CE 151-200

At what stage of the cyber kill chain theory model does data exfiltration occur?. Weaponization. Actions on objectives. Command and control. Installation.

Heather's company has decided to use a new customer relationship management tool. After performing the appropriate research, they decided to purchase a subscription to a cloud-hosted solution. The only administrative task that Heather will need to perform is the management of user accounts. The provider will take care of the hardware, operating system, and software administration including patching and monitoring. Which of the following is this type of solution?. Iaas. Saas. PaaS. Caas.

By performing a penetration test, you gained access under a user account. During the test, you established a connection with your own machine via the SMB service and occasionally entered your login and password in plaintext. Which file do you have to clean to clear the password?. .xsession-log. .profile. .bashrc. .bash_history.

Infecting a system with malware and using phishing to gain credentials to a system or web application are examples of which phase of the ethical hacking methodology?. Scanning. Gaining access. Maintaining access. Reconnaissance.

John is investigating web-application firewall logs and observers that someone is attempting to inject the following: What type of attack is this?. SQL injection. Buffer overflow. CSRF. XSS.

Mr. Omkar performed tool-based vulnerability assessment and found two vulnerabilities. During analysis, he found that these issues are not true vulnerabilities. What will you call these issues?. False positives. True negatives. True positives. False negatives.

Which file is a rich target to discover the structure of a website during web-server footprinting?. domain.txt. Robots.txt. Document root. index.html.

What is the common name for a vulnerability disclosure program opened by companies in platforms such as HackerOne?. White-hat hacking program. Bug bounty program. Ethical hacking program. Vulnerability hunting program.

There are multiple cloud deployment options depending on how isolated a customer's resources are from those of other customers. Shared environments share the costs and allow each customer to enjoy lower operations expenses. One solution is for a customer to join with a group of users or organizations to share a cloud environment. What is this cloud deployment option called?. Private. Community. Public. Hybrid.

Andrew is an Ethical Hacker who was assigned the task of discovering all the active devices hidden by a restrictive firewall in the IPv4 range in a given target network. Which of the following host discovery techniques must he use to perform the given task?. UDP scan. ARP ping scan. ACK flag probe scan. TCP Maimon scan.

An organization has automated the operation of critical infrastructure from a remote location. For this purpose, all the industrial control systems are connected to the Internet. To empower the manufacturing process, ensure the reliability of industrial networks, and reduce downtime and service disruption, the organization decided to install an OT security tool that further protects against security incidents such as cyber espionage, zero-day attacks, and malware. Which of the following tools must the organization employ to protect its critical infrastructure?. Robotium. BalenaCloud. Flowmon. IntentFuzzer.

Ralph, a professional hacker, targeted Jane, who had recently bought new systems for her company. After a few days, Ralph contacted Jane while masquerading as a legitimate customer support executive, informing that her systems need to be serviced for proper functioning and that customer support will send a computer technician. Jane promptly replied positively. Ralph entered Jane's company using this opportunity and gathered sensitive information by scanning terminals for passwords, searching for important documents in desks, and rummaging bins. What is the type of attack technique Ralph used on Jane?. Impersonation. Dumpster diving. Shoulder surfing. Eavesdropping.

Bella, a security professional working at an IT firm, finds that a security breach has occurred while transferring important files. Sensitive data, employee usernames, and passwords are shared in plaintext, paving the way for hackers to perform successful session hijacking. To address this situation, Bella implemented a protocol that sends data using encryption and digital certificates. Which of the following protocols is used by Bella?. FTPS. FTP. HTTPS. IP.

Security administrator John Smith has noticed abnormal amounts of traffic coming from local computers at night. Upon reviewing, he finds that user data have been exfiltrated by an attacker. AV tools are unable to find any malicious software, and the IDS/IPS has not reported on any non-whitelisted programs. What type of malware did the attacker use to bypass the company's application whitelisting?. File-less malware. Zero-day malware. Phishing malware. Logic bomb malware.

Kevin, a professional hacker, wants to penetrate CyberTech Inc's network. He employed a technique, using which he encoded packets with Unicode characters. The company's IDS cannot recognize the packets, but the target web server can decode them. What is the technique used by Kevin to evade the IDS system?. Session splicing. Urgency flag. Obfuscating. Desynchronization.

To invisibly maintain access to a machine, an attacker utilizes a rootkit that sits undetected in the core components of the operating system. What is this type of rootkit an example of?. Hypervisor rootkit. Kernel rootkit. Hardware rootkit. Firmware rootkit.

