_CE_Hv12

What is the purpose of the demilitarized zone?. To provide a place for a honeypot. To add an extra layer of security to an organization’s local area network. To add a protect to network devices. To scan all traffic coming through the DMZ to the internal network.

Ivan, the black hat hacker, split the attack traffic into many packets such that no single packet triggers the IDS. Which IDS evasion technique does Ivan use?. Flooding. Low-bandwidth attacks. Session Splicing. Unicode Splicing.

Which of the following requires establishing national standards for electronic health care transactions and national identifiers for providers, health insurance plans, and employers?. SOX. DMCA. PCI-DSS. HIPAA.

John, a cybersecurity specialist, received a copy of the event logs from all firewalls, Intrusion Detection Systems (IDS) and proxy servers on a company's network. He tried to match all the registered events in all the logs, and he found that their sequence didn't match. What can cause such a problem?. The network devices are not all synchronized. A proper chain of custody was not observed while collecting the logs. The attacker altered events from the logs. The security breach was a false positive.

You are configuring the connection of a new employee's laptop to join an 802.11 network. The new laptop has the same hardware and software as the laptops of other employees. You used the wireless packet sniffer and found that it shows that the Wireless Access Point (WAP) is not responding to the association requests being sent by the laptop. What can cause this problem?. The laptop is configured for the wrong channel. The WAP does not recognize the laptop’s MAC address. The laptop cannot see the SSID of the wireless network. The laptop is not configured to use DHCP.

Which of the following flags will trigger Xmas scan?. -sX. -sP. -sA. -sV.

Ivan, an evil hacker, conducts an SQLi attack that is based on True/False questions. What type of SQLi does Ivan use?. Blind SQLi. Compound SQLi. Classic SQLi. DMS-specific SQLi.

Rajesh, a system administrator, noticed that some clients of his company were victims of DNS Cache Poisoning. They were redirected to a malicious site when they tried to access Rajesh's company site. What is the best recommendation to deal with such a threat?. Use of security agents on customers’ computers. Use a multi-factor authentication. Customer awareness. Use Domain Name System Security Extensions (DNSSEC).

Which of the following wireless standard has bandwidth up to 54Mbit/s and signals in a regulated frequency spectrum around 5 GHz?. 802.11a. 802.11i. 802.11n. 802.11g.

Michael works as a system administrator. He receives a message that several sites are no longer available. Michael tried to go to the sites by URL, but it didn't work. Then he tried to ping the sites and enter IP addresses in the browser - it worked. What problem could Michael identify?. Traffic is Blocked on UDP Port 56. Traffic is Blocked on UDP Port 69. Traffic is Blocked on UDP Port 53. Traffic is Blocked on UDP Port 88.

The attacker enters its malicious data into intercepted messages in a TCP session since source routing is disabled. He tries to guess the responses of the client and server. What hijacking technique is described in this example?. RST. Blind. TCP/IP. Registration.

Which of the following best describes the "white box testing" methodology?. Only the internal operation of a system is known to the tester. Only the external operation of a system is accessible to the tester. The internal operation of a system is only partly accessible to the tester. The internal operation of a system is completely Known to the tester.

Which of the following SQL injection attack does an attacker usually bypassing user authentication and extract data by using a conditional OR clause so that the condition of the WHERE clause will always be true?. Error-Based SQLi. Tautology. End-of-Line Comment. UNION SQLi.

Wireshark is one of the most important tools for a cybersecurity specialist. It is used for network troubleshooting, analysis, software, etc. and you often have to work with a packet bytes pane. In what format is the data presented in this pane?. Hexadecimal. Decimal. ASCII only. Binary.

Ivan, a black hat hacker, tries to call numerous random numbers inside the company, claiming he is from the technical support service. It offers company employee services in exchange for confidential data or login credentials. What method of social engineering does Ivan use?. Quid Pro Quo. Reverse Social Engineering. Elicitation. Tailgating.

Black hat hacker Ivan wants to implement a man-in-the-middle attack on the corporate network. For this, he connects his router to the network and redirects traffic to intercept packets. What can the administrator do to mitigate the attack?. Use the Open Shortest Path First (OSPF). Use only static routes in the corporation’s network. Redirection of the traffic is not possible without the explicit admin’s confirmation. Add message authentication to the routing protocol.

Andrew is conducting a penetration test. He is now embarking on sniffing the target network. What is not available for Andrew when sniffing the network?. Collecting unencrypted information about usernames and passwords. Modifying and replaying captured network traffic. Identifying operating systems, services, protocols and devices. Capturing network traffic for further analysis.

Ivan, a black hat hacker, sends partial HTTP requests to the target webserver to exhaust the target server’s maximum concurrent connection pool. He wants to ensure that all additional connection attempts are rejected. What type of attack does Ivan implement?. HTTP GET/POST. Spoofed Session Flood. Fragmentation. Slowloris.

You managed to compromise a server with an IP address of 10.10.0.5, and you want to get fast a list of all the machines in this network. Which of the following Nmap command will you need?. nmap –T4 –F 10.10.0.0/24. nmap –T4 –p 10.10.0.0/24. nmap –T4 –q 10.10.0.0/24. nmap –T4 –r 10.10.1.0/24.

