New Year Sale - Special 70% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: 70dumps

312-50v11 Questions and Answers

Question # 6

Sophia is a shopping enthusiast who spends significant time searching for trendy outfits online. Clark, an attacker, noticed her activities several times and sent a fake email containing a deceptive page link to her social media page displaying all-new and trendy outfits. In excitement, Sophia clicked on the malicious link and logged in to that page using her valid credentials. Which of the following tools is employed by Clark to create the spoofed email?

A.

PyLoris

B.

Slowloris

C.

Evilginx

D.

PLCinject

Full Access
Question # 7

Susan, a software developer, wants her web API to update other applications with the latest information. For this purpose, she uses a user-defined HTTP tailback or push APIs that are raised based on trigger events: when invoked, this feature supplies data to other applications so that users can instantly receive real-time Information.

Which of the following techniques is employed by Susan?

A.

web shells

B.

Webhooks

C.

REST API

D.

SOAP API

Full Access
Question # 8

Study the snort rule given below and interpret the rule. alert tcp any any --> 192.168.1.0/24 111

(content:"|00 01 86 a5|"; msG. "mountd access";)

A.

An alert is generated when a TCP packet is generated from any IP on the 192.168.1.0 subnet and destined to any IP on port 111

B.

An alert is generated when any packet other than a TCP packet is seen on the network and destined for the 192.168.1.0 subnet

C.

An alert is generated when a TCP packet is originated from port 111 of any IP address to the 192.168.1.0 subnet

D.

An alert is generated when a TCP packet originating from any IP address is seen on the network and destined for any IP address on the 192.168.1.0 subnet on port 111

Full Access
Question # 9

This is an attack that takes advantage of a web site vulnerability in which the site displays content that includes un-sanitized user-provided data.

What is this attack?

A.

Cross-site-scripting attack

B.

SQL Injection

C.

URL Traversal attack

D.

Buffer Overflow attack

Full Access
Question # 10

An attacker utilizes a Wi-Fi Pineapple to run an access point with a legitimate-looking SSID for a nearby business in order to capture the wireless password. What kind of attack is this?

A.

MAC spoofing attack

B.

Evil-twin attack

C.

War driving attack

D.

Phishing attack

Full Access
Question # 11

You are logged in as a local admin on a Windows 7 system and you need to launch the Computer Management Console from command line.

Which command would you use?

A.

c:\compmgmt.msc

B.

c:\services.msc

C.

c:\ncpa.cp

D.

c:\gpedit

Full Access
Question # 12

Based on the below log, which of the following sentences are true?

Mar 1, 2016, 7:33:28 AM 10.240.250.23 - 54373 10.249.253.15 - 22 tcp_ip

A.

Application is FTP and 10.240.250.23 is the client and 10.249.253.15 is the server.

B.

Application is SSH and 10.240.250.23 is the server and 10.249.253.15 is the client.

C.

SSH communications are encrypted; it’s impossible to know who is the client or the server.

D.

Application is SSH and 10.240.250.23 is the client and 10.249.253.15 is the server.

Full Access
Question # 13

What is a NULL scan?

A.

A scan in which all flags are turned off

B.

A scan in which certain flags are off

C.

A scan in which all flags are on

D.

A scan in which the packet size is set to zero

E.

A scan with an illegal packet size

Full Access
Question # 14

A post-breach forensic investigation revealed that a known vulnerability in Apache Struts was to blame for the Equifax data breach that affected 143 million customers. A fix was available from the software vendor for several months prior 10 the Intrusion. This Is likely a failure in which of the following security processes?

A.

vendor risk management

B.

Security awareness training

C.

Secure deployment lifecycle

D.

Patch management

Full Access
Question # 15

Ethical backer jane Doe is attempting to crack the password of the head of the it department of ABC company. She Is utilizing a rainbow table and notices upon entering a password that extra characters are added to the password after submitting. What countermeasure is the company using to protect against rainbow tables?

A.

Password key hashing

B.

Password salting

C.

Password hashing

D.

Account lockout

Full Access
Question # 16

Emily, an extrovert obsessed with social media, posts a large amount of private information, photographs, and location tags of recently visited places. Realizing this. James, a professional hacker, targets Emily and her acquaintances, conducts a location search to detect their geolocation by using an automated tool, and gathers information to perform other sophisticated attacks. What is the tool employed by James in the above scenario?

