fourth test
Which of the following is a Metasploit post-exploitation module that is used to escalate privileges on systems? keylogrecorder getsystem (Correct) getuid (Incorrect) autoroute
getsystem
Which of the following is an anonymizer that masks real IP addresses and ensures complete and continuous anonymity for all online activities? https://www.wolframalpha.com https://karmadecay.com https://www.guardster.com https://www.baidu.com
https://www.guardster.com
Alex received an order to conduct a pentest and scan a specific server. When receiving the technical task, he noticed the point: "The attacker must scan every port on the server several times using a set of spoofed source IP addresses." Which of the following Nmap flags will allow Alex to fulfill this requirement? -f -D -S -A
-A
The date and time of the remote host can theoretically be used against some systems to use weak time-based random number generators in other services. Which option in Zenmap will allow you to make ICMP Timestamp ping? -PP -PN -PU -PY
-PP
Which of the following parameters is Nmap helps evade IDS or firewalls? -T -r -R -A
-T
When scanning with Nmap, you found a firewall. Now you need to determine whether it is a stateful or stateless firewall. Which of the following options is best for you to use? -sT -sO -sM -sA
-sA
You need to hide the file in the Linux system. Which of the following characters will you type at the beginning of the filename? _ (Underscore) ! (Exclamation mark) ~ (Tilda) . (Period)
. (Period)
Andrew, an evil hacker, research the website of the company which he wants to attack. During the research, he finds a web page and understands that the company's application is potentially vulnerable to Server-side Includes Injection. Which web-page file type did Andrew find while researching the site? .stm .cms .rss .html
.stm
Lisandro was hired to steal critical business documents of a competitor company. Using a vulnerability in over-the-air programming (OTA programming) on Android smartphones, he sends messages to company employees on behalf of the network operator, asking them to enter a PIN code and accept new updates for the phone. After the employee enters the PIN code, Lisandro gets the opportunity to intercept all Internet traffic from the phone. What type of attack did Lisandro use? Tap 'n ghost attack. Social engineering. Advanced SMS phishing Bypass SSL pinning.
Advanced SMS phishing.
John sends an email to his colleague Angela and wants to ensure that the message will not be changed during the delivery process. He creates a checksum of the message and encrypts it using asymmetric cryptography. What key did John use to encrypt the checksum? Angela's public key. His own public key. His own private key. Angela's private key
Angela's public key.
Are you sure your network is perfectly protected and no evil hacker Ivan listens to all your traffic? What, ignorance is the greatest source of happiness. There is a powerful tool written in Go that will allow an attacker to carry out a Man in the middle (MITM) attack using, for example, ordinary arp spoofing. What kind of tool are we talking about? Gobbler DerpNSpoof BetterCAP Wireshark
BetterCAP
Identify the type of SQLi by description: This type of SQLi doesn't show any error message. Its use may be problematic due to as it returns information when the application is given SQL payloads that elicit a true or false response from the server. When the attacker uses this method, an attacker can extract confidential information by observing the responses. Out-of-band SQLi Blind SQLi Union SQLi Error-based SQLi
Blind SQLi
Symmetric-key block cipher having a classical 12- or 16-round Feistel network with a block size of 64 bits for encryption, which includes large 8 × 32-bit S-boxes based on bent functions, modular addition and subtraction, key-dependent rotation, and XOR operations. This cipher also uses a "masking" key and a "rotation" key for performing its functions. GOST CAST-128 AES DES
CAST-128
Such techniques as, for example, password cracking or enumeration are much more efficient and faster if performed using a wordlist. Of course, there are a huge number of them in different directions on the Internet or already installed in your Kali or Parrot OS, but an attacker can create his wordlist specifically for the target he is attacking. This requires conducting intelligence and collecting information about the victim. Many tools allow you to automate this process. Which of the following tools can scan a website and create a wordlist? Psiphon Orbot CeWL Shadowsocks
CeWL
Ivan, a black hacker, wants to get information about IoT cameras and devices used by the attacked company. For these purposes, he will use a tool that collects information about the IoT devices connected to a network, open ports and services, and the attack surface area. Thanks to this tool, Ivan constantly monitors every available server and device on the internet. This opportunity will allow him to exploit these devices in the future. Which of the following tools did Ivan use to carry out this attack? Censys NeuVector Lacework Wapiti