Which of the following can be designated as "Wireshark for CLI"?. John the Ripper. nessus. ethereal. tcpdump.

Which of the following layers in IoT architecture helps bridge the gap between two endpoints, such as a device and a client, and carries out message routing, message identification, and subscribing?. Internet. Middleware. Edge Technology. Access Gateway.

Which of the following is the risk that remains after the amount of risk left over after natural or inherent risks have been reduced?. Residual risk. Impact risk. Inherent risk. Deferrred risk.

Identify a vulnerability in OpenSSL that allows stealing the information protected under normal conditions by the SSL/TLS encryption used to secure the Internet?. SSL/TLS Renegotiation Vulnerability. Shellshock. POODLE. Heartbleed Bug.

The attacker posted a message and an image on the forum, in which he embedded a malicious link. When the victim clicks on this link, the victim's browser sends an authenticated request to a server. What type of attack did the attacker use?. Cross-site request forgery. Session hijacking. SQL injection. Cross-site scripting.

Which of the following is a protocol that used for querying databases that store the registered users or assignees of an Internet resource, such as a domain name, an IP address block or an autonomous system?. CAPTCHA. WHOIS. Internet Engineering Task Force. Internet Assigned Numbers Authority.

John, a penetration tester, decided to conduct SQL injection testing. He enters a huge amount of random data and observes changes in output and security loopholes in web applications. What SQL injection testing technique did John use?. Static Testing. Function Testing. Dynamic Testing. Fuzzing Testing.

What is meant by a "rubber-hose" attack in cryptography?. A backdoor is placed into a cryptographic algorithm by its creator. Extraction of cryptographic secrets through coercion or torture. Attempting to decrypt ciphertext by making logical assumptions about the contents of the original plain text. Forcing the targeted keystream through a hardware-accelerated device such as an ASIC.

Ivan, an evil hacker, is preparing to attack the network of a financial company. To do this, he wants to collect information about the operating systems used on the company's computers. Which of the following techniques will Ivan use to achieve the desired result?. IDLE/IPID Scanning. Banner Grabbing. UDP Scanning. SSDP Scanning.

Which of the following does not apply to IPsec?. Provides authentication. Use Key exchange. Work at the Data Link Layer. Encrypts the payloads.

What actions should be performed before using aVulnerability Scanner for scanning a network?. Firewall detection. TCP/UDP Port scanning. TCP/IP stack fingerprinting. Checking if the remote host is alive.

Which of the following is the type of violation when an unauthorized individual enters a building following an employee through the employee entrance?. Announced. Tailgating. Reverse Social Engineering. Pretexting.

Which of the following option is a security feature on switches leverages the DHCP snooping database to help prevent man-in-themiddle attacks?. DAI. Port security. Spanning tree. DHCP relay.

Maria conducted a successful attack and gained access to a Linux server. She wants to avoid that NIDS will not catch the succeeding outgoing traffic from this server in the future. Which of the following is the best way to avoid detection of NIDS?. Encryption. Out of band signaling. Alternate Data Streams. Protocol Isolation.

Which of the following Nmap's commands allows you to most reduce the probability of detection by IDS when scanning common ports?. nmap -A --host-timeout 99-T1. nmap -sT -O -T0. nmap -A -Pn. nmap -sT -O -T2.

Identify Secure Hashing Algorithm, which produces a 160-bit digest from a message on principles similar to those used in MD4 and MD5. SHA-0. SHA-3. SHA-1. SHA-2.

What best describes two-factor authentication for a credit card (using a card and pin)?. Something you have and something you are. Something you are and something you remember. Something you Know and something you are. Something you have and something you Know.

Which of the following command-line flags set a stealth scan for Nmap?. -sT. -sU. -sS. -sM.

Which of the following tools is a command-line vulnerability scanner that scans web servers for dangerous files/CGIs?. Nikto. John the Ripper. Snort. Kon-Boot.

Ferdinand installs a virtual communication tower between the two authentic endpoints to mislead the victim. What attack does Ferdinand perform?. Wi-Jacking. Sinkhole. aLTEr. Aspidistra.

Determine the attack by the description: The known-plaintext attack used against DES. This attack causes that encrypting plaintext with one DES key followed by encrypting it with a second DES key is no more secure than using a single key. Replay attack. Meet-in-the-middle attack. Man-in-the-middle attack. Traffic analysis attack.

Identify the type of jailbreaking which allows user-level access and does not allow iboot-level access. Userland Exploit. Bootrom Exploit. iBootrom Exploit. iBoot Exploit.

What means the flag "-oX" in a Nmap scan?. Output the results in XML format to a file. Run a Xmas scan. Run an express scan. Output the results in truncated format to the screen.

Identify the standard by the description: A regulation contains a set of guidelines that everyone who processes any electronic data in medicine should adhere to. It includes information on medical practices, ensuring that all necessary measures are in place while saving, accessing, and sharing any electronic medical data to secure patient data. ISO/IEC 27002. FISMA. HIPAA. COBIT.

Session splicing is an IDS evasion technique that exploits how some IDSs do not reconstruct sessions before performing pattern matching on the data. The idea behind session splicing is to split data between several packets, ensuring that no single packet matches any patterns within an IDS signature. Which tool can be used to perform session splicing attacks?. Burp. Whisker. tcpsplice. Hydra.