A.

ophcrack

B.

Hootsuite

C.

VisualRoute

D.

HULK

Full Access
Question # 17

Dorian Is sending a digitally signed email to Polly, with which key is Dorian signing this message and how is Poly validating It?

A.

Dorian is signing the message with his public key. and Poly will verify that the message came from Dorian by using Dorian's private key.

B.

Dorian Is signing the message with Polys public key. and Poly will verify that the message came from Dorian by using Dorian's public key.

C.

Dorian is signing the message with his private key. and Poly will verify that the message came from Dorian by using Dorian's public key.

D.

Dorian is signing the message with Polys private key. and Poly will verify mat the message came from Dorian by using Dorian's public key.

Full Access
Question # 18

Your company performs penetration tests and security assessments for small and medium-sized business in the local area. During a routine security assessment, you discover information that suggests your client is involved with human trafficking.

What should you do?

A.

Confront the client in a respectful manner and ask her about the data.

B.

Copy the data to removable media and keep it in case you need it.

C.

Ignore the data and continue the assessment until completed as agreed.

D.

Immediately stop work and contact the proper legal authorities.

Full Access
Question # 19

You are tasked to configure the DHCP server to lease the last 100 usable IP addresses in subnet to. 1.4.0/23. Which of the following IP addresses could be teased as a result of the new configuration?

A.

210.1.55.200

B.

10.1.4.254

C.

10..1.5.200

D.

10.1.4.156

Full Access
Question # 20

Internet Protocol Security IPsec is actually a suite pf protocols. Each protocol within the suite provides different functionality. Collective IPsec does everything except.

A.

Protect the payload and the headers

B.

Encrypt

C.

Work at the Data Link Layer

D.

Authenticate

Full Access
Question # 21

Hackers often raise the trust level of a phishing message by modeling the email to look similar to the internal email used by the target company. This includes using logos, formatting, and names of the target company. The phishing message will often use the name of the company CEO, President, or Managers. The time a hacker spends performing research to locate this information about a company is known as?

A.

Exploration

B.

Investigation

C.

Reconnaissance

D.

Enumeration

Full Access
Question # 22

Bob, your senior colleague, has sent you a mail regarding a deal with one of the clients. You are requested to accept the offer and you oblige. After 2 days. Bob denies that he had ever sent a mail. What do you want to ""know"" to prove yourself that it was Bob who had send a mail?

A.

Authentication

B.

Confidentiality

C.

Integrity

D.

Non-Repudiation

Full Access
Question # 23

Harry. a professional hacker, targets the IT infrastructure of an organization. After preparing for the attack, he attempts to enter the target network using techniques such as sending spear-phishing emails and exploiting vulnerabilities on publicly available servers. Using these techniques, he successfully deployed malware on the target system to establish an outbound connection. What is the APT lifecycle phase that Harry is currently executing?

A.

Preparation

B.

Cleanup

C.

Persistence

D.

initial intrusion

Full Access
Question # 24

Insecure direct object reference is a type of vulnerability where the application does not verify if the user is authorized to access the internal object via its name or key. Suppose a malicious user Rob tries to get access to the account of a benign user Ned.

Which of the following requests best illustrates an attempt to exploit an insecure direct object reference vulnerability?

A.

“GET /restricted/goldtransfer?to=Rob&from=1 or 1=1’ HTTP/1.1Host: westbank.com”

B.

“GET /restricted/\r\n\%00account%00Ned%00access HTTP/1.1 Host: westbank.com”

C.

“GET /restricted/accounts/?name=Ned HTTP/1.1 Host westbank.com”

D.

“GET /restricted/ HTTP/1.1 Host: westbank.com

Full Access
Question # 25

Garry is a network administrator in an organization. He uses SNMP to manage networked devices from a remote location. To manage nodes in the network, he uses MIB. which contains formal descriptions of all network objects managed by SNMP. He accesses the contents of MIB by using a web browser either by entering the IP address and Lseries.mlb or by entering the DNS library name and Lseries.mlb. He is currently retrieving information from an MIB that contains object types for workstations and server services. Which of the following types of MIB is accessed by Garry in the above scenario?

