? Document root Server root Virtual document tree Virtual hosting

Virtual document tree

Which of the following provides storage on a different machine or disk after the original disk is filled up? Document root Server root Virtual document tree Virtual hosting

Virtual document tree provides storage on a different machine or a disk after the original disk is filled up. It is case sensitive and can be used to provide object-level security.

Virus

In which of the following online services can a security analyst upload the suspicious file to identify whether the file is a genuine one or a malicious one? Whois.com VirusTotal.com Netcraft.com domainsearch.com

VirusTotal Whois.com, Netcraft.com, and domainsearch.com are the online web services that are mostly used to identify the domain information about any organization.

In which of the following online services can a security analyst upload the suspicious file to identify whether the file is a genuine one or a malicious one? VirusTotal.com domainsearch.com Whois.com Netcraft.com

VirusTotal.com

Martha is a network administrator in a company named "Dubrovnik Walls Ltd." She realizes that her network is under a DDoS attack. After careful analysis, she realizes that large amounts of UDP packets are being sent to the organizational servers that are present behind the "Internet facing firewall." What type of DDoS attack is this? Volume (volumetric) attack Protocol attack Application layer attack SYN flood attack

Volume (volumetric) attack

Which of the following terms refers to the existence of a weakness, design flaw, or implementation error that can lead to an unexpected event compromising the security of the system? Exploit Hacking Vulnerability Zero-Day Attack

Vulnerability

Which of the following consists of 40/104 bit Encryption Key Length? WPA WEP RSA WPA2

WEP

Which of the following tools consists of a publicly available set of databases that contain personal information of domain owners? Traceroute tools Metadata extraction tools Web spidering tools WHOIS lookup tools

WHOIS lookup tools

Which of the following tools consists of a publicly available set of databases that contain personal information of domain owners? WHOIS lookup tools Traceroute tools Web spidering tools Metadata extraction tools

WHOIS lookup tools

Which of the following includes mandatory support for Counter Mode with Cipher Block Chaining Message Authentication Code Protocol (CCMP)? TKIP WPA2 WPA WEP

WPA2 (Wi-Fi Protected Access 2) is a security protocol used to safeguard the wireless networks and has replaced WPA technology in 2006. It is compatible with the 802.11i standard and supports many security features that WPA does not support.

WannaCry Ransomware

WannaCry is ransomware that on execution encrypts the files and locks the user's system thereby leaving the system in an unusable state. The compromised user has to pay ransom in bitcoins to the attacker to unlock the system and get the files decrypted.

Which of the following windows service vulnerability does the WannaCry ransomware exploit during the attack on any windows machine? SMB SMTP DNS SNMP

WannaCry ransomware spreads through malicious e-mail attachments and also spreads across the same LAN by using a Windows SMB (server message block) vulnerability via port 445 (Microsoft Security Bulletin MS17-010).

An attacker identifies the kind of websites a target company/individual is frequently surfing and tests those particular websites to identify any possible vulnerabilities. When the attacker identifies the vulnerabilities in the website, the attacker injects malicious script/code into the web application that can redirect the webpage and download the malware onto the victim's machine. After infecting the vulnerable web application, the attacker waits for the victim to access the infected web application. What kind of an attack is this? Water hole attack Phishing attack Denial-of-service attack Jamming attack

Water hole attack

Which of the following DoS attack detection techniques analyzes network traffic in terms of spectral components? It divides incoming signals into various frequencies and examines different frequency components separately. Activity Profiling Wavelet-based Signal Analysis Change-point Detection Signature-based Analysis

Wavelet-based Signal Analysis

Sarah is facing one of the biggest challenges in her career—she has to design the early warning DDoS detection techniques for her employer. She starts developing the detection technique which uses signal analysis to detect anomalies. The technique she is employing analyzes network traffic in terms of spectral components where she divides the incoming signals into various frequencies and analyzes different. Which DDoS detection technique is she trying to implement? Wavelet-based signal analysis Activity profiling Change-point detection NetFlow detection

Wavelet-based signal analysis

N-Stalker

Web Application Security Scanner - security assessment tool that incorporates N-Stealth HTTP Security Scanner.

Which of the following techniques allows attackers to inject malicious script on a web server to maintain persistent access and escalate privileges? Scheduled Task Web Shell Launch daemon Access Token Manipulation

Web Shell

Which of the following techniques allows attackers to inject malicious script on a web server to maintain persistent access and escalate privileges? Scheduled Task Launch daemon Access Token Manipulation Web Shell

Web Shell

Which of the following automatically discover hidden content and functionality by parsing HTML form and client-side JavaScript requests and responses? Web Spiders Firewalls Proxies Banners

Web Spiders

WebCruiser

Web Vulnerability and web pen testing tool used for auditing website security

Which of the following provides an interface between end users and webservers? Database Web applications Firewall Demilitarized zone

Web applications

WhoIs Lookup

Whois.com, Netcraft.com, and domainsearch.com are the online web services that are mostly used to identify the domain information about any organization. VirusTotal is an online web service that is effectively used to analyze suspicious files and URLs, and facilitates the detection of viruses, worms, Trojans, and so on.

WiFiFoFum

WiFiFoFum is a wardriving app to locate, display and map found WiFi networks.

This application is a Wi-Fi security tool for mobile devices, It works on both Root and Non-root devices, and it can prevent ARP spoofing attacks such as MITM attacks, which are used by some applications such as WifiKill, dSploit, and sniffers.

WiFiGuard

By conducting which of the following monitoring techniques can a security professional identify the presence of any malware that manipulates HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services registry keys to hide its processes? Registry monitoring Windows services monitoring Process monitoring Startup programs monitoring

Windows services monitoring

By conducting which of the following monitoring techniques can a security professional identify the presence of any malware that manipulates HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services registry keys to hide its processes? Startup programs monitoring Registry monitoring Windows services monitoring Process monitoring

Windows services monitoring

By conducting which of the following monitoring techniques can a security professional identify the presence of any malware that manipulates HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services registry keys to hide its processes? Startup programs monitoring Registry monitoring Windows services monitoring Process monitoring

Windows services monitoring

How does the SAM database in Windows operating system store the user accounts and passwords? The operating system performs a one-way hash of the passwords. The operating system stores the passwords in a secret file that users cannot find. The operating system uses key distribution center (KDC) for storing all user passwords. The operating system stores all passwords in a protected segment of volatile memory.