Which of the following information security controls creates an appealing isolated environment for hackers to prevent them from compromising critical targets while simultaneously gathering information about the hacker?. Botnet. Intrusion detection system. Firewall. Honeypot.

Jim, a professional hacker, targeted an organization that is operating critical industrial infrastructure. Jim used Nmap to scan open ports and running services on systems connected to the organization's OT network. He used an Nmap command to identify Ethernet/IP devices connected to the Internet and further gathered information such as the vendor name, product code and name, device name, and IP address. Which of the following Nmap commands helped Jim retrieve the required information?. nmap -Pn -sT --scan-delay 1s --max-parallelism 1 -p < Port List > < Target IP >. nmap -Pn -sU -p 44818 --script enip-info < Target IP >. nmap -Pn -sT -p 46824 < Target IP >. nmap -Pn -sT -p 102 --script s7-info < Target IP >.

In this form of encryption algorithm, every individual block contains 64-bit data, and three keys are used, where each key consists of 56 bits. Which is this encryption algorithm?. IDEA. Triple Data Encryption Standard. AES. MD5 encryption algorithm.

Sam is a penetration tester hired by Inception Tech, a security organization. He was asked to perform port scanning on a target host in the network. While performing the given task, Sam sends FIN/ACK probes and determines that an RST packet is sent in response by the target host, indicating that the port is closed. What is the port scanning technique used by Sam to discover open ports?. Xmas scan. IDLE/IPID header scan. TCP Maimon scan. ACK flag probe scan.

Gerard, a disgruntled ex-employee of Sunglass IT Solutions, targets this organization to perform sophisticated attacks and bring down its reputation in the market. To launch the attacks process, he performed DNS footprinting to gather information about DNS servers and to identify the hosts connected in the target network. He used an automated tool that can retrieve information about DNS zone data including DNS domain names, computer names, IP addresses, DNS records, and network Whois records. He further exploited this information to launch other sophisticated attacks. What is the tool employed by Gerard in the above scenario?. Towelroot. Knative. zANTI. Bluto.

Steven connected his iPhone to a public computer that had been infected by Clark, an attacker. After establishing the connection with the public computer, Steven enabled iTunes Wi-Fi sync on the computer so that the device could continue communication with that computer even after being physically disconnected. Now, Clark gains access to Steven's iPhone through the infected computer and is able to monitor and read all of Steven's activity on the iPhone, even after the device is out of the communication zone. Which of the following attacks is performed by Clark in the above scenario?. Man-in-the-disk attack. iOS jailbreaking. iOS trustjacking. Exploiting SS7 vulnerability.

John, a professional hacker, decided to use DNS to perform data exfiltration on a target network. In this process, he embedded malicious data into the DNS protocol packets that even DNSSEC cannot detect. Using this technique, John successfully injected malware to bypass a firewall and maintained communication with the victim machine and C&C server. What is the technique employed by John to bypass the firewall?. DNSSEC zone walking. DNS cache snooping. DNS enumeration. DNS tunneling method.

Abel, a cloud architect, uses container technology to deploy applications/software including all its dependencies, such as libraries and configuration files, binaries, and other resources that run independently from other processes in the cloud environment. For the containerization of applications, he follows the five-tier container technology architecture. Currently, Abel is verifying and validating image contents, signing images, and sending them to the registries. Which of the following tiers of the container technology architecture is Abel currently working in?. Tier-1: Developer machines. Tier-2: Testing and accreditation systems. Tier-3: Registries. Tier-4: Orchestrators.

Taylor, a security professional, uses a tool to monitor her company's website, analyze the website's traffic, and track the geographical location of the users visiting the company's website. Which of the following tools did Taylor employ in the above scenario?. Webroot. Web-Stat. WebSite-Watcher. WAFW00F.

Attacker Rony installed a rogue access point within an organization's perimeter and attempted to intrude into its internal network. Johnson, a security auditor, identified some unusual traffic in the internal network that is aimed at cracking the authentication mechanism. He immediately turned off the targeted network and tested for any weak and outdated security mechanisms that are open to attack. What is the type of vulnerability assessment performed by Johnson in the above scenario?. Wireless network assessment. Application assessment. Host-based assessment. Distributed assessment.

