Alice, a professional hacker, targeted an organization’s cloud services. She infiltrated the targets MSP provider by sending spear-phishing emails and distributed custom-made malware to compromise user accounts and gain remote access to the cloud service. Further, she accessed the target customer profiles with her MSP account, compressed the customer data, and stored them in the MSP. Then, she used this information to launch further attacks on the target organization .
Which of the following cloud attacks did Alice perform in the above scenario?
- A . Cloud hopper attack
- B . Cloud cryptojacking
- C . Cloudborne attack
- D . Man-in-the-cloud (MITC) attack
A
Explanation:
Operation Cloud Hopper was an in depth attack and theft of data in 2017 directed at MSP within the uk (U.K.), us (U.S.), Japan, Canada, Brazil, France, Switzerland, Norway, Finland, Sweden, South Africa, India, Thailand, South Korea and Australia. The group used MSP as intermediaries to accumulate assets and trade secrets from MSP client engineering, MSP industrial manufacturing, retail, energy, pharmaceuticals, telecommunications, and government agencies. Operation Cloud Hopper used over 70 variants of backdoors, malware and trojans. These were delivered through spear-phishing emails. The attacks scheduled tasks or leveraged services/utilities to continue Microsoft Windows systems albeit the pc system was rebooted. It installed malware and hacking tools to access systems and steal data.
Which of the following types of SQL injection attacks extends the results returned by the original query, enabling attackers to run two or more statements if they have the same structure as the original one?
- A . Error-based injection
- B . Boolean-based blind SQL injection
- C . Blind SQL injection
- D . Allnion SQL injection
Which of the following tools is used to analyze the files produced by several packet-capture programs such as tcpdump, WinDump, Wireshark, and EtherPeek?
- A . tcptrace
- B . Nessus
- C . OpenVAS
- D . tcptraceroute
Ethical hacker jane Smith is attempting to perform an SQL injection attach. She wants to test the response time of a true or false response and wants to use a second command to determine whether the database will return true or false results for user IDs.
Which two SQL Injection types would give her the results she is looking for?
- A . Out of band and boolean-based
- B . Time-based and union-based
- C . union-based and error-based
- D . Time-based and boolean-based
C
Explanation:
Union based SQL injection allows an attacker to extract information from the database by extending the results returned by the first query. The Union operator can only be used if the original/new queries have an equivalent structure Error-based SQL injection is an In-band injection technique where the error output from the SQL database is employed to control the info inside the database. In In-band injection, the attacker uses an equivalent channel for both attacks and collect data from the database.
What is the first step for a hacker conducting a DNS cache poisoning (DNS spoofing) attack against an organization?
- A . The attacker queries a nameserver using the DNS resolver.
- B . The attacker makes a request to the DNS resolver.
- C . The attacker forges a reply from the DNS resolver.
- D . The attacker uses TCP to poison the ONS resofver.
The following is an entry captured by a network IDS. You are assigned the task of analyzing this entry. You notice the value 0x90, which is the most common NOOP instruction for the Intel processor. You figure that the attacker is attempting a buffer overflow attack.
You also notice "/bin/sh" in the ASCII part of the output.
As an analyst what would you conclude about the attack?
- A . The buffer overflow attack has been neutralized by the IDS
- B . The attacker is creating a directory on the compromised machine
- C . The attacker is attempting a buffer overflow attack and has succeeded
- D . The attacker is attempting an exploit that launches a command-line shell
What hacking attack is challenge/response authentication used to prevent?
- A . Replay attacks
- B . Scanning attacks
- C . Session hijacking attacks
- D . Password cracking attacks
John wants to send Marie an email that includes sensitive information, and he does not trust the network that he is connected to. Marie gives him the idea of using PGP .
What should John do to communicate correctly using this type of encryption?
- A . Use his own public key to encrypt the message.
- B . Use Marie’s public key to encrypt the message.
- C . Use his own private key to encrypt the message.
- D . Use Marie’s private key to encrypt the message.
Which of the following steps for risk assessment methodology refers to vulnerability identification?
- A . Determines if any flaws exist in systems, policies, or procedures
- B . Assigns values to risk probabilities; Impact values.
- C . Determines risk probability that vulnerability will be exploited (High. Medium, Low)
- D . Identifies sources of harm to an IT system. (Natural, Human. Environmental)
Which system consists of a publicly available set of databases that contain domain name registration contact information?
