CE 201-250

What is the first step for a hacker conducting a DNS cache poisoning (DNS spoofing) attack against an organization?. The attacker queries a nameserver using the DNS resolver. The attacker uses TCP to poison the DNS resolver. The attacker makes a request to the DNS resolver. The attacker forges a reply from the DNS resolver.

Ethical hacker Jane Doe is attempting to crack the password of the head of the IT department of ABC company. She is utilizing a rainbow table and notices upon entering a password that extra characters are added to the password after submitting. What countermeasure is the company using to protect against rainbow tables?. Account lockout. Password hashing. Password key hashing. Password salting.

Clark, a professional hacker, was hired by an organization to gather sensitive information about its competitors surreptitiously. Clark gathers the server IP address of the target organization using Whois footprinting. Further, he entered the server IP address as an input to an online tool to retrieve information such as the network range of the target organization and to identify the network topology and operating system used in the network. What is the online tool employed by Clark in the above scenario?. DuckDuckGo. AOL. ARIN. Baidu.

This wireless security protocol allows 192-bit minimum-strength security protocols and cryptographic tools to protect sensitive data, such as GCMP-256, HMAC- SHA384, and ECDSA using a 384-bit elliptic curve. Which is this wireless security protocol?. WPA3-Personal. WPA3-Enterprise. WPA2-Enterprise. WPA2-Personal.

Scenario: Joe turns on his home computer to access personal online banking. When he enters the URL www.bank.com, the website is displayed, but it prompts him to re-enter his credentials as if he has never visited the site before. When he examines the website URL closer, he finds that the site is not secure and the web address appears different. What type of attack he is experiencing?. DHCP spoofing. DoS attack. ARP cache poisoning. DNS hijacking.

Henry is a cyber security specialist hired by BlackEye `" Cyber Security Solutions. He was tasked with discovering the operating system (OS) of a host. He used the Unicornscan tool to discover the OS of the target system. As a result, he obtained a TTL value, which indicates that the target system is running a Windows OS. Identify the TTL value Henry obtained, which indicates that the target OS is Windows. 128. 255. 64. 138.

What are common files on a web server that can be misconfigured and provide useful information for a hacker such as verbose error messages?. httpd.conf. administration.config. php.ini. idq.dll.

Abel, a security professional, conducts penetration testing in his client organization to check for any security loopholes. He launched an attack on the DHCP servers by broadcasting forged DHCP requests and leased all the DHCP addresses available in the DHCP scope until the server could not issue any more IP addresses. This led to a DoS attack, and as a result, legitimate employees were unable to access the client's network. Which of the following attacks did Abel perform in the above scenario?. Rogue DHCP server attack. VLAN hopping. STP attack. DHCP starvation.

What piece of hardware on a computer's motherboard generates encryption keys and only releases a part of the key so that decrypting a disk on a new piece of hardware is not possible?. CPU. UEFI. GPU. TPM.

Based on the below log, which of the following sentences are true? Mar 1, 2016, 7:33:28 AM 10.240.250.23 - 54373 10.249.253.15 - 22 tcp_ip. Application is FTP and 10.240.250.23 is the client and 10.249.253.15 is the server. Application is SSH and 10.240.250.23 is the server and 10.249.253.15 is the client. SSH communications are encrypted; it's impossible to know who is the client or the server. Application is SSH and 10.240.250.23 is the client and 10.249.253.15 is the server.

Garry is a network administrator in an organization. He uses SNMP to manage networked devices from a remote location. To manage nodes in the network, he uses MIB, which contains formal descriptions of all network objects managed by SNMP. He accesses the contents of MIB by using a web browser either by entering the IP address and Lseries.mib or by entering the DNS library name and Lseries.mib. He is currently retrieving information from an MIB that contains object types for workstations and server services. Which of the following types of MIB is accessed by Garry in the above scenario?. LNMIB2.MIB. DHCP.MIB. MIB_II.MIB. WINS.MIB.

You have been authorized to perform a penetration test against a website. You want to use Google dorks to footprint the site but only want results that show file extensions. What Google dork operator would you use?. inurl. site. ext. filetype.