You makes a series of interactive queries, choosing subsequent plaintexts based on the information from the previous encryptions. What type of attack are you trying to perform?. Chosen-plaintext attack. Ciphertext-only attack. Known-plaintext attack. Adaptive chosen-plaintext attack.

Rajesh, the system administrator analyzed the IDS logs and noticed that when accessing the external router from the administrator's computer to update the router configuration, IDS registered alerts. What type of an alert is this?. False negative. False positive. True positve. True negative.

Alex, the penetration tester, performs a server scan. To do this, he uses the method where the TCP Header is split into many packets so that it becomes difficult to determine what packages are used for. Determine the scanning technique that Alex uses. IP Fragmentation Scan. Inverse TCP flag scanning. TCP Scanning. ACK flag scanning.

What identifies malware by collecting data from protected computers while analyzing it on the provider’s infrastructure instead of locally?. Cloud-based detection. Real-time protection. Heuristics-based detection. Behavioural-based detection.

Elon plans to make it difficult for the packet filter to determine the purpose of the packet when scanning. Which of the following scanning techniques will Elon use?. ICMP scanning. IPID scanning. SYN/FIN scanning using IP fragments. ACK scanning.

Which of the following UDP ports is usually used by Network Time Protocol (NTP)?. 19. 123. 177. 161.

Which of the following options represents a conceptual characteristic of an anomaly-based IDS over a signature-based IDS?. Cannot deal with encrypted network traffic. Can identify unknown attacks. Produces less false positives. Requires vendor updates for a new threat.

Rajesh, a network administrator found several unknown files in the root directory of his FTP server. He was very interested in a binary file named "mfs". Rajesh decided to check the FTP server logs and found that the anonymous user account logged in to the server, uploaded the files and ran the script using a function provided by the FTP server's software. Also, he found that "mfs" file is running as a process and it listening to a network port. What kind of vulnerability must exist to make this attack possible?. Brute force login. Privilege escalation. Directory traversal. File system permissions.

Which type of viruses tries to hide from antivirus programs by actively changing and corrupting the chosen service call interruptions when they are being run?. Cavity virus. Polymorphic virus. Tunneling virus. Stealth/Tunneling virus.

Josh, a security analyst, wants to choose a tool for himself to examine links between data. One of the main requirements is to present data using graphs and link analysis. Which of the following tools will meet John's requirements?. Analyst’s Notebook. Metasploit. Maltego. Palantir.

Which of the following Nmap options will you use if you want to scan fewer ports than the default?. -F. -sP. -T. -p.

With which of the following SQL injection attacks can an attacker deface a web page, modify or add data stored in a database and compromised data integrity?. Information Disclosure. Loss of data availability. Unauthorized access to an application. Compromised Data Integrity.

Which of the following methods is best suited to protect confidential information on your laptop which can be stolen while travelling?. Password protected files. Full disk encryption. Hidden folders. BIOS password.

After several unsuccessful attempts to extract cryptography keys using software methods, Mark is thinking about trying another code-breaking methodology. Which of the following will best suit Mark based on his unsuccessful attempts?. One-Time pad. Frequency Analysis. Brute-Force. Trickery and Deceit.

Viktor, the white hat hacker, conducts a security audit. He gains control over a user account and tries to access another account's sensitive information and files. How can he do this?. Shoulder-Surfing. Privilege Escalation. Port Scanning. Fingerprinting.

The evil hacker Ivan has installed a remote access Trojan on a host. He wants to be sure that when a victim attempts to go to "www.site.com" that the user is directed to a phishing site. Which file should Ivan change in this case?. Sudoers. Networks. Boot.ini. Hosts.

Which of the following tools is packet sniffer, network detector and IDS for 802.11(a, b, g, n) wireless LANs?. Nessus. Nmap. Kismet. Abel.

The evil hacker Antonio is trying to attack the IoT device. He will use several fake identities to create a strong illusion of traffic congestion, affecting communication between neighbouring nodes and networks. What kind of attack does Antonio perform?. Sybil Attack. Forged Malicious Device. Side-Channel Attack. Exploit Kits.

Maria is surfing the internet and try to find information about Super Security LLC. Which process is Maria doing?. System Hacking. Enumeration. Scanning. Footprinting.

Determine what of the list below is the type of honeypots that simulates the real production network of the target organization. High-interaction Honeypots. Pure Honeypots. Low-interaction Honeypots. Research Honeypots.

Michael, a technical specialist, discovered that the laptop of one of the employees connecting to a wireless point couldn't access the Internet, but at the same time, it can transfer files locally. He checked the IP address and the default gateway. They are both on 192.168.1.0/24. Which of the following caused the problem?. The laptop is using an invalid IP address. The gateway is not routing to a public IP address. The laptop isn’t using a private IP address. The laptop and the gateway are not on the same network.

The Web development team is holding an urgent meeting, as they have received information from testers about a new vulnerability in their Web software. They make an urgent decision to reduce the likelihood of using the vulnerability. The team beside to modify the software requirements to disallow users from entering HTML as input into their Web application. Determine the type of vulnerability that the test team found. Website defacement vulnerability. Cross-site scripting vulnerability. Cross-site Reguest Forgery vulnerability. SQL injection Vulnerability.