Censys
The attacker knows about a vulnerability in a bare-metal cloud server that can enable him to implant malicious backdoors in firmware. Also, the backdoor can persist even if the server is reallocated to new clients or businesses that use it as an IaaS. What type of cloud attack can be performed by an attacker exploiting the vulnerability discussed in the above scenario? Man-in-the-cloud (MITC) attack Cloud cryptojacking Metadata spoofing attack Cloudborne attack
Cloudborne attack
Ivan, an evil hacker, spreads Emotet malware through the malicious script in the organization he attacked. After infecting the device, he used Emote to spread the infection across local networks and beyond to compromise as many machines as possible. He reached this thanks to a tool which is a self-extracting RAR file (containing bypass and service components) to retrieve information related to network resources such as writable share drives. What tool did Ivan use? Mail PassView Credential enumerator Outlook scraper NetPass.exe
Credential enumerator
Scammers can query the DNS server to determine whether a specific DNS record is cached, thereby determining your organization's browsing habits. This can disclose sensitive information such as financial institutions visited recently or other sensitive websites that a company might not want to be public knowledge of. Which of the proposed attacks fits this description? DNS zone walking DNS cache poisoning DNS cache snooping DNSSEC zone walking
DNS cache snooping
John, a black hat hacker, wants to find out if there are honeypots in the system that he will attack. For this purpose, he will use a time-based TCP fingerprinting method to validate the response to a computer and the response of a honeypot to a manual SYN request. Identify which of the following techniques will John use? Detecting the presence of UML Honeypot. Detecting the presence of Sebek-based honeypots. Detecting the presence of Snort_inline honeypots. Detecting the presence of Honeyd honeypots.
Detecting the presence of Honeyd honeypots.
Ivan, a black hat hacker, got the username from the target environment. In conditions of limited time, he decides to use a list of common passwords, which he will pass as an argument to the hacking tool. Which of the following is the method of attack that Ivan uses? Smudge attack. Password spraying attack. Known plaintext attack. Dictionary attack.
Dictionary attack.
Identify the technology according to the description: It's an open-source technology that can help in developing, packaging, and running applications. Also, the technology provides PaaS through OS-level virtualization, delivers containerized software packages, and promotes fast software delivery. This technology can isolate applications from the underlying infrastructure and stimulating communication via well-defined channels. Virtual machine Docker Serverless computing Paravirtualization
Docker
Evil hacker Ivan knows that his target point and user are compatible with WPA2 and WPA 3 encryption mechanisms. He decided to install a rogue access point with only WPA2 compatibility in the vicinity and forced the victim to go through the WPA2 four-way handshake to connect. As soon as the connection is established, Ivan plans to use automated tools to crack WPA2-encrypted messages. Which of the following attacks does Ivan want to perform? Timing-based attack Cache-based attack Side-channel attack Downgrade security attack
Downgrade security attack
Which of the following types of attack does the use of Wi-Fi Pineapple belong to run an access point with a legitimate-looking SSID for a nearby business? MAC spoofing attack Wardriving attack Evil-twin attack Phishing attack
Evil-twin attack
Adam is a shopaholic, and he constantly surfs on the Internet in search of discounted products. The hacker decided to take advantage of this weakness of Adam and sent a fake email containing a deceptive page link to his social media page with information about a sale. Adam anticipating the benefit didn't notice the malicious link, clicked on them and logged in to that page using his valid credentials. Which of the following tools did the hacker probably use? XOIC Evilginx PyLoris sixnet-tools
Evilginx
The boss has instructed you to test the company's network from the attacker's point of view to find out what exploits and vulnerabilities are accessible to the outside world by using devices such as firewalls, routers, and servers. During this process, you should also external assessment estimates the threat of network security attacks external to the organization. What type of vulnerability assessment should you perform?