A.

LNMIB2.MIB

B.

WINS.MIB

C.

DHCP.MIS

D.

MIB_II.MIB

Full Access
Question # 26

Becky has been hired by a client from Dubai to perform a penetration test against one of their remote offices. Working from her location in Columbus, Ohio, Becky runs her usual reconnaissance scans to obtain basic information about their network. When analyzing the results of her Whois search, Becky notices that the IP was allocated to a location in Le Havre, France. Which regional Internet registry should Becky go to for detailed information?

A.

ARIN

B.

APNIC

C.

RIPE

D.

LACNIC

Full Access
Question # 27

What is the BEST alternative if you discover that a rootkit has been installed on one of your computers?

A.

Copy the system files from a known good system

B.

Perform a trap and trace

C.

Delete the files and try to determine the source

D.

Reload from a previous backup

E.

Reload from known good media

Full Access
Question # 28

A regional bank hires your company to perform a security assessment on their network after a recent data breach. The attacker was able to steal financial data from the bank by compromising only a single server. Based on this information, what should be one of your key recommendations to the bank?

A.

Place a front-end web server in a demilitarized zone that only handles external web traffic

B.

Require all employees to change their anti-virus program with a new one

C.

Move the financial data to another server on the same IP subnet

D.

Issue new certificates to the web servers from the root certificate authority

Full Access
Question # 29

What tool can crack Windows SMB passwords simply by listening to network traffic?

A.

This is not possible

B.

Netbus

C.

NTFSDOS

D.

L0phtcrack

Full Access
Question # 30

By performing a penetration test, you gained access under a user account. During the test, you established a connection with your own machine via the SMB service and occasionally entered your login and password in plaintext.

Which file do you have to clean to clear the password?

A.

.X session-log

B.

.bashrc

C.

.profile

D.

.bash_history

Full Access
Question # 31

The configuration allows a wired or wireless network interface controller to pass all traffic it receives to the Central Processing Unit (CPU), rather than passing only the frames that the controller is intended to receive. Which of the following is being described?

A.

Multi-cast mode

B.

Promiscuous mode

C.

WEM

D.

Port forwarding

Full Access
Question # 32

A user on your Windows 2000 network has discovered that he can use L0phtcrack to sniff the SMB exchanges which carry user logons. The user is plugged into a hub with 23 other systems.

However, he is unable to capture any logons though he knows that other users are logging in.

What do you think is the most likely reason behind this?

A.

There is a NIDS present on that segment.

B.

Kerberos is preventing it.

C.

Windows logons cannot be sniffed.

D.

L0phtcrack only sniffs logons to web servers.

Full Access
Question # 33

What piece of hardware on a computer's motherboard generates encryption keys and only releases a part of the key so that decrypting a disk on a new piece of hardware is not possible?

A.

CPU

B.

GPU

C.

UEFI

D.

TPM

Full Access
Question # 34

The establishment of a TCP connection involves a negotiation called three-way handshake. What type of message does the client send to the server in order to begin this negotiation?

A.

ACK

B.

SYN

C.

RST

D.

SYN-ACK

Full Access
Question # 35

What is the proper response for a NULL scan if the port is open?

A.

SYN

B.

ACK

C.

FIN

D.

PSH

E.

RST

F.

No response

Full Access
Question # 36

Jim’s company regularly performs backups of their critical servers. But the company cannot afford to send backup tapes to an off-site vendor for long-term storage and archiving. Instead, Jim’s company keeps the backup tapes in a safe in the office. Jim’s company is audited each year, and the results from this year’s audit show a risk because backup tapes are not stored off-site. The Manager of Information Technology has a plan to take the backup tapes home with him and wants to know what two things he can do to secure the backup tapes while in transit?

A.

Encrypt the backup tapes and transport them in a lock box.

B.

Degauss the backup tapes and transport them in a lock box.

C.

Hash the backup tapes and transport them in a lock box.

D.

Encrypt the backup tapes and use a courier to transport them.

Full Access
Question # 37

You are performing a penetration test for a client and have gained shell access to a Windows machine on the internal network. You intend to retrieve all DNS records for the internal domain, if the DNS server is at 192.168.10.2 and the domain name is abccorp.local, what command would you type at the nslookup prompt to attempt a zone transfer?

