CEH : My study guide
A hacker was able to sniff packets on a company's wireless network. The following information was discovered: the Key 10110010 01001011 and the Ciphertext 01100101 01011010. 00101000 11101110 11010111 00010001 00001101 10100100 11110010 01011011
11010111 00010001
WPA2 uses AES for wireless data encryption at which of the following encryption levels? 64 bit and CCMP 128 bit and CRC 128 bit and CCMP 128 bit and TKIP
128 bit and CCMP
Diffie-Hellman (DH) groups determine the strength of the key used in the key exchange process. Which of the following is the correct bit size of the Diffie-Hellman (DH) group 5? 768 bit key 1025 bit key 1536 bit key 2048 bit key
1536 bit key
How many bit checksum is used by the TCP protocol for error checking of the header and data and to ensure that communication is reliable? 13-bit 14-bit 15-bit 16-bit
16-bit
Which of the following ports does Tiny Telnet Server Trojan use? 20 21 22 23
23
What is the length of ID number of an organization in a MAC address? 24 bits 12 bits 48 bits 26 bits
24 bits
Check Point's FireWall-1 listens to which of the following TCP ports? 1072 259 1080 1745
259
Which of the following is a symmetric cryptographic algorithm? DSA PKI RSA 3DES
3DES
What results will the following command yield? NMAP -sS -O -p 123-153 192.168.100.3? a Stealth scan, operating port 123-153. A stealth scan, checking open ports 123 and 153. A stealth scan, checking all open ports excluding ports 123 to 153. A stealth scan, determine operating system, and scanning ports 123 to 153.
A stealth scan, determine operating system, and scanning ports 123 to 153.
Sean who works as a network administrator has just deployed an IDS in his organization's network. Sean deployed an IDS that generates four types of alerts that include: true positive, false positive, false negative, and true negative. In which of the following conditions does the IDS generate a true positive alert? A true positive is a condition occurring when an event triggers an alarm and causes the IDS to react as if a real attack is in progress. A true positive is a condition occurring when an event triggers an alarm when no actual attack is in progress. A true positive is a condition occurring when an IDS fails to react to an actual attack event. A true positive is a condition occurring when an IDS identifies an activity as acceptable behavior and the activity is acceptable.
A true positive is a condition occurring when an event triggers an alarm and causes the IDS to react as if a real attack is in progress.
Which of the following statements correctly defines a zero-day attack? An attack that exploits vulnerabilities before the software developer releases a patch for the vulnerability. an attack that exploits vulnerabilities after the software developer releases a patch for the vulnerability. an attack that could not exploit vulnerabilities even though the software developer has not released a patch. an attack that exploits an application even if there are zero vulnerabilities
A: An attack that exploits vulnerabilities before the software developer releases a patch for the vulnerability
Arturo is the leader of information security professionals of a small financial corporation that has a few branch offices in Africa. The company suffered an attack of USD 10 Million through an inter banking system. The CSIRT explained to Arturo that the incident occurred because 6 months ago the hackers came in from the outside through a small vulnerability, then they did a lateral movement to the computer of a person with privileges in the inter banking system. Finally the hackers got access and did the fraudulent transactions. What is the most accurate name for the kind of attack in this scenario? apt internal attack external attack backdoor
APT
Which of the following regional internet registries (RIRs) provides services related to the technical coordination and management of internet number resources in Canada, The united states, and many Caribbean and North Atlantic islands? AFRNIC ARIN APNIC LACNIC
ARIN
An attacker creates anonymous access to the cloud services to carry out various attacks such as password and key cracking, hosting malicious data, and DDoS attack. Which of the following threats is he posing to the cloud platform? Insecure Interface and APIs Data Breach/Loss Abuse and nefarious use of cloud services Insufficient due diligence
Abuse and nefarious use of cloud services
Which of the following is used to connect wireless devices to a wireless/wired network? Bandwidth Hotspot Access point (AP) Association
Access point (AP)
Robert is a user with a privileged account and he is capable of connecting to the database. Rock wants to exploit Robert's privilege account. How can he do that? Access the database and perform malicious activities at the OS level Reject entries that contain binary data, escape sequences, and comment characters Use the most restrictive SQL account types for applications Design the code in such a way it traps and handles exceptions appropriately
Access the database and perform malicious activities at the OS level
In order to prevent an illegitimate user from performing a brute force attack, what security mechanism should be implemented to the accounts? Use of strong passwords Secure boot chain mechanism Account lockout mechanism Use of SSL/TLS
Account lockout mechanism
Out of the following options, identify the function of the following command performed on a Cisco switch. "switchport port-security mac-address sticky" Adds all secure MAC addresses that are dynamically learned to the running configuration Configures the secure MAC address aging time on the port Configures the switch port parameters to enable port security Configures the maximum number of secure MAC addresses for the port
Adds all secure MAC addresses that are dynamically learned to the running configuration
Which of the following is one of the four critical components of an effective risk assessment? physical security administrative safeguards dmz. logical interface.
Administrative safeguards
Which of the following database is used to delete history of the target website . TCP/IP and IPSec filters. Archive.org. Whois lookup database. Implement VPN.
Archive.org.
When a client's computer is infected with malicious software which connects to the remote computer to receive commands, the client's computer is called a ___________ Bot Botnet Command and Control(C&C) Client
Bot
Which of the following tools can be used to perform RST hijacking on a network? FOCA Nmap Colasoft's Packet Builder Recon-ng
Colasoft's Packet Builder
Which of the following tool is a DNS Interrogation Tool? Hping DIG NetScan Tools Pro SandCat Browser
DIG
Which of the following is not a mitigation technique against MAC address spoofing? IP Source Guard DHCP Snooping Binding Table Dynamic ARP Inspection DNS Security (DNSSEC)
DNS Security (DNSSEC)
Which of the following cryptanalysis methods is applicable to symmetric key algorithms? Linear cryptanalysis Differential cryptanalysis Integral cryptanalysis Differential cryptanalysis
Differential cryptanalysis
Marko is attacking John's computer with a custom-made application that is sending a specially crafted packet to John's computer after which John's computer shows a blue screen. Marko repeats this process every 3 seconds. John's computer is now under constant blue screen and reboots over and over again. This is an example of ____________. DoS attack DDoS attack Ping of death attack SYN flood attack
DoS attack
Which of the following backdoors is used by the WannaCry ransomware to perform remote code execution and further propagation on a victim machine? EternalBlue Doublepulsar satanz Kovter
DoublePulsar
A certified ethical hacker (CEH) completed a penetration test of the main headquarters of a company almost two months ago but has yet to get paid. The customer is suffering from financial problems, and the CEH is worried that the company will go out of business and end up not paying. What actions should the CEH take? Threaten to publish the penetration test results if not paid. follow proper legal procedures against the company to request payment. Tell other customers of the financial problems with payment from his company. exploit some of the vulnerabilities found on the company webserver to deface it.
Follow proper legal procedures against the company to request payment.
Anonymous, a known hacker group, claim to have taken down 20,000 twitter accounts linked to Islamic state in response to the Paris attacks that left 130 people dead. How can you categorize this attack by anonymous? Spoofing Cracking Hacktivism Social Engineering
Hacktivism
Which of the following IoT technology components bridges the gap between the IoT device and the end user? Sensing technology IoT gateway Cloud server/data storage Remote control using mobile app
IoT gateway
Out of the following, identify the attack that is used for cracking a cryptographic algorithm using multiple keys for encryption. Meet-in-the-middle Attack Rainbow Table Attack Side Channel Attack DUHK Attack
Meet-in-the-middle Attack
Identify the Trojan which exhibits the following characteristics: Login attempts with 60 different factory default username and password pairs Built for multiple CPU architectures (x86, ARM, Sparc, PowerPC, Motorola) Connects to CnC to allows the attacker to specify an attack vector Increases bandwidth usage for infected bots Identifies and removes competing malware Windigo Mirai PlugBot Ramnit
Mirai
During a penetration test, Marin identified a web application that could be exploited to gain a root shell on the remote machine. The only problem was that in order to do that he would have to know at least one valid username and password that could be used in the application. Unfortunately, guessing usernames and brute-forcing passwords did not work. Marin does not want to give up his attempts. Since this web application is being used by almost all users in the company, and moreover it was using the http protocol, so he decided to use the Cain&Abel tool in order to identify at least one username and password. Morin found that the network was using layer 2 switches with no configuration or management features. What could be the easiest way to start an attack in this case? MitM (Man in the Middle) ARP spoofing DNS spoofing MitB (Man in the Browser)
MitM (Man in the Middle)
Which of the following is a security consideration for the gateway component of IoT architecture? Local storage security, encrypted communications channels Multi-directional encrypted communications, strong authentication of all the components, automatic updates Secure web interface, encrypted storage Storage encryption, update components, no default passwords
Multi-directional encrypted communications, strong authentication of all the components, automatic updates
Which one of the following techniques is used by attackers to hid their programs? Scanning. NTFS Stream. Enumeration. Footprinting.
NTFS Stream.
Which of the following protocols is responsible for synchronizing clocks of networked computers? LDAP DNS NTP SMTP
NTP.
Which of the following toolbars is used to provide an open application program interface (API) for developers and researchers to integrate anti-phishing data into their applications? DroidSheep SET Netcraft Metasploit
Netcraft
In which of the following cloud security control layers do the security controls DNSSEC, OAuth operates? Management layer Information layer Network layer Computation and Storage layer
Network layer
John, a malicious attacker, was intercepting packets during transmission between the client and server in a TCP and UDP session, what is this type of attack called? Network level hijacking Application level hijacking Intrusion Session hijacking
Network level hijacking
Network-level session hijacking attacks ____________ level protocols. Transport and internet level protocols Application level protocols Network or Internet level protocols Data link level protocols
Network or Internet level protocols
Ransomeware encrypts the files and locks systems, thereby leaving the system in an unusable state. The compromised user has to pay ransom to the attacker to unlock the system and get the files decrypted. Petya delivers malicious code that can even destroy the data with no scope of recovery. What is this malicious code called? Bot Payload Vulnerability Honeypot
Payload
Which method can provide a better return on IT security investment and provide a through and comprehensive assessment of an organizational security covering policy, procedure design, and implementation? Penetration testing. Social Engineering. Vulnerability Scanning. Access control list reviews.
Penetration Testing.
Which of the following steps in enumeration penetration testing extracts information about encryption and hashing algorithms, authentication type, key distribution algorithms, SA LifeDuration, etc.? Perform SMTP Enumeration. Perform DNS Enumeration. Perform IPSec Enumeration. Perform NTP Enumeration.
Perform IPSec Enumeration.
In order to avoid data loss from a Mobile device, which of following Mobile Device Management security measures should you consider? Perform periodic backup and synchronization Encrypt Storage Configure Application certification rules Enable Remote Management
Perform periodic backup and synchronization
Which of the following techniques is used to distribute malicious links via some communication channel such as mails to obtain private information from the victims? Dumpster Diving Phishing Piggybacking Vishing
Phishing
In which of the following attacks, does an attacker inject an additional malicious query to the original query? In-line Comments Piggybacked Query Tautology UNION SQL Injection
Piggybacked Query
An attacker wants to monitor a target network traffic on one or more ports on the switch. In such a case, which of the following methods can he use? Lawful interception Wiretapping Active sniffing Port mirroring
Port Mirroring.
Which of the following is not a legitimate cloud computing attack? Port Scanning Denial-Of- Service (DoS) Privilege Escalation Man-In- The-Middle (MiTM)
Port Scanning
The database that hosts the information collected from the insurance application is hosted on a cloud-based file server, and their email server is hosted on office 365. Other files created by employees get saved to a cloud-based file server, and the company uses work folders to synchronize offline copies back to their devices. Management at Highlander, incorporated, has agreed to develop an incident management process after discovering laptops were compromised and the situation was not handled in an appropriate manner. What is the first phase that Highlander, incorporated, need to implement within their incident management process? preparation for incident handling and response. classification and prioritization. containment. forensic investigation.
Preparation for incident handling and response.
Identify the monitoring tool that exhibits the following features: Reliable capture of process details, including image path, command line, user and session ID. Configurable and moveable columns for any event property. Filters can be set for any data field, including fields not configured as columns. Advanced logging architecture scales to tens of millions of captured events and gigabytes of log data. Process tree tool shows the relationship of all processes referenced in a trace. Native log format preserves all data for loading in a different Process Monitor instance Process Monitor Netstat TCP View IDA Pro
Process Monitor
In which of the following cloud deployment models does the provider make services such as applications, servers, and data storage available to the public over the Internet? Public Cloud Private Cloud Community Cloud Hybrid Cloud
Public Cloud
Which of the following techniques is used to detect rogue APs? RF Scanning Passphrases AES/CCMP encryption Non-discoverable mode
RF Scanning
Which of the following tools is used to perform a rolling code attack by obtaining the rolling code sent by the victim? Zigbee framework HackRF one RF crack RIoT vulnerability scanning
RF crack
In which of the following attacks, can an attacker obtain ciphertexts encrypted under two different keys and gather plaintext and matching ciphertext? Ciphertext-only attack Adaptive chosen-plaintext attack Related-key attack Chosen-plaintext attack
Related-key attack
Which of the following term refers to the process of reducing the severity of vulnerabilities in vulnerability management life cycle? Remediation Vulnerability Assessment Verification Risk Assessment
Remediation
What is the correct order of phases of social engineering attack? Research on target company → selecting target → develop the relationship → exploit the relationship Selecting target → develop the relationship → research on target company → exploit the relationship Develop the relationship → research on target company → selecting target → exploit the relationship Selecting target → research on target company → develop the relationship → exploit the relationship
Research on target company → selecting target → develop the relationship → exploit the relationship
Which results will be returned with the following google search query? Site: Target.com -site:marketing.target.com accounting Results matching all words in the query. Results matching "accounting" in domain target.com but not on the site Marketing.target.com. Results from matches on the site marketing.target.com that are in the domain target.com but do not include the word accounting. Results for matches on target.com and Marketing.target.com that include the word "accounting".
Results matching "accounting" in domain target.com but not on the site marketing.target.com
in which phase of risk management process does an analyst calculate the organization's risks and estimate the likelihood and impact of those risks? Risk Assessment. Risk identification. Risk Treatment Risk Monitoring and review.
Risk Assessment.
At a Windows server command prompt, which command could be used to list the running services? SC query type= running. SC query \\servername SC query. SC config.
SC query.
Identify the services provided by the application layer of the cloud security control model? DLP, CMF, Database Activity Monitoring, Encryption Hardware and software RoT and API's Physical Plant Security, CCTV, Guards SDLC, Binary Analysis, Scanners, Web App Firewalls, Transactional Sec
SDLC, Binary Analysis, Scanners, Web App Firewalls, Transactional Sec
Which protocol enables an attacker to enumerate user accounts and devices on a target system? SMTP. SNMP. NetBIOS. TCP.
SNMP.
Which of the following tools can be used to perform SNMP enumeration? SNScan. SoftPerfect Network Scanner. Superscan. Nsauditor Network Security Auditor.
SNScan.
Manav wants to simulate a complete system and provide an appealing target to push hackers away from the production systems of his organization. By using some honeypot detection tool, he offers typical Internet services such as SMTP, FTP, POP3, HTTP, and TELNET, which appear perfectly normal to attackers. However, it is a trap for an attacker by messing them so that he leaves some traces knowing that they had connected to a decoy system that does none of the things it appears to do; but instead, it logs everything and notifies the appropriate people. Can you identify the tool? Glasswire TinyWall PeerBlock SPECTER
SPECTER
You are doing a research on SQL injection attacks. Which of the following combination of Google operators will you use to find all Wikipedia pages that contain information about SQL injection attacks or SQL injection techniques? SQL injection site: wikipedia.org Site:wikipedia.org intitle: "SQL injection". Allinurl: Wikipedia.org intitle "SQL injection". Site: Wikipedia.org related: "SQL injection".
SQL injection site: Wikipedia.org
A tester wants to securely encrypt the session to prevent the network against sniffing attack, which of the following protocols should he use as a replacement of Telnet? SSH Intrusion Prevention System (IPS) Public Key Infrastructure (PKI) Load Balancing (LB)
SSH
Which of the following is considered as a token to identify a 802.11 (Wi-Fi) network (by default it is the part of the frame header sent over a wireless local area network (WLAN))? SSID Hotspot Access Point Association
SSID
Which of the following is to be used to keep certain default wireless messages from broadcasting the ID to everyone? SSID Cloaking Bluejacking Bluesmacking MAC Spoofing
SSID Cloaking
Andrew, a professional penetration tester, was hired by ABC Security, Inc., a small IT-based firm in the United States to conduct a test of the company's wireless network. During the information-gathering process, Andrew discovers that the company is using the 802.11 g wireless standard. Using the NetSurveyor Wi-Fi network discovery tool, Andrew starts gathering information about wireless APs. After trying several times, he is not able to detect a single AP. What do you think is the reason behind this? SSID broadcast feature must be disabled, so APs cannot be detected. NetSurveyor does not work against 802.11g. Andrew must be doing something wrong, as there is no reason for him to not detect access points. MAC address filtering feature must be disabled on APs or router.
SSID broadcast feature must be disabled, so APs cannot be detected.
Maira wants to establish a connection with a server using the three-way handshake. As a first step she sends a packet to the server with the SYN flag set. In the second step, as a response for SYN, she receives packet with a flag set. Which flag does she receive from the server? ACK SYN+ACK RST FIN
SYN+ACK
You are a security engineer for XYZ Corp. You are looking for a cloud-based e-mail provider to migrate the company's legacy on-premise e-mail system to. What type of cloud service model will the new e-mail system be running on? SaaS IaaS PaaS XaaS
SaaS
Which of the following terms refers to unskilled hackers who compromise systems by running scripts, tools, and software developed by real hackers? They usually focus on the quantity of attacks rather than the quality of the attacks that they initiate. Hacktivist Script kiddies Gray hats Suicide hackers
Script Kiddies
Sean works as a professional ethical hacker and penetration tester. He is assigned a project for information gathering on a client's network. He started penetration testing and was trying to find out the company's internal URLs., looking for any information about the different departments and business units. Sean was unable to find any information. What should Sean do to get the information he needs? Sean should use Sublist3r tool. Sean should use waybackmachine in Archive.org. Sean should use website mirroring tools. Sean should use email tracking tools.
Sean should use Sublist3r tool
What is the output returned by search engines when extracting critical details about a target from the internet? Search engine results pages (SERPs). Advanced search operators. Open ports and services. Operating systems, location of web servers, users and passwords.
Search engine results pages.
Which of the following protocols is not vulnerable to sniffing? Telnet and Rlogin Post Office Protocol (POP) Hyper Text Transfer Protocol (HTTP) Secure Sockets Layer (SSL)
Secure Sockets Layer (SSL)
Bayron is the CEO of a medium size company with regional operations in America. He recently hired a security analyst to implement an ISMS. This analyst will design and implement patch management, Vulnerability management and security incident handler procedures for the company. Which of these is a reactive process? Security incident handler. Patch management. Vulnerability management. A and B are correct.
Security Incident Handler.