External assessments
Storing cryptographic keys carries a particular risk. In cryptography, there is a mechanism in which a third party stores copies of private keys. By using it, you are can ensure that in the case of a catastrophe, be it a security breach, lost or forgotten keys, natural disaster, or otherwise, your critical keys are safe. What is the name of this mechanism? Key escrow Key schedule Key whitening Key encapsulation
Key escrow
Your boss has instructed you to introduce a hybrid encryption software program into a web application to secure email messages. You are planning to use free software that uses both symmetric-key cryptography and asymmetric-key cryptography for improved speed and secure key exchange. Which of the following meets these requirements? GPG SMTP S/MIME PGP
GPG
John, a black hacker, is trying to do an SMTP enumeration. What useful information can John gather during a Simple Mail Transfer Protocol enumeration? He can use the internal command RCPT provides a list of ports open. He can find information about the daily outgoing message limits before mailboxes are locked. He can receive a list of all mail proxy server addresses used by the company. He can use two internal commands VRFY and EXPN, which provide information about valid users, email addresses, etc.
He can use two internal commands VRFY and EXPN, which provide information about valid users, email addresses, etc.
-sO -sM -sT
IP Protocol Scan (-sO) : IP protocol scan allows you to determine which IP protocols (TCP, ICMP, IGMP, etc.) are supported by target machines. This isn't technically a port scan, since it cycles through IP protocol numbers rather than TCP or UDP port numbers. TCP Maimon Scan (-sM) : This technique is exactly the same as NULL, FIN, and Xmas scan, except that the probe is FIN/ACK. TCP Connect Scan (-sT): TCP connect scan is the default TCP scan type when SYN scan is not an option. This is the case when a user does not have raw packet privileges or is scanning IPv6 networks. Instead of writing raw packets as most other scan types do, Nmap asks the underlying operating system to establish a connection with the target machine and port by issuing the connect system call. T
In which of the following cloud service models do you take full responsibility for the maintenance of the cloud-based resources? SaaS IaaS PaaS BaaS
IaaS
The attacker disabled the security controls of NetNTLMv1 by modifying the values of LMCompatibilityLevel, NTLMMinClientSec, and RestrictSendingNTLMTraffic. His next step was to extract all the non-network logon tokens from all the active processes to masquerade as a legitimate user to launch further attacks. Which of the following attacks was performed by the attacker? Dictionary attack Phishing attack Rainbow table attack Internal monologue attack
Internal monologue attack
Ivan, a black hacker, wants to attack the target company. He thought about the fact that vulnerable IoT devices could be used in the company. To check this, he decides to use the tool, scan the target network for specific types of IoT devices and detect whether they are using the default, factory-set credentials. Which of the following tools will Ivan use? IoTSeeker Cloud IoT Core Azure IoT Central Bullguard IoT
IoTSeeker
Which of the following is a rootkit that adds additional code or replaces portions of the core operating system to obscure a backdoor on a system? Application-level Rootkit. User-mode rootkit. Kernel-level rootkit. Hypervisor-level rootkit.
Kernel-level rootkit.