A.

list server=192.168.10.2 type=all

B.

is-d abccorp.local

C.

Iserver 192.168.10.2-t all

D.

List domain=Abccorp.local type=zone

Full Access
Question # 38

Bob, your senior colleague, has sent you a mail regarding a deal with one of the clients. You are requested to accept the offer and you oblige. After 2 days, Bab denies that he had ever sent a mail. What do you want to ““know”” to prove yourself that it was Bob who had send a mail?

A.

Non-Repudiation

B.

Integrity

C.

Authentication

D.

Confidentiality

Full Access
Question # 39

E-mail scams and mail fraud are regulated by which of the following?

A.

18 U.S.C. par. 1030 Fraud and Related activity in connection with Computers

B.

18 U.S.C. par. 1029 Fraud and Related activity in connection with Access Devices

C.

18 U.S.C. par. 1362 Communication Lines, Stations, or Systems

D.

18 U.S.C. par. 2510 Wire and Electronic Communications Interception and Interception of Oral Communication

Full Access
Question # 40

You have successfully logged on a Linux system. You want to now cover your trade Your login attempt may be logged on several files located in /var/log. Which file does NOT belongs to the list:

A.

user.log

B.

auth.fesg

C.

wtmp

D.

btmp

Full Access
Question # 41

An attacker decided to crack the passwords used by industrial control systems. In this process, he employed a loop strategy to recover these passwords. He used one character at a time to check whether the first character entered is correct; if so, he continued the loop for consecutive characters. If not, he terminated the loop. Furthermore, the attacker checked how much time the device took to finish one complete password authentication process, through which he deduced how many characters entered are correct.

What is the attack technique employed by the attacker to crack the passwords of the industrial control systems?

A.

Side-channel attack

B.

Denial-of-service attack

C.

HMI-based attack

D.

Buffer overflow attack

Full Access
Question # 42

What information security law or standard aims at protecting stakeholders and the general public from accounting errors and fraudulent activities within organizations?

A.

PCI-DSS

B.

FISMA

C.

SOX

D.

ISO/I EC 27001:2013

Full Access
Question # 43

Thomas, a cloud security professional, is performing security assessment on cloud services to identify any loopholes. He detects a vulnerability in a bare-metal cloud server that can enable hackers to implant malicious backdoors in its firmware. He also identified that an installed backdoor can persist even if the server is reallocated to new clients or businesses that use it as an laaS.

What is the type of cloud attack that can be performed by exploiting the vulnerability discussed in the above scenario?

A.

Man-in-the-cloud (MITC) attack

B.

Cloud cryptojacking

C.

Cloudborne attack

D.

Metadata spoofing attack

Full Access
Question # 44

What two conditions must a digital signature meet?

A.

Has to be the same number of characters as a physical signature and must be unique.

B.

Has to be unforgeable, and has to be authentic.

C.

Must be unique and have special characters.

D.

Has to be legible and neat.

Full Access
Question # 45

A DDOS attack is performed at layer 7 to take down web infrastructure. Partial HTTP requests are sent to the web infrastructure or applications. Upon receiving a partial request, the target servers opens multiple connections and keeps waiting for the requests to complete.

Which attack is being described here?

A.

Desynchronization

B.

Slowloris attack

C.

Session splicing

D.

Phlashing

Full Access
Question # 46

Elante company has recently hired James as a penetration tester. He was tasked with performing enumeration on an organization's network. In the process of enumeration, James discovered a service that is accessible to external sources. This service runs directly on port 21. What is the service enumerated byjames in the above scenario?

A.

Border Gateway Protocol (BGP)

B.

File Transfer Protocol (FTP)

C.

Network File System (NFS)

D.

Remote procedure call (RPC)

Full Access
Question # 47

What is a “Collision attack” in cryptography?

A.

Collision attacks try to get the public key

B.

Collision attacks try to break the hash into three parts to get the plaintext value

C.

Collision attacks try to break the hash into two parts, with the same bytes in each part to get the private key

D.