Which of the following countermeasures helps in defending against WPA/WPA2 cracking? Avoid using public Wi-Fi networks Make sure to enable two factor authentication Change the default SSID after WLAN configuration Select a random passphrase that is not made up of dictionary words
Select a random passphrase that is not made up of dictionary words
By performing which of the following Jailbreaking techniques does a mobile device start up completely, and it will no longer have a patched kernel after a user turns the device off and back on? Untethered Jailbreaking Semi-Tethered Jailbreaking Tethered Jailbreaking None of the Above
Semi-Tethered Jailbreaking
Which honeypot detection tools has following features: Checks lists of HTTPS, SOCKS4, and SOCKS5 proxies with any ports Checks several remote or local proxylists at once Can upload "Valid proxies" and "All except honeypots" files to FTP Can process proxylists automatically every specified period May be used for usual proxylist validating as well Ostinato WAN Killer WireEdit Send-Safe Honeypot Hunter
Send-Safe Honeypot Hunter
In order to hijack TCP traffic, an attacker has to understand the next sequence and the acknowledge number that the remote computer expects. Explain how the sequence and acknowledgment numbers are incremented during the 3-way handshake process. Sequence and acknowledgment numbers are incremented by one during the 3-way handshake process Sequence and acknowledgment numbers are incremented by two during the 3-way handshake process Sequence number is incremented by one and acknowledge number is not incremented during the 3-way handshake process Sequence number is not incremented and acknowledgment number is incremented by one during the 3-way handshake process
Sequence and acknowledgment numbers are incremented by one during the 3-way handshake process
n which of the following attacks does an attacker steal a CSP's or client's credentials by methods such as phishing, pharming, social engineering, and exploitation of software vulnerabilities? Service Hijacking Using Social Engineering Attacks Wrapping Attack DNS Attack Side Channel Attack
Service Hijacking Using Social Engineering Attacks
When a person (or software) steals, can calculate, or can guess part of the communication channel between client and the server application or protocols used in the communication, he can hijack the ______. Session Channel TCP protocol UDP protocol
Session
Which of the following is not a type of DNS attack? Domain Snipping Session Hijacking Domain Hijacking Cybersquatting
Session Hijacking
Which of the following is not a type of network-level hijacking? Blind Hijacking Man-in-the-Middle: Packet Sniffer Session Hijacking UDP Hijacking
Session Hijacking
Which of the following is a network threat? Privilege escalation. Arbitrary code execution. Session hijacking. SQL injection.
Session Hijacking.
In which of the following processes do the station and access point use the same WEP key to provide authentication, which means that this key should be enabled and configured manually on both the access point and the client? Open-system authentication process Shared key authentication process WPA encryption WEP encryption
Shared key authentication process
Which of the following is not a feature of Mobile Device Management Software? Enforce policies and track inventory Remotely wipe data in the lost or stolen device Sharing confidential data among devices and networks Perform real time monitoring and reporting
Sharing confidential data among devices and networks
If an attacker wants to gather information such as IP address, hostname, ISP, device's location, and the banner of the target IoT device, which of the following tools should he use to do so? Nmap Shodan RIoT vulnerability scanner Foren6
Shodan
Sean works as a penetration tester in ABC firm. He was asked to gather information about the target company. Sean begins with social engineering by following the steps: secretly observe the target to gain critical information. looks at employee's password or PIN code with the help of binoculars or a low-power telescope. Based on the above description, identify the social engineering technique. Shoulder surfing. Dumpster diving. phishing. Tailgating.
Shoulder Surfing.
In which of the following attacks is the practice of spying on the user of a cash-dispensing machine or other electronic device performed in order to obtain their personal identification number, password, and so on? Dumpster diving Piggybacking Tailgating Shoulder surfing
Shoulder surfing
Ron, a customer support intern, exploited default configurations and settings of the off-the-shelf libraries and code used in the company's CRM platform. How will you categorize this attack? Operation System Attack Mis-Configuration Attack Application-level attack Shrink-wrap code attack
Shrink-Wrap code attack.
William has been hired by the ITSec, Inc. to perform web application security testing. He was asked to perform black box penetration testing to test the security of the company's web applications. No information is provided to William about the company's network and infrastructure. William notices that the company website is dynamic and must make use of a backend database. He wants to see if an SQL injection would be possible. As part of the testing, he tries to catch instances where the user input is used as part of an SQL identifier without any input sanitization. Which of the following characters should William use as the input data to catch the above instances? Right square bracket Single quote Double quote Semicolon
Single quote Double quote
In which of the following attacks does the attacker spoofs the source IP address with the victim's IP address and sends large number of ICMP ECHO request packets to an IP broadcast network? Ping of death attack Smurf attack UDP flood attack SYN flood attack
Smurf attack
Jack a malicious hacker wants to break into Brown Co.'s computers and obtain their secret information related to Company's quotations. Jack calls Jane, an accountant at Brown Co., pretending to be an administrator from Brown Co. Jack tells Jane that there has been a problem with some accounts and asks her to verify her password with him "just to double check our records." Jane does not suspect anything amiss, and reveals her password. Jack can now access Brown Co.'s computers with a valid username and password, to steal the confidential company's quotations. Identify the attack performed by Jack? Footprinting Reverse Engineering Social Engineering Scanning
Social Engineering
Information gathered from social networking websites such as Facebook, Twitter, and LinkedIN can be used to launch which of the following types of attacks? Smurf attack. social engineering attack. SQL injection attack. Distributed denial of service attack.
Social Engineering attack.
Jacob Hacker wants to infect the network of a competitor with a worm virus. He sets the worm to autoexecute and loads 50 copies of the worm onto 50 separate USB drives. He drives to the competitor's campus and drops the USB keys at various locations around the campus. He waits for random employees to pick it up and who might check to see what is on them by plugging them into their computer. Once an employee has inserted the key, the worm autoexecutes and the network is infected. What type of attack is described here? Social engineering Virus attack Distributed Denial-of-Service (DDoS) attack Brute force attack
Social engineering
A security consultant decides to scrutinize the information by categorizing information as top secret, proprietary, for internal use only, for public use, etc. Which of the following attack can be mitigated using such countermeasure? Forensic attack Address Resolution Protocol (ARP) spoofing attack Social engineering attack Scanning attack
Social engineering attack
Which of the following is a generic exploit designed to perform advanced attacks against human elements to compromise a target to offer sensitive information? NetScanTools Pro Wireshark Social-engineer toolkit (SET) Cain and Abel
Social-engineer toolkit (SET)
John is a college dropout and spends most of his time on social networking sites looking for the people living in the city and gather their details. One day, he saw a girl's profile and found her email ID from her timeline. John sent her a mail stating that he possessed her private photos and if she fails to provide him with her bank account details, he will upload those images to social networking sites. What type of social engineering attack does John attempt on the girl? Vishing Spear Phishing Whaling Pharming
Spear Phishing
Which of the following techniques refers to the art of hiding data "behind" other data without the target's knowledge? Scanning. Enumeration. Footprinting. Steganography
Steganography.
In which of the following identity thefts does an attacker acquire information from different victims to create a new identity? Tax identity theft Identity cloning and concealment Synthetic identity theft Social identity theft
Synthetic identity theft
Which of the following processes refers to taking a snapshot of the system at the time the malware analysis begins? Sandboxing System baselining Windows services monitoring API call monitoring
System baselining
Which of the following protocols provides reliable multiprocess communication service in a multinetwork environment? UDP TCP SMTP SNMP
TCP
Smith, a network security administrator, is configuring routers in his organization to protect the network from DoS attacks. Which router feature can he use to prevent SYN flooding effectively? Ingress Filtering Egress Filtering TCP Intercept Mac Address Filtering
TCP Intercept
What is the port number used by DNS servers to perform DNS zone transfer? TCP/UPD 135. UDP 137. TCP 139. TCP/UDP 53.
TCP/UDP 53.
Which of the following Encryption technique is used in WPA? RSA TKIP AES DES
TKIP
Which of the following defines the role of a root certificate authority (CA) in a public key infrastructure (PKI)? The root CA is the recovery agent used to encrypt data when a user's certificate is lost. The root CA stores the user's hash value for safekeeping. The CA is the trusted root that issues certificates. The root CA is used to encrypt e-mail messages to prevent unintended disclosure of data.
The CA is the trusted root that issues certificates.
Siya is using a tool to defend critical data and applications without affecting performance and productivity. Following are the features of the tool: Pre-built, real-time reports that display big-picture analyses on traffic, top applications, and filtered attack events. Permits to see, control, and leverage the rules, shared services, and profiles of all the firewall devices throughout the network. Comprises of in-line, bump-in-the-wire intrusion prevention system with layer two fallback capabilities. Gives an overview of current performance for all HP systems in the network, including launch capabilities into targeted management applications by using monitors. Identify the tool used by Siya- TippingPoint IPS AlienVault® OSSIM™ Zimperium's zIPS™ Wifi Inspector
TippingPoint IPS
What is the sole purpose of writing destructive Trojans? To stop the working of security programs such as firewall and IDS To trick the victim to install the malicious application To randomly delete files, folders, registry entries, and local and network drives To copying itself to the system and create a scheduled task that executes the copied payload
To randomly delete files, folders, registry entries, and local and network drives
Which of the following Utility uses the ICMP protocol concept and Time to Live ("TTL") field of IP header to find the path of the target host in the network? whois traceroute dns lookup TCP/IP
TraceRoute.
which of the following tools are useful in extracting information about the geographical location of routers, servers, and IP devices in a network? Traceroute Tools. DNS lookup tools Whois Lookup tools Email tracking tools.
Traceroute Tools
SQL injection attacks do not exploit a specific software vulnerability; instead they target websites that do not follow secure coding practices for accessing and manipulating data stored in a relational database. True False
True
An IT security engineer notices that the company's web server is currently being hacked. What should the engineer do next? Unplug the network connection on the company's web server. Determine the origin of the attack and launch a counterattack. Record as much information as possible from the attack perform a system restart on the company's web server.
Unplug the network connection on the company's web server.
Which of the following terms refers to the existence of a weakness, design flaw, or implementation error that can lead to an unexpected event compromising the security of the system? Exploit Hacking Vulnerability Zero-Day Attack
Vulnerability
Once an attacker gathers information about a target device in the first phase, what is the second phase in IoT device hacking? Gain access Information gathering Maintain access Vulnerability scanning
Vulnerability scanning
Which of the following consists of 40/104 bit Encryption Key Length? WPA WEP RSA WPA2
WEP
Which of the following is not a remote access Trojan? Theef Netwire Kedi RAT Wingbird
Wingbird
which of the following can be categorized as a host based threat? IDs bypass distributed denial of service privilege escalation man in the middle attack
privilege escalation
Which NMAP command combination would let a tester scan every TCP port from a class C network that is blocking ICMP with fingerprinting and service detection? A. NMAP -PN -A -O -sS 192.168.2.0/24 B. NMAP -P0 -A -O -p1-65535 192.168.0/24 C. NMAP -P0 -A -sT -p0-65535 192.168.0/16 D. NMAP -PN -O -sS -p 1-1024 192.168.0/8
A: NMAP -PN -A -O -sS 192.168.2.0/24
There are one hundred employees who work from their home offices. Employees who work from home use their own computers, laptops, and personal smartphones. They authenticate to a cloud-based domain service, which is synchronized with the corporate internal domain service. The computers are updated and patched through the cloud-based domain service. Applocker is not used to restrict the installation of third-party applications. The database that hosts the information collected from the insurance application is hosted on a cloud-based file server, and their email servier is hosted on office 365. Other files created by employees get saved to a cloud-based file server, and the company uses work folders to synchronize offline copies back to their devices. A competitor learns that employees use their own personal smartphones to communicate with other employees of Highlander, incorporated. Which information security attack vector should the competitor use to gather information over a long period of time from the phones, without the victim being aware that he or she has been compromised? APT Viruses and worms mobile threats Botnet
APT
Which of the following attack vectors is a network attack in which an unauthorized person gains access to a network and stays there undetected for a long period of time? The intention of this attack is to steal data rather than to cause damage to the network or organization APT mobile threats botnet insider attack
APT
During the penetration testing, Marin identified a web application that could be exploited to gain the root shell on the remote machine. The only problem was that in order to do that he would have to know at least one username and password usable in the application. Unfortunately, guessing usernames and brute-forcing passwords did not work. Marin does not want to give up his attempts. Since this web application, was being used by almost all users in the company and was using http protocol, so he decided to use Cain & Abel tool in order to identify at least one username and password. After a few minutes, the first username and password popped-up and he successfully exploited the web application and the physical machine. What type of attack did he use in order to find the username and password to access the web application? ARP spoofing DNS spoofing TCP protocol hijacking UDP protocol hijacking
ARP spoofing
Ivan works as security consultant at "Ask Us Intl." One of his clients is under a large-scale volume-based DDoS attack, and they have to decide how to deal with the issue. They have some DDoS appliances that are currently not configured. They also have a good communication channel with providers, and some of the providers have fast network connections. In an ideal scenario, what would be the best option to deal with this attack. Bear in mind that this is a volume-based DDoS attack with at least 1 000 000 bots sending the traffic from the entire globe! Absorb the attack Block the traffic at the provider level Filter the traffic at the provider level Filter the traffic at the company's internet facing routers
Absorb the attack
What type of OS fingerprinting technique sends specially crafted packets to the remote OS and analyzes the received response? A. Passive B. Reflective C. Active D. Distributive
Active
An NMAP scan of a sever shows port 25 is open. What risk could this pose? Open printer sharing. Web portal data leak. Clear Text Authentication. Active Mail Relay.
Active Mail Relay.
Which among the following is not a metric for measuring vulnerabilities in common vulnerability scoring system (CVSS)? Base metrics. Active Metrics. Temporal metrics. Environmental metrics.
Active Metrics.
Sarah is facing one of the biggest challenges in her career—she has to design the early warning DDoS detection techniques for her employer. She starts with the network analysis and detection of an increase in activity levels and analyzing the network flows (focusing on network's packet header information). Her idea is to try to spot the increase in specific traffic, which is above normal traffic rate for this specific network flow. Which DDoS detection technique is she trying to implement? Activity profiling Change-point detection Wavelet-based signal analysis NetFlow detection
Activity profiling
Which of the following is an attack detection technique that monitors the network packet's header information? This technique also determines the increase in overall number of distinct clusters and activity levels among the network flow clusters? Activity profiling Wavelet-based signal analysis Sequential Change-point detection Ping of death attack
Activity profiling
A tester is attempting to capture and analyze the traffic on a given network and realizes that the network has several switches. What could be used to successfully sniff the traffic on this switched network? (Choose three.) Address Resolution Protocol (ARP) spoofing MAC duplication MAC flooding SYN flooding Reverse smurf attack ARP broadcasting
Address Resolution Protocol (ARP) spoofing MAC duplication MAC flooding
Which of the following .dll file is used by the Zeus Trojan to access and manipulate Service Manager and Registry on a victim machine? Kernel32.dll Advapi32.dll User32.dll n32dll.dll
Advapi32.dll
Martha is a network administrator in company named "Dubrovnik Walls Ltd." She realizes that her network is under a DDoS attack. After careful analysis, she realizes that large amount of HTTP POST requests are being sent to the web servers behind the WAF. The traffic is not legitimate, since the web application requires workflow to be finished in order to send the data with the POST request, and this workflow data is missing. So, What type of DDoS attack is this? Application layer attack Volume (volumetric) attack Protocol attack SYN flood attack
Application layer attack
Which of the following items is unique to the N-tier architecture method of designing software applications? Application layers can be separated, allowing each layer to be upgraded independently from other layers. it is compatible with various databases including Access, Oracle, and SQL. Data security is tied into each layer and must be updated for all layers when an upgrade is performed. Application layers can be written in C, ASP.Net, or Delphi without any performance loss
Application layers can be separated, allowing each layer to be upgraded independently from other layers.
Bob is trying to access his friend Jason's email account without his knowledge. He guesses and tries random passwords to log into the email account resulting in the lockdown of the email account for the next 24 hours. Now, if Jason tries to access his account even with his genuine password, he cannot access the email account for the next 24 hours. How can you categorize this DoS? Bandwidth attack Permanent Denial-of-Service (PDoS) attack Application-level attack Peer-to-Peer attack
Application-level attack
Select all correct answers. To defend against SQL injection, a developer needs to take proper actions in configuring and developing an application. Select all correct statements that help in defending against SQL injection attacks. Avoid constructing dynamic SQL with concatenated Input values Ensure that the Web configuration files for each application do not contain sensitive information Keep untrusted data separate from commands and queries Apply input validation only on the client-side
Avoid constructing dynamic SQL with concatenated Input values Ensure that the Web configuration files for each application do not contain sensitive information Keep untrusted data separate from commands and queries
Which term is used to refer service announcements provided by services in response to connection requests and often carry vendor's version of information? Port Banner Network discovery phase Scanning phase
Banner
A security engineer at a medium-sized accounting firm has been tasked with discovering how much information can be obtained from the firm's public facing webservers. The engineer decides to start by using netcat to port 80. The engineer receives this output: HTTP/1.1 200 OK Server: Microsoft-IIS/6 Expires: Tue, 17 Jan 2017 01:41:33 GMT Date: Mon, 16 Jan 2017 01:41:33 GMT Content-Type: text/html Accept-Ranges: bytes Last-Modified: Wed, 28 Dec 2010 15:32:21 GMT ETag: "b0aac0542e25c31:89d" Content-Length: 7369 Which of the following is an example of what the engineer performed? Cross-site scripting Banner grabbing SQL injection Whois database query
Banner grabbing
Marina is a malware analyst with a bank in London. One day, she suspects a file to be a malware and tries to perform static analysis to identify its nature. She wants to analyze the suspicious file and extract the embedded strings in the file into a readable format. Which of the following tool can she use to perform this task? BinText UPX ASPack PE Explorer
BinText
A hacker wants to encrypt and compress 32-bit executables and .NET apps without affecting their direct functionality. Which of the following cryptor tools should be used by the hacker? BitCrypter Hidden sight crypter Cypherx Java crypter
BitCrypter
Which of the following techniques can be used to prevent a botnet attack? Black hole filtering Port scanning Information gathering Physical security
Black hole filtering
Which of the following terms is used to refer the technique that uses aggressive SEO tactics such as keyword stuffing, doorway pages, page swapping, and adding unrelated keywords to get higher search engine ranking for their malware pages? Drive-by Downloads Blackhat Search Engine Optimization (SEO) Malvertising Spear Phishing
Blackhat Search Engine Optimization (SEO)
Out of the following, which network-level session hijacking technique can be used to inject malicious data or commands into the intercepted communications in a TCP session? UDP Hijacking RST Hijacking Blind Hijacking TCP/IP Hijacking
Blind Hijacking
Which of the following attacks is time-intensive because the database should generate a new statement for each newly recovered bit? Blind SQL Injection UNION SQL Injection Error Based SQL Injection In-band SQL Injection
Blind SQL Injection
Javier works as a security analyst for a small company. He has heard about a new threat; a new malware that the antivirus does not detect yet. Javier has the hash for the new virus. What can Javier do to proactively protect his company? Block with the antivirus anything that presents the same hash of the malware Wait for the antivirus company to release a new version Generate his own new version of the antivirus with the malware hash Send the hash information to the antivirus company
Block with the antivirus anything that presents the same hash of the malware
Name an attack where the attacker connects to nearby devices and exploits the vulnerabilities of the Bluetooth protocol to compromise the device? Rolling code attack Jamming attack DDoS attack BlueBorne attack
BlueBorne attack
An attacker collects the make and model of target Bluetooth-enabled devices analyzes them in an attempt to find out whether the devices are in the range of vulnerability to exploit. Identify which type of attack is performed on Bluetooth devices. BlueSniff Bluebugging BluePrinting MAC Spoofing Attack
BluePrinting
Fill in the blank. _________ is the art of collecting information about Bluetooth enabled devices such as manufacturer, device model and firmware version. BluePrinting Bluejacking Bluebugging BlueSniff
BluePrinting
Which of the following Bluetooth attack allows attacker to gain remote access to a target Bluetooth-enabled device without the victim being aware of it? Bluebugging Bluesmacking BluePrinting Bluejacking
Bluebugging
Which of the following mobile Bluetooth attacks enables an attacker to gain remote access to the victims mobile and use its features without the victim's knowledge or consent? Bluesnarfing Bluesmacking Bluebugging BlueSniff
Bluebugging
Which of the following terms is used to describe an attack in which an attacker gains remote access to a target Bluetooth-enabled device without the victim being aware of it? Bluesmacking Bluejacking Bluesnarfing Bluebugging
Bluebugging
Thomas is a cyber thief trying to hack Bluetooth-enabled devices at public places. He decided to hack Bluetooth-enabled devices by using a DoS attack. He started sending an oversized ping packet to a victim's device, causing a buffer overflow and finally succeeded. What type of Bluetooth device attack is Thomas most likely performing? Bluesmacking Bluejacking Blue Snarfing Bluebugging
Bluesmacking
If an attacker is able to access the email contact list, text messages, photos, etc. on your mobile device, then what type of attack did the attacker employ? Bluesnarfing Bluesmacking Bluebugging BlueSniff
Bluesnarfing
In which of the following attacks does the attacker exploit the vulnerability in the Object Exchange (OBEX) protocol that Bluetooth uses to exchange information? BlueSniff Bluesnarfing Bluejacking Bluebugging
Bluesnarfing
How does an attacker perform social engineered clickjacking attack? By mimicking legitimate institutions, such as banks, in an attempt to steal passwords and credit card By injecting malware into legitimate-looking websites to trick users by clicking them By attaching a malicious file to an e-mail and sending the e-mail to a multiple target address By exploiting flaws in browser software to install malware merely by visiting a website
By injecting malware into legitimate-looking websites to trick users by clicking them
In what way do the attackers identify the presence of layer 7 tar pits? By looking at the latency of the response from the service By analyzing the TCP window size By looking at the responses with unique MAC address 0:0:f:ff:ff:ff By looking at the IEEE standards for the current range of MAC addresses
By looking at the latency of the response from the service
An attacker sends an e-mail containing a malicious Microsoft office document to target WWW/FTP servers and embed Trojan horse files as software installation files, mobile phone software, and so on to lure a user to access them. Identify by which method the attacker is trying to bypass the firewall. Bypassing firewall through external systems Bypassing firewall through MITM attack Bypassing firewall through content Bypassing WAF using XSS attack
Bypassing firewall through content
A corporation hired an ethical hacker to test if it is possible to obtain users' login credentials using methods other than social engineering. The ethical hacker is working on Windows system and trying to obtain login credentials. He decided to sniff and capture network traffic using an automated tool and use the same tool to crack the passwords of users. Which of the following techniques can be employed by the ethical hacker? Capture every users' traffic with Ettercap. Capture LANMAN Hashes and crack them with L0phtCrack. Guess passwords using Medusa or Hydra against a network service. Capture administrators' RDP traffic and decode it with Cain and Abel.