Alex was assigned to perform a penetration test against a website using Google dorks. He needs to get results with file extensions. Which operator should Alex use to achieve the desired result? filetype: site: define: inurl:
filetype:
You need to increase the security of keys used for encryption and authentication. For these purposes, you decide to use a technique to enter an initial key to an algorithm that generates an enhanced key resistant to brute-force attacks. Which of the following techniques will you use? Key reinstallation KDF PKI Key stretching
Key stretching
Which of the following is a Kubernetes component that can assign nodes based on the overall resource requirement, data locality, software/hardware/policy restrictions, and internal workload interventions? cloud-controller-manager Kube-scheduler Kube-apiserver Kube-controller-manager
Kube-scheduler
Black-hat hacker Ivan attacked the SCADA system of the industrial water facility. During the exploration process, he discovered that outdated equipment was being used, the human-machine interface (HMI) was directly connected to the Internet and did not have any security tools or authentication mechanism. This allowed Ivan to control the system and influence all processes (including water pressure and temperature). What category does this vulnerability belong to? Credential Management. Lack of Authorization/Authentication and Insecure Defaults. Memory Corruption. Code Injection.
Lack of Authorization/Authentication and Insecure Defaults.
Your company started working with a cloud service provider, and after a while, they were disappointed with their service and wanted to move to another CSP. Which of the following can become a problem when changing to a new CSP? Lock-in Virtualization Lock-down Lock-up
Lock-in
Which of the following is the type of attack that tries to overflow the CAM table? DNS flood Evil twin attack MAC flooding DDoS attack
MAC flooding
Passwords are rarely stored in plain text, most often, one-way conversion (hashing) is performed to protect them from unauthorized access. However, there are some attacks and tools to crack the hash. Look at the following tools and select the one that can NOT be used for this. Ophcrack John the Ripper Netcat Hashcat
Netcat Netcat is a utility capable of establishing a TCP or UDP connection between two computers, meaning it can write and read through an open port. With the help of the program, files can be transferred and commands can be executed in some instances.
Which of the following tools is an automated tool that eases his work and performs vulnerability scanning to find hosts, services, and other vulnerabilities in the target server?
Netsparker
During testing, you discovered a vulnerability that allows hackers to gain unauthorized access to API objects and perform actions such as viewing, updating and deleting sensitive data. Which of the following API vulnerabilities have you found? No ABAC validation. Business Logic Flaws. RBAC Privilege Escalation. Code Injections.
No ABAC validation.
You have been instructed to collect information about specific threats to the organization. You decide to collect the information from humans, social media, chat rooms, and events that resulted in cyberattacks. You also prepared a report that includes identified malicious activities, recommended courses of action, and warnings for emerging attacks in this process. Thanks to this information, you were able to disclose potential risks and gain insight into attacker methodologies. What is the type of threat intelligence collected by you? Strategic threat intelligence. Tactical threat intelligence. Operational threat intelligence. Technical threat intelligence.
Operational threat intelligence.
ophcrack
Ophcrack is a password cracker based on rainbow tables, a method that makes it possible to speed up the cracking process by using the result of calculations done in advance and stored rainbow tables.
The company "Work Town" hired a cybersecurity specialist to perform a vulnerability scan by sniffing the traffic on the network to identify the active systems, network services, applications, and vulnerabilities. What type of vulnerability assessment should be performed for "Work Town"? Active assessment. Internal assessment. Passive assessment. External assessment.
Passive assessment.
Identify the type of fault injection attack to IoT device by description: During this attack attacker injects faults into the power supply that can be used for remote execution, also causing the skipping of key instructions. Also, an attacker injects faults into the clock network used for delivering a synchronized signal across the chip.
Power/clock/reset glitching
Whois services allow you to get a massive amount of valuable information at the stage of reconnaissance. Depending on the target's location, they receive data from one of the five largest regional Internet registries (RIR). Which of the following RIRs should the Whois service contact if you want to get information about an IP address registered in France? RIPE NCC ARIN LACNIC APNIC
RIPE NCC
The company hired a cybersecurity specialist to conduct an audit of their mobile application. On the first day of work, the specialist suggested starting with the fact that he would extract the source code of a mobile application and disassemble the application to analyze its design flaws. He is sure that using this technique, he can fix bugs in the application, discover underlying vulnerabilities, and improve defence strategies against attacks. Which of the following techniques will the specialist use?