Collision attacks try to find two inputs producing the same hash

Full Access
Question # 48

Fred is the network administrator for his company. Fred is testing an internal switch.

From an external IP address, Fred wants to try and trick this switch into thinking it already has established a session with his computer. How can Fred accomplish this?

A.

Fred can accomplish this by sending an IP packet with the RST/SIN bit and the source address of his computer.

B.

He can send an IP packet with the SYN bit and the source address of his computer.

C.

Fred can send an IP packet with the ACK bit set to zero and the source address of the switch.

D.

Fred can send an IP packet to the switch with the ACK bit and the source address of his machine.

Full Access
Question # 49

Miley, a professional hacker, decided to attack a target organization's network. To perform the attack, she used a tool to send fake ARP messages over the target network to link her MAC address with the target system's IP address. By performing this, Miley received messages directed to the victim's MAC address and further used the tool to intercept, steal, modify, and block sensitive communication to the target system. What is the tool employed by Miley to perform the above attack?

A.

Gobbler

B.

KDerpNSpoof

C.

BetterCAP

D.

Wireshark

Full Access
Question # 50

env x=’(){ :;};echo exploit’ bash –c ‘cat/etc/passwd’

What is the Shellshock bash vulnerability attempting to do on a vulnerable Linux host?

A.

Removes the passwd file

B.

Changes all passwords in passwd

C.

Add new user to the passwd file

D.

Display passwd content to prompt

Full Access
Question # 51

What would be the purpose of running "wget 192.168.0.15 -q -S" against a web server?

A.

Performing content enumeration on the web server to discover hidden folders

B.

Using wget to perform banner grabbing on the webserver

C.

Flooding the web server with requests to perform a DoS attack

D.

Downloading all the contents of the web page locally for further examination

Full Access
Question # 52

Mr. Omkar performed tool-based vulnerability assessment and found two vulnerabilities. During analysis, he found that these issues are not true vulnerabilities.

What will you call these issues?

A.

False positives

B.

True negatives

C.

True positives

D.

False negatives

Full Access
Question # 53

Which of the following is an extremely common IDS evasion technique in the web world?

A.

Spyware

B.

Subnetting

C.

Unicode Characters

D.

Port Knocking

Full Access
Question # 54

Identify the web application attack where the attackers exploit vulnerabilities in dynamically generated web pages to inject client-side script into web pages viewed by other users.

A.

LDAP Injection attack

B.

Cross-Site Scripting (XSS)

C.

SQL injection attack

D.

Cross-Site Request Forgery (CSRF)

Full Access
Question # 55

You are a penetration tester tasked with testing the wireless network of your client Brakeme SA. You are attempting to break into the wireless network with the SSID "Brakeme-lnternal." You realize that this network uses WPA3 encryption, which of the following vulnerabilities is the promising to exploit?

A.

Dragonblood

B.

Cross-site request forgery

C.

Key reinstallation attack

D.

AP Myconfiguration

Full Access
Question # 56

MX record priority increases as the number increases. (True/False.)

A.

True

B.

False

Full Access
Question # 57

ping-* 6 192.168.0.101

Output:

Pinging 192.168.0.101 with 32 bytes of data:

Reply from 192.168.0.101: bytes=32 time<1ms TTL=128

Reply from 192.168.0.101: bytes=32 time<1ms TTL=128

Reply from 192.168.0.101: bytes=32 time<1ms TTL=128

Reply from 192.168.0.101: bytes=32 time<1ms TTL=128

Reply from 192.168.0.101: bytes=32 time<1ms TTL=128

Reply from 192.168.0.101:

Ping statistics for 192.168.0101

Packets: Sent = 6, Received = 6, Lost = 0 (0% loss).

Approximate round trip times in milli-seconds:

Minimum = 0ms, Maximum = 0ms, Average = 0ms

What does the option * indicate?

A.

t

B.

s

C.

a

D.

n

Full Access
Question # 58

If a token and 4-digit personal identification number (PIN) are used to access a computer system and the token performs off-line checking for the correct PIN, what type of attack is possible?

A.

Birthday

B.

Brute force

C.

Man-in-the-middle

D.