Which of the following Bluetooth hacking techniques refers to the theft of information from a wireless device through Bluetooth?. Bluesmacking. Bluesnarfing. Bluejacking. Bluebugging.

David is a security professional working in an organization, and he is implementing a vulnerability management program in the organization to evaluate and control the risks and vulnerabilities in its IT infrastructure. He is currently executing the process of applying fixes on vulnerable systems to reduce the impact and severity of vulnerabilities. Which phase of the vulnerability-management life cycle is David currently in?. Remediation. Verification. Risk assessment. Vulnerability scan.

Bobby, an attacker, targeted a user and decided to hijack and intercept all their wireless communications. He installed a fake communication tower between two authentic endpoints to mislead the victim. Bobby used this virtual tower to interrupt the data transmission between the user and real tower, attempting to hijack an active session. Upon receiving the user's request, Bobby manipulated the traffic with the virtual tower and redirected the victim to a malicious website. What is the attack performed by Bobby in the above scenario?. aLTEr attack. Jamming signal attack. Wardriving. KRACK attack.

Attacker Lauren has gained the credentials of an organization's internal server system, and she was often logging in during irregular times to monitor the network activities. The organization was skeptical about the login times and appointed security professional Robert to determine the issue. Robert analyzed the compromised device to find incident details such as the type of attack, its severity, target, impact, method of propagation, and vulnerabilities exploited. What is the incident handling and response (IH&R) phase, in which Robert has determined these issues?. Incident triage. Preparation. Incident recording and assignment. Eradication.

Bill is a network administrator. He wants to eliminate unencrypted traffic inside his company's network. He decides to setup a SPAN port and capture all traffic to the datacenter. He immediately discovers unencrypted traffic in port UDP 161. What protocol is this port using and how can he secure that traffic?. RPC and the best practice is to disable RPC completely. SNMP and he should change it to SNMP V3. SNMP and he should change it to SNMP V2, which is encrypted. It is not necessary to perform any actions, as SNMP is not carrying important information.

Emily, an extrovert obsessed with social media, posts a large amount of private information, photographs, and location tags of recently visited places. Realizing this, James, a professional hacker, targets Emily and her acquaintances, conducts a location search to detect their geolocation by using an automated tool, and gathers information to perform other sophisticated attacks. What is the tool employed by James in the above scenario?. ophcrack. VisualRoute. Hootsuite. HULK.

Clark is a professional hacker. He created and configured multiple domains pointing to the same host to switch quickly between the domains and avoid detection. Identify the behavior of the adversary in the above scenario. Unspecified proxy activities. Use of command-line interface. Data staging. Use of DNS tunneling.

Ricardo has discovered the username for an application in his target's environment. As he has a limited amount of time, he decides to attempt to use a list of common passwords he found on the Internet. He compiles them into a list and then feeds that list as an argument into his password-cracking application. What type of attack is Ricardo performing?. Brute force. Known plaintext. Dictionary. Password spraying.

Attacker Steve targeted an organization's network with the aim of redirecting the company's web traffic to another malicious website. To achieve this goal, Steve performed DNS cache poisoning by exploiting the vulnerabilities in the DNS server software and modified the original IP address of the target website to that of a fake website. What is the technique employed by Steve to gather information for identity theft?. Pharming. Skimming. Pretexting. Wardriving.

Nicolas just found a vulnerability on a public-facing system that is considered a zero-day vulnerability. He sent an email to the owner of the public system describing the problem and how the owner can protect themselves from that vulnerability. He also sent an email to Microsoft informing them of the problem that their systems are exposed to. What type of hacker is Nicolas?. Black hat. White hat. Gray hat. Red hat.

Jason, an attacker, targeted an organization to perform an attack on its Internet-facing web server with the intention of gaining access to backend servers, which are protected by a firewall. In this process, he used a URL https://xyz.com/feed.php?url=externalsite.com/feed/to to obtain a remote feed and altered the URL input to the local host to view all the local resources on the target server. What is the type of attack Jason performed in the above scenario?. Web server misconfiguration. Server-side request forgery (SSRF) attack. Web cache poisoning attack. Website defacement.

