Attack - 1530 - Final 2
Which of the following operating systems is the most prevalent in the smartphone market?
Android
Which of the following is a short-range wireless personal area network that supports low-power, long-use IoT needs?
BLE
Kathy doesn't want to purchase a digital certificate from a public certificate authority, but needs to establish a PKI in her local network. Which of the following actions should she take?
Create a local CA and generate a self-signed certificate.
Which of the following is the best defense against cloud account and service traffic hijacking?
Find and fix software flaws continuously, use strong passwords, and use encryption.
James, a penetratoin tester, uses nmap to locate mobile devices attached to a network. Which of the following mobile device penetration testing states is being implemented?
Footprinting
Which of the following in an open-source cryptography toolkit that implements SSL and TLS network protocols and the relate cryptography standards required by them?
OpenSSL
Which of the following forms of cryptography is best suited for bulk encryption because of its speed?
Symmetric cryptography
Which of the following types of wireless antenna is shown?
Yagi
During a penetration test, Omar found unpredicted responses from an application. Which of the following tools was he most likely using while assessing the network?
beSTORM
A user is having trouble connecting to a newly purchased Bluetooth device. An administrator troubleshoots the device using a Linux machine with BlueZ installed. The administrator sends an echo request to the device's Bluetooth MAC address to determine whether the device responds. Which of the following commands was used?
l2ping
Which of the following is considered an out-of-band distribution method for private key encryption?
Copying the key to a USB drive.
Google Cloud, Amazon Web Services, and Microsoft Azure are some of the most widely used cloud storage solutions for enterprises. Which of the following factors prompts companies to take advantage of cloud storage?
Need to bring costs down and growing demand for storage.
Which of the following is a nonprofit organization that provides tools and resources for web app security and is made up of software developers, engineers, and freelancers?
OWASP
Which of the following is the number of keys used in symmetric encryption?
One
Which of the following types of wireless antenna is shown?
Parabolic
Which of the following is an entity that accepts and validates information contained within a request for a certificate?
Registration authority
Which of the following is the most frequently used symmetric key stream cipher?
Ron's Cipher v4 (RC4)
If an attacker's intent is to discover and then use sensitive data like passwords, session cookies, and other security configurations such as UDDI, SOAP, and WSDL, which of the following cloud computing attacks is he using?
Service hijacking through network sniffing.
You are configuring a wireless access point and are presented with the image shown below. Which of the following is the most correct statement regarding the access point's configuration?
The Host Name is what the users see in the list of available networks when they connect to the access point.
Which of the following Bluetooth threats has increased due to the availability of software that can be used to activate Bluetooth cameras and microphones?
The creation of Bluetooth bugging and eavesdropping devices.
Which of the following best describes a cybsersquatting cloud computing attack?
The hacker uses phishing scams by making a domain name that is almost the same as the cloud service provider.
Which of the following best describes this image?
The iOS operating system stack.
Which of the following is the number of keys used in asymmetric (public key) encryption?
Two
Which of the following terms in the encrypted form of a message that is unreadable except to its intended recipient?
ciphertext
Which of the following describes Mobile Device Management Software?
A combination of an on-device application or agent that communicates with a backend server to receive policies and settings.
Which of the folloiwng types of Bluetooth hacking is a denial-of-service attack?
Bluesmacking
Which of the following cloud security controls includes backups, space availability, and continuity of services?
Computation and storage
Which of the following encryption tools would prevent a user from reading a file that they did not create and does not require you to encrypt an entire drive?
EFS
Linda, an Android user, wants to remove unwanted applications (bloatware) that are pre-installed on her device. Which of the following actions must she take?
Root the Android device
Which of the following describes the risks of spyware that are particular to mobile devices?
Spyware can monitor and log call histories, GPS locations, and text messages.
Bob encrypts a message using a key and sends it to Alice. Alice decrypts the message using the same key. Which of the following types of encryption keys is being used?
Symmetric
Donna is configuring the encryption settings on her email server. She is given a choice of encryption protocols and has been instructed to use the protocol that has the most improvements. Which of the following cryptographic protocols should she use?
TLS
Which of the following best explains why brute force attacks are always successful?
They test every valid combination.
Which of the following cryptography attacks is characterized by the attacker making a series of interactive queries and choosing subsequent plain texts based on the information from the previous encryption?
Adaptive chosen plain text
Which of the following best describes Bluetooth MAC spoofing?
An attacker changes the Bluetooth address of his own device to match the address of a target device so that the data meant for the victim device reaches the attacker's device first.
Which of the following best describes a certificate authority (CA)?
An entity that issues digital certificates.
Alan wants to implement a security tool that protects the entire contents of a hard drive and prevents access even if the drive is moved to another system. Which of the following tools should he use?
BitLocker
Jose, a medical doctor, has a mobile device that contains sensitive patient information. He is concerned about unauthorized access to the data if the device is lost or stolen. Which of the following is the best option for preventing this from happening?