Windows uses the security accounts manager (SAM) database or active directory database to manage user accounts and passwords in the hashed format (one-way hash).

In the options given below; identify the nature of a library-level rootkit? Uses devices or platform firmware to create a persistent malware image in hardware Functions either by replacing or modifying the legitimate bootloader with another one Operates inside the victim's computer by replacing the standard application files Works higher up in the OS and usually patches, hooks, or supplants system calls with backdoor versions

Works higher up in the OS and usually patches, hooks, or supplants system calls with backdoor versions

Which of the following is not a defense technique against malicious NTFS streams? Write critical data to alternate data streams Move suspected files to FAT partition Use File Integrity Monitoring tool like tripwire Use up-to-date antivirus software

Write critical data to alternate data streams

Which of the following is not a defense technique against malicious NTFS streams? Use up-to-date antivirus software Write critical data to alternate data streams Use File Integrity Monitoring tool like tripwire Move suspected files to FAT partition

Write critical data to alternate data streams

Which of the following is an Android Vulnerability Scanning Tool? Yalu Velonzy TaiG X-Ray

X-Ray

Which of the following is an Android Vulnerability Scanning Tool? Yalu Velonzy TaiG X-Ray

X-Ray

Which of the following is an Android Vulnerability Scanning Tool? Yalu Velonzy TaiG X-Ray

X-Ray is an android Vulnerability Scanner. Yalu, Velonzy and TaiG are iOS Jailbreaking tools

Which technology do SOAP services use to format information? SATA PCI XML ISDN

XML

XOR or Exclusive OR function is a binary logical operation that results in true (1) only when one input is true (1) and the other is false (0). It returns false (0) when both the inputs are true (1) or false (0).

Which of the following is a Mobile Device Management Software? XenMobile Phonty SpyBubble GadgetTrak

XenMobile

Which of the following Trojans uses port number 1863 to perform attack? Priority Millennium XtremeRAT Devil

XtremeRAT

Which of the following Trojans uses port number 1863 to perform attack? Priority Millennium XtremeRAT Devil

XtremeRAT

Which of the following Trojans uses port number 1863 to perform attack? Priority Millennium XtremeRAT Devil

XtremeRAT

Which of the following Trojans uses port number 1863 to perform attack? Priority Devil XtremeRAT Millennium

XtremeRAT

Yancey would be considered a suicide hacker.

Jason, a penetration tester, is testing a web application that he knows is vulnerable to a SQL injection but the results of the injection are not visible to him. He tried waitfor delay command to check the SQL execution status which confirmed the presence of the SQL injection vulnerability. Which type of SQL injection is Jason attempting on the web application? a. Blind SQL injection b. Error-based SQL injection c. UNION SQL injection d. Simple SQL injection

a. Blind SQL injection

What is the correct order for vulnerability management life cycle? a. Creating baseline → vulnerability assessment → risk assessment → remediation → verification → monitor b. Verification → vulnerability assessment → monitor → remediation → creating baseline → risk assessment c. Verification → risk assessment → monitor → remediation → creating baseline → vulnerability assessment Monitor → risk assessment → remediation → verification → creating baseline → vulnerability assessment

a. Creating baseline → vulnerability assessment → risk assessment → remediation → verification → monitor

Enacted in 2002, this US law requires every federal agency to implement info sec programs, including significan reporting on compliance and accreditation. Which of the following is the best choice for this definition? a. FISMA b. HIPPA c. NIST 800-53 d. OSSTM

a. FISMA

Which of the following addresses the collection and disclosure of costomers' personal financial information by financial institutions? a. GLBA b. SOX c. HIPPA d. FISMA

a. GLBA

Which cliometric scan focuses on the colored portion of the user's eye? a. iris b. corneal c. facial recognition d. retina

a. Iris

Keystroke loggers are stealth software packages that are used to monitor keyboard activities. Which is the best location to place such keyloggers? a. Keyboard hardware and the operating system b. UPS and keyboard c. Operating system and UPS d. Monitor and keyboard software

a. Keyboard hardware and the operating system

Attackers craft malicious probe packets and scan for services such as HTTP over SSL (HTTPS), SMLTP over SSL (SMTPS) and IMAP over SSL (IMAPS) to detect honeypots in a network. Which of the following conditions shows the presence of a honeypot? a. Ports show a particular service running but deny a three-way handshake b. Ports show a particular service running and allow a three-way handshake c. Ports do not show any particular service running d. Scan shows that no scanned port is live on the network

a. Ports show a particular service running but deny a three-way handshake

Proxy is a network computer that can serve as an intermediary for connecting with other computers. Which of the following sentences is true about a proxy? a. Protects the local network from outside access.. b. Does not allow the connection of a number of computers to the Internet when having only one IP address. c. Allows attackers to view the desktop of the user's system. d. Cannot be used to filter out unwanted content.

a. Protects the local network from outside access..

In order to compromise or to hack a system or network the hacker go through various phases of hacking.What is the first hacking phase that hackers perform to gather information about a target prior to launching an attack? a. Reconnaissance b. Scanning c. Gaining access d. Maintaining Access e. Clearing tracks

a. Reconnaissance

Which of the following connection types can cause a security issue when an IDS is in the path? a. SSL b. T1 c. GRE tunnel d. ISDN

a. SSL

Address Resolution Protocol (ARP) is a protocol for mapping an IP address to a physical machine address that is recognized in the local network. ARP Spoofing involved constructing a large number of forged ARP request and reply packets to overload: a. Switch b. Router c. Hub d. Bridge

a. Switch

Defense-in-depth is a security strategy in which several protection layers are placed throughout an information system. It helps to prevent direct attacks against an information system and data because a break in one layer only leads the attacker to the next layers. a. True b. False

a. True

Which tools are used to discover a nearby wi-fi network or device? Choose all a. WirelessMon b. AirPcap c. Skyhook d. NetStumbler e. Vistumbler f. Wireshark

a. WirelessMon d. NetStumbler e. Vistumbler

A CEH has no knowledge of the network and has to define boundaries, nondisclosure agreements, and completion date. Which of the following is a true statement? a. a white hat is attempting a black-box test. b. a white hat is attempting a white-box test. c. a black hat is attempting a black-box test. d. a black hat is attempting a grey-box test.

a. a white hat is attempting a black-box test.

