Intro to EH
Which of the following attack vectors is a network attack in which an unauthorized person gains access to a network and stays there undetected for a long period of time? The intention of this attack is to steal data rather than to cause damage to the network or organization. Advanced Persistent Threats Mobile Threats Botnet Insider Attack
Advanced Persistent Threats
What is the objective of a reconnaissance phase in a hacking life-cycle? Gathering as much information as possible about the target. Identifying specific vulnerabilities in the target network. Gaining access to the target system and network. Gaining access to the target system with admin/root level privileges.
Gathering as much information as possible about the target.
Juan is the administrator of a Windows domain for a global corporation. He uses his knowledge to scan the internal network to find vulnerabilities without the authorization of his boss; he tries to perform an attack and gain access to an AIX server to show the results to his boss. What kind of role is shown in the scenario? Gray Hat hacker Black Hat hacker White Hat hacker Annoying employee
Gray Hat hacker
Which of the following category of information warfare is a sensor-based technology that directly corrupts technological systems? Electronic warfare Intelligence-based warfare Command and control warfare (C2 warfare) Economic warfare
Intelligence-based warfare
You have been hired to do an ethical hacking (penetration Testing) for a company. Which is the first thing you should do in this process? Network information gathering Perimeter Testing Escalating Privileges Acquiring Target
Network information gathering
A computer technician is using the latest version of a word-processing software and discovers that a particular sequence of characters is causing the entire computer to crash. The technician researches the bug and discovers that no one else has experienced the problem. What is the appropriate next step? Ignore the problem completely and let someone else deal with it. Create a document that will crash the computer when opened and send it to friends. Find an underground bulletin board and attempt to sell the bug to the highest bidder. Notify the vendor of the bug and do not disclose it until the vendor gets a chance to issue a fix.
Notify the vendor of the bug and do not disclose it until the vendor gets a chance to issue a fix.
Ransomware encrypts the files and locks systems, thereby leaving the system in an unusable state. The compromised user has to pay ransom to the attacker to unlock the system and get the files decrypted. Petya delivers malicious code can that even destroy the data with no scope of recovery. What is this malicious code called? Bot Payload Vulnerability Honeypot
Payload
Which method can provide a better return on IT security investment and provide a thorough and comprehensive assessment of organizational security covering policy, procedure design, and implementation? Penetration testing Social engineering Vulnerability scanning Access control list reviews
Penetration testing
Which of the following can an administrator do to verify that a tape backup can be recovered in its entirety? Restore a random file. Perform a full restore. Read the first 512 bytes of the tape. Read the last 512 bytes of the tape.
Perform a full restore.
Which of the following techniques is used to distribute malicious links via some communication channel such as mails to obtain private information from the victims? Dumpster diving Phishing Piggybacking Vishing
Phishing
Highlander, Incorporated, is a medical insurance company with several regional company offices in North America. There are various types of employees working in the company, including technical teams, sales teams, and work-from-home employees. Highlander takes care of the security patches and updates of official computers and laptops; however, the computers or laptops of the work-from-home employees are to be managed by the employees or their ISPs. Highlander employs various group policies to restrict the installation of any third-party applications. As per Highlander's policy, all the employees are able to utilize their personal smartphones to access the company email in order to respond to requests for updates. Employees are responsible for keeping their phones up to date with the latest patches. The phones are not used to directly connect to any other resources in the Highlander, Incorporated, network. The database that hosts the information collected from the insurance application is hosted on a cloud-based file server, and their email server is hosted on Office 365. Other files created by employees get saved to a cloud-based file server, and the company uses work folders to synchronize offline copies back to their devices. Apart from Highlander employees, no one can access the cloud service. What type of cloud service is Highlander using? Private cloud Public loud Community cloud Hybrid cloud
Private cloud
Which of the following can be categorized as a host-based threat? IDS bypass Distributed Denial-of Service Privilege escalation Man-in-the-Middle attack
Privilege escalation
Which of the following malware types restricts access to the computer system's files and folders, and demands a payment to the malware creator(s) in order to remove the restrictions? Ransomeware Adware Spyware Trojan Horse
Ransomeware
Company XYZ is one of the most famous and well-known organization across the globe for its cyber security services. It has received Best Cyber Security Certification Provider Award for three consecutive times. One day, a hacker identified severe vulnerability in XYZ's website and exploited the vulnerabilities in the website successfully compromising customers' private data. Besides the loss of data and the compromised network equipment, what has been the worst damage for Company XYZ? Reputation. Routers. Customers. Credit Score.