Capture administrators' RDP traffic and decode it with Cain and Abel.
An attacker sniffs encrypted traffic from the network and is subsequently able to decrypt it. Which cryptanalytic technique can the attacker use now in his attempt to discover the encryption key? Birthday attack Known plaintext attack Meet in the middle attack Chosen ciphertext attack
Chosen ciphertext attack
An attacker has captured a target file that is encrypted with public key cryptography. Which of the attacks below is likely to be used to crack the target file? Timing attack Replay attack Memory trade-off attack Chosen plain-text attack
Chosen plain-text attack
An attacker breaks an n bit key cipher into 2 n/2 number of operations in order to recover the key. Which cryptography attack is he performing? Known-plaintext attack Rubber hose attack Chosen-key attack Timing attack
Chosen-key attack
The database that hosts the information collected from the insurance application is hosted on a cloud-based file server, and their email server is hosted on office 365. Other files created by employees get saved to a cloud-based file server, and the company uses work folders to synchronize offline copies back to their devices. Based on the knowledge of the network topology and trends in network security, what would be the primary target of a hacker trying to compromise highlander? cloud based file server company desktops personal laptops personal smartphones
Cloud based file server
Which property ensures that a hash function will not produce the same hashed value for two different messages? Collision resistance Bit length Key strength Entropy
Collision resistance
Mark is working as a penetration tester in InfoSEC, Inc. One day, he notices that the traffic on the internal wireless router suddenly increases by more than 50%. He knows that the company is using a wireless 802.11 a/b/g/n/ac network. He decided to capture live packets and browse the traffic to investigate the issue to find out the actual cause. Which of the following tools should Mark use to monitor the wireless network? CommView for WiFi WiFiFoFum BlueScanner WiFish Finder
CommView for WiFi
What is the name of the international standard that establishes a baseline level of confidence in the security functionality of IT products by providing a set of requirements for evaluation? Blue Book ISO 26029 Common Criteria The wassenaar agreement
Common Criteria
You are performing a xmas scan with NMAP. You are in a hurry and conducting the scans at the fastest possible speed. However, you don't want to sacrifice reliability for speed. If stealth is not an issue, what type of can should you run to get very reliable results? Stealth Scan. XMAS Scan. Fragmented Packet Scan. Connect Scan.
Connect Scan.
Which of the following can pose a risk to mobile platform security? Install applications from trusted application stores Securely wipe or delete the data when disposing of the device Disable wireless access such as Wi-Fi and Bluetooth, if not in use Connecting two separate networks such as Wi-Fi and Bluetooth simultaneously
Connecting two separate networks such as Wi-Fi and Bluetooth simultaneously
In which of the following layers of wireless security does per frame/packet authentication provide protection against MITM attacks? Device Security Data Protection Connection Security Wireless Signal Security
Connection Security
When an alert rule is matched in a network-based IDS like snort, the IDS does which of the following. Drops the packet and moves on to the next one Continues to evaluate the packet until all rules are checked Stops checking rules, sends an alert, and lets the packet continue Blocks the connection with the source IP address in the packet
Continues to evaluate the packet until all rules are checked
Jacob Hacker is a disgruntled employee and is fired from his position as a network engineer. He downloads a program outside the company that transmits a very small packet to his former company's router, thus overloading the router and causing lengthy delays in operational service of his former company. He loads the program on a bunch of computers at several public libraries and executes them. What type of attack is this? DDoS attack Man-in-the-middle attack HTTP response-splitting attack SSH Brute-Force attack
DDoS attack
Name an attack where an attacker uses an army of botnets to target a single online service or system. Sybil attack Replay attack DDoS attack Side channel attack
DDoS attack
In which of the following attacks, does an attacker divert a user to a spoofed website by poisoning the DNS server or the DNS cache on the user's system? Cybersquatting Domain Hijacking Domain Snipping DNS Poisoning
DNS Poisoning
If an attacker compromises a DNS server and changes the DNS settings so that all the requests coming to the target webserver are redirected to his/her own malicious server, then which attack did he perform? DNS server hijacking DoS attack DNS amplification attack HTTP response splitting attack
DNS server hijacking
Which protocol defines the payload formats, types of exchange, and naming conventions for security information such as cryptographic algorithm or security policies. Identify from the following options. AH ESP DOI ISAKMP
DOI
A systems administrator in a small company named "We are Secure Ltd." has a problem with their Internet connection. The following are the symptoms: The speed of the Internet connection is slow (so slow that it is unusable). The router connecting the company to the Internet is accessible and it is showing large amount of router solicitation messages from neighboring routers even though the router is not supposed to receive any of these messages. What type of attack is this? DRDoS (Distributed Reflected Denial of Service) DoS (Denial of Service) DDoS (Distributed Denial of Service) MitM (Man in the Middle)
DRDoS (Distributed Reflected Denial of Service)
Sniffers work at which of the following open systems interconnect (OSI) layers? Data link layer Presentation layer Transport layer Application layer
Data link layer
Which tool is used to automate SQL injections and exploit a database by forcing a given web application to connect to another database controlled by a hacker? DataThief NetCat Cain and Abel Nmap
DataThief
Which of the following does not fall under the scope of ethical hacking? Risk assessment Vulnerability scanning Pen Testing Defense-in-depth implementation
Defense in depth implementation
An ethical hacker for a large security research firm performs penetration tests, vulnerability tests, and risk assessments. A friend recently started a company and asks the hacker to perform a penetration test and vulnerability assessment of the new company as a favor. What should the hacker's next step be before starting work on this job? Start by footprinting the network and mapping out a plan of attack. defined the penetration testing scope. begin the reconnaissance phase with passive information gathering and then move into active information gathering. use social engineering techniques on the friend's employees to help identity areas that may be susceptible to attack.
Define the penetration testing scope.
Which of the following DoS/DDoS countermeasures strategy can you implement using a honeypot? Deflecting attacks Absorbing attacks Mitigating attacks Degrading services
Deflecting attacks
What is the DoS/DDoS countermeasure strategy to at least keep the critical services functional? Absorbing the attack Degrading services Shutting down the services Deflecting attacks
Degrading services
Which of the following availability attacks involve exploiting the CSMA/CA Clear Channel Assessment (CCA) mechanism to make a channel appear busy? Beacon Flood Routing Attack Authenticate Flood Denial-of-Service
Denial-of-Service
Which type of assessment tools are used to find and identify previously unknown vulnerabilities in a system? Depth assessment tools. Scope assessment tools. Application-layer vulnerability assessment tools. Active scanning tools.
Depth Assessment tools.
in the software security development lifecycle, threat modeling occurs in which phase? design. requirements. verification. implementation.
Design.
Name the communication model, where the IoT devices use protocols such as ZigBee, Z-Wave or Bluetooth, to interact with each other? Device-to-Device Communication Model Device-to-Cloud Communication Model Device-to-Gateway Communication Model Back-End Data-Sharing Communication Model
Device-to-Device Communication Model
Name the communication model where the IoT devices communicate with the cloud service through gateways? Device-to-device communication model Device-to-cloud communication model Device-to-gateway communication model Back-end data-sharing communication model
Device-to-gateway communication model
Which of the following tools can be used to protect private data and home networks while preventing unauthorized access using PKI-based security solutions for IoT devices? DigiCert IoT Security Solution SeaCat.io Censys Firmalyzer Enterprise
DigiCert IoT Security Solution
In which of the following is the original data signal multiplied with a pseudo random noise spreading code? Orthogonal Frequency-division Multiplexing (OFDM) Multiple input, multiple output orthogonal frequency-division multiplexing (MIMO-OFDM) Direct-sequence Spread Spectrum (DSSS) Frequency-hopping Spread Spectrum (FHSS)
Direct-sequence Spread Spectrum (DSSS)
If an attacker uses ../ (dot-dot-slash) sequence to access restricted directories outside of the webserver root directory, then which attack did he perform? DNS amplification attack DoS attack Directory traversal attack HTTP response splitting attack
Directory traversal attack
Which of the following techniques is used by attackers to clear online tracks? disable Lan Manager. Disable the user account. Disable LMNR and NBT-NS services. Disable Auditing.
Disable Auditing.
Which of the following statements is not true for securing iOS devices? Do not jailbreak or root your device if used within enterprise environments Disable Jailbreak detection Do not store sensitive data on client-side database Disable Javascript and add-ons from web browser
Disable Jailbreak detection
In order to protect a device against insecure network services vulnerability, which of the following solutions should be implemented? Enable two-factor authentication End-to-end encryption Disable UPnP Implement secure password recovery mechanisms
Disable UPnP
Which of the following is not a countermeasure for phishing attacks? Do not click on any links included in the SMS Disable the "block texts from the internet" feature from your provider Never reply to a SMS that urges you to act or respond quickly Review the bank's policy on sending SMS
Disable the "block texts from the internet" feature from your provider
Identify the type of DDoS attack from the following diagram: attacker master slave reflector target Permanent Denial-of-Service attack Peer-to-Peer attack Distributed reflection denial-of-service (DRDoS) attack Phlashing attack
Distributed reflection denial-of-service (DRDoS) attack
A systems administrator in a small company named "We are Secure Ltd." has a problem with their Internet connection. The following are the symptoms: the speed of the Internet connection is slow (so slow that it is unusable). The router connecting the company to the Internet is accessible and it is showing a large amount of SYN packets flowing from one single IP address. The company's Internet speed is only 5 Mbps, which is usually enough during normal working hours. What type of attack is this? DoS DDoS DRDoS MitM
DoS
An attacker sends numerous fake requests to the webserver from various random systems that results in the webserver crashing or becoming unavailable to the legitimate users. Which attack did the attacker perform? DNS server hijacking DoS attack DNS amplification attack HTTP response splitting attack
DoS attack
Which of the following steganography techniques allows the user to add white spaces and tabs at the end of the lines? Image Steganography. Document Steganography. Folder Steganography. Video Steganography.
Document Steganography.
Which of the following stores critical HTML files related to the webpages of a domain name that will be served in response to requests? Document root Server root Virtual document tree Web proxy
Document root
Out of the following, which is not an active sniffing technique? MAC flooding Domain snipping Spoofing attack Switch port stealing
Domain snipping
James has published personal information about all senior executives of Essential Securities Bank on his blog website. He has collected all this information from multiple social media websites and publicly accessible databases. What is this known as? Doxing Social Engineering Phishing Impersonation
Doxing
Steven, a wireless network administrator, has just finished setting up his company's wireless network. He has enabled various security features such as changing the default SSID and enabling strong encryption on the company's wireless router. Steven decides to test the wireless network for confidentiality attacks to check whether an attacker can intercept information sent over wireless associations, whether sent in clear text or encrypted by Wi-Fi protocols. As a part of testing, he tries to capture and decode unprotected application traffic to obtain potentially sensitive information using hardware or software tools such as Ettercap, Kismet, Wireshark, etc. What type of wireless confidentiality attack is Steven trying to do? Eavesdropping Evil twin AP Masquerading WEP Key Cracking
Eavesdropping
Proper communication and storage encryption, no default credentials, strong passwords, and up-to-date components are the security considerations for which of the following component? Mobile Cloud Platform Edge Gateway
Edge
Which of the following IoT architecture layers consists of all the hardware parts like sensors, RFID tags, readers or other soft sensors, and the device itself? Access gateway layer Edge technology layer Internet layer Middleware layer Application layer
Edge technology layer
Which of the following tools allows an attacker to extract information such as sender identity, mail server, sender's IP address, location and so on? Web Updates Monitoring Tools Metadata Extraction Tols Website Mirroring Tools Email Tracking Tools.
Email Tracking Tools.
Detective security controls detect and react appropriately to the incidents that happen on the cloud system. Which of the following is an example of detective security controls? Implementing strong authentication mechanism Restoring system backups Employing IDSs and IPSs Identifying warning sign on the fence
Employing IDSs and IPSs
There is a WEP encrypted wireless AP with no clients connected. In order to crack the WEP key, a fake authentication needs to be performed. Which of the following steps need to be performed by the attacker for generating fake authentication? Set the wireless interface to monitor mode Ensure association of source MAC address with the AP Capture the IVs Use cracking tools
Ensure association of source MAC address with the AP
Jonathan, a solutions architect with a start-up, was asked to redesign the company's web infrastructure to meet the growing customer demands. He proposed the following architecture to the management. proxy--> app server--> proxy--> DB What is Jonathan's primary objective? proper user authentication ensuring high availiability ensuring integrity of the application servers ensuring confidentiality of the data.
Ensuring High Availability.
Which of the following Rootkit Trojans performs targeted attacks against various organizations and arrives on the infected system by being downloaded and executed by the Trickler dubbed "DoubleFantasy," covered by TSL20110614-01 (Trojan.Win32.Micstus.A)? GrayFish rootkit Hardware/firmware rootkit Boot loader level rootkitc EquationDrug rootkit
EquationDrug rootkit
Identify the reason why Web Applications are vulnerable to SQL injection attacks? Error messages reveal important information Tests the content of string variables and accept only expected values Reject entries that contain binary data, escape sequences, and comment characters Avoid constructing dynamic SQL with concatenated input values
Error messages reveal important information
Highlander, incorporated, decide to hire an ethical hacker to identify vulnerabilities at the regional locations and ensure system security. What is the main difference between a hacker and an ethical hacker when they are trying to compromise the regional offices? Ethical hackers have the permission of upper management. Ethical hackers have the permission of the regional server administrators. hackers have more sophisticated tools. Hackers don't have any knowledge of the network before they compromise the network.
Ethical hackers have the permission of upper management.
Why is ethical hacking necessary? (Select two) Ethical hackers try to find what an intruder can see on the system under evaluation. ethical hackers are responsible for selecting security solutions and try to verify the ROI of security systems. Ethical hackers try to find if all the components of information systems are adequately protected, updated, and patched. ethical hackers are responsible for incident handling and response in the organization.
Ethical hackers try to find what an intruder can see on the system under evaluation. Ethical hackers try to find if all the components of information systems are adequately protected, updated, and patched.
John is a pen tester working with an information security consultant based in Paris. As part of a penetration testing assignment, he was asked to perform wireless penetration testing for a large MNC. John knows that the company provides free Wi-Fi access to its employees on the company premises. He sets up a rogue wireless access point with the same SSID as that of the company's Wi-Fi network just outside the company premises. He sets up this rogue access point using the tools that he has and hopes that the employees might connect to it. What type of wireless confidentiality attack is John trying to do? Evil Twin AP KRACK Attack War Driving WEP Cracking
Evil Twin AP
Which of the following tools can be used by a pentester to test the security of web applications? Fiddler BetterCAP MITMf Cain & Abel
Fiddler
Which of the following is considered as the method of transmitting radio signals by rapidly switching a carrier among many frequency channels? Orthogonal Frequency-division Multiplexing (OFDM) Multiple input, multiple output orthogonal frequency-division multiplexing (MIMO-OFDM) Direct-sequence Spread Spectrum (DSSS) Frequency-hopping Spread Spectrum (FHSS)
Frequency-hopping Spread Spectrum (FHSS)
Juan is the administrator of a Windows domain for a global corporation. He uses his knowledge to scan the internal network to find vulnerabilities without the authorization of his boss; he tries to perform an attack and gain access to an AIX server to sow the results to his boss. What kind of role is shown in his scenario? Gray hat hacker black hat hacker white hat hacker annoying employee
Gray Hat Hacker
Which of the following tools is used by an attacker to perform website mirroring? Nessus Hydra Netcraft HTTrack
HTTrack
Which of the following IoT devices is included in the buildings service sector? HVAC, transport, fire and safety, lighting, security, access, etc. Turbines, windmills, UPS, batteries, generators, meters, drills, fuel cells, etc. Digital cameras, power systems, MID, e-readers, dishwashers, desktop computers, etc. MRI, PDAs, implants, surgical equipment, pumps, monitors, telemedicine, etc.
HVAC, transport, fire and safety, lighting, security, access, etc.
Using which one of the following tools can an attacker perform BlueBorne or airborne attacks such as replay, fuzzing, and jamming? Zigbee framework RIoT vulnerability scanning HackRF one Foren6
HackRF one
Individuals who promote security awareness a political agenda by performing hacking are known as: Hacktivist Cyber Terrorists Script Kiddies Suicide hackers
Hacktivist
If you are responsible for securing a network from any type of attack and if you have found that one of your employees is able to access any website that may lead to clickjacking, attacks, what would you do to avoid the attacks? Harden browser permission rules Delete Cookies Configure Application certification rules Enable Remote Management
Harden browser permission rules
If a tester is attempting to ping a target that exists but receives no response or a response that states the destination is unreachable, ICMP may be disabled and the network may be using TCP. Which other option could the tester use to get a response from a host using TCP? A. Hping B. Traceroute C. TCP ping D. Broadcast ping
Hping.
Don Parker, a security analyst, is hired to perform a DoS test on a company. Which of the following tools can he successfully utilize to perform this task? Hping3 Cain and Abel Recon-ng N-Stalker
Hping3
Which of the following Hping3 command is used to perform ACK scan? Hping3 -1 <IP Address> -p 80. Hping3 -A <IP Address> -p 80. Hping3 -2 <IP ADdress> -p 80. Hping3 -8 50-60 -S <IP Address> -V.
Hping3 -A <IP Address> -p 80.
An attacker is using the scanning tool Hping to scan and identify live hosts, open ports, and services running on a target network. He/she wants to collect all the TCP sequence numbers generated by the target host. Which of the following hping commands he/she needs to use to gather the required information? hping3 <taget IP> -Q -p 139 -s. hping3 -A <target IP> -p 80 hping3 -S <Taget IP> -p 80 --tcp -timestamp. hpting3 -F -P -U 10.0.0.25 -p 80.
Hping3 <target IP> -Q -p 139 -s
which of the following vulnerability repositories is available online and allows attackers access to information about various software vulnerabilities? Http://www.securityfocus.com http://foofus.net. http://project-rainbowcrack.com https://www.tarasco.org.