You have been asked to perform a thorough vulnerability assessment for your company's file server. you must ensure that you complete all of the appropriate steps for the assessment. What is the first step for phase? a. acquisition b. generating reports c. analyzing d. evaluation e. identification

a. acquisition

Your organization has implemented a two factor authentication system that includes usernames, passwords, and smart cards. Users are assigned classifications, and access to resources is granted based on the resource's security label. Which access control mechanism does this implement? a. mandatory access control b. physical access control c. detective access control d. roll-based access control

a. mandatory access control

Which statements are true of ARP? (pick 2) a. prone to man in the middle attacks b. maps 48-bit addresses to host names c. resistant to man in the middle attacks d. maps 48-bit addresses to 32-bit addresses e. maps 32-bit address to host names

a. prone to man in the middle attacks d. maps 48-bit addresses to 32-bit addresses

You need to exchange confidential with a trusted partner. The partner indicates to you that he will issue certificates. These certs are signed by the same entity that verifies the certificates identity. Which term is used for the type of cert issued by the partner? a. self-signed certs b. x.509 certs c. signed certs d. online certs

a. self-signed certs

Enumeration is defined as the process of extracting user names, machine names, network resources, shares, and services from a system. Which of the following commands can be used in a UNIX environment to enumerate the shared directories on a machine? a. showmount b. finger c. rpcinfo d. rpcclient

a. showmount

Snort is an open-source, free and lightweight network intrusion detection system (NIDS) software for Linux and Windows to detect emerging threats. Snort can be used to detect SQL injection attacks. Identify the correct Snort rule to detect SQL injection attacks. alert tcp $EXTERNAL_NET any -> 172.16.66.23 443 (msg:""SQL Injection attempt on Finance Dept. webserver""; flow:to_server,estahlished; uricontent:"".pl"";pcre:""/(\%27)|(\')|(\-\-)|(%23)|(#)/i""; classtype:Web-application-attack; sid:9099; rev:5;) rule SQLiTester { meta: description = ""SQL Injection tester"" author = ""Ellaria Sand"" date = ""2016-04-26"" hash = ""dc098f88157b5cbf3ffc82e6966634bd280421eb"" strings: $s0 = "" SQL Injection tester"" ascii $s17 = ""/Blind SQL injection tool"" fullword ascii $s18 = ""SELECT UNICODE(SUBSTRING((system_user),{0},1))"" fullword wide condition: uint16(0) == 0x5a4d and filesize < 1040KB and all of them } ule SQLiTester { meta: description = ""SQL Injection tester"" author = ""Ellaria Sand"" date = ""2016-04-26"" hash = ""dc098f88157b5cbf3ffc82e6966634bd280421eb"" strings: $s0 = "" SQL Injection tester"" ascii $s17 = ""/Blind SQL injection tool"" fullword ascii $s18 = ""WAITFOR DELAY '0:0:10' --"" fullword wide condition: uint32(0) == 0x5a4d and filesize < 1040KB and all of them } alert tcp $EXTERNAL_NET any -> $HOME_NET any (msg:""SQL Injection attempt on Finance Dept. webserver""; flow:stateless; ack:0; flags:S; ttl:>220; reference:arachnids,439; classtype:attempted-recon; sid:613; rev:6;)"

alert tcp $EXTERNAL_NET any -> 172.16.66.23 443 (msg:""SQL Injection attempt on Finance Dept. webserver""; flow:to_server,estahlished; uricontent:"".pl"";pcre:""/(\%27)|(\')|(\-\-)|(%23)|(#)/i""; classtype:Web-application-attack; sid:9099; rev:5;) rule SQLiTester {

ND makes use of multicast addresses. Which multicast address is expressed using ff02::1?

all nodes

zANTI

an android application which allows you to perform various attacks.

FaceNiff

an android tool for hackers (newbies) who want to sniff and intercept web session profiles over the WiFi connection.

application-level flood attack

an attacker exploits bugs in any sort of networked application, such as buffer overflows, in order to execute a DoS attack.

DHCP starvation attack

an attacker floods the DHCP server by sending a large number of DHCP requests and uses all of the available IP addresses that the DHCP server can issue. As a result, the server cannot issue any more IP addresses, leading to Denial-of-Service (DoS) attacks.

eMailTrackerPro

analyzes email headers and reveals information such as sender's geographical location, IP address and so on.

Which of the following database is used to delete the history of the target website? TCP/IP and IPSec filters archive.org Implement VPN WhoIs Lookup database

archive.org

Which of the following database is used to delete the history of the target website? TCP/IP and IPSec filters archive.org WhoIs Lookup database Implement VPN

archive.org

Which of the following cn summarize routing information before sending link-state packets to other networks?

area border routers

____ can summarize routing information before sending link-state packets to other networks.

area border routers

In a RIPv2 packet, the ____ field contains a plain text password.

authentication

The purchase price for each system is $1200. Administrators earn $50 an hour. It takes 5 hours to replace a machine. 5 employees earning $25 an hour depend on each system and wont be productive while it's down. What is an ALE on these devices? a. $2075 b. $207.50 c. $120 d. $1200

b. $207.50

Due to the need to support legacy systems, you ahve been forced to rely on a LAN Manager password security. To ensure that users passwords are strong enough, you plan to use john the ripper to crack the passwords after obtaining the sAM files from the domain controllers. One of the domains requires 14 characters in the password, while another domain requires only 8. Which of the following statements is true? a. 8-character passwords will take longer to crack than the 14 character passwords b. 14 character passwords will take only slightly longer to crack than the 8 character passwords c. 14 character passwords will take much longer to crack than the 8 character passwords d. 14 character and 8 character passwords will take exactly the same amount of time to crack

b. 14 character passwords will take only slightly longer to crack than the 8 character passwords