You are a penetration tester tasked with testing the wireless network of your client Brakeme SA. You are attempting to break into the wireless network with the SSID `Brakeme-Internal.` You realize that this network uses WPA3 encryption. Which of the following vulnerabilities is the promising to exploit?. Cross-site request forgery. Dragonblood. Key reinstallation attack. AP misconfiguration.

While testing a web application in development, you notice that the web server does not properly ignore the `dot dot slash` (../) character string and instead returns the file listing of a folder higher up in the folder structure of the server. What kind of attack is possible in this scenario?. Cross-site scripting. SQL injection. Denial of service. Directory traversal.

Sam, a professional hacker, targeted an organization with intention of compromising AWS IAM credentials. He attempted to lure one of the employees of the organization by initiating fake calls while posing as a legitimate employee. Moreover, he sent phishing emails to steal the AWS IAM credentials and further compromise the employee's account. What is the technique used by Sam to compromise the AWS IAM credentials?. Insider threat. Social engineering. Password reuse. Reverse engineering.

John, a professional hacker, performs a network attack on a renowned organization and gains unauthorized access to the target network. He remains in the network without being detected for a long time and obtains sensitive information without sabotaging the organization. Which of the following attack techniques is used by John?. Insider threat. Diversion theft. Spear-phishing sites. Advanced persistent threat.

What firewall evasion scanning technique make use of a zombie system that has low network activity as well as its fragment identification numbers?. Packet fragmentation scanning. Spoof source address scanning. Decoy scanning. Idle scanning.

Which IOS jailbreaking technique patches the kernel during the device boot so that it becomes jailbroken after each successive reboot?. Tethered jailbreaking. Semi-untethered jailbreaking. Semi-tethered jailbreaking. Untethered jailbreaking.

Susan, a software developer, wants her web API to update other applications with the latest information. For this purpose, she uses a user-defined HTTP callback or push APIs that are raised based on trigger events; when invoked, this feature supplies data to other applications so that users can instantly receive real-time information. Which of the following techniques is employed by Susan?. Web shells. Webhooks. REST API. SOAP API.

After an audit, the auditors inform you that there is a critical finding that you must tackle immediately. You read the audit report, and the problem is the service running on port 389. Which service is this and how can you tackle the problem?. The service is NTP, and you have to change it from UDP to TCP in order to encrypt it. The service is LDAP, and you must change it to 636, which is LDAPS. The findings do not require immediate actions and are only suggestions. The service is SMTP, and you must change it to SMIME, which is an encrypted way to send emails.

Larry, a security professional in an organization, has noticed some abnormalities in the user accounts on a web server. To thwart evolving attacks, he decided to harden the security of the web server by adopting a few countermeasures to secure the accounts on the web server. Which of the following countermeasures must Larry implement to secure the user accounts on the web server?. Retain all unused modules and application extensions. Limit the administrator or root-level access to the minimum number of users. Enable all non-interactive accounts that should exist but do not require interactive login. Enable unused default user accounts created during the installation of an OS.

Morris, a professional hacker, performed a vulnerability scan on a target organization by sniffing the traffic on the network to identify the active systems, network services, applications, and vulnerabilities. He also obtained the list of the users who are currently accessing the network. What is the type of vulnerability assessment that Morris performed on the target organization?. Credentialed assessment. Internal assessment. External assessment. Passive assessment.

What would be the fastest way to perform content enumeration on a given web server by using the Gobuster tool?. Performing content enumeration using the bruteforce mode and 10 threads. Performing content enumeration using the bruteforce mode and random file extensions. Skipping SSL certificate verification. Performing content enumeration using a wordlist.

Bob was recently hired by a medical company after it experienced a major cyber security breach. Many patients are complaining that their personal medical records are fully exposed on the Internet and someone can find them with a simple Google search. Bob's boss is very worried because of regulations that protect those data. Which of the following regulations is mostly violated?. PCI DSS. PII. ISO 2002. HIPPA/PHI.

Allen, a professional pen tester, was hired by XpertTech Solutions to perform an attack simulation on the organization's network resources. To perform the attack, he took advantage of the NetBIOS API and targeted the NetBIOS service. By enumerating NetBIOS, he found that port 139 was open and could see the resources that could be accessed or viewed on a remote system. He came across many NetBIOS codes during enumeration. Identify the NetBIOS code used for obtaining the messenger service running for the logged-in user?. <00>. <20>. <03>. <1B>.