You start performing a penetration test against a specific website and have decided to start from grabbing all the links from the main page. What is the best Linux pipe to achieve your milestone?. wget https://site.com | grep ג€<a href=\ג€httpג€ | grep ג€site.comג€. curl -s https://site.com | grep ג€<a href=\ג€httpג€ | grep ג€site.comג€ | cut -d ג€\ג€ג€ -f 2. dirb https://site.com | grep ג€siteג€. wget https://site.com | cut -d ג€httpג€.

Joe works as an IT administrator in an organization and has recently set up a cloud computing service for the organization. To implement this service, he reached out to a telecom company for providing Internet connectivity and transport services between the organization and the cloud service provider. In the NIST cloud deployment reference architecture, under which category does the telecom company fall in the above scenario?. Cloud consumer. Cloud broker. Cloud auditor. Cloud carrier.

A post-breach forensic investigation revealed that a known vulnerability in Apache Struts was to blame for the Equifax data breach that affected 143 million customers. A fix was available from the software vendor for several months prior to the intrusion. This is likely a failure in which of the following security processes?. Secure development lifecycle. Security awareness training. Vendor risk management. Patch management.

Don, a student, came across a gaming app in a third-party app store and installed it. Subsequently, all the legitimate apps in his smartphone were replaced by deceptive applications that appeared legitimate. He also received many advertisements on his smartphone after installing the app. What is the attack performed on Don in the above scenario?. SIM card attack. Clickjacking. SMS phishing attack. Agent Smith attack.

This form of encryption algorithm is a symmetric key block cipher that is characterized by a 128-bit block size, and its key size can be up to 256 bits. Which among the following is this encryption algorithm?. HMAC encryption algorithm. Twofish encryption algorithm. IDEA. Blowfish encryption algorithm.

Ethical hacker Jane Smith is attempting to perform an SQL injection attack. She wants to test the response time of a true or false response and wants to use a second command to determine whether the database will return true or false results for user IDs. Which two SQL injection types would give her the results she is looking for?. Out of band and boolean-based. Union-based and error-based. Time-based and union-based. Time-based and boolean-based.

Judy created a forum. One day, she discovers that a user is posting strange images without writing comments. She immediately calls a security expert, who discovers that the following code is hidden behind those images: What issue occurred for the users who clicked on the image?. This php file silently executes the code and grabs the user's session cookie and session ID. The code redirects the user to another site. The code injects a new cookie to the browser. The code is a virus that is attempting to gather the user's username and password.

Suppose that you test an application for the SQL injection vulnerability. You know that the backend database is based on Microsoft SQL Server. In the login/ password form, you enter the following credentials: Based on the above credentials, which of the following SQL commands are you expecting to be executed by the server, if there is indeed an SQL injection vulnerability?. select * from Users where UserName = 'attack' ' or 1=1 -- and UserPassword = '123456'. select * from Users where UserName = 'attack' or 1=1 -- and UserPassword = '123456'. select * from Users where UserName = 'attack or 1=1 -- and UserPassword = '123456'. select * from Users where UserName = 'attack' or 1=1 --' and UserPassword = '123456'.

A friend of yours tells you that he downloaded and executed a file that was sent to him by a coworker. Since the file did nothing when executed, he asks you for help because he suspects that he may have installed a trojan on his computer. What tests would you perform to determine whether his computer is infected?. Upload the file to VirusTotal. You do not check; rather, you immediately restore a previous snapshot of the operating system. Use ExifTool and check for malicious content. Use netstat and check for outgoing connections to strange IP addresses or domains.

An attacker redirects the victim to malicious websites by sending them a malicious link by email. The link appears authentic but redirects the victim to a malicious web page, which allows the attacker to steal the victim's data. What type of attack is this?. Vishing. Phishing. DDoS. Spoofing.

A DDoS attack is performed at layer 7 to take down web infrastructure. Partial HTTP requests are sent to the web infrastructure or applications. Upon receiving a partial request, the target servers opens multiple connections and keeps waiting for the requests to complete. Which attack is being described here?. Desynchronization. Slowloris attack. Session splicing. Phlashing.

Boney, a professional hacker, targets an organization for financial benefits. He performs an attack by sending his session ID using an MITM attack technique. Boney first obtains a valid session ID by logging into a service and later feeds the same session ID to the target employee. The session ID links the target employee to Boney's account page without disclosing any information to the victim. When the target employee clicks on the link, all the sensitive payment details entered in a form are linked to Boney's account. What is the attack performed by Boney in the above scenario?. Forbidden attack. CRIME attack. Session donation attack. Session fixation attack.