- A . WHOIS
- B . CAPTCHA
- C . IANA
- D . IETF
You want to do an ICMP scan on a remote computer using hping2 .
What is the proper syntax?
- A . hping2 host.domain.com
- B . hping2 –set-ICMP host.domain.com
- C . hping2 -i host.domain.com
- D . hping2 -1 host.domain.com
Jake, a professional hacker, installed spyware on a target iPhone to spy on the target user’s activities. He can take complete control of the target mobile device by jailbreaking the device remotely and record audio, capture screenshots, and monitor all phone calls and SMS messages .
What is the type of spyware that Jake used to infect the target device?
- A . DroidSheep
- B . Androrat
- C . Zscaler
- D . Trident
You are programming a buffer overflow exploit and you want to create a NOP sled of 200 bytes in the program exploit.c
What is the hexadecimal value of NOP instruction?
- A . 0x60
- B . 0x80
- C . 0x70
- D . 0x90
How can you determine if an LM hash you extracted contains a password that is less than 8 characters long?
- A . There is no way to tell because a hash cannot be reversed
- B . The right most portion of the hash is always the same
- C . The hash always starts with AB923D
- D . The left most portion of the hash is always the same
- E . A portion of the hash will be all 0’s
You are tasked to perform a penetration test. While you are performing information gathering, you find an employee list in Google. You find the receptionist’s email, and you send her an email changing the source email to her boss’s email (boss@company). In this email, you ask for a pdf with information. She reads your email and sends back a pdf with links. You exchange the pdf links with your malicious links (these links contain malware) and send back the modified pdf, saying that the links don’t work. She reads your email, opens the links, and her machine gets infected. You now have access to the company network .
What testing method did you use?
- A . Social engineering
- B . Piggybacking
- C . Tailgating
- D . Eavesdropping
BitLocker encryption has been implemented for all the Windows-based computers in an organization. You are concerned that someone might lose their cryptographic key. Therefore, a mechanism was implemented to recover the keys from Active Directory .
What is this mechanism called in cryptography?
- A . Key archival
- B . Key escrow.
- C . Certificate rollover
- D . Key renewal
Attempting an injection attack on a web server based on responses to True/False questions is called which of the following?
- A . Compound SQLi
- B . Blind SQLi
- C . Classic SQLi
- D . DMS-specific SQLi
Your company was hired by a small healthcare provider to perform a technical assessment on the network.
What is the best approach for discovering vulnerabilities on a Windows-based computer?
- A . Use the built-in Windows Update tool
- B . Use a scan tool like Nessus
- C . Check MITRE.org for the latest list of CVE findings
- D . Create a disk image of a clean Windows installation
Which results will be returned with the following Google search query?
site:target.com C site: Marketing.target.com accounting
- A . Results from matches on the site marketing.target.com that are in the domain target.com but do not include the word accounting.
- B . Results matching all words in the query.
- C . Results for matches on target.com and Marketing.target.com that include the word “accounting”
- D . Results matching “accounting” in domain target.com but not on the site Marketing.target.com
Jack, a professional hacker, targets an organization and performs vulnerability scanning on the target web server to identify any possible weaknesses, vulnerabilities, and misconfigurations. In this process, Jack uses an automated tool that eases his work and performs vulnerability scanning to find hosts, services, and other vulnerabilities in the target server .
Which of the following tools is used by Jack to perform vulnerability scanning?
- A . Infoga
- B . WebCopier Pro
- C . Netsparker
- D . NCollector Studio
Joel, a professional hacker, targeted a company and identified the types of websites frequently visited by its employees. Using this information, he searched for possible loopholes in these websites and injected a malicious script that can redirect users from the web page and download malware onto a victim’s machine. Joel waits for the victim to access the infected web application so as to compromise the victim’s machine .
Which of the following techniques is used by Joel in the above scenario?
- A . DNS rebinding attack
- B . Clickjacking attack
- C . MarioNet attack
- D . Watering hole attack
John is investigating web-application firewall logs and observers that someone is attempting to inject the following:
char buff[10];
buff[>o] – ‘a’:
What type of attack is this?