Http://www.securityfocus.com
You have retrieved the raw hash values from a Windows 2000 Domain Controller. Using social engineering, you come to know that they are enforcing strong passwords. You understand that all users are required to use passwords that are at least 8 characters in length. All passwords must also use 3 of the 4 following categories: lower case letters, capital letters, numbers and special characters. With your existing knowledge of users, likely user account names and the possibility that they will choose the easiest passwords possible, what would be the fastest type of password cracking attack you can run against these hash values and still get results? A. Online Attack B. Dictionary Attack C. Brute Force Attack D. Hybrid Attack
Hybrid attack.
An attacker wants to crack passwords using attack techniques like brute-forcing, dictionary attack, and password guessing attack. What tool should he use to achieve his objective? Nessus Hydra Burp suite Netcraft
Hydra
Which type of rootkit is created by attackers by exploiting hardware features such as intel VT and AMD-V? Hypervisor level rootkit. Hardware/firmware rootkit. kernel level rootkit. Boot loader level rootkit.
Hypervisor level rootkit.
Which of the following is a hijacking technique where an attacker masquerades as a trusted host to conceal his identity, hijack browsers or websites, or gain unauthorized access to a network? Port-scanning Firewalking IP address spoofing Source routing
IP address spoofing
A security engineer has been asked to deploy a secure remote access solution that will allow employees to connect to the company's internal network. Which of the following can be implemented to minimize the opportunity for a man-in-the-middle attack to occur? SSL Mutual authentication IPSec Static IP addresses
IPSec
Which of the following protocols is the technology for both gateway-to-gateway (lan-to-lan) and host to gateway (remote access) enterprise VPN solutions? SMTP. IPsec. SNMP. NetBIOS.
IPsec.
Which one of the following is a Google Search query used for VoIP footprinting to extract Cisco phone details? Inurl: "ccmuser/logon.asp:. intitle: "D-link voip router" "welcome". inurl:/voice/advanced/ intitle: linksys SPA configuration. Inurl: "NetworkConfiguration" cisco.
Inurl: "NetworkConfiguration" Cisco.
The intrusion detection system at a software development company suddenly started generating multiple alerts regarding attacks against the company's external webserver, VPN concentrator, and DNS servers. What should the security team do to determine which alerts to check first? Investigate based on the maintenance schedule of the affected systems. Investigate based on the service-level agreements of the systems. Investigate based on the potential effect of the incident. Investigate based on the order that the alerts arrived in.
Investigate based on the potential effect of the incident.
During a penetration test, a tester finds a target that is running MS SQL 2000 with default credentials. The tester assumes that the service is running with a local system account. How can this weakness be exploited to access the system? Using the Metasploit psexec module setting the SA/admin credential Invoking the stored procedure xp_shell to spawn a Windows command shell Invoking the stored procedure cmd_shell to spawn a Windows command shell Invoking the stored procedure xp_cmdshell to spawn a Windows command shell
Invoking the stored procedure xp_cmdshell to spawn a Windows command shell
In which of the following cloud computing threats does an attacker try to control operations of other cloud customers to gain illegal access to the data? Privilege Escalation Illegal Access to the cloud Isolation Failure Supply Chain Failure
Isolation Failure
Jamie was asked by their director to make new additions to the firewall in order to allow traffic for a new software package. After the firewall changes, Jamie receives calls from users that they cannot access other services, such as email and file shares, that they were able to access earlier. What was the problem in the latest changes that is denying existing users from accessing network resources? Jamie's additional entries were processed first. Jamie needs to restart the firewall to make the changes effective. Jamie should exit privileged mode to allow the settings to be effective. Jamie needs to have the users restart their computers in order to make settings effective.
Jamie's additional entries were processed first.
Fill in the blank____ type of rootkit is most difficult to detect. Hardware/firmware rootkit. Application rootkit. Hypervisor rootkit. Kernel level rootkit.
Kernel level rootkit.
Riya wants to defend against the polymorphic shellcode problem. What countermeasure should she take against this IDS evasion technique? Configure a remote syslog server and apply strict measures to protect it from malicious users. Disable all FTP connections to or from the network Catalog and review all inbound and outbound traffic Look for the nop opcode other than 0x90
Look for the nop opcode other than 0x90
A hacker, who posed as a heating and air conditioning specialist, was able to install a sniffer program in a switched environment network. Which attack could have been used by the hacker to sniff all of the packets in the network? Fraggle attack MAC flood attack Smurf attack Tear drop attack
MAC flood attack
Which of the following DNS record types helps in DNS footprinting to determine domain's mail server? A NS Cname MX
MX
Which of the following programs is usually targeted at Microsoft Office products? Polymorphic virus Multipart virus Macro virus Stealth virus
Macro virus
Which of the following type of access control determines an access policies of the users and provides that a user can access a resource if he or she has the access rights to that resource? Mandatory access control. Discretionary access control. Role-based access control. Rule-based access control.
Mandatory access control.
Out of the following, which session hijacking detection technique involves using packet-sniffing software such as Wireshark and SteelCentral packet analyzer to monitor session hijacking attacks? Normal Telnet session Manual method Forcing an ARP entry Automatic method
Manual method
During a penetration test, Marin exploited a blind SQLi and exfiltrated session tokens from the database. What can he do with this data? Marin can do Session hijacking Marin can do SQLi (SQL injection) Marin can do XSS (Cross-Site Scripting) Marin can do CSRF (Cross-Site Request Forgery)
Marin can do Session hijacking
Marin was using sslstrip tool for many years against most of the websites, like Gmail, Facebook, Twitter, etc. He was supposed to give a demo on internet (in)security and wanted to show a demo where he can intercept 302 redirects between his machine and Gmail server. But unfortunately it does not work anymore. He tried the same on Facebook and Twitter and the result was the same. He then tried to do it on the company OWA (Outlook Web Access) deployment and it worked! He now wants to use it against Gmail in his demo because CISO thinks that security through obscurity is a best way to a secure system (obviously BAD CISO) and demonstrating something like that on company live system is not allowed. How can Marin use sslstrip or similar tool to strip S from HTTP? Marin can use mitmf tool with sslstrip+ and dnsspoof modules. He should use IE in "InPrivate browsing" mode to ignore the HSTS cookie if the cookie was already stored on his machine, or he can use some older browser version (IE, Firefox, Chrome, Safari, Opera, ...) which didn't use the HSTS cookies. Marin can use mitmf tool with sslstrip+ and dnsspoof modules. He can use any web browser he wants because sslstrip+ can go around HSTS without any additional tool or setting. There is no option which will allow Marin to do that, since HSTS prevents this type of attacks. Marin can use sslstripHSTS tool to do this.
Marin can use mitmf tool with sslstrip+ and dnsspoof modules. He should use IE in "InPrivate browsing" mode to ignore the HSTS cookie if the cookie was already stored on his machine, or he can use some older browser version (IE, Firefox, Chrome, Safari, Opera, ...) which didn't use the HSTS cookies.
Which of the following resources does NMAP need to be used as a basic vulnerability scanner covering several vectors like SMB, HTTP, and FTP? Metasploit scripting engine. Nessus scripting engine. NMAP scripting engine. SAINT scripting engine.
NMAP scripting engine.
Which of the following open source tools would be the best choice to scan a network for potential targets? NMAP Hashcat. Cain & Able. John the Ripper.
NMAP.
Which of the following protocol uses magnetic field induction to enable communication between two electronic devices? LTE-Advanced Near Field Communication (NFC) Multimedia over Coax Alliance (MoCA) Ha-Low
Near Field Communication (NFC)
An attacker wants to exploit a target machine. In order to do this, he needs to identify potential vulnerabilities that are present in the target machine. What tool should he use to achieve his objective? Nessus Hydra Netcraft HTTrack
Nessus
Which of the following tools will scan a network to perform vulnerability checks and compliance auditing? NMAP. Metasploit. Nessus. BeFF.
Nessus
On a Linux device, which of the following commands will start the Nessus client in the background so that the Nessus server can be configured? Nessus +. Nessus *s. Nessus &. Nessus -d
Nessus &.
Sanya is a security analyst in a multinational company who wants to schedule scans across multiple scanners, use wizards to easily and quickly create policies and wants to send results via email to her boss. Which vulnerability assessment tool should she use to get the best results? Recon-ng. FOCA. Wireshark. Nessus Professional.
Nessus Professional
Which of the following tools would be the best choice for achieving compliance with PCI requirement 11? Truecrypt. Sub7. Nessus. Clamwim.
Nessus.
An attacker identified that port 139 on the victim's Windows machine is open and he used that port to identify the resources that can be accessed or viewed on the remote system. What is the protocol that allowed the attacker to perform this enumeration? LDAP NetBios SMTP SNMP
NetBios
Which of the following applications allows attackers to identify the target devices and block the access of Wi-Fi to the victim devices in a network? NetCut Network Spoofer KingoRoot DroidSheep
NetCut
Which of the following firewalls is used to secure mobile device? Comodo firewall Glasswire TinyWall NetPatch firewall
NetPatch firewall
Which of the following Wi-Fi discovery tools facilitates detection of Wireless LANs using the 802.11a/b/g WLAN standards and is commonly used for wardriving, verifying network configurations, finding locations with poor coverage and detecting rouge APs? NetStumbler WeFi AirCrack-NG WifiScanner
NetStumbler
Which tool would be used to collect wireless packet data? NetStumbler John the Ripper Nessus Netcat
NetStumbler
What is the outcome of the command "nc -l 2222 | nc 10.1.0.43 1234"? netcat will listen on the 10.1.0.43 interface for 1234 seconds on port 2222. Netcat will listen on port 2222 and output anything received to a remote connection on 10.1.0.43 on port 1234. Netcat will listen for a connection from 10.1.0.43 on port 1234 and output anything received to port 2222. Netcat will listen on port 2222 and then output anything received to local interface 10.1.0.43
Netcat will listen to port 2222 and output anything received to a remote connection on 10.1.0.43 on port 1234.
A pentester gains access to a Windows application server and needs to determine the settings of the built-in Windows firewall. Which command would be used? Netsh firewall show config WMIC firewall show config Net firewall show config Ipconfig firewall show config
Netsh firewall show config
Stephany is the leader of an information security team of a global corporation that has several branch offices around the world. in the past six months, the company has suffered several security incidents. The CSIRT explains to Stephany that the incidents have something in common; the source IP addresses of all the incidents are from one of the new branches. A lot of the outsourcing staff come to this office to connect their computers to the LAN. What is the most accurate security control to implement to resolve the primary source of the incidents? Network access control (NAC) Internal Firewall Awareness to employees Antimalware application
Network Access Control (NAC)
You have been hired to do an ethical hacking (penetration testing) for a company. Which is the first thing you should do in this process? Network information gathering perimeter testing escalating privileges acquiring target
Network Information Gathering
The components such as NIDS/NIPS, firewalls, DPI, Anti-DDoS, QoS, DNSSEC, and OAuth are included in which of the following cloud security control layers? Applications Layer Management Layer Network Layer Computer and Storage
Network Layer
Which of the following information is collected using enumeration? Network resources, network shares, and machine names. Open ports and services. Email recipient's system IP address and geolocation. Operating Systems, Location of Web Servers, users and Passwords.
Network resources, network shares, and machine names.
John's company is facing a DDoS attack. While analyzing the attack, John has learned that the attack is originating from the entire globe, and filtering the traffic at the Internet Service Provider's (ISP) level is an impossible task to do. After a while, John has observed that his personal computer at home was also compromised similar to that of the company's computers. He observed that his computer is sending large amounts of UDP data directed toward his company's public IPs. John takes his personal computer to work and starts a forensic investigation. Two hours later, he earns crucial information: the infected computer is connecting to the C&C server, and unfortunately, the communication between C&C and the infected computer is encrypted. Therefore, John intentionally lets the infection spread to another machine in his company's secure network, where he can observe and record all the traffic between the Bot software and the Botnet. After thorough analysis he discovered an interesting thing that the initial process of infection downloaded the malware from an FTP server which consists of username and password in cleartext format. John connects to the FTP Server and finds the Botnet software including the C&C on it, with username and password for C&C in configuration file. What can John do with this information? Neutralize handlers Deflect the attack Mitigate the attack Protect Secondary Victims
Neutralize handlers
Which of the following operating systems allows loading a weak dylibs dynamically that is exploited by attackers to place a malicious dylib in the specified location? unix. android. linux. os x.
OS X.
Which evasion technique is used by attackers to encode the attack packet payload in such a way that the destination host can only decode the packet but not the IDS? Obfuscation Session splicing Unicode Evasion Fragmentation Attack
Obfuscation
Which component of the malware conceals the malicious code via various techniques, thus making it hard for security mechanisms to detect or remove it? Downloader Crypter Obfuscator Payload
Obfuscator
Which type of antenna is used in wireless communication? Omnidirectional Parabolic Uni-directional Bi-directional
Omnidirectional
Which of the following technique is used to gather information about the target without direct interaction with the target? Active footprinting. Scanning. Passive footprinting. Enumeration.
Passive footprinting.
A penetration tester was hired to perform a penetration test for a bank. The tester began searching for IP ranges owned by the bank, performing lookups on the bank's DNS severs, reading news articles online about the bank, watching the bank employees time in and out, searching bank's job postings (paying special attention to IT-related jobs), and visiting the local dumpster for the bank's corporate office. What phase of the penetration test is the tester currently in? Information reporting. Vulnerability assessment. Active Information Gathering. Passive information gathering.
Passive information gathering.
Which of the following technique involves sending no packets and just capturing and monitoring the packets flowing in the network? Active sniffing Passive sniffing Port sniffing Network scanning
Passive sniffing
Which of the following terms refers to an advanced form of phishing in which the attacker redirects the connection between the IP address and its target server? Skimming Pretexting Pharming Hacking
Pharming
Jose sends a link to the employee of a target organization, falsely claiming to be from a legitimate site in an attempt to acquire his account information. Identify the attack performed by Jose? Phishing Impersonation Vishing Eavesdropping
Phishing
Which of the following attacks can be performed by Spam messages? Denial-of-Service Attacks Phishing Attacks Bluesnarfing Attacks Wardriving Attacks
Phishing Attacks
Which of the following is NOT a type of DDoS attack? Phishing attack Volume (volumetric) attack Protocol attack Application layer attack
Phishing attack
Which of the following policies addresses the areas listed below: Issue identification (ID) cards and uniforms, along with other access control measures to the employees of a particular organization. Office security or personnel must escort visitors into visitor rooms or lounges. Restrict access to certain areas of an organization in order to prevent unauthorized users from compromising security of sensitive data. Special-access policies Physical security policies Password security policies Defense strategy
Physical security policies
An attacker hides the shellcode by encrypting it with an unknown encryption algorithm and by including the decryption code as part of the attack packet. He encodes the payload and then places a decoder before the payload. Identify the type of attack executed by attacker. ASCII Shellcode Preconnection SYN Polymorphic Shellcode Post-Connection SYN
Polymorphic Shellcode
During malware reverse engineering and analysis, Sheena has identified following characteristics present in the malware: • Self-replicating • Reprograms itself • Cannot be detected by antivirus • Changes the malicious code with each infection What is the type of malware identified by Sheena? Polymorphic Virus Metamorphic Virus Covert Channel Trojan Botnet Trojan
Polymorphic Virus
Which of the following TCP/UDP port is used by the infected devices to spread malicious files to other devices in the network? Port 23 Port 48101 Port 22 Port 53
Port 48101
During a penetration test, Marin discovered a session token that had had the content: 20170801135433_Robert. Why is this session token weak, and what is the name used for this type of vulnerability? Unknown Session Token Predictable Session Token Captured Session Token Date/Time Session Token
Predictable Session Token
A person approaches a network administrator and wants advice on how to send encrypted e-mail from home. The end user does not want to have to pay for any license fees or manage server services. Which of the following is the most secure encryption protocol that the network administrator should recommend? IP Security (IPsec) Multipurpose Internet Mail Extensions (MIME) Pretty Good Privacy (PGP) Hyper Text Transfer Protocol with Secure Socket Layer (HTTPS)
Pretty Good Privacy (PGP)
Which security control role does encryption meet? preventative controls detective controls corrective controls both detective and corrective controls.
Preventative controls
Which security control role does encryption meet? Preventative controls Detective Controls. Corrective Controls Both detective and corrective controls.
Preventative controls.
Which of the following categories of security controls strengthens the system against incidents by minimizing or eliminating vulnerabilities? Deterrent Controls Preventive Controls Detective Controls Corrective Controls
Preventive Controls
Which of the following types of cloud platforms is most secure? Private Hybrid Public Internal
Private
A certificate authority (CA) generates a key pair that will be used for encryption and decryption of e-mails. The integrity of the encrypted e-mail is dependent on the security of which of the following? Public key Private key Modulus length Email server certificate
Private key
Martha is a network administrator in a company named "Dubrovnik Walls Ltd.". She realizes that her network is under a DDoS attack. After careful analysis, she realizes that a large amount of fragmented packets are being sent to the servers present behind the "Internet facing firewall." What type of DDoS attack is this? Protocol attack Volume (volumetric) attack Application layer attack SYN flood attack
Protocol attack
Which of the following is NOT a best practice for cloud security? Verify one's cloud in public domain blacklists Undergo AICPA SAS 70 Type II audits Provide unauthorized server access using security checkpoints Disclose applicable logs and data to customers
Provide unauthorized server access using security checkpoints
Which of the following is a characteristic of public key infrastructure (PKI)? Public-key cryptosystems are faster than symmetric-key cryptosystems. Public-key cryptosystems distribute public-keys within digital signatures. Public-key cryptosystems do not require a secure key distribution channel. Public-key cryptosystems do not provide technical nonrepudiation via digital signatures.
Public-key cryptosystems distribute public-keys within digital signatures.
Passive reconnaissance involves collecting information through which of the following? A. Social engineering B. Network traffic sniffing C. Man in the middle attacks D. Publicly accessible sources
Publicly accessible resources.
Which of the following Encryption techniques is used in WEP? RC4 TKIP AES DES
RC4
Which of the following is optimized for confidential communications, such as bidirectional voice and video? RC4 RC5 MD4 MD5
RC4
Which of the following tools provides comprehensive vulnerability management for mobile devices, smartphone, and tablets? zANTI. FaceNiff. Retina CS for mobile. Pamn IP scanner.
Retina CS for mobile.
What is the name of the code that is used in locking or unlocking a car or a garage and prevents replay attacks? Hex code Polymorphic code Rolling code Unicode
Rolling code
Which of the following processes allows Android users to attain privileged control within Android's subsystem? Jailbreaking Wardriving Rooting Warchalking
Rooting
Which of the following cryptography attack methods is usually performed without the use of a computer? Ciphertext-only attack Chosen key attack Rubber hose attack Rainbow table attack
Rubber hose attack
Which of the following SQL queries is an example of a heavy query used in SQL injection? SELECT Name, Price, Description FROM ITEM_DATA WHERE ITEM_ID = 67 AND 1 = 1 SELECT Name, Phone, Address FROM Users WHERE Id=1 UNION ALL SELECT creditCardNumber,1,1 FROM CreditCardTable SELECT * FROM products WHERE id_product=$id_product SELECT * FROM products WHERE id=1 AND 1 < SELECT count(*) FROM all_users A, all_users B, all_users C
SELECT * FROM products WHERE id=1 AND 1 < SELECT count(*) FROM all_users A, all_users B, all_users C
Which of the following windows service vulnerability does the WannaCry ransomware exploit during the attack on any windows machine? SMB SMTP DNS SNMP
SMB
Stephany is worried because in the past six weeks she has received two and three times the amount of e-mails that she usually receives, and most of it is not related to her work. What kind of problem is Stephany facing? SPAM Malware Phishing External Attack
SPAM
Which of the following is not a mobile platform risk? Malicious Apps in App Store Mobile Malware Jailbreaking and Rooting Sandboxing
Sandboxing
A CEH is approached by a friend who believes her husband is cheating. She offers to pay to break into her husband's email account in order to find proof so she can take him to court. What is the ethical response? Say no: the friend is not the owner of the account. Say yes: the friend needs help to gather evidence. Say yes; do the job for free. Say no; make sure that the friend knows the risk she is asking the CEH to take.