What is the block and output size of SHA-1? a. 1024-bit blocks with an output of 256 bits b. 512-bit blocks with an output of 160 bits c. 512-bit blocks with an output of 128 bits d. 1088-bit blocks with an output of 256 bits

b. 512-bit blocks with an output of 160 bits

Secure Hashing Algorithm (SAH) is an algorithm for generating cryptographically secure one-way has, published by the National Institutes of Standards and Technology as a U.S. Federal Information Processing Standard. What is the block (word) size used by SHA-512. a. 32-bit b. 64-bit c. 128-bit d. 256-bit

b. 64-bit

An intrusion detection system (IDS) gathers and analyzes information from within a computer or network, to identify the possible violation of security policy, including unauthorized access, as well as misuse. Which of the following IDS detection techniques detects the intrusion based on the fixed behavioral characteristics of the users and components in a computer system? a. Signature recognition b. Anomaly detection c. Protocol anomaly detection d. All of the above

b. Anomaly detection

Which of the following best describes an effort to identify systems that are critical for continuation of operation for the organization? a. BCP b. BIA C. MTD D. DRP

b. BIA Business Impact Analysis

Lawful intercept is a process that enable a Law Enforcement Agency (LEA) to perform electronic surveillance on a target as authorized by a judicial or administrative order. Which of the following statements is true for lawful intercept? a. Affects the subscriber's services on the router b. Hides information about lawful intercepts from all but the most privileged users c. Does not allow multiple LEAs to run a lawful intercept on the same target without each other's knowledge d. Allows wiretaps only for outgoing communication e. Alters the traffic

b. Hides information about lawful intercepts from all but the most privileged users

RSA is a public-key cryptosystem developed by MIT professors Ronald L. Rivest, Adi Shamir, and Leonard M. Adelman in 1977 in an effort to ensure Internet security. RSA uses modular arithmetic and elementary number theory to do computations using two very large prime numbers. Identify the statement which is true for the RC6 algorithm: a. Is a variable key-size stream cipher with byte-oriented operations and is based on the use of a random permutation b. Includes integer multiplication and the use of four 4-bit working registers. c. Is a parameterized algorithm with a variable block size, key size, and a variable number of rounds d. Is a 64 bit block cipher that uses a key length that can vary between 32 and 448 bits

b. Includes integer multiplication and the use of four 4-bit working registers.

Hacker is a person who illegally breaks into a system or network without any authorization to destroy, steal sensitive data or to perform any malicious attacks. Black Hat hackers are: a. Individuals professing hacker skills and using them for defensive purposes and are also known as security analysts b. Individuals with extraordinary skills, resorting to malicious or destructive activities and are also known as crackers. c. Individual to aim to bring down critical infrastructure for a "cause" and are not worried about facing 30 years in jail for their actions. d. Individuals who work both offensively and defensively at various times.

b. Individuals with extraordinary skills, resorting to malicious or destructive activities and are also known as crackers.

OS fingerprinting is the method used to determine the operating system running on a remote target system. It is an important scanning method, as the attacker will have a greater possibility of success if he/she knows the OS. Active stack fingerprinting is one of the types of OS fingerprinting.Which of the following is true about active stack fingerprinting? a. Uses password crackers to escalate system privileges b. Is based on the fact that various vendors of OS implement the TCP stack differently c. Uses sniffing techniques instead of the scanning techniques d. Is based on the differential implementation of the stack and the various ways an OS responds to it.

b. Is based on the fact that various vendors of OS implement the TCP stack differently

Firewall is a set of related programs, located at a network gateway server that protects the resources of a private network from users from other networks. A firewall examines all traffic routed between the two networks to see if it meets certain criteria. Packet filtering is one of the categories of firewall. Packet filtering firewall works at which of these layers of the OSI model? a. Physical layer b. Network layer c. Session layer d. Application layer

b. Network layer

Wireless antenna is an electrical device which converts electrical currents into radio waves., and vice versa.Which of the following antenna used in wireless base stations provides 360 degree horizontal radiation pattern? a. Parabolic grid antenna b. Omnidirectional antenna c. Yagi antenna d. Dipole antenna

b. Omnidirectional antenna

Firewall implementation and design for an enterprise can be a daunting task. Choices made early in the design process can have far-reaching security implications for years to come. Which of the following firewall architectures is designed to host servers that offer public services? a. Bastion Host b. Screened subnet c. Screened host d. Screened

b. Screened subnet

Sniffers turn the NIC of a system to the promiscuous mode so that it listens to all the data transmitted on its segment. It can constantly read all information entering the computer through the NIC by decoding the information encapsulated in the data packet. Passive sniffing is one of the types of sniffing. Passive sniffing refers to: a. Sniffing through a switch b. Sniffing through a hub c. Sniffing through a router d. Sniffing through a bridge

b. Sniffing through a hub

Steganography is a technique of hiding secret messages within an ordinary message and extracting it at the destination to maintain confidentiality of data. Which of the following steganography techniques embed a secret message in the frequency domain of a signal? a. Substitution b. Transform domain c. Spread spectrum d. Domain distortion e. Cover generation

b. Transform domain

Network Time Protocol (NTP) is designed to synchronize clocks of networked computers. Which of the following ports does NTP use as it's primary means of communication? a. UCP port 113 b. UDP port 123 c. UDP port 161 d. UDP port 320

b. UDP port 123

A member of a pen test team is hired to test a bank's security. She searches for IP addresses the bank may own by searing public records on the internet. She also looks up news articles and job posts to discover info that may be valuable. in what phase of the pen test is sally working? a. preparation b. assessment c. conclusion d. reconnaissance