Configure the device to remotely wipe as soon as it is reported lost.
Which of the following can void a device's warranty, cause poor performance, or brick a mobile device (making it impossible to turn on or repair)?
Rooting or jailbreaking
Which of the following policies best governs the use of bring-your-own-device (BYOD) that connect with an organization's private network?
Acceptable use policy
Your company produces an encryption device that lets you enter text and receive encrypted text in response. An attacker obtains one of these devices and starts inputting random plain text to see the resulting cipher text. Which of the following cryptographic attacks is being used?
Chosen plain text
You have just discovered that a hacker is trying to penetrate your network using MAC spoofing. Which of the following best describes MAC spoofing?
Changing a hacker's network card to match a legitimate address being used on a network.
Joelle, an app developer, created an app using two-factor authentication (2FA) and requires strong user passwords. Which of the following IoT security challenges is she trying to overcome?
Default, weak, and hardcoded credentials
Which of the following cryptography attacks is characterized by the attacker having access to both the plain text and the resulting ciphertext, but does not allow the attacker to choose the plain text?
Known plain text
You are using software as a service (SaaS) in your office. Who is responsible for the security of the data store in the cloud?
The provider is responsible for all the security.
Which of the following best describes a feature of symmetric encryption?
Uses only one key to encrypt and decrypt data.
Which of the following Bluetooth configuration and discovery tools can be used to check which services are made available by a specific device and can work when the device is not discoverable, but is still nearby?
sdptool
Which of the following Bluetooth discovery tools will produce the output shown below?
sdptool
Anabel purchased a smart speaker. She connected it to all the smart devices in her home. Which of the following communication models is she using?
Device-to-device
What are the four primary systems of IoT technology?
Devices, gateway, data storage, and remote control
Which of the following cryptographic algorithms is used in asymmetric encryption?
Diffie-Hellman
Which of the following bring-your-own-device (BYOD) risks is both a security issue for an organization and a privacy issue for a BYOD user?
Mixing personal and corporate data
Above all else, which of the following must be protected to maintain the security and benefit of an asymmetric cryptographic solution, especially if it is widely used for digital certificates?
Private keys
Which of the following cloud computing service models delivers software applications to a client either over the Internet or on a local area network?
SaaS
You are configuring several wireless access points for your network. Knowing that each access point will have a service set identifier (SSID), you want to ensure that it is configured correctly. Which of the following SSID statements are true?
The SSID is a unique name, separate from the access point name.
Which of the following Bluetooth hacking tools is a complete framework to perform man-in-the-middle attacks on Bluetooth smart devices?
Btlejuice
You are a cybersecurity specialist. ACME, Inc. has hired you to install and configure their wireless network. As part of your installation, you have decided to use Wi-Fi Protected Access 2 (WPA2) security on all of your wireless access points. You want to ensure that the highest level of security is used. Which of the following encryption protocols should you use to provide the highest level of security?
CCMP
Which of the following is the correct order for a hacker to launch and attack?
Information gathering, vulnerability scanning, launch attack, gain remote access, maintain access
Which of the following steps in an Android penetration test checks for a vulnerability hackers use to break down the browser's sandbox using infected JavaScript code?
Check for a cross-application-scripting error
From your Kali Linux computer, you have used a terminal and the airodump-ng command to scan for wireless access points. From the results shown, which of the following is most likely a rogue access point?
CoffeeShop
Which of the following best describes a wireless access point?
A networking device that allows other Wi-Fi devices to connect to a wired network.
Which of the following best describes the Bluediving hacking tool?
A penetration suite that runs on Linux that can implement several attacks, including bluebug, bluesnarf, and bluesmack, and also performs Bluetooth address spoofing.
Which of the following best describes a wireless hotspot?
A physical location where people may obtain free internet access using Wi-Fi.
You work for a very small company that has 12 employees. You have been asked to configure wireless access for them. Knowing that you have a very limited budget to work with, which of the following technologies should you use?
A software-based access point.
You are using BlazeMeter to test cloud security. Which of the following best describes BlazeMeter?
An end-to-end performance and load testing tool that can simulate up to 1 million users and makes realistic load tests easier.
You work for a company that is implementing symmetric cryptography to process payment applications such as card transactions where personally identifiable information (PII) needs to be protected to prevent identity theft or fraudulent charges. Which of the following algorithm types would be best for transmitting large amounts of data?
Block
Jim, a smartphone user, receives a bill from his provider that contains fees for calling international numbers is is sure he hasn't called. Which of the following forms of Bluetooth hacking was most likely used to attack his phone?
Bluebugging
You are the cybersecurity specialist for your company and have been hired to perform a penetration test. You have been using Wireshark to capture and analyze packets. Knowing that HTTP POST data can sometimes be easy prey for hackers, you have used the http.request.method==POST Wireshark filter. The results of that filter are shown in the image. After analyzing the captured information, which of the following would be your biggest concern?