Say no; The friend is not the owner of the account.
In which of the following hacking phases does an attacker try to detect listening ports to find information about the nature of services running on the target machine? scanning gaining access maintaining access clearing tracks
Scanning
Which of the following is an active reconnaissance technique? Collecting information about a target from search engines performing dumpster diving scanning a system by using tools to detect open ports. collecting contact information from yellow pages.
Scanning a system by using tools to detect open ports.
Which of the following tools offers SaaS technology and assists in operating IoT products in a reliable, scalable, and secure manner? SeaCat.io DigiCert IoT Security Solution Firmalyzer Enterprise beSTORM
SeaCat.io
For messages sent through an insecure channel, a properly implemented digital signature gives the receiver reason to believe the message was sent by the claimed sender. While using a digital signature, the message digest is encrypted with which key? Sender's public key Receiver's private key Receiver's public key Sender's private key
Sender's private key
Out of the following types of virtualizations, which type of virtualization is used in increasing space utilization and reducing the hardware maintenance cost? Storage Virtualization Network Virtualization Server Virtualization Resource Virtualization
Server Virtualization
Which of the following stores a server's configuration, error, executable, and log files? Document root Server root Virtual document tree Web proxy
Server root
In which of the following attacks does an attacker ride an active computer session by sending an email or tricking the user into visiting a malicious web page while they are logged into the targeted site? Session Hijacking Using Session Riding Wrapping Attack DNS Attack Side Channel Attack
Session Hijacking Using Session Riding
During a penetration test, Marin discovered that a web application does not change the session cookie after successful login. Instead, the cookie stays the same and is allowed additional privileges. This vulnerability and application-level session hijacking is called ______________. Session fixation Session sniffing Session replay attack Predictable session token
Session fixation
Which network-level evasion method is used to bypass IDS where an attacker splits the attack traffic in too many packets so that no single packet triggers the IDS? Overlapping fragments Fragmentation attack Session splicing Unicode evasion
Session splicing
An attacker runs a virtual machine on the same physical host as the victim's virtual machine and takes advantage of shared physical resources (processor cache) to steal data (cryptographic key) from the victim. Which of the following attacks he is performing? XSS Attack MITC Attack Side Channel Attack Cryptanalysis Attack
Side Channel Attack
Out of the following attacks, which attack is a physical attack that is performed on a cryptographic device/cryptosystem to gain sensitive information? Side channel attack MITM attack Hash collision attack DUHK attack
Side channel attack
Which initial procedure should an ethical hacker perform after being brought into an organization? begin security testing. turn over deliverables. sign a formal contract with a non-disclosure clause or agreement. assess what the organization is trying to protect.
Sign a formal contract with a non-disclosure clause or agreement.
Which of the following intrusion detection technique involves first creating models of possible intrusions and then comparing these models with incoming events to make a detection decision? Signature Recognition Anomaly Detection Protocol Anomaly Detection Obfuscating
Signature Recognition
Which of the following contains a public key and the identity of the owner and the corresponding private key is kept secret by the certification authorities? a. Validation authority (VA) b. Self-signed certificate c. Signed certificates d. Registration authority (RA)
Signed Certificates
A tester has been hired to do a web application security test. The tester notices that the site is dynamic and must make use of a back-end database. In order for the tester to see if an SQL injection is possible, what is the first character that the tester should use to attempt breaking a valid SQL request? Semicolon Single quote Exclamation mark Double quote
Single quote
Which Google search query can you use to find mail lists dumped on pastebin.com allinurl: pastebin.com intitle: "mail lists:. site: pastebin.com intext: *@*.com:* cache: pastebin.com intitle: *@*.com* allinurl:pastebin.com intitle:*@*.com:*
Site: Pastebin.com intext: *@*.com:*
Smith works as a professional Ethical hacker with a large MNC. He is a CEH certified professional and was following the CEH methodology to perform the penetration testing. He is assigned a project for information gathering on a client's network. He started penetration testing and was trying to find out the company's internal URLs, (Mostly by trial and error), looking for any information about the different departments and business units. Smith was unable to find any information. What should Smith do to get the information he needs? Smith should use online services such as netcraft.com to find the company's internal URLs. Smith should use WayBackMachin in Archive.org to find the company's internal URLs. Smith should use website mirroring tools such as HTTrack Website copier to find the company's internal URLs. Smith should use email tracking tools such as emailtrackerpro to find the company's internal URLs.
Smith should use online services such as netcraft.com to find the company's internal URLs.
In which type of bluetooth threat does an attacker trick Bluetooth users to lower security or disable authentication for Bluetooth connections in order to pair with them and steal information? Bugging Devices Remote Control Social Engineering Malicious Code
Social Engineering
During the penetration testing in company "Credit Cards Rus Ltd." Marin was using the sslstrip tool in order to sniff HTTPS traffic. Knowing that HTTPS traffic is encrypted and cannot be sniffed normally, explain the reason why it is possible to see the traffic in cleartext. Sslstrip tool is exploiting user behavior and if a user does not type https:// in front of the link, and the website has redirection from HTTP to HTTPS, it will intercept HTTP 302 redirection and send the user exactly what the user asked for, i.e. HTTPsite Sslstrip tool is exploiting an older or in HTTPS protocol, allowing it to gracefully decrypt http traffic by intercepting HTTP 403 denied messages and sending user HTTP 200 OK messages Sslstrip tool is exploiting certificate signing and it is sending its own certificate instead of the original one, allowing for the traffic to be easily decrypted Sslstrip tool is exploiting network bug, which allows it to decrypt HTTPS protocols (TLS and SSL) by sending gratuitous ARP packets to all the nodes on the network
Sslstrip tool is exploiting user behavior and if a user does not type https:// in front of the link, and the website has redirection from HTTP to HTTPS, it will intercept HTTP 302 redirection and send the user exactly what the user asked for, i.e. HTTPsite
Which of the following analysis techniques involves going through the executable binary code without actually executing it to have a better understanding of the malware and its purpose? Spectrum analysis Dynamic malware analysis Static malware analysis System baselining
Static Malware Analysis
A security engineer is attempting to perform scanning on a company's internal network to verify security policies on their networks. The engineer uses the following NMAP command: NMAP -n -sS -PO -P 80 ***.***.**.** What type of scan is this? Quick scan. Intense Scan. Stealth Scan. Comprehensive Scan.
Stealth Scan.
Which of the following viruses tries to hide from anti-virus programs by actively altering and corrupting the chosen service call interruptions when they are being run? Cavity virus Polymorphic virus Metamorphic virus Stealth virus
Stealth Virus.
In which of the following attacks does an attacker use multiple forged identities to create a strong illusion of traffic congestion, affecting communication between neighboring nodes and networks? Rolling code attack Sybil attack Replay attack DoS attack
Sybil attack
Which of the following techniques is used by the attacker to distribute the payload and to create covert channels? TCP parameters. Clear online tracks. Covering Tracks. Performing Steganalysis.
TCP parameters.
If an attacker intercepts an established connection between two communicating parties using spoofed packets, and then pretends to be one of them, then which network-level hijacking is he performing? RST hijacking IP spoofing Man-in-the-middle: packet sniffer TCP/IP hijacking
TCP/IP hijacking
A covert channel is a channel that: Transfers information over, within a computer system, or network that is outside of the security policy. Transfers information over, within a computer system, or network that is within the security policy. Transfers information via a communication path within a computer system, or network for transfer of data. Transfers information over, within a computer system, or network that is encrypted.
Transfers information over, within a computer system, or network that is outside of the security policy.
Tina downloaded and installed a 3D screensaver. She is enjoying watching the 3D screensaver, but whenever the screensaver gets activated, her computer is automatically scanning the network and sending the results to a different IP address on the network. Identify the malware installed along with the 3D screensaver? Trojan Horse Virus Worm Beacon
Trojan Horse
Which of the following problems can be solved by using Wireshark? Tracking version changes of source code Checking creation dates on all webpages on a server Resetting the administrator password on multiple systems Troubleshooting communication resets between two systems
Troubleshooting communication resets between two systems
True or False. In LAN-to-LAN Wireless Network, the APs provide wireless connectivity to local computers, and computers on different networks that can be interconnected? True False
True
Which of the following types of jailbreaking allows user-level access but does not allow iboot-level access? Userland Exploit iBoot Exploit Bootrom Exploit None of the above
Userland Exploit
An attacker tries to enumerate the username and password of an account named "rini Mathew" on wordpress.com. On the first attempt, the attacker tried to login as "rini.mathews," which resulted in the login failure message "invalid email or username." On the second attempt, the attacker tried to login as "rinimathews," which resulted in a message stating that the password entered for the username was incorrect, thus confirming that the username "rinimathews" exists. What is the attack that is performed by the attacker? Brute-forcing Username enumeration Man-in-the-middle Phishing
Username enumeration
A user wants to securely establish a remote connection to a system without any interference from perpetrators. Which of the following methods should he incorporate in order to do so? HTTPS VPN SMB Signing SFTP
VPN
Which of the following does not provide cryptographic integrity protection? WEP WPA WPA2 TKIP
WEP
Which of the following device is used to analyze and monitor the RF spectrum? WIDS Router Firewall Switch
WIDS
Donald works as a network administrator with ABCSecurity, Inc., a small IT based firm in San Francisco. He was asked to set up a wireless network in the company premises which provides strong encryption to protect the wireless network against attacks. After doing some research, Donald decided to use a wireless security protocol which has the following features: Provides stronger data protection and network access control Uses AES encryption algorithm for strong wireless encryption] Counter Mode Cipher Block Chaining Message Authentication Code Protocol (CCMP) Which of the following wireless security protocol did Donald decide to use? WPA2 WEP WAP TKIP
WPA2
Which of the following includes mandatory support for Counter Mode with Cipher Block Chaining Message Authentication Code Protocol (CCMP)? TKIP WPA2 WPA WEP
WPA2
In which of the following technique, an attacker draws symbols in public places to advertise open Wi-Fi networks? WarFlying WarWalking WarChalking WarDriving
WarChalking
Which of the following attacks occurs when an intruder maliciously alters the visual appearance of a webpage by inserting or substituting provocative, and frequently, offending data? Man-in-the-middle attack Website defacement Directory traversal attack HTTP response splitting attack
Website defacement
Which of the following techniques is used by network management software to detect rogue APs? RF scanning Wired side inputs AP scanning Virtual-private-network
Wired side inputs
Which of the following tools is not used to perform OS banner grabbing? Nmap Wireshark Telnet Netcat
Wireshark
Which of the following tools is not used to perform webserver information gathering? Nmap Netcraft Wireshark Whois
Wireshark
Which one of the following is a Google search query used for VPN footprinting to find Cisco VPN client passwords? filetype:pcf "cisco" "grouppwd". "[main]?"enc_GroupPwd="ext:txt. "config" intitle. "index of" intext:vpn. inurl:/remote/login?lang=en.
"[main""enc_GroupPwd=" ext:txt
Eric, a professional hacker, is trying to perform a SQL injection attack on the back-end database system of the InfomationSEC, Inc. During the information gathering process, he identifies that MYSQL server is the back-end database engine used. Eric has tried various SQL injection attack attempts based on the information gathered but all of his attempts failed. Later, he discovered that IPS system is blocking all the SQL injection attack attempts. Eric decided to bypass the IPS using string concatenation IPS evasion technique where he needs to break the SQL query into a number of small pieces and concatenates the SQL query end-to-end. Which of the following string concatenation operator Eric need to use in the SQL query to concatenate the SQL query end-to-end? "+" operator "||" operator "concat(,)" operator "&" operator
"concat(,)" operator
Which of the following is used to indicate a single-line comment in structured query language (SQL)? -- || %% "
--
Which of the following is a standard for Wireless Local Area Networks (WLANs) that provides improved encryption for networks that use 802.11a, 802.11b, and 802.11g standards? 802.11n 802.11i 802.11d 802.11e
802.11i
A company has five different subnets: 192.168.1.0, 192.168.2.0, 192.168.3.0, 192.168.4.0 and 192.168.5.0. How can NMAP be used to scan these adjacent Class C networks? A. NMAP -P 192.168.1-5. B. NMAP -P 192.168.0.0/16 C. NMAP -P 192.168.1.0,2.0,3.0,4.0,5.0 D. NMAP -P 192.168.1/17
A
Which of the following techniques rely on tunneling to transmit one protocol data in another protocol? Scanning Steganography A covert channel Asymmetric routing
A covert channel
Which statement best describes a server type under an N-tier architecture? A group of servers at a specific layer A single server with a specific role A group of servers with a unique role A single server at a specific layer
A group of servers with a unique role
The open web application security project (owasp) testing methodology address the need to secure web applications by providing which one of the following services? An extensible security framework named COBIT. A list of flaws and how to fix them. Web application patches A security certification for hardened web applications.
A list of flaws and how to fix them.
A privilege escalation threat is caused due to which of the following weaknesses? A mistake in the access allocation system causes a customer, third party, or employee to get more access rights than needed. Weak authentication and authorization controls could lead to illegal access thereby compromising confidential and critical data stored in the cloud. Due to isolation failure, cloud customers can gain illegal access to the data. Due to flaws while provisioning or de-provisioning networks or vulnerabilities in communication encryption.
A mistake in the access allocation system causes a customer, third party, or employee to get more access rights than needed.
Which of the following is the advantage of adopting a single sign on (SSO) system? A reduction in password fatigue for users because they do not need to know multiple passwords when accessing multiple applications. . Decreased security as the logout process is different across applications. Impacts user experience when an application times out the user needs to login again reducing productivity. A reduction in overall risk to the system since network and application attacks can only happen at the SSO point.
A reduction in password fatigue for users because they do not need to know multiple passwords when accessing multiple applications. .
How can rainbow tables be defeated? A. Password salting B. Use of non-dictionary words C. All uppercase character passwords D. Lockout accounts under brute force password cracking attempts
A. Password salting
Which of the following cryptographic algorithms is used by CCMP? AES DES RC4 TKIP
AES
Which of the following volumetric attacks technique transfers messages to the broadcast IP address in order to increase the traffic over a victim system and consuming his entire bandwidth? Amplification attack Flood attack Protocol attack Application layer attacks
Amplification attack
The use of alert thresholding in an IDS can reduce the volume of repeated alerts, but introduces which of the following vulnerabilities? An attacker, working slowly enough, can evade detection by the IDS. Network packets are dropped if the volume exceeds the threshold. Thresholding interferes with the IDS' ability to reassemble fragmented packets. The IDS will not distinguish among packets originating from different sources.
An attacker, working slowly enough, can evade detection by the IDS.
Which of the following tools is an antivirus program that is used to detect viruses? ClamWin WannaCry ZeuS DriverView
ClamWin
A session hijacking attack that gains control over the HTTP's user session by obtaining the session IDs, is known as_______________. Application Level Hijacking Network Level Hijacking Passive attack Active hijacking
Application Level Hijacking
Which of the following techniques do attackers use to escalate privileges in the Windows operating system? Launch Daemon. Plist Modification. SetUid and Setgid. Application Shimming.
Application Shimming.
Which assessment focuses on transactional web applications, traditional client-server applications, and hybrid systems? Passive assessment. Active Assessment. wireless network assessment. application assessment.
Application assessment
When does the payment card industry data security standard (PCI_DSS) require organizations to perform external and internal penetration testing? At least once a year and after any significant upgrade or modification. at least once every three years or after any significant upgrade or modification. at least twice a year or after any significant upgrade or modification at least once every two years and after any significant upgrade or modification.
At least once a year and after any significant upgrade or modification.
Which of the following statements is not true for a SYN flooding attack? In a SYN attack, the attacker exploits the three-way handshake method. Attacker sends a TCP SYN request with a spoofed source address to the target server. Attacker sends an ACK response to the SYN/ACK from the target server. Tuning the TCP/IP stack will help reduce the impact of SYN attacks.
Attacker sends an ACK response to the SYN/ACK from the target server.
Which of the following is not an action present in Snort IDS? Alert Log Audit Pass
Audit
Which of the following is an SH-compatible shell that stores command history in a file? BASH. Tsch/Csh. Zsh. ksh.
BASH.
A large company intends to use Blackberry for corporate mobile phones and a security analyst is assigned to evaluate the possible threats. The analyst will use the Blackjacking attack method to demonstrate how an attacker could circumvent perimeter defenses and gain access to the corporate network. What tool should the analyst use to perform a Blackjacking attack? Paros Proxy BBProxy BBCrack Blooover
BBProxy
Which of the following refers to a policy allowing an employee to bring his or her personal devices such as laptops, smartphones, and tablets to the workplace and using them for accessing the organization's resources as per their access privileges? BYOD Social Engineering Phishing Spear-Phishing
BYOD
Which of the following is a program that is installed without the user's knowledge and can bypass the standard system authentication or conventional system mechanism like IDS, firewalls, etc. without being detected? Remote Access Trojans Backdoor Trojans Proxy Server Trojans Covert Channel Trojans
Backdoor Trojans
Which of the following describes the amount of information that may be broadcasted over a connection? Bandwidth Hotspot BSSID Association
Bandwidth
An attacker tries to recover the plaintext of a message without knowing the required key in advance. For this he may first try to recover the key, or may go after the message itself by trying every possible combination of characters. Which code breaking method is he using? Brute force Frequency analysis One-time pad Trickery and deceit
Brute force
Which of the following is not an OWASP Top 10-2016 Mobile Risks? Insecure Communication Reverse Engineering Buffer Overflow Insecure Cryptography
Buffer Overflow
Which term refers to common software vulnerabilities that happen due to coding errors allowing attackers to get access to the target system? Active footprinting. Port scanning. Banner grabbing. Buffer overflows.
Buffer overflows.
Advanced encryption standard is an algorithm used for which of the following? Data integrity Key discovery Bulk data encryption Key recovery
Bulk data encryption
An attacker wants to perform a session hijacking attack. What tool should he use to achieve his objective? Nessus Hydra Burp Suite Netcraft
Burp Suite
An attacker has been successfully modifying the purchase price of items purchased on the company's website. The security administrators verify the webserver and Oracle database have not been compromised directly. They have also verified the intrusion detection system (IDS) logs and found no attacks that could have caused this. What is the most likely way the attacker has been able to modify the purchase price? By using SQL injection By changing hidden form values By using cross site scripting By utilizing a buffer overflow attack
By changing hidden form values
Which element in a vulnerability scanning report allows the system administrator to obtain additional information about the scanning such as the origin of the scan? Scan information. Target information. Services. Classification.
Classification.
Which of the following SMTP in-built commands tells the actual delivery address of aliases and mailing lists? VRFY. EXPN RCPT TO. PSINFO.
EXPN.
When a client's computer is infected with malicious software which connects to the remote computer to receive commands, the remote computer is called ___________ C&C Bot Botnet Server
C&C
What is the command used by an attacker to establish a null session with the target machine? C :\>auditpol \\<ip address of target> /disable C:\>auditpol \\<ip address of target> auditpol /get /category:* C:\clearlogs.exe -app
C:\>auditpol \\<ip address of target>
Fill in the blank: ______ function is an IDS evasion technique that can be used to inject SQL statements into MySQL database without using double quotes. CHAR() CONV() ASCIISTR() CHR()
CHAR()
Pentest results indicate that voice over IP traffic is traversing a network. Which of the following tools will decode a packet capture and extract the voice conversations? Cain and Abel John the Ripper Nikto Hping
Cain and Abel
Which of the following steps in enumeration penetration testing serves as an input to many of the ping sweep and port scanning tools for further enumeration? Calculate the subnet mask. Perform competitive intelligence. Perform email foot printing. Perform ARP poisoning.
Calculate the subnet mask.