b. assessment

You are learning to create Trojans by using wrapper tools. You write the following endless loop: #include <iostream> using namespace std; int main () { bool done = false; while (!done) { cerr << "Warning, Warning--Trojan running--Warning! Warning!" << endl; } How would you use a wrapper tool to hide this malware inside of the legitimate WIndows executable winlogon.exe? a. bind the library file (.lib) to winlogon.exe b. bind the compilation file (.exe) to winlogon.exe c. bind the declaration file (.h) to winlogon.exe d. bind the implementation file (.cpp) to winlogon.exe

b. bind the compilation file (.exe) to winlogon.exe

What information is measured in a retina scan? a. ocular pressure b. blood vessels c. colored ridges d. pupil size

b. blood vessels

Your company has hired a third party to identify vulnerabilities on the network. Recently, one of the contractors performed a vulnerability scan over the internet that identified the vulnerabilities on the internal web server. which type of vulnerability scan occurred? a. external, application vulnerability scan b. external, host-based vulnerability scan c. internal, host-based vulnerability scan d. internal, application vulnerability scan

b. external, host-based vulnerability scan

Another member of the security team is confused about XSS attacks. You explain how phishing attempts can use XSS to replace existing content on the webpage. She decides to write a simple JavaScript XSS defacement function. Which document object methods should you suggest she use. Choose all. a. write() b. adoptnode() c. getElementByID() d. imporNode() e. open() f. renameNode() f. getElemensByTagName()

b. getElementById() g. getELementsByTagName()

Which of the following statements are true of the program ipfwadm? choose all a. it is a program written for windows b. it controls the packet filter or firewall capabilities c. it has additional code that filters for fragmented packets d. it was replaced by the program ipchains

b. it controls the packet filter or firewall capabilities d. it was replaced by the program ipchains

Joe, who does not work for your company, was able to steal an employee badge from a car in the parking lot and use it to enter the facility. What type of threat does Joe present? a. insider associate b. outside affiliate c. pure insider d. insider affiliate

b. outside affiliate

In which state of an ethical hack would the attacker actively apply tools and techniques to gather more in depth information on the targets? a. active reconnaissance b. scanning and enumeration c. gaining access d. passive reconnaissance

b. scanning and enumeration

Joe will be laid off soon. joe plants viruses and sets about destroying data and settings throughout the network, with no regard to being caught. what type of hacker is joe? a. hacktivist b. suicide hacker c. black hat d. script kiddie

b. suicide hacker

Which type of attack is generally conducted as an inside attacker with elevated privileges on the resources? a. gray box b. white box. c. black box d. active reconnaissance

b. white box.

Out of the following tools, which tool can be used to find buffer overflow vulnerabilities present in the system? Z-Wave Sniffer Censys Firmalyzer Enterprise beSTORM

beSTORM

Out of the following tools, which tool can be used to find buffer overflow vulnerabilities present in the system? Z-Wave Sniffer Censys Firmalyzer Enterprise beSTORM

beSTORM

beSTORM is a smart fuzzer to find buffer overflow vulnerabilities by automating and documenting the process of delivering corrupted input and watching for unexpected response from the application.

Which of the following occurs on a network when ICMP is turned off and a router discards packets without sending any notification about its actions?

black hole

ZoneAlarm PRO FIREWALL 2018

blocks attackers and intruders from accessing your system. It monitors programs for suspicious behavior spotting and stopping new attacks that bypass traditional anti-virus protection. It prevents identity theft by guarding your data. It even erases your tracks allowing you to surf the web in complete privacy. Furthermore, it locks out attackers, blocks intrusions, and makes your PC invisible online. Also, it filters out an annoying and potentially dangerous email.

Which of the following represents a network address that all hosts on a network must read?

broadcast address

Wi-Fi Protected Access (WPA) is a data encryption method for WLANs based on 802.11 standard. It improves on the authentication and encryption features of WEP (Wired Equivalent Privacy). Temporal Key Integrity Protocol (TKIP) enhances WEP by adding a rekeying mechanism to provide fresh encryption and integrity keys. Temporal keys are changed every ______________. a. 1,000 packets b. 5,000 packets c. 10,000 packets d. 15,000 packets

c. 10,000 packets

Wired Equivalent Privacy (WEP) is an IEEE 802.11 wireless protocol which provides security algorithms for data confidentiality during wireless transmissions. WEP uses stream cipher RC4 for confidentiality, and the CRC-32 checksum for integrity of wireless transmission. What is the size of the WEP initialization vector? a. 8-bit b. 16-bit c. 24-bit d. 32-bit

c. 24-bit

The CAM table in a switch stores information such as MAC addresses available on physical ports with their associated VLAN parameters. What happens when a CAM table is full? a. Additional ARP request traffic will not be forwarded to any port on the switch b. The switch will stop functioning and get disconnected from the network c. Additional ARP request traffic will flood every port of the switch d. It does not affect the switch functioning

c. Additional ARP request traffic will flood every port of the switch

Consider the attack scenario given below: Step 1: User browses a web page Step 2: Web Server replies with a requested page and sets a cookie on the user's browser Step 3: Attacker steals cookie (Sniffing, XSS, phishing attack) STEP 4: Attacker order product using modified cookie STEP 5: Product is delivered to attacker's address Identify the web application attack. a. Session fixation attack b. Unvalidated redirects attacks c. Cookie poisoning attack d. Denial-of-Service (DoS) attack

c. Cookie poisoning attack

As a system administrator, you are responsible for maintaining the website of your company which deals in online recharge of mobile phone cards. One day, to your surprise, you find the homepage of your company's website defaced. What is the reason for webpage defacement? a. Denial of Service attack b. Session Hijacking c. DNS attack through cache poisoning d. Buffer overflow

c. DNS attack through cache poisoning

An intrusion detection system (IDS) gathers and analyzes information from within a computer or a network, to identify the possible violations of security policy, including unauthorized access, as well as misuse. Attackers use various IDS evasion techniques to bypass intrusion detection mechanisms. Which of the following evasion techniques rely on Time-to-Live (TTL) fields of a TCP/IP packet? a. Denial-of-Service b. Obfuscation c. Insertion Attack d. Unicode Evasion