Identify Bluetooth attck techniques that is used in to send messages to users without the recipient's consent, for example for guerrilla marketing campaigns. Bluesnarfing. Bluesmacking. Bluebugging. Bluejacking.

Which of the following is a network software suite designed for 802.11 WEP and WPA-PSK keys cracking that can recover keys once enough data packets have been captured?. Aircrack-ng. Airguard. Wificracker. WLAN-crack.

Which one of the following Google search operators allows restricting results to those from a specific website?. [cache:]. [site:]. [link:]. [inurl:].

Define Metasploit module used to perform arbitrary, one-off actions such as port scanning, denial of service, SQL injection and fuzzing. Exploit Module. NOPS Module. Payload Module. Auxiliary Module.

Which layer 3 protocol allows for end-to-end encryption of the connection?. FTPS. SFTP. IPsec. SSL.

alert tcp any any -> 10.199.10.3 21 (msg: "FTP on the network!";) Which system usually uses such a configuration setting?. Firewall IPTable. Router IPTable. FTP Server rule. IDS.

John, a pentester, received an order to conduct an internal audit in the company. One of its tasks is to search for open ports on servers. Which of the following methods is the best solution for this task?. Scan servers with Nmap. Telnet to every port on each server. Manual scan on each server. Scan servers with MBSA.

Let's assume that you decided to use PKI to protect the email you will send. At what layer of the OSI model will this message be encrypted and decrypted?. Presentation layer. Application layer. Transport layer. Session layer.

Which of the following is an encryption technique where data is encrypted by a sequence of photons that have a spinning trait while travelling from one end to another?. Homomorphic. Elliptic Curve Cryptography. Hardware-Based. Quantum Cryptography.

Which of the following program attack both the boot sector and executable files?. Macro virus. Stealth virus. Polymorphic Virus. Multipartite Virus.

Which of the following command will help you launch the Computer Management Console from "Run" windows as a local administrator Windows 7?. compmgmt.msc. services.msc. gpedit.msc. ncpa.cpl.

Which of the options presented below is not a Bluetooth attack?. Bluedriving. Bluesmacking. Bluejacking. Bluesnarfing.

Which of the following is a logical collection of Internet-connected devices such as computers, smartphones or Internet of things (IoT) devices whose security has been breached and control ceded to a third party?. Spear Phishing. Botnet. Rootkit. Spambot.

John performs black-box testing. It tries to pass IRC traffic over port 80/TCP from a compromised web-enabled host during the test. Traffic is blocked, but outbound HTTP traffic does not meet any obstacles. What type of firewall checks outbound traffic?. Packet Filtering. Stateful. Application. Circuit.

Which of the following will allow you to prevent unauthorized network access to local area networks and other information assets by wireless devices?. AISS. NIDS. WIPS. HIDS.

Alex, a cybersecurity specialist, received a task from the head to scan open ports. One of the main conditions was to use the most reliable type of TCP scanning. Which of the following types of scanning should Alex use?. Half-open Scan. Xmas Scan. TCP Connect/Full Open Scan. NULL Scan.

Philip, a cybersecurity specialist, needs a tool that can function as a network sniffer, record network activity, prevent and detect network intrusion. Which of the following tools is suitable for Philip?. Nmap. Snort. Nessus. Cain & Abel.

Alex, a cyber security specialist, should conduct a pentest inside the network, while he received absolutely no information about the attacked network. What type of testing will Alex conduct?. Internal, White-box. Internal, Grey-box. Internal, Black-box. External, Black-box.

John needs to choose a firewall that can protect against SQL injection attacks. Which of the following types of firewalls is suitable for this task?. Web application firewall. Hardware firewall. Stateful firewall. Packet firewall.

Which of the following protocols is used in a VPN for setting up a secure channel between two devices?. IPSEC. PEM. SET. PPP.

What is a set of extensions to DNS that provide to DNS clients (resolvers) origin authentication, authenticated denial of existence and data integrity, but not availability or confidentiality?. Zone transfer. Resource records. DNSSEC. Resource transfer.

Jack sent an email to Jenny with a business proposal. Jenny accepted it and fulfilled all her obligations. Jack suddenly refused his offer when everything was ready and said that he had never sent an email. Which of the following digital signature properties will help Jenny prove that Jack is lying?. Integrity. Non-Repudiation. Confidentiality. Authentication.

Which of the following is the method of determining the movement of a data packet from an untrusted external host to a protected internal host through a firewall?. MITM. Firewalking. Session hijacking. Network sniffing.

Which of the following incident handling process phases is responsible for defining rules, employees training, creating a back-up, and preparing software and hardware resources before an incident occurs?. Identification. Recovery. Containment. Preparation.

Which of the following cipher is based on factoring the product of two large prime numbers?. MD5. SHA-1. RC5. RSA.

Which of the following web application attack inject the special character elements "Carriage Return" and "Line Feed" into the user’s input to trick the web server, web application, or user into believing that the current object is terminated and a new object has been initiated?. CRLF Injection. HTML Injection. Log Injection. Server-Side JS Injection.

Which of the following characteristics is not true about the Simple Object Access Protocol?. Using Extensible Markup Language. Only compatible with the application protocol HTTP. Exchanges data between web services. Allows for any programming model.

