CEH
If executives are found liable for not properly protecting their company's assets and information systems, what type of law would apply in this situation?
Civil
Chandler works as a pen-tester in an IT-firm in New York. As a part of detecting viruses in the systems, he uses a detection method where the anti-virus executes the malicious codes on a virtual machine to simulate CPU and memory activities. Which type of virus detection method did Chandler use in this context?
Code Emulation
Identify the web application attack where the attackers exploit vulnerabilities in dynamically generated web pages to inject client-side script into web pages viewed by other users.
Cross-Site Scripting (XSS)
Sam is working as s pen-tester in an organization in Houston. He performs penetration testing on IDS in order to find the different ways an attacker uses to evade the IDS. Sam sends a large amount of packets to the target IDS that generates alerts, which enable Sam to hide the real traffic. What type of method is Sam using to evade IDS?
False Positive Generation
If a tester is attempting to ping a target that exists but receives no response or a response that states the destination is unreachable, ICMP may be disabled and the network may be using TCP. Which other option could the tester use to get a response from a host using TCP?
Hping
Which protocol is used for setting up secure channels between two devices, typically in VPNs?
IPSEC
You are a security officer of a company. You had an alert from IDS that indicates that one PC on your Intranet is connected to a blacklisted IP address (C2 Server) on the Internet. The IP address was blacklisted just before the alert. You are staring an investigation to roughly analyze the severity of the situation. Which of the following is appropriate to analyze?
Internet Firewall/Proxy log
Bob finished a C programming course and created a small C application to monitor the network traffic and produce alerts when any origin sends "many" IP packets, based on the average number of packets sent by all origins and using some thresholds. In such concept, the solution developed by Bob is actually:
Just a network monitoring tool
Which of the following is a passive wireless packet analyzer that works on Linux-based systems?
Kismet
How can rainbow tables be defeated?
Password Salting
In an internal security audit, the white hat hacker gains control over a user account and attempts to acquire access to another account's confidential files and information. How can he achieve this?
Privilege Escalation
A tester has been hired to do a web application security test. The tester notices that the site is dynamic and must make use of a back end database. In order for the tester to see if SQL injection is possible, what is the first character that the tester should use to attempt breaking a valid SQL request?
Single quote
Which of the following statements is TRUE?
Sniffers operate on Layer 2 of the OSI model
You are attempting to run an Nmap port scan on a web server. Which of the following commands would result in a scan of common ports with the least amount of noise in order to evade IDS?
nmap -sT -O -T0
OpenSSL on Linux servers includes a command line tool for testing TLS. What is the name of the tool and the correct syntax to connect to a web server?
openssl s_client -connect www.website.com:443
A hacker has successfully infected an internet-facing server which he will then use to send junk mail, take part in coordinated attacks, or host junk email content. Which sort of trojan infects this server?
Botnet Trojan
A virus that attempts to install itself inside the file it is infecting is called?
Cavity Virus
If you want only to scan fewer ports than the default scan using Nmap tool, which option would you use?
-P
Cross-site request forgery involves:
A browser making a request to a server without the user's knowledge
In which of the following cryptography attack methods, the attacker makes a series of interactive queries, choosing subsequent plaintexts based on the information from the previous encryptions?
Adaptive Chosen-Plaintext Attack