c. Insertion Attack

Which of the following insider threat is caused due to the employee's laxity toward security measures, policies, and practices? a. Malicious insider b. Professional insider d. Compromised insider c. Negligent insider

c. Negligent insider

Enumeration is defined as the process of extracting user names, machine names, network resource shares, and services from a system.Which of the following is an enumeration an attacker used to obtain a list of computers that belongs to a domain? a. NTP b. SMTP c. NetBIOS d. SNMP

c. NetBIOS

Identify the denial-of-service attack that is carried out using a method know as "bricking a system." Unlike other DoS attacks, it sabotages the system hardware, requiring the victim to replace or reinstall the hardware. a. ICMP Flood attack b. Application Level Flood attacks c. Phlashing d. Bandwidth attacks

c. Phlashing

Which of the following indicator identifies a network intrusion? a. Sudden decrease in bandwidth consumption is an indication of intrusion b. Rare login attempts from remote hosts c. Repeated probes of the available services on your machines d. Connection requests from IPs from those systems within the network range

c. Repeated probes of the available services on your machines

Password cracking is a technique used to extract user's password of application/files without the knowledge of the legitimate user. Which of the password cracking techniques will the attacker use if he/she gets some information about the password to crack? a. Denial of service attack b. Syllable attack c. Rule-based attack d. Distributed Network Attack (DNA)

c. Rule-based attack

c. Signed certificates

Which of the following scanning techniques do attackers use to bypass firewall rules, logging mechanism, and hide themselves as usual network traffic? a. TCP connect scanning b. XMAS scanning technique c. Stealth scanning technique d. FIN scanning technique

c. Stealth scanning technique

A virus is a self-replication program that produces its own code by attaching copies of it into other executable codes. Which of the following viruses evade the anti-virus software by intercepting tis request to the operating system? a. Cluster b. Macro c. Stealth/Tunneling d. System or boot sector

c. Stealth/Tunneling

Buffer overflow occurs when an application write more data to a block of memory, or buffer, than the buffer is allocated to hold. Buffer overflow attacks allow an attacker to modify the __________ in order to control the process execution, crash the process and modify internal variables. a. Target rainbow table b. Target SAM file c. Target process' address space d. Target remote access

c. Target process' address space

Denial of Service (Dos) is an attack on a computer or network that prevents legitimate use of its resources. In a DoS attack, attackers flood victim system with non-legitimate service requests or traffic to overload its resource, which prevents it from performing its intended tasks. Which of the following is a symptom of a DoS attack? a. Decrease in the amount of spam emails received b. Automatic increase in network bandwidth c. Unavailability of a particular website d. Automatic increase in network performance

c. Unavailability of a particular website

Which of the following Wi-Fi chalking method refers to drawing symbols in public places to advertise open Wi-Fi networks? a. WarWalking b. WarFlying c. WarChalking d. WarDriving

c. WarChalking

Session hijacking refers to the exploitation of a valid computer session where an attacker takes over a session between two computers. Which of the following factors contribute to a successful session hijacking attack? a. Account lockout for invalid session IDs b. Definite session expiration time c. Weak session ID generation algorithm d. No clear text transmission

c. Weak session ID generation algorithm

Which device in a wireless local area network (WLAN) determines the next network point to which a packet should be forwarded toward its destination? a. Wireless modem b. Antenna c. Wireless router d. Mobile station

c. Wireless router

When the client is creating a session key for an SSL connection, how does the client handle the resulting key? a. encrypt w the client's private key b. encrypt w the clients public key c. encrypt w the server's public key d. encrypt w the server's private key

c. encrypt w the server's public key

Elements of security include confidentiality, integrity, and availability. Which technique provides for integrity? a. encryption b. ups c. hashing d. passwords

c. hashing

Which of the following information can be gathered by a network vulnerability scanner? Choose all a. packets received from malicious sources b. spear phishing email storage c. network topology weakness d. local user account credentials e. application configuration errors f. sensitive information sent to outside networks

c. network topology weaknesses e. application configuration errors

Your company needs to implement a firewall. It must be able to discard TCP segments arriving at an open port when they have the header flag of FIN enabled, provided they are the first packet received from the source. Which type of firewall should be implemented? a. packet filter firewall b. circuit level firewall c. stateful inspection firewall d. web application firewall

c. stateful inspection firewall

A team of developers is creating mobile apps that target apple iOS devuces. Which of the following vulnerabilities should they address when using Objective-C? a. memory corruption b. log injection c. string formatting d. thread racing e. code injection f. buffer overflow g. type confusion h. access control

c. string formatting d. thread racing e. code injection f. buffer overflow

2 hackers attempt to crack network resource security. One is considered an ethical hacker, whereas the other is not. What distinguishes the ethical hacker from the "cracker"? a. the cracker always attempts white-box testing b. the ethical hacker always attempts black-box testing. c. the cracker posts results to the internet. d. the ethical hacker always obtains written permission before testing

d. the ethical hacker always obtains written permission before testing

You are using traceroute to map the route a packets travel over a network. Which of the following statements is true when using this tool? a. the host decrements the TTL value by one and returns the packet to the previous host. b. the host increments the TTL value by one and returns the packet to the previous host. c. the host increments the TTL value by one and forwards the packet to the next host. d. the host decrements the TTL value by one and forwards the packet to the next host.

d. the hose decrements the TTL value by one and forwards the packet to the next host.

Which of the following common criteria process refers to the system of product being tested? a. st b. pp c. eal d. toe

d. toe

PDoS attack

denial of service via hardware sabotage.