Smurf

Full Access
Question # 59

You have gained physical access to a Windows 2008 R2 server which has an accessible disc drive. When you attempt to boot the server and log in, you are unable to guess the password. In your toolkit, you have an Ubuntu 9.10 Linux LiveCD. Which Linux-based tool can change any user’s password or activate disabled Windows accounts?

A.

John the Ripper

B.

SET

C.

CHNTPW

D.

Cain & Abel

Full Access
Question # 60

During the enumeration phase. Lawrence performs banner grabbing to obtain information such as OS details and versions of services running. The service that he enumerated runs directly on TCP port 445.

Which of the following services is enumerated by Lawrence in this scenario?

A.

Server Message Block (SMB)

B.

Network File System (NFS)

C.

Remote procedure call (RPC)

D.

Telnet

Full Access
Question # 61

When analyzing the IDS logs, the system administrator noticed an alert was logged when the external router was accessed from the administrator’s Computer to update the router configuration. What type of an alert is this?

A.

False negative

B.

True negative

C.

True positive

D.

False positive

Full Access
Question # 62

You work for Acme Corporation as Sales Manager. The company has tight network security restrictions. You are trying to steal data from the company's Sales database (Sales.xls) and transfer them to your home computer. Your company filters and monitors traffic that leaves from the internal network to the Internet. How will you achieve this without raising suspicion?

A.

Encrypt the Sales.xls using PGP and e-mail it to your personal gmail account

B.

Package the Sales.xls using Trojan wrappers and telnet them back your home computer

C.

You can conceal the Sales.xls database in another file like photo.jpg or other files and send it out in an innocent looking email or file transfer using Steganography techniques

D.

Change the extension of Sales.xls to sales.txt and upload them as attachment to your hotmail account

Full Access
Question # 63

When conducting a penetration test, it is crucial to use all means to get all available information about the target network. One of the ways to do that is by sniffing the network. Which of the following cannot be performed by the passive network sniffing?

A.

Identifying operating systems, services, protocols and devices

B.

Modifying and replaying captured network traffic

C.

Collecting unencrypted information about usernames and passwords

D.

Capturing a network traffic for further analysis

Full Access
Question # 64

Joseph was the Web site administrator for the Mason Insurance in New York, who's main Web site was located at www.masonins.com. Joseph uses his laptop computer regularly to administer the Web site. One night, Joseph received an urgent phone call from his friend, Smith. According to Smith, the main Mason Insurance web site had been vandalized! All of its normal content was removed and replaced with an attacker 's message ''Hacker Message: You are dead! Freaks!” From his office, which was directly connected to Mason Insurance's internal network, Joseph surfed to the Web site using his laptop. In his browser, the Web site looked completely intact.

No changes were apparent. Joseph called a friend of his at his home to help troubleshoot the problem. The Web site appeared defaced when his friend visited using his DSL connection. So, while Smith and his friend could see the defaced page, Joseph saw the intact Mason Insurance web site. To help make sense of this problem, Joseph decided to access the Web site using hisdial-up ISP. He disconnected his laptop from the corporate internal network and used his modem to dial up the same ISP used by Smith. After his modem connected, he quickly typed www.masonins.com in his browser to reveal the following web page:

After seeing the defaced Web site, he disconnected his dial-up line, reconnected to the internal network, and used Secure Shell (SSH) to log in directly to the Web server. He ran Tripwire against the entire Web site, and determined that every system file and all the Web content on the server were intact. How did the attacker accomplish this hack?

A.

ARP spoofing

B.

SQL injection

C.

DNS poisoning

D.

Routing table injection

Full Access
Question # 65

Which of the following is considered an exploit framework and has the ability to perform automated attacks on services, ports, applications and unpatched security flaws in a computer system?

A.

Wireshark

B.

Maltego

C.

Metasploit

D.

Nessus

Full Access
Question # 66

What does a firewall check to prevent particular ports and applications from getting packets into an organization?

A.

Transport layer port numbers and application layer headers

B.

Presentation layer headers and the session layer port numbers

C.

Network layer headers and the session layer port numbers

D.

Application layer port numbers and the transport layer headers

Full Access
Question # 67

You just set up a security system in your network. In what kind of system would you find the following string of characters used as a rule within its configuration? alert tcp any any -> 192.168.100.0/24 21 (msg: ““FTP on the network!””;)

A.

