Estudios Recientes

Abel, a security proffesinal, conducts penetration testing in his client organization to check for any security loopholes. He launche an attack on the DHCP server could not issue any more IP address. This led to a DoS attack, and as a result, legitimate employees were unable to access the client's network. ¿Which of the following attacks did Abel perform in the above scenario?. Rogue DHCP server attack. VLAN hopping. STP attack. DHCP starvation.

Tony is a penetration tester tasked with performing a penetration test. After gaining initial acces to a target system, he finds a list of hashed passwords. Which of the following tools would not be useful for cracking the hashed password?. netcat. THC-Hydra. John the Ripper. Hashcat.

Jane an ethical hacker, is testing a target organization's web server and website to indentify security loopholes. In this process, she copied the entire website and its content on a local drive to view the complete profile of the site's directory structure, file structure external links, images, web pages, and so on. This information helps Jane map the website's directories and gain valuable information. What is the attack technique employed by Jane in the above scenario?. Website mirroning. website defacement. Web cache poisoning. Session hijacking.

An organization has automated the operation of critical infraestructure from a remote location. For this purpose, all the industrial control systems are connected to the internet. To empower the manufacturing process, ensure the reliability of indutrial networks, and reduce downtime and service disruption, the organization decided to install an OT security tool that further protects against security incidents such as cyver espionage, zero-day attack, and malware. Which of the following tools must the organization employ to protect its critical infrastructure?. InterFuzzer. BalenaCloud. Robotium. Flowmon.

Don, a student, come across a gaming app in a third-party app store and installed it. Subsequently, all the legitimate apps in his smarphone were replaced by deceptive applicactions that appeared legitimate. He also received many advertisements on his smatphone after installing the app. What is the attack performed on Don in the above scenario?. SMS phishing attack. SIM card attack. Agent Smith attack. Clickjacking.

Abel, a cloud archiect, uses container technology to deploy applications/software incluiding all its dependencies, such as libraries and configuration files, binaries, and other resources that run independently from other processes in the cloud enviroment. For the containerization of applications, he follows the five-tier container technology archicteture. Currently, Abel is verifying and validating image contents, signing images, and sending them to the registries. Which of the fllowing tiers of the container technology architecture is Abel currently working in?. Tier-1. Developer machines. Tier-2 Testing and accreditation systems. Tier-4 Orchestrators. Tier-3 Registries.

Which of the following Google advanced search operators help an attacker in gathering information about website that are similar to a specified target URL?. [inurl:]. [related:]. [site:]. [info:].

John wants to send Marie an email that includes sensitive information, and he does not trust the network that he is connected to. Marie gives him the idea of using PGP. What should john do to communicate correctly using this type of encryption?. Use Marie's private key to encrypt the message. Use his own private key to encrypt the message. Use his own public key to encrypt the message. Use Marie's public key to encrypt the message.

SQL injection (SQLi) attacks attempt to inject SQL syntax into web requests, which may bypass authentication and allow attackers to access and/or modify data. Out-of-band SQLi. Time-based blind SQLi. In-band-SQLi. Union-based SQLi.

George is a security professional working for iTech Solutions. He was tasked with securely transferring sensitive data of the organization between industrial systems. The protocol is used in devices that transferdata infrequently at a low rate in a restricted area, within a range of 10-100 m. What is the short-range wireless communication technology George employed in the above scenario?. LPWAN. Zigbee. MQTT. NB-IoT.

Emily, an extrovert obssed with social media, posts a large amount of private information, photographs, and location tags of recently visited places. Realizing this, James a professional hacker, targets Emily and her acguaintances, conducts a location search to detect their geolocation by using an automated tool, and gathers information to perform other sophisticated attack. ¿What is the tool employed by james in the above scenario?. Hootsuite. HULK. ophcrack. VisualRoute.

Bob was recently hired by a medical company after it experienced it experinced a major cyber security breach. Many patients are complainig that their personal medical records are fully exposed on the internet and someone can find them with a simple Google search. Bob's boss is very worried because of regulations that protect those data. Which of the following regulations is mostly violated?. PCI DSS. ISO 2002. HIPPA/PHI. PII.