What type of cryptography is used in IKE, SSL, and PGP?. Digest. Secret Key. Public Key. Hash.

Identify the attack by the description: It is the wireless version of the phishing scam. This is an attack-type for a rogue Wi-Fi access point that appears to be a legitimate one offered on the premises but has been set up to eavesdrop on wireless communications. When performing this attack, an attacker fools wireless users into connecting a device to a tainted hotspot by posing as a legitimate provider. This type of attack may be used to steal the passwords of unsuspecting users by either snooping the communication link or by phishing, which involves setting up a fraudulent website and luring people there. Collision. Sinkhole. Evil Twin. Signal Jamming.

Which of the following type of hackers refers to an individual who works both offensively and defensively?. Black Hat. Gray Hat. Suicide Hacker. White Hat.

An attacker tries to infect as many devices connected to the Internet with malware as possible to get the opportunity to use their computing power and functionality for automated attacks hidden from the owners of these devices. Which of the proposed approaches fits description of the attacker's actions?. Creating a botnet. Using Banking Trojans. Mass distribution of Ransomware. APT attack.

Which of the following is correct?. Sniffers operate on Layer 4 of the OSI model. Sniffers operate on both Layer 2 & Layer 3 of the OSI model. Sniffers operate on Layer 2 of the OSI model. Sniffers operate on Layer 3 of the OSI model.

Black-hat hacker Ivan wants to determine the status of ports on a remote host. He wants to do this quickly but imperceptibly for IDS systems. For this, he uses a half-open scan that doesn’t complete the TCP three-way handshake. What kind of scanning does Ivan use?. XMAS scans. TCP SYN (Stealth) Scan. PSH Scan. FIN scan.

Which of the following components of IPsec provides confidentiality for the content of packets?. IKE. AH. ISAKMP. ESP.

Alex, a cybersecurity science student, needs to fill in the information into a secured PDF-file job application received from a prospective employer. He can't enter the information because all the fields are blocked. He doesn't want to request a new document that allows the forms to be completed and decides to write a script that pulls passwords from a list of commonly used passwords to try against the secured PDF until the correct password is found or the list is exhausted. Which attack is the student attempting?. Dictionary-attack. Man-in-the-middle attack. Brute-force attack. Session hijacking.

The ping utility is used to check the integrity and quality of connections in networks. In the process, it sends an ICMP Echo-Request and captures the incoming ICMP Echo-Reply, but quite often remote nodes block or ignore ICMP. Which of the options will solve this problem?. Use broadcast ping. Use hping. Use arping. Use traceroute.

Which of the following Linux-based tools will help you change any user's password or activate disabled accounts if you have physical access to a Windows 2008 R2 and an Ubuntu 9.10 Linux LiveCD?. CHNTPW. SET. John the Ripper. Cain & Abel.

Ivan, a black-hat hacker, performs a man-in-the-middle attack. To do this, it uses arogue wireless AP and embeds a malicious applet in all HTTP connections. When the victims went to any web page, the applet ran. Which of the following tools could Ivan probably use to inject HTML code?. Wireshark. Aircrack-ng. Ettercap. tcpdump.

The attacker managed to gain access to Shellshock, and now he can execute arbitrary commands and gain unauthorized access to many Internet-facing services. Which of the following operating system can't be affected by an attacker yet?. Unix. Windows. OS X. Linux.

To protect the enterprise infrastructure from the constant attacks of the evil hacker Ivan, Viktor divided the network into two parts using the network segmentation approach. · In the first one (local, without direct Internet access), he isolated business-critical resources. · In the second (external, with Internet access), he placed public web servers to provide services to clients. Subnets communicate with each other through a gateway protected by a firewall. What is the name of the external subnet?. Demilitarized Zone. Bastion host. Network access control. WAF.

You want to surf safely and anonymously on the Internet. Which of the following options will be best for you?. Use VPN. Use SSL sltes. Use Tor network with multi-node. Use public WIFI.

Lisandro is engaged in sending spam. To avoid blocking, he connects to incorrectly configured SMTP servers that allow e-mail relay without authentication (which allows Lisandro to fake information about the sender's identity). What is the name of such an SMTP server?. Weak SMTP. Open mail relay. Public SMTP server. Message transfer agent.

What is the first and most important phase that is the starting point for penetration testing in the work of an ethical hacker?. Reconnaissance. Maintaining Access. Scanning. Gaining Access.

Leonardo, an employee of a cybersecurity firm, conducts an audit for a third-party company. First of all, he plans to run a scanning that looks for common misconfigurations and outdated software versions. Which of the following tools is most likely to be used by Leonardo?. Armitage. Nmap. Nikto. Metasploit.

Which of the following is an attack where used precomputed tables of hashed passwords?. Rainbow Table Attack. Brute Force Attack. Dictionary Attack. Hybrid Attack.

Alex works as a network administrator at ClassicUniversity. There are many Ethernet ports are available for professors and authorized visitors (but not for students) on the university campus. However, Alex realized that some students connect their notebooks to the wired network to have Internet access. He identified this when the IDS alerted for malware activities in the network. What should Alex do to avoid this problem?. Separate students in a different VLAN. Use the 802.1x protocol. Ask students to use the wireless network. Disable unused ports in the switches.