Reputation
In which phase of risk management process does an analyst calculate the organization's risks and estimate the likelihood and impact of those risks? Risk assessment Risk identification Risk treatment Risk monitoring and review
Risk assessment
Which United States legislation mandates that the chief executive officer (CEO) and the chief financial officer (CFO) must sign statements verifying the completeness and accuracy of financial reports? Sarbanes-Oxley Act (SOX) Gramm-Leach-Bliley Act (GLBA) Fair and Accurate Credit Transactions Act (FACTA) Federal Information Security Management Act (FISMA)
Sarbanes-Oxley Act (SOX)
In which of the following hacking phases does an attacker try to detect listening ports to find information about the nature of services running on the target machine? Scanning Gaining access Maintaining access Clearing Track
Scanning
Which of the following is a network based threat? Session hijacking Arbitrary code execution Buffer overflow Input validation flaw
Session hijacking
An e-commerce site was put into a live environment and the programmers failed to remove the secret entry point (bits of code embedded in programs) that was used during the application development to quickly gain access at a later time, often during the testing or debugging phase. What is this secret entry point known as? SDLC process Honey pot SQL injection Trap door
Trap door
Which of the following statements correctly defines a zero-day attack? An attack that exploits vulnerabilities before the software developer releases a patch for the vulnerability. An attack that exploits vulnerabilities after the software developer releases a patch for the vulnerability. An attack that could not exploit vulnerabilities even though the software developer has not released a patch. An attack that exploits an application even if there are zero vulnerabilities.
An attack that exploits vulnerabilities before the software developer releases a patch for the vulnerability.
Arturo is the leader of information security professionals of a small financial corporation that has a few branch offices in Africa. The company suffered an attack of USD 10 million through an interbanking system. The CSIRT explained to Arturo that the incident occurred because 6 months ago the hackers came in from the outside through a small vulnerability, then they did a lateral movement to the computer of a person with privileges in the interbanking system. Finally, the hackers got access and did the fraudulent transactions. What is the most accurate name for the kind of attack in this scenario? APT Internal Attack External Attack Backdoor
APT
Highlander, Incorporated, is a medical insurance company with several regional company offices in North America. Employees, when in the office, utilize desktop computers that have Windows 10, Microsoft Office, anti-malware/virus software, and an insurance application developed by a contractor. All of the software updates and patches are managed by the IT department of Highlander, Incorporated. Group policies are used to lock down the desktop computers, including the use of Applocker to restrict the installation of any third-party applications. There are one hundred employees who work from their home offices. Employees who work from home use their own computers, laptops, and personal smartphones. They authenticate to a cloud-based domain service, which is synchronized with the corporate internal domain service. The computers are updated and patched through the cloud-based domain service. Applocker is not used to restrict the installation of third-party applications. The database that hosts the information collected from the insurance application is hosted on a cloud-based file server, and their email server is hosted on Office 365. Other files created by employees get saved to a cloud-based file server, and the company uses work folders to synchronize offline copies back to their devices. A competitor learns that employees use their own personal smartphones to communicate with other employees of Highlander, Incorporated. Which information security attack vector should the competitor use to gather information over a long period of time from the phones, without the victim being aware that he or she has been compromised? Advanced Persistent Threat Viruses and Worms Mobile Threats Botnet
Advanced Persistent Threat
Highlander, Incorporated, is a medical insurance company with several regional company offices in North America. Employees, when in the office, utilize desktop computers that have Windows 10, Microsoft Office, anti-malware/virus software, and an insurance application developed by a contractor. All of the software updates and patches are managed by the IT department of Highlander, Incorporated. Group policies are used to lock down the desktop computers, including the use of Applocker to restrict the installation of any third-party applications. There are one hundred employees who work from their home offices. Employees who work from home use their own computers, laptops, and personal smartphones. They authenticate to a cloud-based domain service, which is synchronized with the corporate internal domain service. The computers are updated and patched through the cloud-based domain service. Applocker is not used to restrict the installation of third-party applications. The protocol that they have chosen is Authentication Header (AH). The database that hosts the information collected from the insurance application is hosted on a cloud-based file server, and their email server is hosted on Office 365. Other files created by employees get saved to a cloud-based file server and the company uses work folders to synchronize offline copies back to their devices. A competitor has finished the reconnaissance and scanning phases of their attack. They are going to try to gain access to the Highlander, Incorporated, laptops. Which would be the most likely level to gain access? Application Level Operating System Network Level Hardware Level