What type of routing protocol uses information about the distances between networks rather than the amount of time it takes for traffic to make its way from the source network to destination network?

distance vector

Which of the following protocols are susceptible to sniffing? a. HTTP b. FTP c. NNTP d. Telnet e. All of the above

e. All of the above

Which of the following commands is used to disable the BASH shell from saving the history? history -w history -c shred ~/.bash_history export HISTSIZE=0

export HISTSIZE=0

Which of the following commands is used to disable the BASH shell from saving the history? history -c export HISTSIZE=0 history -w shred ~/.bash_history

export HISTSIZE=0: This command disables the BASH shell from saving the history by setting the size of the history file to 0. history -c: This command is useful in clearing the stored history. history-w: This command only deletes the history of the current shell, whereas the command history of other shells remain unaffected. shred ~/.bash_history: This command shreds the history file, making its contents unreadable.

To connect autonomous systems, routers use ____.

exterior gateway protocols

Change-point detection technique

filters network traffic by IP addresses, targeted port numbers, and communication protocols used, and stores the traffic flow data in a graph that shows the traffic flow rate versus time.

An attacker is using the scanning tool Hping to scan and identify live hosts, open ports, and services running on a target network. He/she wants to collect all the TCP sequence numbers generated by the target host. Which of the following Hping commands he/she needs to use to gather the required information? hping3 <Target IP> -Q -p 139 -s hping3 -A <Target IP> -p 80 hping3 -S <Target IP> -p 80 --tcp-timestamp hping3 -F -P -U 10.0.0.25 -p 80

hping3 <Target IP> -Q -p 139 -s

An attacker is using the scanning tool Hping to scan and identify live hosts, open ports, and services running on a target network. He/she wants to collect all the TCP sequence numbers generated by the target host.Which of the following Hping commands he/she needs to use to gather the required information? hping3 -A <Target IP> -p 80 hping3 <Target IP> -Q -p 139 -s hping3 -S <Target IP> -p 80 --tcp-timestamp hping3 -F -P -U 10.0.0.25 -p 80

hping3 <Target IP> -Q -p 139 -s

An attacker is using the scanning tool Hping to scan and identify live hosts, open ports, and services running on a target network. He/she wants to collect all the TCP sequence numbers generated by the target host. hping3 <Target IP> -Q -p 139 -s hping3 -A <Target IP> -p 80 hping3 -S <Target IP> -p 80 --tcp-timestamp hping3 -F -P -U 10.0.0.25 -p 80

hping3 <Target IP> -Q -p 139 -s: By using the argument -Q in the command line, Hping collects all the TCP sequence numbers generated by the target host.

Which of the following vulnerability repositories is available online and allows attackers access to information about various software vulnerabilities? http://www.securityfocus.com http://foofus.net http://project-rainbowcrack.com https://www.tarasco.org

http://www.securityfocus.com

Which of the following vulnerability repositories is available online and allows attackers access to information about various software vulnerabilities? http://project-rainbowcrack.com https://www.tarasco.org http://www.securityfocus.com http://foofus.net

http://www.securityfocus.com

A developer for a company is tasked with creating a program that will allow customers to update their billing and shipping information. The billing address field is limited to 50 characters. What pseudo code would the developer use to avoid a buffer overflow attack on the billing address field? if (billingAddress = 50) {update field} else exit if (billingAddress != 50) {update field} else exit if (billingAddress >= 50) {update field} else exit if (billingAddress <= 50) {update field} else exit

if (billingAddress <= 50) {update field} else exit

DDOS: Protocol Attack types

includes SYN floods, fragmented packet attacks, ping of death attack, smurf DDoS, teardrop attack, land attack, and so on.

Which one of the following is a Google search query used for VoIP footprinting to extract Cisco phone details? inurl:"ccmuser/logon.asp" intitle:"D-Link VoIP Router" "Welcome" inurl:"NetworkConfiguration" cisco inurl:/voice/advanced/ intitle:Linksys SPA configuration

inurl:"NetworkConfiguration" cisco

Which one of the following is a Google search query used for VoIP footprinting to extract Cisco phone details? inurl:"ccmuser/logon.asp" intitle:"D-Link VoIP Router" "Welcome" inurl:/voice/advanced/ intitle:Linksys SPA configuration inurl:"NetworkConfiguration" cisco

inurl:"NetworkConfiguration" cisco

ARP Spoofing

involves constructing a large number of forged ARP request and reply packets to overload a switch. Attackers use this flaw in ARP to create malformed ARP replies containing spoofed IP and MAC addresses.

Which of the following Cisco IOS global commands is used to enable or disable DHCP snooping on one or more VLANs? no ip dhcp snooping information option ip dhcp snooping ip dhcp snooping vlan 4,104 switchport port-security mac-address sticky

ip dhcp snooping vlan 4,104

Which of the following Cisco IOS global commands is used to enable or disable DHCP snooping on one or more VLANs? switchport port-security mac-address sticky ip dhcp snooping no ip dhcp snooping information option ip dhcp snooping vlan 4,104

ip dhcp snooping vlan 4,104

Martha is a network administrator in a company named "Dubrovnik Walls Ltd.". She realizes that her network is under a DDoS attack. After careful analysis, she realizes that a large amount of fragmented packets are being sent to the servers present behind the "Internet facing firewall." Protocol attack Volume (volumetric) attack Application layer attack SYN flood attack

protocol attack, which includes SYN floods, fragmented packet attacks, ping of death attack, smurf DDoS, teardrop attack, land attack, and so on. It is not volume-based attack

Netcraft

provides internet security services including anti-fraud and anti-phishing services, application testing and PCI scanning.

Out of the following RFCrack commands, which command is used by an attacker to perform jamming? python RFCrack.py -i python RFCrack.py -r -M MOD_2FSK -F 314350000 python RFCrack.py -r -U "-75" -L "-5" -M MOD_2FSK -F 314350000 python RFCrack.py -j -F 314000000

python RFCrack.py -j -F 314000000

For any network node to communicate and exchange data with another network node, some way of for forwarding packets from sender to receiver must exist. What is this concept called?

reachabilitiy

Black Hole Filtering

refers specifically to dropping packets at the routing level, usually using a routing protocol to implement the filtering on several routers at once,

Which of the following types of DHCP software intercepts address requests on a local cable segment and repackage those requests as a unicast to one or more DHCP servers?

relay agent

DNS Lookup

reveals information about DNS zone data. DNS zone data include DNS domain names, computer names, IP addresses, and much more about a particular network.