Clear text passwords are shown.
Which of the following best describes the Platform as a Service (PaaS) cloud computing service model?
Delivers everything a developer needs to build an application on the cloud infrastructure.
Ann has a corner office that looks out on a patio that is frequently occupied by tourists. She likes the convenience of her Bluetooth headset paired to her smartphone, but is concerned that he conversations could be intercepted by an attacker sitting on the patio. Which of the following countermeasures would be the most effective for protecting her conversations?
Lower the Bluetooth power setting on the smartphone and headset.
A company has implemented the following defenses: The data center is located in a safe geographical area. Backups are in different locations Mitigation measures are in place A disaster recovery plan is in place
Natural disasters
Alan, and ethical hacker, roots or jailbreaks a mobile device. He checks the inventory information reported by the mobile device management (MDM) software that manages the mobile device. Which of the following describes what he expects to see in the inventory?
The inventory will show the device is vulnerable.
Which of the following describes the exploitation state of the mobile device penetration testing process?
The use of man-in-the-middle attacks, spoofing, and other attacks to take advantage of client-side vulnerabilities.
Which of the following best describes the purpose of the wireless attack type known as wardriving?
To find information that will help breach a victim's wireless network.
Which of the following Bluetooth discovery tool commands will show Bluetooth MAC address, clock offset, and class of each discovered devices?
hcitool inq
Mary is using asymmetric cryptography to send a message to Sam so that only Sam can read it. Which of the following keys should he use to encrypt the message?
Sam's public key
Which of the following mobile security concerns is characterized by malicious code that specifically targets mobile devices?
Malicious websites
Strict supply chain management, comprehensive supplier assessment, HR resource requirements, transparent information security and management, compliance reporting, and a security breach notification process are defenses against which of the following cloud computing threats?
Malicious insiders
A company has subscribed to a cloud service that offers cloud applications and storage space. Through acquisition, the number of company employees quickly doubled. The cloud service vendor was able to add cloud services for these additional employees without requiring hardware changes. Which of the following cloud concepts does this represent?
Rapid elasticity
You are cybersecurity consultant. The company hiring you suspects that employees are connecting to a rogue access point (AP). You need to find the name of the hidden rogue AP so it can be deauthorized. Which of the following commands would help you locate the rogue access point from the wlp1s0 interface and produce the results shown?
airodump-ng wlp1s0mon
You are employed by a small start-up company. The company is in a small office and has several remote employees. You must find a business service that will accommodate the current size of the company and scale up as the company grows. The service needs to proved adequate storage as will as additional computing power. Which of the following cloud service models should you use?
IaaS
Robert, an IT administrator, is working for a newly formed company. He needs a digital certificate to send and receive data securely in a Public Key Infrastructure (PKI). Which of the following requests should he submit?
He must send identifying data with his certificate request to a registration authority (RA).
Which of the following describes a PKI?
A security architecture that ensures data connections between entities are validated and secure.
Which type of cryptanalysis method is based on substitution-permutation networks?
Integral
Which of the following is a characteristic of Triple DES (3DES)?
Uses a 158-bit key
Which of the following attacks utilizes encryption to deny a user access to a device?
Ransomware attack
Which of the following has five layers of structure that include Edge technology, Access gateway, Internet, Middleware, and Application?
IoT architecture
Which of the follow is a characteristic of Elliptic Curve Cryptography (ECC)?
Is suitable for small amounts of data and small devices, such as smartphones.
YuJin drove his smart car to the beach to fly his drone in search of ocean animal activity. Which of the following operation systems are most likely being used by his car and drone?
Integrity RTOS and snappy
The ACME company has decided to implement wireless technology to help improve the productivity of their employees. As the cybersecurity specialist for this company, you have the responsibility of seeing that the wireless network is as secure as possible. Which of the following best describes one of the first countermeasures that should be used to ensure wireless security?
Use a Wi-Fi predictive planning tool to determine where to place your access points.
Which of the following Bluetooth attack countermeasure would help prevent other devices from finding your Bluetooth devices that is in a continuous operation?
Use hidden mode when your Bluetooth device is enabled.
Which of the following is a characteristic of the Advanced Encryption Standard (AES) symmetric block cipher?
Uses the Rijndael block cipher
Which of the following uses on-the-fly encryption, meaning the data is automatically encrypted immediately before it is saved and decrypted immediately after it is loaded?
VeraCrypt
Which of the following mobile security best practices for users is concerned with geotags?
Don't auto-upload photos to social networks.
Mary wants to send a message to Sam. She wants to digitally sign the message to prove that she sent it. Which of the following cryptographic keys would Mary use to create the digital signature?
Mary's Private Key
Which of the following best describes a rogue access point attack?
A hacker installing an unauthorized access point within a company.
Which key area in the mobile device security model is supported by device designers requiring passwords, biometrics, and two-factor authentication methods?
Access controls