Application Level
In which of the following hacking phases does an attacker use steganography and tunneling techniques to hide communication with the target for continuing access to the victim's system and remain unnoticed and uncaught? Reconnaissance Scanning Enumeration Clearing Track
Clearing Track
Highlander, is a medical insurance company with several regional company offices in North America. Employees, when in the office, utilize desktop computers that have Windows 10, Microsoft Office, anti-malware/virus software, and an insurance application developed by a contractor. All the software updates and patches are managed by the IT department of Highlander, Incorporated. Group policies are used to lock down the desktop computers, including the use of Applocker to restrict the installation of any third-party applications. There are one hundred employees who work from their home offices. Employees who work from home use their own computers, laptops, and personal smartphones. They authenticate to a cloud-based domain service, which is synchronized with the corporate internal domain service. The computers are updated and patched through the cloud-based domain service. Applocker is not used to restrict the installation of third-party applications. The database that hosts the information collected from the insurance application is hosted on a cloud-based file server, and their email server is hosted on Office 365. Other files created by employees get saved to a cloud-based file server, and the company uses work folders to synchronize offline copies back to their devices. Based on the knowledge of the network topology and trends in network security, what would be the primary target of a hacker trying to compromise Highlander? Cloud Based File Server Company Desktops Personal Laptops Personal Smartphones
Cloud Based File Server
What is the name of the international standard that establishes a baseline level of confidence in the security functionality of IT products by providing a set of requirements for evaluation? Blue Book ISO 26029 Common Criteria The Wassenaar Agreement
Common Criteria
Highlander, Incorporated, is a medical insurance company with several regional company offices in North America. Employees, when in the office, utilize desktop computers that have Windows 10, Microsoft Office, anti-malware/virus software, and an insurance application developed by a contractor. All the software updates and patches are managed by the IT department of Highlander, Incorporated. Group policies are used to lock down the desktop computers, including the use of Applocker to restrict the installation of any third-party applications. There are one hundred employees who work from their home offices. Employees who work from home use their own computers, laptops, and personal smartphones. They authenticate to a cloud-based domain service, which is synchronized with the corporate internal domain service. The computers are updated and patched through the cloud-based domain service. Applocker is not used to restrict the installation of third-party applications. The laptops utilize direct access to automatically connect their machines to the Highlander, Incorporated, network when they are not in the regional offices. The laptops are set up to use IPsec when communicating with the cloud-based file server. The protocol that they have chosen is Authentication Header (AH). The database that hosts the information collected from the insurance application is hosted on a cloud-based file server, and their email server is hosted on Office 365. Other files created by employees get saved to a cloud-based file server, and the company uses work folders to synchronize offline copies back to their devices. Based on the knowledge of the network topology, which of the main elements of information security has Highlander, Incorporated, NOT addressed in its plans for its laptops? Confidentiality Integrity Availability Authenticity
Confidentiality
Which fundamental element of information security refers to an assurance that the information is accessible only to those authorized to have access? Confidentiality Integrity Availability Authenticity
Confidentiality
Which of the following terms refers to gaining access to one network and/or computer and then using the same to gain access to multiple networks and computers that contain desirable information? Doxing Daisy Chaining Social Engineering Kill Chain
Daisy Chaining
Which of the following tasks DOES NOT fall under the scope of ethical hacking? Risk assessment Vulnerability scanning Pen testing Defense-in-depth implementation
Defense-in-depth implementation
James has published personal information about all senior executives of Essential Securities Bank on his blog website. He has collected all this information from multiple social media websites and publicly accessible databases. What is this known as? Doxing Social Engineering Phishing Impersonatio
Doxing
Which of the following statements are true regarding N-tier architecture? (Choose two.) Each layer must be able to exist on a physically independent system. The N-tier architecture must have at least one logical layer. Each layer should exchange information only with the layers above and below it. When a layer is changed or updated, the other layers must also be recompiled or modified.