IPsec is a suite of protocols developed to ensure the integrity, confidentiality, and authentication of data communications over an IP network. Which protocol is NOT included in the IPsec suite?. Media Access Control (MAC). Security Association (SA). Encapsulating Security Protocol (ESP). Authentication Header (AH).

Which of the following is the type of message that sends the client to the server to begin a 3-way handshake while establishing a TCP connection?. ACK. RST. SYN-ACK. SYN.

The SOC analyst of the company wants to track the transfer of files over the unencrypted FTP protocol, which filter for the Wireshark sniffer should he use?. tcp.port == 80. tcp.port == 443. tcp.port == 23. tcp.port == 21.

Identify the structure designed to verify and authenticate the identity of individuals within the enterprise taking part in a data exchange. biometrics. single sign-on. PKI. SOA.

Identify a security policy that defines using of a VPN for gaining access to an internal corporate network. Information protection policy. Access control policy. Network security policy. Remote access policy.

The evil hacker Ivan wants to attack the popular air ticket sales service. After careful study, he discovered that the web application is vulnerable to introduced malicious JavaScript code through the application form. This code does not cause any harm to the server itself, but when executed on the client's computer, it can steal his personal data. What kind of attack is Ivan preparing to use?. SQL injection. LDAP Injection. CSRF. XSS.

In what type of testing does the tester have some information about the internal work of the application?. Announced. Black-box. White-box. Grey-box.

Monitoring your company’s assets is one of the most important jobs you can perform. What warnings should you try to reduce when configuring security tools, such as security information and event management (SIEM) solutions or intrusion detection systems (IDS)?. False Positives and False Negatives. True Positives and True Negatives. Only True Negatives. Only False Positives.

What is the name of a popular tool (or rather, an entire integrated platform written in Java) based on a proxy used to assess the security of web applications and conduct practical testing using a variety of built-in tools?. Burp Suite. Wireshark. Nmap. CxSAST.

Which of the following parameters is Nmap helps evade IDS or firewalls?. -T. -A. -r. -R.

Passwords are rarely stored in plain text, most often, one-way conversion (hashing) is performed to protect them from unauthorized access. However, there are some attacks and tools to crack the hash. Look at the following tools and select the one that can NOT be used for this. John the Ripper. Ophcrack. Netcat. Hashcat.

You have been instructed to organize the possibility of working remotely for employees. Their remote connections could be exposed to session hijacking during the work, and you want to prevent this possibility. You decide to use the technology that creates a safe and encrypted tunnel over a public network to securely send and receive sensitive information and prevent hackers from decrypting the data flow between the endpoints. Which of the following technologies will you use?. VPN. Split tunneling. DMZ. Bastion host.

Lisandro was hired to steal critical business documents of a competitor company. Using a vulnerability in over-the-air programming (OTA programming) on Android smartphones, he sends messages to company employees on behalf of the network operator, asking them to enter a PIN code and accept new updates for the phone. After the employee enters the PIN code, Lisandro gets the opportunity to intercept all Internet traffic from the phone. What type of attack did Lisandro use?. Tap ‘n ghost attack. Bypass SSL pinning. Social engineering. Advanced SMS phishing.

Which of the following best describes a software firewall?. Software firewall is placed between the anti-virus application and the IDS components of the operating system. Software firewall is placed between the desktop and the software components of the operating system. Software firewall is placed between the router and the networking components of the operating system. Software firewall is placed between the normal application and the networking components of the operating system.

What are the two main conditions for a digital signature?. Unique and have special characters. It has to be the same number of characters as a physical signature and must be unique. Unforgeable and authentic. Legible and neat.

Maria conducted a successful attack and gained access to a Linux server. She wants to avoid that NIDS will not catch the succeeding outgoing traffic from this server in the future. Which of the following is the best way to avoid detection of NIDS?. Encryption. Out of band signaling. Alternate Data Streams. Protocol Isolation.

Which regulation defines security and privacy controls for all U.S. federal information systems except those related to national security?. PCI-DSS. NIST-800-53. EU Safe Harbor. HIPAA.

Which layer 3 protocol allows for end-to-end encryption of the connection?. SFTP. IPsec. SSL. FTPS.

You conduct an investigation and finds out that the browser of one of your employees sent malicious requests that the employee knew nothing about. Identify the web page vulnerability that the attacker used when the attack to your employee. File Inclusion Attack. Cross-Site Request Forgery (CSRF). Command Injection Attacks. Hidden Field Manipulation Attack.

Determine the type of SQL injection: SELECT * FROM user WHERE name = 'x' AND userid IS NULL; --';. UNION SQL Injection. End of Line Comment. Tautology. Illegal/Logically Incorrect Query.

Determine the attack according to the following scenario: Benjamin performs a cloud attack during the translation of the SOAP message in the TLS layer. He duplicates the body of the message and sends it to the server as a legitimate user. As a result of these actions, Benjamin managed to access the server resources to unauthorized access. Wrapping. Cloud Hopper. Cloudborne. Side-channel.

Which of the following is not included in the list of recommendations of PCI Data Security Standards?. Do not use vendor-supplied defaults for system passwords and other security parameters. Rotate employees handling credit card transactions on a yearly basis to different departments. Protect stored cardholder data. Encrypt transmission of cardholder data across open, public networks.