Gilbert, a web developer, uses a centralized web API to reduce complexity and increase the integrity of updating and changing data. For this purpose, he uses a web service that uses HTTP methods such as PUT, POST, GET, and DELETE and can improve the overall performance, visibility, scalability, reliability, and portability of an application. What is the type of web-service API mentioned in the above scenario?. RESTful API. JSON-RPC. SOAP API. REST API.

Daniel is a professional hacker who is attempting to perform an SQL injection attack on a target website, www.moviescope.com. During this process, he encountered an IDS that detects SQL injection attempts based on predefined signatures. To evade any comparison statement, he attempted placing characters such as `'or '1'='1'` in any basic injection statement such as `or 1=1.` Identify the evasion technique used by Daniel in the above scenario. Char encoding. IP fragmentation. Variation. Null byte.

Jane, an ethical hacker, is testing a target organization's web server and website to identify security loopholes. In this process, she copied the entire website and its content on a local drive to view the complete profile of the site's directory structure, file structure, external links, images, web pages, and so on. This information helps Jane map the website's directories and gain valuable information. What is the attack technique employed by Jane in the above scenario?. Session hijacking. Website mirroring. Website defacement. Web cache poisoning.

Steve, an attacker, created a fake profile on a social media website and sent a request to Stella. Stella was enthralled by Steve's profile picture and the description given for his profile, and she initiated a conversation with him soon after accepting the request. After a few days, Steve started asking about her company details and eventually gathered all the essential information regarding her company. What is the social engineering technique Steve employed in the above scenario?. Baiting. Piggybacking. Diversion theft. Honey trap.

Alice needs to send a confidential document to her coworker, Bryan. Their company has public key infrastructure set up. Therefore, Alice both encrypts the message and digitally signs it. Alice uses _______________ to encrypt the message, and Bryan uses _______________ to confirm the digital signature. Bryan's public key; Bryan's public key. Alice's public key; Alice's public key. Bryan's private key; Alice's public key. Bryan's public key; Alice's public key.

Samuel, a professional hacker, monitored and intercepted already established traffic between Bob and a host machine to predict Bob's ISN. Using this ISN, Samuel sent spoofed packets with Bob's IP address to the host machine. The host machine responded with a packet having an incremented ISN. Consequently, Bob's connection got hung, and Samuel was able to communicate with the host machine on behalf of Bob. What is the type of attack performed by Samuel in the above scenario?. TCP/IP hijacking. Blind hijacking. UDP hijacking. Forbidden attack.

If you send a TCP ACK segment to a known closed port on a firewall but it does not respond with an RST, what do you know about the firewall you are scanning?. It is a non-stateful firewall. There is no firewall in place. It is a stateful firewall. This event does not tell you anything about the firewall.

Harry, a professional hacker, targets the IT infrastructure of an organization. After preparing for the attack, he attempts to enter the target network using techniques such as sending spear-phishing emails and exploiting vulnerabilities on publicly available servers. Using these techniques, he successfully deployed malware on the target system to establish an outbound connection. What is the APT lifecycle phase that Harry is currently executing?. Initial intrusion. Persistence. Cleanup. Preparation.

In the Common Vulnerability Scoring System (CVSS) v3.1 severity ratings, what range does medium vulnerability fall in?. 4.0-6.0. 3.9-6.9. 3.0-6.9. 4.0-6.9.

While browsing his Facebook feed, Matt sees a picture one of his friends posted with the caption, `Learn more about your friends!`, as well as a number of personal questions. Matt is suspicious and texts his friend, who confirms that he did indeed post it. With assurance that the post is legitimate, Matt responds to the questions on the post. A few days later, Matt's bank account has been accessed, and the password has been changed. What most likely happened?. Matt inadvertently provided the answers to his security questions when responding to the post. Matt inadvertently provided his password when responding to the post. Matt's computer was infected with a keylogger. Matt's bank-account login information was brute forced.

Robin, an attacker, is attempting to bypass the firewalls of an organization through the DNS tunneling method in order to exfiltrate data. He is using the NSTX tool for bypassing the firewalls. On which of the following ports should Robin run the NSTX tool?. Port 50. Port 23. Port 53. Port 80.

What is the file that determines the basic configuration (specifically activities, services, broadcast receivers, etc.) in an Android application?. AndroidManifest.xml. classes.dex. APK.info. resources.asrc.