Each layer must be able to exist on a physically independent system. Each layer should exchange information only with the layers above and below it.
How do employers protect assets with security policies pertaining to employee surveillance activities? Employers promote monitoring activities of employees as long as the employees demonstrate trustworthiness. Employers use informal verbal communication channels to explain employee monitoring activities to employees. Employers use network surveillance to monitor employee e-mail traffic and network access, and to record employee keystrokes. Employers provide employees with written statements that clearly discuss the boundaries of monitoring activities and the consequences.
Employers provide employees with written statements that clearly discuss the boundaries of monitoring activities and the consequences.
Jonathan, a solutions architect with a start-up, was asked to redesign the company's web infrastructure to meet the growing customer demands. He proposed the following architecture to the management: What is Jonathan's primary objective? Proper user authentication Ensuring high availability Ensuring integrity of the application servers Ensuring confidentiality of the data
Ensuring high availability
Highlander, Incorporated, decides to hire an ethical hacker to identify vulnerabilities at the regional locations and ensure system security. What is the main difference between a hacker and an ethical hacker when they are trying to compromise the regional offices? Ethical Hackers have the permission of upper management. Ethical hackers have the permission of the regional server administrators. Hackers have more sophisticated tools. Hackers don't have any knowledge of the network before they compromise the network.
Ethical Hackers have the permission of upper management.
Why is ethical hacking necessary? (Select two.) Ethical hackers try to find what an intruder can see on the system under evaluation. Ethical hackers are responsible for selecting security solutions and try to verify the ROI of security systems. Ethical hackers try to find if all the components of information systems are adequately protected, updated, and patched Ethical hackers are responsible for incident handling and response in the organization.
Ethical hackers try to find what an intruder can see on the system under evaluation. Ethical hackers try to find if all the components of information systems are adequately protected, updated, and patched
A certified ethical hacker (CEH) completed a penetration test of the main headquarters of a company almost two months ago but has yet to get paid. The customer is suffering from financial problems, and the CEH is worried that the company will go out of business and end up not paying. What actions should the CEH take? Threaten to publish the penetration test results if not paid. Follow proper legal procedures against the company to request payment. Tell other customers of the financial problems with payments from this company. Exploit some of the vulnerabilities found on the company webserver to deface it.
Follow proper legal procedures against the company to request payment.