Suppose your company has implemented identify people based on walking patterns and made it part of physical control access to the office. The system works according to the following principle: The camera captures people walking and identifies employees, and then they must attach their RFID badges to access the office. Which of the following best describes this technology?. The solution will have a high level of false positives. Biological motion cannot be used to identify people. Although the approach has two phases, it actually implements just one authentication factor. The solution implements the two factors authentication: physical object and physical characteristic.

You know that the application you are attacking is vulnerable to an SQL injection, but you cannot see the result of the injection. You send a SQL query to the database, which makes the database wait before it can react. You can see from the time the database takes to respond, whether a query is true or false. What type of SQL injection did you use?. Blind SQLi. Out-of-band SQLi. Error-based SQLi. UNION SQLi.

Which of the following application security testing method of white-box testing, in which only the source code of applications and their components is scanned for determines potential vulnerabilities in their software and architecture?. IAST. DAST. SAST. MAST.

Often, for a successful attack, hackers very skillfully simulate phishing messages. To do this, they collect the maximum information about the company that they will attack: emails of real employees (including information about the hierarchy in the company), information about the appearance of the message (formatting, logos), etc. What is the name of this stage of the hacker's work?. Exploration stage. Investigation stage. Reconnaissance stage. Enumeration stage.

Imagine the following scenario: 1. An attacker created a website with tempting content and benner like: 'Do you want to make $10 000 in a month?'. 2. Victim clicks to the interesting and attractive content URL. 3. Attacker creates a transparent 'iframe' in front of the banner which victim attempts to click. Victim thinks that he/she clicks to the 'Do you want to make $10 000 in a month?' banner but actually he/she clicks to the content or UPL that exists in the transparent 'iframe' which is set up by the attacker. What is the name of the attack which is described in the scenario?. Session Fixation. Clickjacking Attack. HTML Injection. HTTP Parameter Pollution.

You analyze the logs and see the following output of logs from the machine with the IP address of 192.168.0.132: 1. Time August 21 11:22:06 Port:20 Source:192.168.0.30 Destination:192.168.0.132 Protocol:TCP 2. Time August 21 11:22:08 Port:21 Source:192.168.0.30 Destination:192.168.0.132 Protocol:TCP 3. Time August 21 11:22:11 Port:22 Source:192.168.0.30 Destination:192.168.0.132 Protocol:TCP 4. Time August 21 11:22:14 Port:23 Source:192.168.0.30 Destination:192.168.0.132 Protocol:TCP 5. Time August 21 11:22:15 Port:25 Source:192.168.0.30 Destination:192.168.0.132 Protocol:TCP 6. Time August 21 11:22:19 Port:80 Source:192.168.0.30 Destination:192.168.0.132 Protocol:TCP 7. Time August 21 11:22:21 Port:443 Source:192.168.0.30 Destination:192.168.0.132 Protocol:TCP What conclusion can you make based on this output?. Denial of service attack targeting 192.168.0.132. Port scan targeting 192.168.0.30. Teardrop attack targeting 192.168.0.132. Port scan targeting 192.168.0.132.

The attacker tries to take advantage of vulnerability where the application does not verify if the user is authorized to access the internal object via its name or key. Which of the following queries best describes an attempt to exploit an insecure direct object using the name of the valid account "User 1"?. "GET/restricted/bank.getaccount("˜User1') HTTP/1.1 Host: westbank.com". "GET/restricted/goldtransfer?to=Account&from=1 or 1=1' HTTP/1.1Host: westbank.com". "GET/restricted/\r\n\%00account%00User1%00access HTTP/1.1 Host: westbank.com". "GET/restricted/accounts/?name=User1 HTTP/1.1 Host: westbank.com".

What actions should be performed before using a Vulnerability Scanner for scanning a network?. TCP/IP stack fingerprinting. Checking if the remote host is alive. TCP/UDP Port scanning. Firewall detection.

Victor, a white hacker, received an order to perform a penetration test from the company "Test us". He starts collecting information and finds the email of an employee of this company in free access. Victor decides to send a letter to this email, changing the original email address to the email of the boss of this employee, "boss@testus.com". He asks the employee to immediately open the "link with the report" and check it. An employee of the company "Test us" opens this link and infects his computer. Thanks to these manipulations, Viktor gained access to the corporate network and successfully conducted a pentest. What type of attack did Victor use?. Eavesdropping. Piggybacking. Social engineering. Tailgating.

Which of the following best describes code injection?. Form of attack in which a malicious user gains access to the codebase on the server and inserts new code. Form of attack in which a malicious user inserts additional code into the JavaScript running in the browser. Form of attack in which a malicious user gets the server to execute arbitrary code using a buffer overflow. Form of attack in which a malicious user inserts text into a data field interpreted as code.

Attacker uses various IDS evasion techniques to bypass intrusion detection mechanisms. At the same time, IDS is configured to detect possible violations of the security policy, including unauthorized access and misuse. Which of the following evasion method depend on the Time-to-Live (TTL) fields of a TCP/IP ?. Obfuscation. Unicode Evasion. Denial-of-Service Attack. Insertion Attack.