Robin, a professional hacker, targeted an organization's network to sniff all the traffic. During this process, Robin plugged in a rogue switch to an unused port in the LAN with a priority lower than any other switch in the network so that he could make it a root bridge that will later allow him to sniff all the traffic in the network. What is the attack performed by Robin in the above scenario?. ARP spoofing attack. STP attack. DNS poisoning attack. VLAN hopping attack.

During the enumeration phase, Lawrence performs banner grabbing to obtain information such as OS details and versions of services running. The service that he enumerated runs directly on TCP port 445. Which of the following services is enumerated by Lawrence in this scenario?. Remote procedure call (RPC). Telnet. Server Message Block (SMB). Network File System (NFS).

John, a disgruntled ex-employee of an organization, contacted a professional hacker to exploit the organization. In the attack process, the professional hacker installed a scanner on a machine belonging to one of the victims and scanned several machines on the same network to identify vulnerabilities to perform further exploitation. What is the type of vulnerability assessment tool employed by John in the above scenario?. Agent-based scanner. Network-based scanner. Cluster scanner. Proxy scanner.

Which of the following protocols can be used to secure an LDAP service against anonymous queries?. NTLM. RADIUS. WPA. SSO.

Richard, an attacker, aimed to hack IoT devices connected to a target network. In this process, Richard recorded the frequency required to share information between connected devices. After obtaining the frequency, he captured the original data when commands were initiated by the connected devices. Once the original data were collected, he used free tools such as URH to segregate the command sequence. Subsequently, he started injecting the segregated command sequence on the same frequency into the IoT network, which repeats the captured signals of the devices. What is the type of attack performed by Richard in the above scenario?. Cryptanalysis attack. Reconnaissance attack. Side-channel attack. Replay attack.

There have been concerns in your network that the wireless network component is not sufficiently secure. You perform a vulnerability scan of the wireless network and find that it is using an old encryption protocol that was designed to mimic wired encryption. What encryption protocol is being used?. RADIUS. WPA. WEP. WPA3.

Widespread fraud at Enron, WorldCom, and Tyco led to the creation of a law that was designed to improve the accuracy and accountability of corporate disclosures. It covers accounting firms and third parties that provide financial services to some organizations and came into effect in 2002. This law is known by what acronym?. SOX. FedRAMP. HIPAA. PCI DSS.

Consider the following Nmap output: What command-line parameter could you use to determine the type and version number of the web server?. -sV. -sS. -Pn. -V.

A newly joined employee, Janet, has been allocated an existing system used by a previous employee. Before issuing the system to Janet, it was assessed by Martin, the administrator. Martin found that there were possibilities of compromise through user directories, registries, and other system parameters. He also identified vulnerabilities such as native configuration tables, incorrect registry or file permissions, and software configuration errors. What is the type of vulnerability assessment performed by Martin?. Database assessment. Host-based assessment. Credentialed assessment. Distributed assessment.

George is a security professional working for iTech Solutions. He was tasked with securely transferring sensitive data of the organization between industrial systems. In this process, he used a short-range communication protocol based on the IEEE 203.15.4 standard. This protocol is used in devices that transfer data infrequently at a low rate in a restricted area, within a range of 10-100 m. What is the short-range wireless communication technology George employed in the above scenario?. LPWAN. MQTT. NB-IoT. Zigbee.

You want to analyze packets on your wireless network. Which program would you use?. Airsnort with Airpcap. Wireshark with Airpcap. Wireshark with Winpcap. Ethereal with Winpcap.

When conducting a penetration test, it is crucial to use all means to get all available information about the target network. One of the ways to do that is by sniffing the network. Which of the following cannot be performed by the passive network sniffing?. Capturing a network traffic for further analysis. Collecting unencrypted information about usernames and passwords. Modifying and replaying captured network traffic. Identifying operating systems, services, protocols and devices.

An unauthorized individual enters a building following an employee through the employee entrance after the lunch rush. What type of breach has the individual just performed?. Piggybacking. Announced. Tailgating. Reverse Social Engineering.

Which of these is capable of searching for and locating rogue access points?. NIDS. HIDS. WISS. WIPS.