Eric, a cloud security engenieer, implements a technique for securing the cloud resources used by his organization. This technique assumes by default that a user attempeting to access the network. Using this technique, he also imposed conditions such that employees can access only the resources required fot their role. What is the technique employed by Eric to secure cloud resources?. Container technology. Zero trust network. Serverless computing. Desmilitarized zone.

Joel, a professional hacker, targeted a company and identified the types of websites frequently visited by its employees. Using this information, he searched for possible loopheles in these websites and injected a malicious script that can redirect users from the web page and download malware onto a victim's machine. Joel waits for the victim to access the infected web application so as to compromise the victim's machine. Which of the following techniques is used by joel in the above scenario?. DNS rebinding attack. MarioNet attack. Watering hole attack. Clickjacking attack.

What are common files on a web server that can be misconfigured and provide useful information for a hacker such as verbose error message?. php.ini. administration.config. httpd.config. idq.dll.

In this attack, an adversary tricks a victim into reinstalling an already-in-use key. This is achieved by manipulating and replaying and replaying cryptographic handshake message. Whe the victim reinstalls the key, associated parameters such as the incremental transmit packet number and receive packet number are reset to their initial values. What is this attack called?. Evil twint. KRACK. Chop chop attack. Wardriving.

Attacker Steve targeted an organization's network with the aim of redirecting the company's web traffic to another malicious website. To archieve this goal, Steve performed DNS cache poisoning by exploiting the vulnerabilities in the DNS server software and modified the original IP address of the target website to that of a fake website. What is the technique employed by Steve to gather information for indentity theft?. Skimming. Pharming. Wardriving. Pretexing.

There have been concerns in your network that the wireless network component is not sufficiently secure. You perform a vulernability scan of the wireless network and find that it is using and find that it is using an old cryption protocol thath was designed to mimic wired encryption. What encryption protocol is being used?. WPA. RADIUS. WP3. WEP.

After and audit, the auditors inform you that there is a critical finding that you must tackie immediately. You read the audit report, and the problem is the service running on port 389. Which service is this and how can you tackle the problem?. The findings do not require immediate actions and are only suggestions. The service is NTP, and you have to change it from UP to TCP in order to ecrypt it. The service is LDAP, and you must change it to 636 which is LDAPS. The service is SMTP, and you must change it to SMIME, which is an encrypted way to send emails.

Annie, a cloud security engeneer, uses the Docker architecture to employ a client/server model in the application she is working on. She utilizes a component that can process API request and handle various Docker objects, such as containers, volumes, images, and networks. What is the component of the Docker architecture used by Annie in the above scenario?. Docker client. Docker registries. Docker daemon. Docker objects.

While browsing his Facebook, feed, Matt sees a picture one o his friends posted with the caption, "Learn more about your friends", as well as a number of personal question. Matt is suspicious and texts his friend, who confirms that he did indeed post it. With assurance that the post is legitimate. Matt responds to the questions on the post. A few days later. Matt's bank account has been accessed, and the password has been accessed and the password has been changed. What most likely happened?. Matt bank-account login information was brute forced. Matt inadvertently provided the answers to his security question when responding to the post. Matt's computer was infected with a keylogger. Matt inadvertently provided his password when responding to the post.

Which of the following Metasploit post explotaitation modules can be used to escalate privileges on Windows systems?. getuid. getsystem. autoroute. keylogrecorder.

Jude, a pen tester working in keitech Ltd.. performs sophisticated security testing on his company's network infrastructure to identify security loopholes. In this process, he started to circumvent the network protection tools and firewalls used in the company. He employed a technique that can create forget TCP sessions by carrying out multiple SYN, ACK and RST or FIN packets. Further. this preocess allowed jude to execute DDoS attacks that can exhaust the network resources. What is the attack technique used by jude for finding loopholes in the above scenario?. Ping-of-death attack. Peer-to-peer atack. Spoofed session flood atack. UDP flood attack.