What is the correct order of steps in the system hacking cycle? Gaining Access -> Escalating Privileges -> Executing Applications -> Hiding Files -> Covering Tracks Covering Tracks -> Hiding Files -> Escalating -> Privileges -> Executing Applications -> Gaining Access Executing Applications -> Gaining Access -> Covering Tracks -> Escalating Privileges -> Hiding Files Escalating Privileges -> Gaining Access -> Executing Applications -> Covering Tracks -> Hiding Files
Gaining Access -> Escalating Privileges -> Executing Applications -> Hiding Files -> Covering Tracks
Anonymous, a known hacker group, claim to have taken down 20,000 Twitter accounts linked to Islamic State in response to the Paris attacks that left 130 people dead. How can you categorize this attack by Anonymous? Spoofing Cracking Hacktivism Social engineering
Hacktivism
Individuals who promote security awareness or a political agenda by performing hacking are known as: Hacktivist Cyber terrorists Script kiddies Suicide hackers
Hacktivist
Stephany is the leader of an information security team of a global corporation that has several branch offices around the world. In the past six months, the company has suffered several security incidents. The CSIRT explains to Stephany that the incidents have something in common: the source IP addresses of all the incidents are from one of the new branches. A lot of the outsourcing staff come to this office to connect their computers to the LAN. What is the most accurate security control to implement to resolve the primary source of the incidents? Network access control (NAC) Internal Firewall Awareness to employees Antimalware application
Network access control (NAC)
A CEH is approached by a friend who believes her husband is cheating. She offers to pay to break into her husband's email account in order to find proof so she can take him to court. What is the ethical response? Say no; the friend is not the owner of the account. Say yes; the friend needs help to gather evidence. Say yes; do the job for free. Say no; make sure that the friend knows the risk she's asking the CEH to take.
Say no; the friend is not the owner of the account.
Which of the following is an active reconnaissance technique? Collecting information about a target from search engines Performing dumpster diving Scanning a system by using tools to detect open ports Collecting contact information from yellow pages
Scanning a system by using tools to detect open ports
Which of the following terms refers to unskilled hackers who compromise systems by running scripts, tools, and software developed by real hackers? They usually focus on the quantity of attacks rather than the quality of the attacks that they initiate. Hacktivist Script Kiddies Gray Hats Suicide Hackers
Script Kiddies
Ron, a customer support intern, exploited default configurations and settings of the off-the-shelf libraries and code used in the company's CRM platform. How will you categorize this attack? Operating System attack Mis-configuration attack Application-level attack Shrink-wrap code attack
Shrink-wrap code attack
A consultant is hired to do a physical penetration test at a large financial company. On the first day of his assessment, the consultant goes to the company's building dressed as an electrician and waits in the lobby for an employee to pass through the main access gate, and then the consultant follows the employee behind to get into the restricted area. Which type of attack did the consultant perform? Mantrap Tailgating Shoulder surfing Social engineering
Tailgating
A security consultant is trying to bid on a large contract that involves penetration testing and reporting. The company accepting bids wants proof of work, so the consultant prints out several audits that they have performed for previous companies. Which of the following is likely to occur as a result? The consultant will ask for money on the bid because of great work. The consultant may expose vulnerabilities of other companies. The company accepting bids will want the same type of format of testing. The company accepting bids will hire the consultant because of the great work performed.
The consultant may expose vulnerabilities of other companies.
Which of the following terms refers to the existence of a weakness, design flaw, or implementation error that can lead to an unexpected event compromising the security of the system? Exploit Hacking Vulnerability Zero-Day Attack
Vulnerability
Yancey is a network security administrator for a large electric company. This company provides power for over 100,000 people in Las Vegas. Yancey has worked for his company for more than 15 years and has become very successful. One day, Yancey comes into work and finds out that the company will be downsizing and he will be out of a job in two weeks. Yancey is very angry and decides to place logic bombs, viruses, Trojans, and backdoors all over the network to take down the company once he has left. Yancey does not care if his actions land him in jail for 30 or more years; he just wants the company to pay for what they are doing to him. What would Yancey be considered? Yancey would be considered a suicide hacker. Since he does not care about going to jail, he would be considered a black hat. Because Yancey works for the company currently, he would be a white hat. Yancey is a hacktivist hacker since he is standing up to a company that is downsizing.
Yancey would be considered a suicide hacker.
A newly discovered flaw in a software application would be considered as which kind of security vulnerability? Input validation flaw HTTP header injection vulnerability Zero-day vulnerability Time-to-check to time-to-use flaw
Zero-day vulnerability