Reverse Engineering
Have you spent a lot of time and money on creating photo materials for your business? You probably don't want anyone else to use them. But you don't need to hire a cool hacker to solve this problem. There is a reasonably simple method using search engines to search for photographs, profile pictures, and memes. What method are we talking about? Metasearch engines Google dorking Google advanced search Reverse image search
Reverse image search
The attacker wants to draw a map of the target organization's network infrastructure to know about the actual environment they will hack. Which of the following will allow him to do this? Vulnerability analysis Scanning networks Network enumeration Malware analysis
Scanning networks
Which of the following algorithms is a symmetric key block cipher with a block size of 128 bits representing a 32-round SP-network operating on a block of four 32-bit words? Serpent RC4 CAST-128 SHA-256
Serpent
Enabling SSI directives allows developers to add dynamic code snippets to static HTML pages without using full-fledged client or server languages. However, suppose the server is incorrectly configured (for example, allowing the exec directive) or the data is not strictly verified. In that case, an attacker can change or enter directives to perform malicious actions. What kind of known attack are we talking about? Server-side includes injection CRLF injection Server-side template injection Server-side JS injection
Server-side includes injection
At which of the following steps of the Cyber Kill Chain is the creation of a malware weapon, for example, such as a malicious file disguised as a financial spreadsheet? Delivery Reconnaissance Exploitation Weaponization
Weaponization
Alexa, a college student, decided to go to a cafe. While waiting for her order, she decided to connect to a public Wi-Fi network without additional security tools such as a VPN. How can she verify that nobody is not performing an ARP spoofing attack on her laptop? 1. She should scan the network using Nmap to check the MAC addresses of all the hosts and look for duplicates. 2. She can't identify such an attack and must use a VPN to protect her traffic. 3. She should use netstat to check for any suspicious connections with another IP address within the LAN. 4. She should check her ARP table and see if there is one IP address with two different MAC addresses.
She should check her ARP table and see if there is one IP address with two different MAC addresses.
The attacker created a fraudulent email with a malicious attachment and sent it to employees of the target organization. The employee opened this email and clicked on the malicious attachment. Because of this, the malware was downloaded and injected into the software used in the victim's system occurred. Further, the malware propagated itself to other networked systems and finally damaging the industrial automation component. Which of the following attack techniques was used by the attacker? HMI-based attack (Incorrect) SMishing attack Reconnaissance attack Spear-phishing attack (Correct)
Spear-phishing attack
In which of the following attacks does the attacker receive information from data sources such as voice assistants, multimedia messages, and audio files by using a malicious app to breach speech privacy? Spearphone attack DroidDream Smudge attack SIM swap scam
Spearphone attack
Modern security mechanisms can stop various types of DDoS attacks, but if they only check incoming traffic and mostly ignore return traffic, attackers can bypass them under the disguise of a valid TCP session by carrying an SYN, multiple ACK, and one or more RST or FIN packets. What is the name of such an attack? Spoofed session flood attack. Peer-to-peer attack. UDP flood attack. Ping-of-death attack.
Spoofed session flood attack.