DNS lookup

reveals information about DNS zone data. DNS zone data include DNS domain names, computer names, IP addresses, and much more about a particular network.

rolling code attack

rolling code (or sometimes called a hopping code) is used in keyless entry systems to prevent replay attacks, where an eavesdropper records the transmission and replays it at a later time to cause the receiver to 'unlock'.

IP Source Guard

s a security feature that restricts IP traffic on untrusted Layer 2 ports by filtering traffic based on the DHCP snooping binding database or manually configured IP source bindings.

At a Windows server command prompt, which command could be used to list the running services? Sc query type= running Sc query \\servername Sc query Sc config

sc query: Obtains and displays information about the specified service, driver, type of service, or type of driver.

Multicast addresses in IPv6 use a(n) ____ to define the portion of the Internet to which the multicast group pertains.

scope identifier

Which of the following processes guarantees that packets are ordered properly and protects against missing segments?

sequence and acknowledgement

Remote Monitoring (RMON) uses the ____ to collect traffic data at a remote switch and send the data to a management device.

simple network management protocol

Which Google search query will search for any configuration files a target certifiedhacker.com may have? site: certifiedhacker.com intext:xml | intext:conf | intext:cnf | intext:reg | intext:inf | intext:rdp | intext:cfg | intext:txt | intext:ora | intext:ini site: certifiedhacker.com filetype:xml | filetype:conf | filetype:cnf | filetype:reg | filetype:inf | filetype:rdp | filetype:cfg | filetype:txt | filetype:ora | filetype:ini site: certifiedhacker.com ext:xml || ext:conf || ext:cnf || ext:reg || ext:inf || ext:rdp || ext:cfg || ext:txt || ext:ora || ext:ini allinurl: certifiedhacker.com ext:xml | ext:conf | ext:cnf | ext:reg | ext:inf | ext:rdp | ext:cfg | ext:txt | ext:ora | ext:ini

Which Google search query will search for any configuration files a target certifiedhacker.com may have? allinurl: certifiedhacker.com ext:xml | ext:conf | ext:cnf | ext:reg | ext:inf | ext:rdp | ext:cfg | ext:txt | ext:ora | ext:ini site: certifiedhacker.com filetype:xml | filetype:conf | filetype:cnf | filetype:reg | filetype:inf | filetype:rdp | filetype:cfg | filetype:txt | filetype:ora | filetype:ini site: certifiedhacker.com ext:xml || ext:conf || ext:cnf || ext:reg || ext:inf || ext:rdp || ext:cfg || ext:txt || ext:ora || ext:ini site: certifiedhacker.com intext:xml | intext:conf | intext:cnf | intext:reg | intext:inf | intext:rdp | intext:cfg | intext:txt | intext:ora | intext:ini

Which Google search query can you use to find mail lists dumped on pastebin.com? allinurl: pastebin.com intitle:"mail lists" allinurl: pastebin.com intitle:*@*.com:* site:pastebin.com intext:*@*.com:* cache: pastebin.com intitle:*@*.com:*

site:pastebin.com intext:*@*.com:*

Which Google search query can you use to find mail lists dumped on pastebin.com? allinurl: pastebin.com intitle:"mail lists" site:pastebin.com intext:*@*.com:* cache: pastebin.com intitle:*@*.com:* allinurl: pastebin.com intitle:*@*.com:*

site:pastebin.com intext:*@*.com:*

David, a penetration tester, was asked to check the MySQL database of the company for SQL injection attacks. He decided to check the back end database for a double blind SQL injection attack. He knows that double blind SQL injection exploitation is performed based on an analysis of time delays and he needs to use some functions to process the time delays. David wanted to use a function which does not use the processor resources of the server. Which of the following function David need to use? sleep() benchmark() mysql_query() addcslashes()

sleep()

A special bit pattern that "blocks off" the network portion of an IPv4 address with an all-ones pattern is known as which of the following?

subnet mask

Which of the following DHCP creations does Microsoft Windows Server 2012 R2 support?

superscope

A network administrator wants to configure port security on a Cisco switch. Which of the following command helps the administrator to enable port security on an interface? switchport port-security maximum 1 switchport port-security switchport port-security aging time 2 switchport port-security aging type inactivity

switchport port-security

A network administrator wants to configure port security on a Cisco switch. Which of the following command helps the administrator to enable port security on an interface? switchport port-security maximum 1 switchport port-security switchport port-security aging type inactivity switchport port-security aging time 2

switchport port-security

Which of the following command is used to set the maximum number of secure MAC addresses for the interface on a Cisco switch? switchport port-security violation restrict switchport port-security aging time 2 switchport port-security maximum 1 vlan access snmp-server enable traps port-security trap-rate 5

switchport port-security maximum 1 vlan access

Which of the following command is used to set the maximum number of secure MAC addresses for the interface on a Cisco switch? switchport port-security aging time 2 switchport port-security violation restrict switchport port-security maximum 1 vlan access snmp-server enable traps port-security trap-rate 5

switchport port-security maximum 1 vlan access

Which of the following system table does MS SQL Server database use to store metadata? Hackers can use this system table to acquire database schema information to further compromise the database. sysdbs sysrows syscells sysobjects

CEH BIG SET

Ensembles d'études connexes

ACC 4001 Exam 2

Interm accounting chap 10 SB

2. Scientific Foundations of Psychology: Research Methods

Evolve: Cardiovascular, Blood, and Lymphatic System

Segment 12

MIS Chapter 2

Brunner Review Ch. 32

ch 11

CONS- Chapter 5

Chapter 13

geology test chapter 4

Macroeconomics exam 1: topic 2

traction

PSY/205T: Life Span Human Development

ms prepu 40: Gastric and Duodenal Disorders

Shock EAQ Practice Quiz

hi

U.S. History Unit 1 Study Guide

Quiz 1 - Shoulder

geography exam 2