A firewall IPTable

B.

FTP Server rule

C.

A Router IPTable

D.

An Intrusion Detection System

Full Access
Question # 68

Which among the following is the best example of the third step (delivery) in the cyber kill chain?

A.

An intruder sends a malicious attachment via email to a target.

B.

An intruder creates malware to be used as a malicious attachment to an email.

C.

An intruder's malware is triggered when a target opens a malicious email attachment.

D.

An intruder's malware is installed on a target's machine.

Full Access
Question # 69

You have been authorized to perform a penetration test against a website. You want to use Google dorks to footprint the site but only want results that show file extensions. What Google dork operator would you use?

A.

filetype

B.

ext

C.

inurl

D.

site

Full Access
Question # 70

Samuel a security administrator, is assessing the configuration of a web server. He noticed that the server permits SSlv2 connections, and the same private key certificate is used on a different server that allows SSLv2 connections. This vulnerability makes the web server vulnerable to attacks as the SSLv2 server can leak key information.

Which of the following attacks can be performed by exploiting the above vulnerability?

A.

DROWN attack

B.

Padding oracle attack

C.

Side-channel attack

D.

DUHK attack

Full Access
Question # 71

You have successfully comprised a server having an IP address of 10.10.0.5. You would like to enumerate all machines in the same network quickly.

What is the best Nmap command you will use? A. nmap -T4 -q 10.10.0.0/24

B. nmap -T4 -F 10.10.0.0/24 C. nmap -T4 -r 10.10.1.0/24 D. nmap -T4 -O 10.10.0.0/24

Full Access
Question # 72

Which of the following is the best countermeasure to encrypting ransomwares?

A.

Use multiple antivirus softwares

B.

Pay a ransom

C.

Keep some generation of off-line backup

D.

Analyze the ransomware to get decryption key of encrypted data

Full Access
Question # 73

Bobby, an attacker, targeted a user and decided to hijack and intercept all their wireless communications. He installed a fake communication tower between two authentic endpoints to mislead the victim. Bobby used this virtual tower to interrupt the data transmission between the user and real tower, attempting to hijack an active session, upon receiving the users request. Bobby manipulated the traffic with the virtual tower and redirected the victim to a malicious website. What is the attack performed by Bobby in the above scenario?

A.

Wardriving

B.

KRACK attack

C.

jamming signal attack

D.

aLTEr attack

Full Access
Question # 74

Which of the following types of SQL injection attacks extends the results returned by the original query, enabling attackers to run two or more statements if they have the same structure as the original one?

A.

Error-based injection

B.

Boolean-based blind SQL injection

C.

Blind SQL injection

D.

Union SQL injection

Full Access
Question # 75

Which of the following is a low-tech way of gaining unauthorized access to systems?

A.

Social Engineering

B.

Eavesdropping

C.

Scanning

D.

Sniffing

Full Access
Question # 76

What useful information is gathered during a successful Simple Mail Transfer Protocol (SMTP) enumeration?

A.

The two internal commands VRFY and EXPN provide a confirmation of valid users, email addresses, aliases, and mailing lists.

B.

Reveals the daily outgoing message limits before mailboxes are locked

C.

The internal command RCPT provides a list of ports open to message traffic.

D.

A list of all mail proxy server addresses used by the targeted host

Full Access
Question # 77

Firewalls are the software or hardware systems that are able to control and monitor the traffic coming in and out the target network based on pre-defined set of rules. Which of the following types of firewalls can protect against SQL injection attacks?

A.

Data-driven firewall

B.

Packet firewall

C.

Web application firewall

D.

Stateful firewall

Full Access
Question # 78

Session splicing is an IDS evasion technique in which an attacker delivers data in multiple, small sized packets to the target computer, making it very difficult for an IDS to detect the attack signatures. Which tool can be used to perform session splicing attacks?

A.

tcpsplice

B.

Burp

C.

Hydra

D.

Whisker

Full Access
Question # 79

Why containers are less secure that virtual machines?

A.

Host OS on containers has a larger surface attack.

B.

Containers may full fill disk space of the host.

C.

A compromise container may cause a CPU starvation of the host.

D.

Containers are attached to the same virtual network.

Full Access