Which of the PKI components is responsible for issuing and verifying digital certificate? Validation authority (VA) Certificate authority (CA) Registration authority (RA) End user
Certificate authority (CA)
Identify the technique used by the attackers to wipe out the entries corresponding to their activities in the system log to remain undetected? Executing applications. Escalating privileges. Gaining access. Clearing logs.
Clearing logs.
You are a security engineer for XYZ Inc. Your company is based on a private cloud infrastructure and discovers a potential breach through a vulnerability that was not properly patched. XYZ Inc. wants to perform a root cause analysis and discover if any data was exfiltrated and if so, what type of information did it contain? How would XYZ Inc. find out this information? Cloud Forensics Data Analysis Vulnerability Scanning Penetration Testing
Cloud Forensics
Encrypted communications, strong authentication credentials, secure web interface, encrypted storage, and automatic updates are the security considerations for which of the following components? Mobile Cloud Platform Edge Gateway
Cloud Platform
Which of the following IoT technology components collects data that undergoes data analysis, from the gateway? Sensing technology IoT gateway Cloud server/data storage Remote control using mobile app
Cloud server/data storage
Which of the statements concerning proxy firewalls is correct? Proxy firewalls increase the speed and functionality of a network. Firewall proxy servers decentralize all activity for an application. Proxy firewalls block network packets from passing to and from a protected network. Computers establish a connection with a proxy firewall that initiates a new network connection for the client.
Computers establish a connection with a proxy firewall that initiates a new network connection for the client.
The database that hosts the information collected from the insurance application is hosted on a cloud-based file server, and their email server is hosted on Office 365. Other files created by employees get saved to a cloud-based file server, and the company uses work folders to synchronize offline copies back to their devices. Based on the knowledge of the network topology, which of the main elements of information security has highlander, incorporated, not addressed in its plans for it's laptops? confidentiality integrity availability authenticity
Confidentiality
Which fundamental element of information security refers to an assurance that the information is only accessible to those authorized to have access? confidentiality integrity availability authenticity
Confidentiality
Which of the following countermeasure helps organizations to prevent information disclosure through banner grabbing? Configure iis. Configure web servers. TCP/IP and IPsec. Implement VPN.
Configure IIS.
You are performing a port scan with NMAP. You are in a hurry and conducting the scans at the fastest possible speed. However, you don't want to sacrificed reliability for speed. If stealth is not an issue, what type of scan should you run to get very reliable results? Stealth Scan. XMAS Scan. Fragmented packet scan. Connect Scan.
Connect Scan.
Posing as an authorized AP by beaconing the WLAN's SSID to lure users is known as __________. Evil Twin AP Masquerading Man-in-the-Middle Attack Honeypot Access Point
Evil Twin AP
What is the correct order for vulnerability management lifecycle? creating baseline--> Vulnerability assessment ..> risk assessment --> remediation --> verification --> monitor. verification--vulnerability assessment-->monitor --> remediation --> creating baseline --> risk assessment.
Creating baseline--> vulnerability assessment --> risk assessment --> remediation --> verification --> monitor.
Which of the following android applications allows you to find, lock or erase a lost or stolen device? X-Ray Find My Device Find My iPhone Faceniff
Find My Device
Which of the following iOS applications allows you to find, lock or erase a lost or stolen device? X-Ray Find My Device Find My iPhone Faceniff
Find My iPhone
Which of the following Trojan construction kits is used to create user-specified Trojans by selecting from the various options available? Trojan.Gen Senna Spy Trojan Generator Win32.Trojan.BAT DarkHorse Trojan Virus Maker
DarkHorse Trojan Virus Maker
A pen tester is using Metasploit to exploit an FTP server and pivot to a LAN. How will the pen tester pivot using Metasploit? Issue the pivot exploit and set the meterpreter. Reconfigure the network settings in the meterpreter. Set the payload to propagate through the metrepreter. Create a route statement in the meterpreter.
Create a route statement in the meterpreter.
Out of the following, which layer is responsible for encoding and decoding data packets into bits? Application layer Session layer Data Link layer Network layer
Data Link layer
Which of the following categories of security controls minimizes the consequences of an incident by limiting the damage? Deterrent Controls Preventive Controls Detective Controls Corrective Controls
Corrective Controls
Which of the following attacks are not performed by an attacker who exploits SQL injection vulnerabilities? Authentication Bypass Remote Code Execution Covering Tracks Information Disclosure
Covering Tracks
Which of the following channels is used by an attacker to hide data in an undetectable protocol? Classified Overt Encrypted Covert
Covert
Marin is performing penetration testing on the target organization. He discovered some vulnerabilities in the organization's website. He decided to insert malicious JavaScript code into a vulnerable dynamic web page to collect information such as credentials, cookies, etc. Identify the attack performed by Marin? Cross-site Scripting Attack Cross-site Request Forgery Attack Session Replay Attack Man-in-the-Browser Attack
Cross-site Scripting Attack
A security analyst in an insurance company is assigned to test a new web application that will be used by clients to help them choose and apply for an insurance plan. The analyst discovers that the application has been developed in ASP scripting language and it uses MSSQL as a database backend. The analyst locates the application's search form and introduces the following code in the search input field: IMG SRC=vbscript:msgbox("Vulnerable");> originalAttribute="SRC" originalPath="vbscript:msgbox("Vulnerable");>" When the analyst submits the form, the browser returns a pop-up window that says "Vulnerable." Which web applications vulnerability did the analyst discover? Cross-site request forgery Command injection Cross-site scripting SQL injection
Cross-site scripting
Which algorithm does the "sequential change-point detection" technique use to identify and locate the DoS attacks? Cumulative Sum Obfuscation BlackShades Advanced Encryption Standard
Cumulative Sum
Out of the following, which is not a type of side-channel attack? Timing Attack Data Remanence Cybersquatting Acoustic Cryptanalysis
Cybersquatting
Which of the following attacks mainly affects any hardware/software using an ANSI X9.31 random number generator (RNG)? Hash collision attack DUHK attack Rainbow table attack Side channel attack
DUHK attack
Which of the following terms refers to gaining access to one network and/or computer and then using the same to gain access to multiple networks and computers that contain desirable information? doxing daisy chaining social engineering kill chain
Daisy chaining.
John the Ripper is a technical assessment tool used to test the weakness of which of the following? A. Usernames B. File permissions C. Firewall rulesets D. Passwords
D. Passwords
When Jason installed a malicious application on his mobile, the application modified the content in other applications on Jason's mobile phone. What process did the malicious application perform? Data Exfiltration Data Mining Data Tampering Data Loss
Data Tampering
Jean Power wants to try and locate passwords from company XYZ. He waits until nightfall and climbs into the paper recycling dumpster behind XYZ, searching for information. What is Jean doing? Dumpster diving Social engineering Paper tracking Password finding
Dumpster diving
Ramon is a security professional for xsecurity. During an analysis process, he has identified a suspicious .exe file. Ramon executed the suspicious malicious file in a sandbox environment where the malware cannot affect other machines in the network. What type of analysis does Ramon conduct? Static Malware Analysis Dynamic Malware Analysis Preparing Testbed Sheep Dipping
Dynamic Malware Analysis
When analyzing the IDS logs, the system administrator noticed an alert was logged when the external router was accessed from the administrator's computer to update the router configuration. What type of an alert is this? False-positive False-negative True-positive True-negative
False-positive
In which of the following attacks does an attacker use a malicious script to exploit poorly patched vulnerabilities in an IoT device? Sybil attack Side channel attack Replay attack Exploit kits
Exploit kits
Which of the following commands is used to disable the BASH shell from saving the history? History -C Export histsize=o. history -w. shred ~ /.bash_history
Export histsize=o.
Which of the following enumeration techniques is used by a network administrator to replicate domain name systems (DNS) data across many DNS, servers, or to a backup DNS files? Extract user names using email IDs. Extract information using default passwords. Extract information using DNZ zone transfer. Brute force Active Directory.
Extract information using DNS Zone Transfer.
In IoT hacking, which of the following component is used to send some unwanted commands in order to trigger some events which are not planned? Eavesdropper Fake Server Wi-Fi Device Bluetooth Device
Fake Server
When analyzing the IDS logs, the system administrator notices connections from outside of the LAN have been sending packets where the source IP address and destination IP address are the same. However, no alerts have been sent via email or logged in the IDS. Which type of an alert is this? False positive False negative True positive True negative
False negative
A network administrator received an administrative alert at 3:00 a.m. from the intrusion detection system. The alert was generated because a large number of packets were coming into the network over ports 20 and 21. During analysis, there were no signs of attack on the FTP servers. How should the administrator understand this situation? True negatives False negatives True positives False positives
False positives
A pen tester was hired to perform penetration testing on an organization. The tester was asked to perform passive footprinting on the target organization. Which of the following techniques comes under passive footprinting? Finding the top-level domains (TLDs) and sub-domains of a target through web services. Performing traceroute analysis. performing social engineering. Querying published name server of the target.
Finding the top-level domains (TLDs) and sub-domains of a target through web services.
Which method of firewall identification has the following characteristics: uses TTL values to determine gateway ACL filters maps networks by analyzing IP packet response probes ACLs on packet filtering routers/firewalls using the same method as trace-routing sends TCP or UDP packets into the firewall with TTL value is one hop greater than the targeted firewall Port Scanning Firewalking Banner Grabbing Source Routing
Firewalking
If an attacker wants to reconstruct malicious firmware from a legitimate firmware in order to maintain access to the victim device, which of the following tools can he use to do so? Zigbee Framework RIoT Vulnerability Scanner RFCrack Firmware Mod Kit
Firmware Mod Kit
Which command lets a tester enumerate live systems in a class c network via icmp using native Windows tools? ping 192.168.2. Ping 192.168.2.255. for %V in (1 1 255) do ping 192.168.2.%V. for /l%V in (1 1 254) do ping -n 102.168.2.%V |find /i "reply".
For /L%V in ( 1 1 254) do Ping -n 1 192.168.2.%V | find /I "Reply"
Robert, a penetration tester is trying to perform SQL penetration testing on the SQL database of the company to discover coding errors and security loopholes. Robert sends massive amounts of random data to the SQL database through the web application in order to crash the web application of the company. After observing the changes in the output, he comes to know that web application is vulnerable to SQL injection attacks. Which of the following testing techniques is Robert using to find out the loopholes? Fuzzing Testing Stored Procedure Injection Out of Band Exploitation Alternate Encodings
Fuzzing Testing
An engineer is learning to write exploits in C++ and is using Kali Linux. The engineer wants to compile the newest C++ exploit and name it calc.ext. Which command would the engineer use to accomplish this? G++ hackersExploit.cpp -o calc.ext. G++ hackersExploit.py -o calc.exe. G++ -i hackersExploit.pl -o calc.ext. G== --comple -i hackersexploit.cpp -o calc.exe
G++ hackersExploit.cpp -o calc.ext.
What is the correct order of steps in the system hacking cycle? gaining access --> escalating privileges--> Executing applications--> hiding files--> Covering tracks. Covering tracks--> hiding files-->Escalating-->privileges-->executing applications-->gaining access Executing applications-->Gaining access-->covering tracks-->escalating privileges-->hiding files. Escalating privileges-->gaining access-->executing applications-->covering tracks-->Hiding files
Gaining Access-->escalating privileges-->executing applications-->hiding files-->covering tracks
What is the objective of a reconnaissance phase in a hacking life-cycle? Gathering as much information as possible about the target. identifying specific vulnerabilities in the target network. gaining access to the target system and network. gaining access to the target system with admin/root level privileges.
Gathering as much information as possible about the target.
Which of the following techniques is used to create complex search engine queries? Yahoo search. Bing search. Google hacking. DuckDuckGo.
Google Hacking.
Which of the following registry entry you will delete to clear Most Recently Used (MRU) list? HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\AppKey HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\RecentDocs HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\RecentDocs
Out of the following, which is not a component of the IPsec protocol? IPsec policy agent Oakley HPKP IKE
HPKP
Which of the following technique allows users to authenticate web servers? HTTPS HPKP SSH SFTP
HPKP
Which of the following methods carries the requested data to the webserver as a part of the message body? HTTP GET HTTP POST IBM DB2 Cold Fusion
HTTP POST
Which solution can be used to emulate computer services, such as mail and ftp, and to capture information related to logins or actions? Firewall Honeypot Intrusion Detection System (IDS) DeMilitarized Zone (DMZ)
Honeypot
In which of the following techniques does an unauthorized user try to access the resources, functions, and other privileges that belong to the authorized user who has similar access permissions? Kerberos authentication. Horizontal privilege escalation. rainbow table attack. vertical privilege escalation.
Horizontal privilege escalation.
Which of the following tools is used for detecting SQL injection attacks? Nmap Wireshark IBM Security AppScan NetScanTools Pro
IBM Security AppScan
Which of the following protocols is an extension of IP to send error messages? An attacker can use it to send messages to fool the client and the server. ICMP ARP SSL FTP
ICMP
Which of the following is a type of network protocol for port-based network access control (PNAC)? SSH IEEE 802.1X suites SFTP SSL
IEEE 802.1X suites
Which of the following is a defense technique for MAC spoofing used in switches that restricts the IP traffic on untrusted Layer 2 ports by filtering traffic based on the DHCP snooping binding database? IP Source Guard DHCP snooping binding table Dynamic ARP inspection Authentication, authorization, and accounting (AAA)
IP Source Guard
Out of the following, which network-level session hijacking technique is useful in gaining unauthorized access to a computer with the help of a trusted host's IP address? IP Spoofing: Source Routed Packets TCP/IP Hijacking UDP Hijacking Bling Hijacking
IP Spoofing: Source Routed Packets
Which of the following protocols is used to implement virtual private networks (VPNs)? HTTPS IPsec HPKP Token binding
IPsec
An attacker is sending spoofed router advertisement messages so that all the data packets travel through his system. Then the attacker is trying to sniff the traffic to collect valuable information from the data packets to launch further attacks such as man-in-the-middle, denial-of-service, and passive sniffing attacks on the target network. Which of the following technique is the attacker using in the above scenario? IRDP Spoofing DHCP Starvation Attack MAC Flooding ARP Spoofing
IRDP Spoofing.
Which of the following types of cloud computing services provides virtual machines and other abstracted hardware and operating systems (OSs) which may be controlled through a service API? IaaS PaaS SaaS XaaS
IaaS
You are a security engineer for a cloud-based startup, XYZ Partners LLC, and they would like you to choose the best platform to run their environment from. The company stores sensitive PII and must be SOC 2 compliant. They would like to run their Windows server VMs and directory services from the cloud. Which of the following services and deployment models would meet the company's requirements? IaaS and Private PaaS and Public SaaS and Hybrid XaaS and Community
IaaS and Private
An attacker wants to exploit a webpage. From which of the following points does he start his attack process? Identify server-side technologies Map the attack surface Identify entry points for user input Identify server-side functionality
Identify entry points for user input
An attacker injects the following SQL query: blah' AND 1=(SELECT COUNT(*) FROM mytable); -- What is the intention of the attacker? Updating Table Adding New Records Deleting a Table Identifying the Table Name
Identifying the Table Name
If the final set of security controls does not eliminate all risk in a system, what could be done next? Continue to apply controls until there is zero risk. ignore any remaining risk if the residual risk is low enough, it can be accepted. remove current controls since they are completely ineffective.
If the residual risk is low enough, it can be accepted.
Which of the following attacks can be prevented by implementing token or biometric authentication as a defense strategy? Shoulder surfing Fake SMS Eavesdropping Impersonation
Impersonation
What method should be incorporated by a network administrator to prevent the organization's network against ARP poisoning? Use SSL for secure traffic Implement dynamic arp inspection (DAI) using the dynamic host configuration protocol (DHCP) snooping binding table Resolve all DNS queries to local DNS server Use secure shell (SSH) encryption
Implement dynamic arp inspection using dynamic host configuration protocol snooping binding table.
Roy is a network administrator at an organization. He decided to establish security policies at different levels in the organization. He decided to restrict the installation of USB drives in the organization and decided to disable all the USB ports. Which of the following countermeasure Roy must employ? Implement proper access privileges Ensure a regular update of software Adopt documented change management Use multiple layers of antivirus defenses
Implement proper access privileges
Which of the following is an appropriate defense strategy to prevent attacks such as piggybacking and tailgating? Implement strict badge, token or biometric authentication, employee training, and security guards Train technical support executives and system administrators never to reveal passwords or other information by phone or email Employee training, best practices, and checklists for using passwords Educate vendors about social engineering
Implement strict badge, token or biometric authentication, employee training, and security guards
Name the IoT security vulnerability that gives rise to issues such as weak credentials, lack of account lockout mechanism, and account enumeration? Insufficient authentication/authorization Insecure network services Insecure web interface Privacy concerns
Insecure web interface
In which of the following attacks does an attacker use the same communication channel to perform the attack and retrieve the results? Blind SQL injection Out-of-band SQL injection In-band SQL injection Inferential SQL injection
In-band SQL injection
The components such as DLP, CMF, database activity monitoring, and encryption are included in which of the following cloud security control layers? Applications Layer Management Layer Information Layer Computer and Storage
Information Layer
Information such as IP address, protocols used, open ports, device type, and geo-location of a device is extracted by an attacker in which of the following phases of IoT hacking? Vulnerability scanning Gain access Information gathering Launch attacks
Information gathering
If an attacker wants to gather information such as IP address, hostname, ISP, device's location, and the banner of the target IoT device, which of the following types of tools can he use to do so? Sniffing tools Vulnerability scanning tools IoT hacking tools Information gathering tools
Information gathering tools
Secure update server, verify updates before installation, and sign updates are the solutions for which of the following IoT device vulnerabilities? Insecure network services Privacy concerns Insecure software / firmware Insecure cloud interface
Insecure software / firmware
An attacker can perform attacks such as CSRF, SQLi, and XSS attack by exploiting which of the following IoT device vulnerability? Insecure web interface Insecure cloud interface Insecure network services Insecure software/firmware
Insecure web interface
Which of the following threats is closely related to medical identity theft? Criminal identity theft Insurance identity theft Synthetic identity theft Social identity theft
Insurance identity theft
Which of the following category of information warfare is a sensor-based technology that directly corrupts technological systems? Electronic Warfare Intelligence-based warfare Command and control warfare (c2 warfare) Economic warfare
Intelligence-based warfare
Which of the following IoT architecture layers carries out communication between two end points such as device-to-device, device-to-cloud, device-to-gateway, and back-end data-sharing? Access gateway layer Edge technology layer Internet layer Middleware layer Application layer
Internet layer
Which of the following DNS poisoning techniques uses ARP poisoning against switches to manipulate routing table? Intranet DNS Spoofing Internet DNS Spoofing Proxy Server DNS Poisoning DNS Cache Poisoning
Intranet DNS Spoofing
What is the primary drawback of using Advanced Encryption Standard (AES) algorithm with a 256-bit key to share sensitive data? Due to the key size, the time it will take to encrypt and decrypt the message hinders efficient communication. To get messaging programs to function with this algorithm requires complex configurations. It has been proven to be a weak cipher; therefore, should not be trusted to protect sensitive data. It is a symmetric key algorithm, meaning each recipient must receive the key through a different channel than the message.
It is a symmetric key algorithm, meaning each recipient must receive the key through a different channel than the message.
Rita is a security analyst in a firm and wants to check a new antivirus software by creating a virus so as to auto start and shutdown a system. Identify the virus maker tool she should use to check the reliability of new anti-virus software? DELmE's Batch Virus Generator JPS Virus Maker WannaCry Scatter
JPS Virus Maker
Name an attack where an attacker interrupts communication between two devices by using the same frequency signals on which the devices are communicating. Jamming attack Replay attack Side channel attack Man-in-the-middle attack
Jamming attack
Which of the following tools can be used to perform LDAP Enumeration? Super Scan. SoftPerfect Network Scanner. JXplorer. NSausitor Network Security Auditor.
Jxplorer
Which of the following protocols uses TCP or UDP as it's transport protocol over port 389? LDAP SNMP SMTP SIP
LDAP
Which of the following protocols is responsible for accessing distributed directories and access information such as valid usernames, addresses, departmental details, and so on? LDAP DNS NTP SMTP
LDAP.