Experienced employees of the EC-Council monitor the market of security providers every day in search of the best solutions for your business. According to EC-Council experts, which vulnerability scanner combines comprehensive static and dynamic security checks to detect vulnerabilities such as XSS, File Inclusion, SQL injection, command execution, and more? AT&T USM Anywhere Cisco ASA Saleae Logic Analyzer Syhunt Hybrid
Syhunt Hybrid
Which term from the following describes a set of vulnerabilities that allows spyware to be installed on smartphones with the iOS operating system, allowing those who conducted espionage to track and monitor every action on the device? Androrat Zscaler Trident DroidSheep
Trident
Which of the following USB tools using to copy files from USB devices silently? USBSnoopy USBSniffer USBGrabber USBDumper
USBDumper
Identify the type of SQL injection where attacks extend the results returned by the original query, enabling attackers to run two or more statements if they have the same structure as the original one? Union SQL injection Error-based SQL Injection Blind SQL Injection
Union SQL injection
You have been instructed to organize the possibility of working remotely for employees. Their remote connections could be exposed to session hijacking during the work, and you want to prevent this possibility. You decide to use the technology that creates a safe and encrypted tunnel over a public network to securely send and receive sensitive information and prevent hackers from decrypting the data flow between the endpoints. Which of the following technologies will you use? DMZ Split tunneling VPN Bastion host
VPN
This attack exploits a vulnerability that provides additional routing information in the SOAP header to support asynchronous communication. Also, it further allows the transmission of web-service requests and response messages using different TCP connections. Which of the following attacks matches the description above? SOAPAction spoofing XML Flooding WS-Address spoofing Soap Array Attack
WS-Address spoofing
Which of the following SOAP extensions apply security to Web services and maintain the integrity and confidentiality of messages? WS-Policy WS-BPEL WSDL WS-Security
WS-Security
During the pentest, Maria, the head of the blue team, discovered that the new online service has problems with the authentication mechanism. The old password can be reset by correctly answering the secret question, and the sending form does not have protection using a CAPTCHA, which allows a potential attacker to use a brute force attack. What is the name of such an attack in the Enumeration of Common Disadvantages (CWE)? User impersonation. Verbose failure messages. Weak password recovery mechanism. Insecure transmission of credentials.
Weak password recovery mechanism.
In this security model, every user in the network maintains a ring of public keys. Also, a user needs to encrypt a message using the receiver's public key, and only the receiver can decrypt the message using their private key. Transport Layer Security Secure Socket Layer Web of trust Zero trust security model
Web of trust
Lisandro plans to steal confidential information from the company, for this he uses a phishing attack in which he sends a letter to an employee of the company on behalf of one of the senior managers of the company (or even the CEO himself) with instructions to urgently provide the necessary information. What type of phishing is used in the attack? Clone phishing Whaling Vishing Spear phishing
Whaling
You want to prevent possible SQLi attacks on your site. To do this, you decide to use a practice whereby only a list of entities such as the data type, range, size, and value, which have been approved for secured access, is accepted. Which of the following practices are you going to adopt? Whitelist validation. Output encoding. Blacklist validation. Enforce least privileges.
Whitelist validation.
Which of the following is a type of malware that spreads from one system to another or from one network to another and causes similar types of damage as viruses to do to the infected system? Rootkit Adware Worm Trojan
Worm
XOIC PyLoris sixnet
XOIC is a DDoS attacking tool. PyLoris is aslow HTTP DoS tool which enables the attacker to craft its own HTTP request headers. sixnet-tools is a tool for exploiting sixnet RTUs.
Which antenna is commonly used in communications for a frequency band of 10 MHz to VHF and UHF? Yagi antenna Omnidirectional antenna Parabolic grid antenna Dipole antenna
Yagi antenna
Identify technique for securing the cloud resources according to describe below: This technique assumes by default that a user attempting to access the network is not an authentic entity and verifies every incoming connection before allowing access to the network. When using this technique imposed conditions such that employees can access only the resources required for their role. Container technology Serverless computing DMZ Zero trust network
Zero trust network
Identify Google advanced search operator which helps an attacker gather information about websites that are similar to a specified target URL? [site:] [related:] [inurl:] [link:]
[related:]
WPS is a rather troubled wireless network security standard. While it can make your life easier, it is also vulnerable to attacks. An attacker within radio range can brute-force the WPS PIN for a vulnerable access point, obtain WEP or WPA passwords, and likely gain access to the Wi-Fi network. However, first, the attacker needs to find a vulnerable point. Which of the following tools is capable of determining WPS-enabled access points? macof ntptrace wash net view
wash