What is a "Collision attack"?. Сollision attack on a hash tries to find two inputs producing the same hash value. Collision attacks break the hash into several parts, with the same bytes in each part to get the private key. Collision attacks attempt to recover information from a hash. Collision attacks try to change the hash.

John, a system administrator, is learning how to work with new technology: Docker. He will use it to create a network connection between the container interfaces and its parent host interface. Which of the following network drivers is suitable for John?. Bridge networking. Macvlan networking. Host networking. Overlay networking.

Mark, the network administrator, must allow UDP traffic on the host 10.0.0.3 and Internet traffic in the host 10.0.0.2. In addition to the main task, he needs to allow all FTP traffic to the rest of the network and deny all other traffic. Mark applies his ACL configuration on the router, and everyone has a problem with accessing FTP. In addition, hosts that are allowed access to the Internet cannot connect to it. In accordance with the following configuration, determine what happened on the network 1. access-list 102 deny tcp any any 2. access-list 104 permit udp host 10.0.0.3 any 3. access-list 110 permit tcp host 10.0.0.2 eq www any 4. access-list 108 permit tcp any eq ftp any. The ACL for FTP must be before the ACL 110. The ACL 104 needs to be first because is UDP. The ACL 110 needs to be changed to port 80. The first ACL is denying all TCP traffic, and the router is ignoring the other ACLs.

What is an automated software testing technique that involves providing invalid, unexpected, or random data as inputs to a computer program?. Concolic testing. Fuzz testing. Security testing. Monkey testing.

Based on the following data, you need to calculate the approximate cost of recovery of the system operation per year: The cost of a new hard drive is $300; The chance of a hard drive failure is 1/3; The recovery specialist earns $10/hour; Restore the OS and software to the new hard disk - 10 hours; Restore the database from the last backup to the new hard disk - 4 hours; Assume the EF = 1 (100%), calculate the SLE, ARO, and ALE. $146. $440. $960. $295.

The company "Usual company" asked a cybersecurity specialist to check their perimeter email gateway security. To do this, the specialist creates a specially formatted email message: 1. From: employee76@usualcompany.com 2. To: employee34@usualcompany.com 3. Subject: Test message 4. Date: 5/8/2021 11:22 He sends this message over the Internet, and a "Usual company " employee receives it. This means that the gateway of this company doesn't prevent _____. Email Harvesting. Email Masquerading. Email Spoofing. Email Phishing.

For the company, an important criterion is the immutability of the financial reports sent by the financial director to the accountant. They need to be sure that the accountant received the reports and it hasn't been changed. How can this be achieved?. Use a hash algorithm in the document once CFO approved the financial statements. Reports can send to the accountant using an exclusive USB for that document. Use a protected excel file. Financial reports can send the financial statements twice, one by email and the other delivered in USB and the accountant can compare both.

While using your bank's online servicing you notice the following string in the URL bar: http://www.MyPersonalBank.com/account?id=368940911028389&Damount=10980&Camount=21 You observe that if you modify the Damount & Camount values and submit the request, that data on the web page reflect the changes. Which type of vulnerability is present on this site?. Web Parameter Tampering. Cookie Tampering. SQL injection. XSS Reflection.

Why is a penetration test considered to be better than a vulnerability scan?. The tools used by penetration testers tend to have much more comprehensive vulnerability databases. Penetration tests are intended to exploit weaknesses in the architecture of your IT network, while a vulnerability scan does not typically involve active exploitation. A penetration test is often performed by an automated tool, while a vulnerability scan requires active engagement. Vulnerability scans only do host discovery and port scanning by default.

According to the Payment Card Industry Data Security Standard, when is it necessary to conduct external and internal penetration testing?. At least once a year and after any significant upgrade or modification. At least twice a year or after any significant upgrade or modification. At least once every three years or after any significant upgrade or modification. At least once every two years and after any significant upgrade or modification.

The firewall prevents packets from entering the organization through certain ports and applications. What does this firewall check?. Presentation layer headers and the session layer port numbers. Application layer port numbers and the transport layer headers. Application layer headers and transport layer port numbers. Network layer headers and the session layer port numbers.

Your company has a risk assessment, and according to its results, the risk of a breach in the main company application is 40%. Your cybersecurity department has made changes to the application and requested a re-assessment of the risks. The assessment showed that the risk fell to 12%, with a risk threshold of 20%. Which of the following options would be the best from a business point of view?. Introduce more controls to bring risk to 0%. Limit the risk. Accept the risk. Avoid the risk.

What actions should you take if you find that the company that hired you is involved with human trafficking?. Copy the information to removable media and keep it in case you need it. Stop work and contact the proper legal authorities. Ignore the information and continue the assessment until the work is done. Confront the customer and ask her about this.

You have been assigned the task of defending the company from network sniffing. Which of the following is the best option for this task?. Restrict Physical Access to Server Rooms hosting Critical Servers. Register all machines MAC Address in a Centralized Database. Using encryption protocols to secure network communications. Use Static IP Address.

How works the mechanism of a Boot Sector Virus?. Moves the MBR to another location on the Random-access memory and copies itself to the original location of the MBR. Moves the MBR to another location on the hard disk and copies itself to the original location of the MBR. Overwrites the original MBR and only executes the new virus code. Modifies directory table entries to point to the virus code instead of the actual MBR.