What statement is true regarding LAN Manager (LM) hashes? LM hashes in 48 hexadecimal characters. LM hashes are based on AES128 cryptographic standard. Uppercase characters in the password are converted to lowercase. LM hashes limit the password length to a maximum of 14 characters.
LM hashes limit the password length to a maximum of 14 characters.
The DDoS tool used by anonymous in the so-called Operation Payback is called _______ LOIC HOIC BanglaDOS Dereil
LOIC
Which of the following bluetooth mode filters out non-matched IACs and reveals itself only to those that matched? Discoverable Limited discoverable Non-discoverable Pairable mode
Limited discoverable
SecTech inc. is worried about the latest security incidents and data theft reports. The management wants a comprehensive vulnerability assessment of the complete information system at the company. However, SecTech does not have the required resources or capabilities to perform a vulnerability assessment. the decide to purchase a vulnerability assessment tool to test a host or application for vulnerabilities. Which of the following factors should the organization NOT consider while purchasing a vulnerability assessment tool? Types of vulnerabilities being assessed. Test run scheduling. Functionality for writing own tests. Links to patches.
Links to patches.
Which of the following mechanisms should be incorporated into the cloud services to facilitate networks and resources to improve the response time of a job with maximum throughput? Load balancing Encryption mechanism Lockout mechanism Two-factor authentication
Load balancing
Which feature of Secure Pipes tool open application communication ports to remote servers without opening those ports to public networks? Remote forwards Local forwards SOCKS proxies Remote backwards
Local forwards
A tester wants to test an organization's network against session hijacking attacks. Which of the following tools can he use to detect session hijacking attacks? LogRhythm Nmap FOCA Recon-ng
LogRhythm
Which of the following tools is used to execute commands of choice by tunneling them inside the payload of ICMP echo packets if ICMP is allowed through a firewall? Anonymizer AckCmd HTTPTunnel Loki
Loki
MitB (Man in the Browser) is a session hijacking technique heavily used by e-banking Trojans. The most popular ones are Zeus and Gameover Zeus. Explain how MitB attack works. Malware is injected between the browser and OS API, enabling to see the data before encryption (when data is sent from the machine) and after decryption (when data is being received by the machine). Malware is injected between the browser and keyboard driver, enabling to see all the keystrokes. Malware is injected between the browser and network.dll, enabling to see the data before it is sent to the network and while it is being received from the network. Man-in-the-Browser is just another name for sslstrip MitM attack.
Malware is injected between the browser and OS API, enabling to see the data before encryption (when data is sent from the machine) and after decryption (when data is being received by the machine).
Which of the following attacks allows an attacker to access sensitive information by intercepting and altering communications between an end user and webservers? Man-in-the-middle attack DoS attack Directory traversal attack HTTP response splitting attack
Man-in-the-middle attack
Which of the following vulnerabilities is found in all the intel processors and ARM processors deployed by Apple (and others_ and leads to tricking a process to access out of bounds memory by exploiting CPU optimization mechanisms such as speculative execution? Privilige escalation. Dylib Hijacking. Meltdown. DLL Hijacking.
Meltdown.
Which virus has the following characteristics: • Inserts dead code • Reorders instructions • Reshapes the expressions • Modifies program control structure Metamorphic Virus Stealth Virus Cluster Virus Macro Virus
Metamorphic Virus
In order to show improvements of security over time, what must be developed? reports testing tools metrics taxonomy of vulnerabilities
Metrics
In which of the following techniques is the text or an image considerably condensed in size, up to one page in a single dot, to avoid detection by unintended recipients? Microdots. Computer-Based Methods. Invisible Ink. Spread Spectrum.
Microdots.
Which tool includes a graphical and command line interface that can perform local or remote scans of Microsoft Windows Systems? Netcraft. Microsoft Baseline Security Analyzer (MBSA). FOCA. Wireshark.
Microsoft Baseline Security Analyzer (MBSA).
Which of the following scanning tools is specifically designed to find potential exploits in Microsoft Windows products? Microsoft Security Baseline Analyzer. Retina. Core Impact. Microsoft Baseline Security Analyzer.
Microsoft Baseline Security Analyzer.
In most of the cases, to do a session hijacking, an attacker has to first do a _______ attack. MitM attack Session attack Network attack Application attack
MitM attack
Which of the following parameters enables NMAP's operating system detection feature? NMAP -sV NMAP -oS NMAP -sC NMAP -O
NMAP -O
An ethical hacker is performing penetration testing on the target organization. He decided to test the organization's network to identify the systems running in promiscuous mode. Identify the tool that the ethical hacker needs to employ? FaceNiff FOCA Nmap Recon-ng
Nmap
Paul has been contracted to test a network, and he intends to test for any DoS vulnerabilities of the network servers. Which of the following automated tools can be used to discover systems that are vulnerable to DoS? Nmap John the ripper Cain and Abel Netcraft
Nmap
Which of the following tool a tester can use to detect a system that runs in promiscuous mode, which in turns helps to detect sniffers installed on the network? Nmap FaceNiff OmniPeek shARP
Nmap
Which of the following tools can an attacker use to gather information such as open ports and services of IoT devices connected to the network? RFCrack Multiping Foren6 Nmap
Nmap
A computer technician is using the latest version of word-processing software and discovers that a particular sequence of characters is causing the entire computer to crash. The technician researches the bug and discovers that no one else has experienced the problem. What is the appropriate next step? Ignore the problem completely and let someone else deal with it. Create a document that will crash the computer when opened and send it to friends. find an underground bulletin board and attempt to sell the bug to the highest bidder. Notify the vendor of the bug and do not disclose it until the vendor gets a change to issue a fix.
Notify the vendor of the bug and do not disclose it until the vendor gets a chance to issue a fix
Which of the following tools is not a NetBIOS enumeration tool? Hyena. SuperScan. Netscan Tools Pro. OpsUtils.
OpsUtils.
Which of the following is a legal channel for the transfer of data or information in a company network securely? Overt Channel Covert Channel Covert Storage Channel Covert Timing Channel
Overt Channel
Which of the following protocol encapsulates the EAP within an encrypted and authenticated Transport Layer Security (TLS) tunnel? RADIUS PEAP LEAP CCMP
PEAP
Which of the following is an example of an asymmetric encryption implementation? SHA1 PGP 3DES MD5
PGP
Which of the following applications is used for Jailbreaking iOS? KingoRoot Pangu Anzhuang One Click Root Superboot
Pangu Anzhuang
Which of the following types of antennas is useful for transmitting weak radio signals over very long distances - on the order of 10 miles? Omnidirectional Parabolic grid Uni-directional Bi-directional
Parabolic grid
Which type of security document provides specific step-by-step details? process procedure policy paradigm
Procedure
What information is gathered about the victim using email tracking tools? username of the clients, operating systems, email addresses, and list of software. Information on an organization's web pages since their creation. Recipient's IP address, Geolocation, Proxy detection, Operating system and Browser information. Targeted contact data, extracts the URL and meta tag for website promotion.
Receipient's IP address, Geolocation, Proxy detection, Operating system and Browser information.
To send a PGP-encrypted message, which piece of information from the recipient must the sender have before encrypting the message? Recipient's private key Recipient's public key Master encryption key Sender's public key
Recipient's public key
Which of the following settings enables nessus to detect when it is sending too many packets and the network pipe is approaching capacity? Netstat WMI Scan Silent Dependencies Consider unscanned ports as closed Reduce parallel connections on congestion
Reduce parallel connections on congestion
Which element of public key infrastructure (PKI) verifies the applicant? Certificate authority Validation authority Registration authority Verification authority
Registration authority
In which of the following attacks, an attacker intercepts legitimate messages from a valid communication and continuously send the intercepted message to the target device to crash the target device? Ransomware Attack Side Channel Attack Man-in-the-middle Attack Replay Attack
Replay Attack
A network security administrator is worried about potential man-in-the-middle attacks when users access a corporate website from their workstations. Which of the following is the best remediation against this type of attack? Implementing server-side PKI certificates for all connections Mandating only client-side PKI certificates for all connections Requiring client and server PKI certificates for all connections Requiring strong authentication for all DNS queries
Requiring client and server PKI certificates for all connections
In which phase of a social engineering attack does an attacker indulges in dumpster diving? Selecting target Develop the relationship Research on target Exploit the relationship
Research on target
What is the best defense against a privilege escalation vulnerability? never place executables in write-protected directories. never perform debugging using bounds checkers and stress tests and increase the amount of code that runs with particular privileges. Run services with least privileged accounts and implement multifactor authentication and authorization. review user roles and administrator privileges for maximum utilization of automation services.
Run services with least privileged accounts and implement multifactor authentication and authorization.
Which of the following protocols is used for secure information passage between two endpoints? SSL TCP UDP FTP
SSL
Which of the following three service models are the standard cloud service models? SaaS, PaaS, and IaaS XaaS, Private, and Public SaaS, IaaS, and Hybrid Private, Public, and Community
SaaS, PaaS, and IaaS
A hacker is attempting to use nslookup to query Domain Name Service (DNS). The hacker uses the nslookup interactive mode for the search. Which command should the hacker type into the command shell to request the appropriate records? A. Locate type=ns B. Request type=ns C. Set type=ns D. Transfer type=ns
Set Type=NS
Jamie is an on-call security analyst. He had a contract to improve security for the company's firewall. Jamie focused specifically on some of the items on the security of the Company's firewall. After working for some time on the items, Jamie creates the following list to fix them: 1. Set ssh timeout to 30 minutes. 2. Set telnet timeout to 30 minutes. 3. Set console timeout to 30 minutes. 4. Set login password retry lockout. Which task should Jamie perform if he has time for just one change before leaving the organization? Set login password retry lockout. Set telnet timeout to 30 minutes. Set ssh timeout to 30 minutes. Set console timeout to 30 minutes.
Set login password retry lockout.
A computer installed with port monitoring, file monitoring, network monitoring, and antivirus software and connected to network only under strictly controlled conditions is known as: Sheep Dip Droidsheep Sandbox Malwarebytes
Sheep Dip
Which of the following tools is used to build rules that aim to detect SQL injection attacks? Nmap Snort Masscan SuperScan
Snort
Which cipher encrypts the plain text digit (bit or byte) one by one? Classical cipher Block cipher Modern cipher Stream cipher
Stream cipher
Michel, a professional hacker, is trying to perform an SQL injection attack on the MS SQL database system of the CityInfo, Inc. by bypassing the signature-based IDS. He tried various IDS evasion techniques and finally succeeded with one where he breaks the SQL query into a number of small pieces and uses the + sign to join SQL query end to end. Which of the following IDS evasion techniques he uses to bypass the signature-based IDS? String concatenation Char encoding Hex encoding URL encoding
String concatenation
Which of the following is a two-way HTTP tunneling software tool that allows HTTP, HTTPS, and SOCKS tunneling of any TCP communication between any client-server systems? Super network tunnel Bitvise Secure Pipes Loki
Super network tunnel
Which of the following is considered to be a session hijacking attack? Taking over a TCP session Taking over a UDP session Monitoring a TCP session Monitoring a UDP session
Taking over a TCP session
An attacker uses the following SQL query to perform an SQL injection attack SELECT * FROM users WHERE name = '' OR '1'='1'; Identify the type of SQL injection attack performed. Tautology Illegal/Logically Incorrect Query UNION SQL Injection End-of-Line Comment
Tautology
In which of the following attacks does an attacker use a conditional OR clause in such a way that the condition of the WHERE clause will always be true? UNION SQL injection Illegal/logically incorrect query End-of-line comment Tautology
Tautology
Which of the following network attacks takes advantage of weaknesses in the fragment reassembly functionality of the transmission control protocol (TCP) or Internet protocol (IP) stack? Teardrop attack SYN flood attack Smurf attack Ping of death attack
Teardrop attack
OpenSSH or SSH is a more secure solution to which of the following protocol? HTTP IP Telnet, rlogin SMB
Telnet, rlogin
Which of the following countermeasures prevent buffer overruns? Use the most restrictive SQL account types for applications Keep untrusted data separate from commands and queries Test the size and data type of the input and enforce appropriate limits Apply the least privilege rule to run the applications that access the DBMS
Test the size and data type of the input and enforce appropriate limits
In a Windows system, an attacker was found to have run the following command: type C:\SecretFile.txt >C:\LegitFile.txt:SecretFile.txt What does the above command indicate? The attacker has used Alternate Data Streams to hide SecretFile.txt file into LegitFile.txt. The attacker has used Alternate Data Streams to copy the content of SecretFile.txt file into LegitFile.txt. The attacker was trying to view SecretFile.txt file hidden using an Alternate Data Stream. The attacker has used Alternate Data Streams to rename SecretFile.txt file to LegitFile.txt.
The attacker has used Alternate Data Streams to hide SecretFile.txt file into LegitFile.txt.
A security consultant is trying to bid on a large contract that involves penetration testing and reporting. The company accepting bids wants proof of work, so the consultant prints out several audits, that they have performed for previous companies. Which of the following is likely to occur as a result? The consultant will ask for money on the bid because of great work. The consultant may expose vulnerabilities of other companies. The company accepting bids will want the same type of format of testing. The company accepting bids will hire the consultant because of the great work performed.
The consultant may expose vulnerabilities of other companies.
When setting up a wireless network, an administrator enters a preshared key for security. Which of the following is true? The key entered is a symmetric key used to encrypt the wireless data. The key entered is a hash that is used to prove the integrity of the wireless data. The key entered is based on the Diffie-Hellman method. The key is an RSA key used to encrypt the wireless data.
The key entered is a symmetric key used to encrypt the wireless data.
The fundamental difference between symmetric and asymmetric key cryptographic systems is that symmetric key cryptography uses__________________? Multiple keys for non-repudiation of bulk data Different keys on both ends of the transport medium Bulk encryption for data transmission over fiber The same key on each end of the transmission medium
The same key on each end of the transmission medium
Firewalk has just completed the second phase (the scanning phase) and a technician receives the output shown below. What conclusions can be drawn based on these scan results? TCP port 21—no response TCP port 22—no response TCP port 23—Time-to-live exceeded The firewall itself is blocking ports 21 through 23 and a service is listening on port 23 of the target host. The lack of response from ports 21 and 22 indicate that those services are not running on the destination server. The scan on port 23 passed through the filtering device. This indicates that port 23 was not blocked at the firewall. The scan on port 23 was able to make a connection to the destination host prompting the firewall to respond with a TTL error.
The scan on port 23 passed through the filtering device. This indicates that port 23 was not blocked at the firewall.
During a penetration test, a tester finds that the web application being analyzed is vulnerable to Cross Site Scripting (XSS). Which of the following conditions must be met to exploit this vulnerability? The web application does not have the secure flag set. The session cookies do not have the HttpOnly flag set. The victim user should not have an endpoint security solution The victim's browser must have ActiveX technology enabled.
The session cookies do not have the HttpOnly flag set.
What happens when a switch CAM table becomes full? The CAM overflow table will cause the switch to crash causing denial-of-service (DoS). The switch then acts as a hub by broadcasting packets to all machines on the network. The switch replaces outgoing frame switch factory default MAC address of FF:FF:FF:FF:FF:FF. Every packet is dropped and the switch sends out simple network management protocol (SNMP) alerts to the intrusion detection system (IDS) port.
The switch then acts as a hub by broadcasting packets to all machines on the network.
During a wireless penetration test, a tester detects an AP using the WPA2 encryption. Which of the following attacks should be used to obtain the key? The tester must capture the WPA2 authentication handshake and then crack it. The tester must use the tool inSSIDer to crack it using the ESSID of the network. The tester cannot crack WPA2 because it is in full compliance with the IEEE 802.11i standard. The tester must change the MAC address of the wireless network card and then use the AirTraf tool to obtain the key.
The tester must capture the WPA2 authentication handshake and then crack it.
A tester has been hired to perform source code review of a web application to detect SQL injection vulnerabilities. As part of the testing process, he needs to get all the information about the project from the development team. During the discussion with the development team, he comes to know that the project is in the initial stage of the development cycle. As per the above scenario, which of the following processes does the tester need to follow in order to save the company's time and money? The tester needs to perform static code analysis as it covers the structural and statement coverage testing The tester needs to perform static code analysis as it covers the executable file of the code The tester needs to perform dynamic code analysis as it uncovers bugs in the software system The tester needs to perform dynamic code analysis as it finds and fixes the defects
The tester needs to perform static code analysis as it covers the structural and statement coverage testing
What is the main difference between a "Normal" SQL injection and a "Blind" SQL injection vulnerability? The request to the webserver is not visible to the administrator of the vulnerable application. The attack is called "Blind" because, although the application properly filters user input, it is still vulnerable to code injection. A successful attack does not show an error message to the administrator of the affected application. The vulnerable application does not display errors with information about the injection results to the attacker.
The vulnerable application does not display errors with information about the injection results to the attacker.
Which of the following conditions must be given to allow a tester to exploit a Cross-Site Request Forgery (CSRF) vulnerable web application? The victim user must open a malicious link with an Internet Explorer prior to version 8. The session cookies generated by the application do not have the HttpOnly flag set. The victim user must open a malicious link with Firefox prior to version 3. The web application should not use random tokens.
The web application should not use random tokens.
Which of the following business challenges could be solved by using a vulnerability scanner? auditors want to discover if all systems are following a standard naming convention. a web server was compromised and management needs to know if any further systems were compromised. There is an urgent need to remove administrator access from multiple machines for an employee who quit. There is a monthly requirement to test corporate compliance with host application usage and security policies.
There is a monthly requirement to test corporate compliance with host application usage and security policies.
What is the main advantage that a network-based IDS/IPS system has over a host-based solution? They do not use host system resources. They are placed at the boundary, allowing them to inspect all traffic. They are easier to install and configure. They will not interfere with user interfaces.
They do not use host system resources.
Which technical characteristic do Ethereal/Wireshark, TCPDump, and Snort have in common? They are written in Java. They send alerts to security monitors. They use the same packet analysis engine. They use the same packet capture utility.
They use the same packet capture utility.
Which of the following short range wireless communication protocol is used for home automation that allows devices to communicate with each other on local wireless LAN? VSAT Cellular MoCA Thread
Thread
Which NMAP feature can a tester implement or adjust while scanning for open ports to avoid detection by the network's IDS? A. Timing options to slow the speed that the port scan is conducted B. Fingerprinting to identify which operating systems are running on the network C. ICMP ping sweep to determine which hosts on the network are not available D. Traceroute to control the path of the packets sent during the scan
Timing options to slow the speed that the port scan is conducted.
Infotech security hired a penetration tester Sean to do physical penetration testing. On the first day of his assessment, Sean goes to the company posing as a repairman and starts checking trash bins to collect the sensitive information. What is Sean trying to do? Trying to attempt social engineering using phishing. Trying to attempt social engineering by eavesdropping. Trying to attempt social engineering by should surfing. Trying to attempt social engineering by dumpster diving.
Trying to attempt social engineering by dumpster diving.
Which of the following tools is used to root the Android OS? zANTI LOIC TunesGo DroidSheep
TunesGo
A penetration tester is attempting to scan an internal corporate network from the internet without alerting the border sensor. Which of the following techniques should the tester consider using? Spoofing an IP address. Tunneling scan over SSH. Tunneling over high port numbers. Scanning using fragmented IP packets.
Tunneling scan over SSH.
Which of the following countermeasure helps in defending against KRACK attack? Enable MAC address filtering on access points or routers Turn On auto-updates for all the wireless devices and patch the device firmware Choose Wired Equivalent Privacy (WEP) instead of Wi-Fi Protected Access (WPA) Enable SSID broadcasts
Turn On auto-updates for all the wireless devices and patch the device firmware
Which protocol and port number might be needed to send log messages to a log analysis tool that resides behind a firewall? UDP 123 UDP 541 UDP 514 UDP 415
UDP 514
While performing a UDP scan of a subnet, you receive an ICMP reply of Code 3/ Type 3 for all the pings you have sent out. What is the most likely cause of this? The firewall is dropping the packets. UDP port is closed. UDP port is open. The host does not respond to ICMP packets.
UDP port is closed
In which of the following attacks does an attacker use an ORDER BY clause to find the right number of columns in a database table? Piggybacked query In-line comments UNION SQL injection Tautology
UNION SQL injection
Which tool can be used to silently copy files from USB devices? USB grabber. USB dumper. USB sniffer. USB snoopy.
USB dumper.
An NMAP scan of a server shows port 69 is open. What risk could this pose? Unauthenticated access weak ssl version cleartext login web portal data leak.
Unauthenticated access
Susan works for "CustomData Intl." and she has to deploy a guest Wi-Fi. She did everything by the manual and deployed the guest Wi-Fi successfully. The deployed guest Wi-Fi is separated from the company network, it is protected with WPA2 and every user wants to use the Wi-Fi has to ask for a username and password. There is one problem though—after a few months she noticed that the users connecting to the guest Wi-Fi are being attacked with MitM attacks. She identified that the MitM attack was initiated with ARP spoofing. She found that someone is stealing users' web application credentials, including Windows system credentials in some cases. Unfortunately, internal users have also become prey to these attacks since they used guest Wi-Fi because it was more open than their internal network. So, only external guests are not being compromised. She wanted to mitigate this issue and the first step she took was to ban all internal users from guest using Wi-Fi network. What, according to you, is the easiest and probably the best way to prevent the ARP spoofing attacks on Wi-Fi networks? Use Client isolation WiFi feature Use IPsec on WiFi Use HTTPS all the time It's impossible to protect WiFi from ARP spoofing
Use Client isolation WiFi feature
Which of the following countermeasures helps in defending against Bluetooth hacking? Check the wireless devices for configuration or setup problems regularly. Use non-regular patterns as PIN keys while pairing a device. Use those key combinations that are non-sequential on the keypad. Place a firewall or packet filter between the AP and the corporate intranet. Implement an additional technique for encrypting traffic, such as IPSEC over wireless.
Use non-regular patterns as PIN keys while pairing a device. Use those key combinations that are non-sequential on the keypad.
Identify the component of the web server that provides storage on a different machine or a disk after the original disk is filled-up? Server root Document root Virtual hosting Virtual document tree
Virtual document tree
Which of the following malware is a self-replicating program that produces its code by attaching copies of itself to other executable codes and operates without the knowledge of the user? Exploit kit Worm Trojan Virus
Virus
In which of the following online services can a security analyst upload the suspicious file to identify whether the file is a genuine one or a malicious one? Whois.com VirusTotal.com Netcraft.com domainsearch.com
VirusTotal.com
Martha is a network administrator in a company named "Dubrovnik Walls Ltd." She realizes that her network is under a DDoS attack. After careful analysis, she realizes that large amounts of UDP packets are being sent to the organizational servers that are present behind the "Internet facing firewall." What type of DDoS attack is this? Volume (volumetric) attack Protocol attack Application layer attack SYN flood attack
Volume (volumetric) attack
An attacker identifies the kind of websites a target company/individual is frequently surfing and tests those particular websites to identify any possible vulnerabilities. When the attacker identifies the vulnerabilities in the website, the attacker injects malicious script/code into the web application that can redirect the webpage and download the malware onto the victim's machine. After infecting the vulnerable web application, the attacker waits for the victim to access the infected web application. What kind of an attack is this? Water hole attack Phishing attack Denial-of-service attack Jamming attack
Water hole attack
Which of the following DoS attack detection techniques analyzes network traffic in terms of spectral components? It divides incoming signals into various frequencies and examines different frequency components separately. Activity Profiling Wavelet-based Signal Analysis Change-point Detection Signature-based Analysis
Wavelet-based Signal Analysis
Sarah is facing one of the biggest challenges in her career—she has to design the early warning DDoS detection techniques for her employer. She starts developing the detection technique which uses signal analysis to detect anomalies. The technique she is employing analyzes network traffic in terms of spectral components where she divides the incoming signals into various frequencies and analyzes different. Which DDoS detection technique is she trying to implement? Wavelet-based signal analysis Activity profiling Change-point detection NetFlow detection
Wavelet-based signal analysis
Which of the following techniques allows attackers to inject malicious script on a web server to maintain persistent access and escalate privileges? Scheduled tasks. Web Shell. Launch Daemon Access Token Manipulation.
Web Shell.
Which of the following automatically discover hidden content and functionality by parsing HTML form and client-side JavaScript requests and responses? Web Spiders Firewalls Proxies Banners
Web Spiders
Which of the following is a web application that does not have the secure flag set and that is implemented by OWASP that is full of known vulnerabilities? WebBugs WebGoat VULN_HTML WebScarab
WebGoat
Which of the following tools consists of a publicly available set of databases that contain personal information of domain owners? Whois lookup tools. traceroute tools Web spidering tools Metadata extraction tools.
WhoIS Lookup Tools.
Which of the following is a query and response protocol used for querying databases that store the registered users or assignees of an internet resource, such as a domain name, an IP address block, or an autonomous system? Whois Lookup. TCP/IP DNS lookup Traceroute
WhoIs Lookup.
This application is a Wi-Fi security tool for mobile devices, It works on both Root and Non-root devices, and it can prevent ARP spoofing attacks such as MITM attacks, which are used by some applications such as WifiKill, dSploit, and sniffers. WiFiGuard Airbase-ng Wifi Inspector inSSIDer
WiFiGuard
Which of the following networks is used for very long-distance communication? ZigBee Bluetooth WiMax Wi-Fi
WiMax
By conducting which of the following monitoring techniques can a security professional identify the presence of any malware that manipulates HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services registry keys to hide its processes? Startup programs monitoring Registry monitoring Windows services monitoring Process monitoring
Windows Services Monitoring
In the options given below; identify the nature of a library-level rootkit? Operates inside the victim's computer by replacing the standard application files. functions either by replacing or modifying the legitimate bootloader with another one. Works higher up in the OS and usually, hooks, or supplants system calls with backdoor versions. Uses devices or platform firmware to create a persistent malware image in hardware.
Works higher up in the OS and usually, hooks, or supplants system calls with backdoor versions.
Which of the following is not a defense technique against malicious NTFS streams? Write critical data to alternate data streams. move suspected files to FAT partition. Use File Integrity Monitoring tool like TripWire. Use Up-To-Date antivirus software.
Write critical data to alternate data streams.
Which of the following is an Android Vulnerability Scanning Tool? Yalu Velonzy TaiG X-Ray
X-Ray
Which of the following is a Mobile Device Management Software? XenMobile Phonty SpyBubble GadgetTrak
XenMobile
Which of the following Trojans uses port number 1863 to perform attack? Priority Millennium XtremeRAT Devil
XtremeRAT
Yancey is a network security administrator for a large electric company. This company provides power for over 100,000 people in Las Vegas. Yancey has worked for his company for more than 15 years and has become very successful. One day, Yancey comes into work and finds out that the company will be downsizing and he will be out of a job in two weeks. Yancey is very angry and decides to place logic bombs, viruses, trojans, and backdoors all over the network to take down the company once he has left. Yancey does not care if his actions land him in jail for 30 or more years; he just wants the company to pay for what they are doing to him. What would Yancey be considered? Yancey would be considered a suicide hacker since he does not care about going to jain, he would be considered a black hat because Yancey works for the company currently, he would be a white hate. Yancey is a hackivisit hackers since he is standing up to a company that is downsizing.
Yancey would be considered a suicide hacker.
Which of the following protocols is a type of short-range wireless communication? ZigBee LTE-Advanced Very Small Aperture Terminal (VSAT) Power-line Communication (PLC)
ZigBee
Kenneth, a professional penetration tester, was hired by the XYZ Company to conduct wireless network penetration testing. Kenneth proceeds with the standard steps of wireless penetration testing. He tries to collect lots of initialization vectors (IVs) using the injection method to crack the WEP key. He uses the aircrack-ng tool to capture the IVs from a specific AP. Which of the following aircrack-ng commands will help Kenneth to do this? airodump-ng -c 9 -- bssid 00:14:6C:7E:40:80 -w output ath0 aireplay-ng -9 -e teddy -a 00:14:6C:7E:40:80 ath0 airmon-ng start wifi0 9 aireplay-ng -1 0 -e teddy -a 00:14:6C:7E:40:80 -h 00:0F:B5:88:AC:82 ath0
airodump-ng -c 9 -- bssid 00:14:6C:7E:40:80 -w output ath0
Snort is an open-source, free and lightweight network intrusion detection system (NIDS) software for Linux and Windows to detect emerging threats. Snort can be used to detect SQL injection attacks. Identify the correct Snort rule to detect SQL injection attacks. alert tcp $EXTERNAL_NET any -> 172.16.66.23 443 (msg:""SQL Injection attempt on Finance Dept. webserver""; flow:to_server,estahlished; uricontent:"".pl"";pcre:""/(\%27)|(\')|(\-\-)|(%23)|(#)/i""; classtype:Web-application-attack; sid:9099; rev:5;) rule SQLiTester { meta: description = ""SQL Injection tester"" author = ""Ellaria Sand"" date = ""2016-04-26"" hash = ""dc098f88157b5cbf3ffc82e6966634bd280421eb"" strings: $s0 = "" SQL Injection tester"" ascii $s17 = ""/Blind SQL injection tool"" fullword ascii $s18 = ""SELECT UNICODE(SUBSTRING((system_user),{0},1))"" fullword wide condition: uint16(0) == 0x5a4d and filesize < 1040KB and all of them } ule SQLiTester { meta: description = ""SQL Injection tester"" author = ""Ellaria Sand"" date = ""2016-04-26"" hash = ""dc098f88157b5cbf3ffc82e6966634bd280421eb"" strings: $s0 = "" SQL Injection tester"" ascii $s17 = ""/Blind SQL injection tool"" fullword ascii $s18 = ""WAITFOR DELAY '0:0:10' --"" fullword wide condition: uint32(0) == 0x5a4d and filesize < 1040KB and all of them } alert tcp $EXTERNAL_NET any -> $HOME_NET any (msg:""SQL Injection attempt on Finance Dept. webserver""; flow:stateless; ack:0; flags:S; ttl:>220; reference:arachnids,439; classtype:attempted-recon; sid:613; rev:6;)"
alert tcp $EXTERNAL_NET any -> $HOME_NET any (msg:""SQL Injection attempt on Finance Dept. webserver""; flow:stateless; ack:0; flags:S; ttl:>220; reference:arachnids,439; classtype:attempted-recon; sid:613; rev:6;)"
the protocol that they have chosen is authentication header. the database that hosts the information collected from the insurance application is hosted on a cloud based file server, and their email server is hosted on office 365. other files created by employees get saved to a cloud server and the company uses work folders to synchronize offline copies back to their devices. a competitor has finished the reconisance and scanning phases of their attack. they are going to try to gain access to the Highlander,incorporated, laptops. which would be the most likely level to gain access? application level operating system network level hardware level
application level
Which of the following techniques helps the attacker in identifying the OS used on the target host in order to detect vulnerabilities on a target system? port scanning. banner grabbing. source routing. IP address decoy.
banner grabbing.
Out of the following tools, which tool can be used to find buffer overflow vulnerabilities present in the system? Z-Wave Sniffer Censys Firmalyzer Enterprise beSTORM
beSTORM
Which of the following insider threat is caused due to the employee's laxity toward security measures, policies, and practices? a. Malicious insider b. Professional insider c. Negligent insider d. Compromised insider
c. Negligent insider
Which of the following indicator identifies a network intrusion? a. Sudden decrease in bandwidth consumption is an indication of intrusion b. Rare login attempts from remote hosts c. Repeated probes of the available services on your machines d. Connection requests from IPs from those systems within the network range
c. Repeated probes of the available services on your machine
in which of the following hacking phases does an attacker use steganography and tunneling techniques to hide communication with the target for continuing access to the victims system and remain unnoticed and uncaught? reconisance scanning enumeration clearing tracks
clearing tracks
Sohum is carrying out a security check on a system. This security check involves carrying out a configuration-level check through the command line in order to identify vulnerabilities such as incorrect registry and file permissions, as well as software configuration errors. Which type of assessment is performed by sohum? External Assessment. network based assessment. host based assessment. internal assessment.
host based assessment
Which of the following hping command performs UDP scan on port 80? hping3 -2 <IP address> -p 80 hping3 -1 <IP Address> -p 80 Hping3 -A <Ip Address> -p 80 hping3 -F -P -U <ipAddress> -p 80
hping3-2 <IP Address> -p 80
Which of the following are valid types of rootkits? hypervisor level network level kernel level application level physical level. data access level
hypervisor level kernel level application level.
Identify the technique used by the attackers to execute malicious code remotely? Install malicious programs. Rootkits and steganography. Modify or delete logs. Sniffing network traffic.
install malicious Programs.
Which of the following Cisco IOS global commands is used to enable or disable DHCP snooping on one or more VLANs? no ip dhcp snooping information option ip dhcp snooping ip dhcp snooping vlan 4,104 switchport port-security mac-address sticky
ip dhcp snooping vlan 4,104
Which of the following techniques is used to place an executable in a particular path in such a way that it will be executed by the application in place of the legitimate target? File system permissions weakness path interception application shimming scheduled task.
path interception
Leas privilege is a security concept, which requires that a user is... limited to those functions which are required to do the job. given root or administrative privilege. trusted to keep all data and access to that data under their sole control. Given privilege equal to everyone else in the department.
limited to those functions which are required to do the job.
Which of the following ransomware is a dreadful data-encrypting parasite that not only infects the computer system but also has the ability to corrupt data on unmapped network shares? WannaCry Petya -NotPetya Mischa Locky
locky
Tesla is running an application with debug enabled in one of its system. Under which category of vulnerabilities can this flaw be classified? Design flaws. Operating system flaws. misconfiguration.. unpatched servers.
misconfiguration.
Which of the following windows utilities allow an attacker to perform NetBIOS enumeration? GetRequest. nbtstat. SetRequest. ntpdate.
nbtstat
Which of the following command does an attacker use to enumerate common web applications? nmap -p80 --script http-userdir -enum localhost nmap --script http-trace -p80 localhost nmap -p80 --script http-trace <host> nmap --script http-enum -p80 <host>
nmap --script http-enum -p80 <host>
Which of the following Nmap command is used by attackers to identify IPv6 capabilities of an IoT device? nmap -n -Pn -sS -pT:0-65535 -v -A -oX <Name><IP> nmap -n -Pn -sSU -pT:0-65535,U:0-65535 -v -A -oX <Name><IP> nmap -6 -n -Pn -sSU -pT:0-65535,U:0-65535 -v -A -oX <Name><IP> nmap -sA -P0 <IP>
nmap -6 -n -Pn -sSU -pT:0-65535,U:0-65535 -v -A -oX <Name><IP>
Which of the following commands does an attacker use to detect HTTP Trace? nmap -p80 --script http-userdir -enum localhost nmap --script hostmap <host> nmap -p80 --script http-trace <host> nmap --script http-enum -p80 <host>
nmap -p80 --script http-trace <host>
Which of the following command is used by the attackers to query the NTPD daemon about it's current state? NTPDate. NTPtrace. ntpdc. ntpq.
ntpdc.
Out of the following RFCrack commands, which command is used by an attacker to perform jamming? python RFCrack.py -i python RFCrack.py -r -M MOD_2FSK -F 314350000 python RFCrack.py -r -U "-75" -L "-5" -M MOD_2FSK -F 314350000 python RFCrack.py -j -F 314000000
python RFCrack.py -j -F 314000000
which of the following malware types restricts access to the computer systems files and folders, and demands a payment to the malware creators in order to remove the restrictions? ransomware adware spyware Trojan horse
ransomeware
Which type of scan is used on the eye to measure the layer of blood vessels? Facial recognition retinal scan iris scan signature kinetics scan
retinal scan
which one of the following software program helps the attackers to gain unauthorized access to a remote system and perform malicious activities? anti-spyware. keylogger. rootkit. antivirus.
rootkit
A hacker is attempting to see which ports have been left open on a network. Which NMAP switch would the hacker use? sO sP sS SU
sO
which of the following is a network based threat? session hijacking arbitrary code execution buffer overflow input validation flow
session hijacking
Which Google search query will search for any configuration files at a target certifiedhacker.com may have? allinurl: Certifiedhacker.com ext: xml | ext:conf | ext:cnf | ext:reg | ext:rdp | ext:cfg| ext:txt | ext:orga | ext.ini. site: certifiedhacker.com filtetype:xml | filetype:cnf | filetype:inf | filetype:rdp | filetype:cfg | filetype:txt | filetype:ora | filetype:ini. site: certifiedhacker.com ext: xml || ext: cnf || ext: reg || ext:rdp || ext:cfg || ext.ora || ext.ini.
site: certifiedhacker.com filetype:xml | filetype:cnf | filetype:inf | filetype:rdp | filetype:cfg | filetype:txt | filetype:ora | filetype:ini.
David, a penetration tester, was asked to check the MySQL database of the company for SQL injection attacks. He decided to check the back end database for a double blind SQL injection attack. He knows that double blind SQL injection exploitation is performed based on an analysis of time delays and he needs to use some functions to process the time delays. David wanted to use a function which does not use the processor resources of the server. Which of the following function David need to use? sleep() benchmark() mysql_query() addcslashes()
sleep()
Bad Pete would like to locally log onto a PC located inside a secure facility. He dresses like a delivery driver and holds a package outside of the secure facility and waits for someone to open the door. Once he gains entry, he finds an empty office with a PC and gains entry to the network. What is this type of activity known as? Social engineering Social equity attack Open door policy attack Personal attack
social engineering
Which of the following viruses infect only occasionally upon satisfying certain conditions or when the length of the file falls within a narrow range? cluster virus. sparse infector virus. encryption virus. stealth virus.
sparse infector virus.
Which of the following vulnerabilities allows attackers to trick a processor to exploit speculative execution to read restricted data? Meltdown. Dylib hijacking spectre dll hijacking
spectre
A network administrator wants to configure port security on a Cisco switch. Which of the following command helps the administrator to enable port security on an interface? switchport port-security maximum 1 switchport port-security switchport port-security aging time 2 switchport port-security aging type inactivity
switchport port-security
Which of the following command is used to set the maximum number of secure MAC addresses for the interface on a Cisco switch? switchport port-security violation restrict switchport port-security aging time 2 switchport port-security maximum 1 vlan access snmp-server enable traps port-security trap-rate 5
switchport port-security maximum 1 vlan access
Which of the following system table does MS SQL Server database use to store metadata? Hackers can use this system table to acquire database schema information to further compromise the database. sysdbs sysrows syscells sysobjects
sysobjects
What is the correct pcap filter to capture all transmission control protocol (TCP)traffic going to or from host 192.168.0.125 on port 25? tcp.src == 25 and ip.host == 192.168.0.125 host 192.168.0.125:25 port 25 and host 192.168.0.125 tcp.port == 25 and ip.addr == 192.168.0.125
tcp.port == 25 and ip.addr == 192.168.0.125
How can telnet be used to fingerprint a web server? telnet webserverAddress 80 HEAD / HTTP/1.0 telnet webserverAddress 80 PUT / HTTP/1.0 telnet webserverAddress 80 HEAD / HTTP/2.0 telnet webserverAddress 80 PUT / HTTP/2.0
telnet webserverAddress 80 HEAD / HTTP/1.0
an ecommerce site was put into a live environment and the programmers failed to remove the secret entry point ( bits of code embedded in programs) that was used during the application development to quickly gain access at a later time, often during the testing or debugging phase. what is this entry point known as? sdlc process honey pot sql injection trap door
trap door
Which of the following commands has to be disabled to prevent exploitation at the OS level? execute xp_cmdshell cat ping
xp_cmdshell
a newly discovered flaw in software application would be considered as which kind of security vulnerability? input validation flaw http header injection vulnerability zero day vulnerability time to check time to use flaw
zero day vulnerabity