- A . CSRF
- B . XSS
- C . Buffer overflow
- D . SQL injection
C
Explanation:
Buffer overflow this attack is an anomaly that happens when software writing data to a buffer overflows the buffer’s capacity, leading to adjacent memory locations being overwritten. In other words, an excessive amount of information is being passed into a container that doesn’t have enough space, which information finishes up replacing data in adjacent containers. Buffer overflows are often exploited by attackers with a goal of modifying a computer’s memory so as to undermine or take hold of program execution.
What’s a buffer? A buffer, or data buffer, is a neighborhood of physical memory storage wont to temporarily store data while it’s being moved from one place to a different. These buffers typically sleep in RAM memory. Computers frequently use buffers to assist improve performance; latest hard drives cash in of buffering to efficiently access data, and lots of online services also use buffers. for instance, buffers are frequently utilized in online video streaming to stop interruption. When a video is streamed, the video player downloads and stores perhaps 20% of the video at a time during a buffer then streams from that buffer. This way, minor drops in connection speed or quick service disruptions won’t affect the video stream performance. Buffers are designed to contain specific amounts of knowledge. Unless the program utilizing the buffer has built-in instructions to discard data when an excessive amount of is shipped to the buffer, the program will overwrite data in memory adjacent to the buffer. Buffer overflows are often exploited by attackers to corrupt software. Despite being well-understood, buffer overflow attacks are still a serious security problem that torment cyber-security teams. In 2014 a threat referred to as ‘heartbleed’ exposed many many users to attack due to a buffer overflow vulnerability in SSL software.
How do attackers exploit buffer overflows? An attacker can deliberately feed a carefully crafted input into a program which will cause the program to undertake and store that input during a buffer that isn’t large enough, overwriting portions of memory connected to the buffer space. If the memory layout of the program is well-defined, the attacker can deliberately overwrite areas known to contain executable code. The attacker can then replace this code together with his own executable code, which may drastically change how the program is meant to figure .For example if the overwritten part in memory contains a pointer (an object that points to a different place in memory) the attacker’s code could replace that code with another pointer that points to an exploit payload. this will transfer control of the entire program over to the attacker’s code.
In an internal security audit, the white hat hacker gains control over a user account and attempts to acquire access to another account’s confidential files and information .
How can he achieve this?
- A . Privilege Escalation
- B . Shoulder-Surfing
- C . Hacking Active Directory
- D . Port Scanning
Which is the first step followed by Vulnerability Scanners for scanning a network?
- A . OS Detection
- B . Firewall detection
- C . TCP/UDP Port scanning
- D . Checking if the remote host is alive
Which of these is capable of searching for and locating rogue access points?
- A . HIDS
- B . WISS
- C . WIPS
- D . NIDS
John, a security analyst working for an organization, found a critical vulnerability on the
organization’s LAN that allows him to view financial and personal information about the rest of the employees. Before reporting the vulnerability, he examines the information shown by the vulnerability for two days without disclosing any information to third parties or other internal employees. He does so out of curiosity about the other employees and may take advantage of this information later .
What would John be considered as?
- A . Acybercriminal
- B . Black hat
- C . White hat
- D . Gray hat
During an Xmas scan what indicates a port is closed?
- A . No return response
- B . RST
- C . ACK
- D . SYN
You work for Acme Corporation as Sales Manager. The company has tight network security restrictions. You are trying to steal data from the company’s Sales database (Sales.xls) and transfer them to your home computer. Your company filters and monitors traffic that leaves from the internal network to the Internet .
How will you achieve this without raising suspicion?
- A . Encrypt the Sales.xls using PGP and e-mail it to your personal gmail account
- B . Package the Sales.xls using Trojan wrappers and telnet them back your home computer
- C . You can conceal the Sales.xls database in another file like photo.jpg or other files and send it out in an innocent looking email or file transfer using Steganography techniques
- D . Change the extension of Sales.xls to sales.txt and upload them as attachment to your hotmail account
Hackers often raise the trust level of a phishing message by modeling the email to look similar to the internal email used by the target company. This includes using logos, formatting, and names of the target company. The phishing message will often use the name of the company CEO, President, or Managers.
The time a hacker spends performing research to locate this information about a company is known as?
- A . Exploration
- B . Investigation
- C . Reconnaissance
- D . Enumeration
Which of the following tactics uses malicious code to redirect users’ web traffic?
- A . Spimming
- B . Pharming
- C . Phishing
- D . Spear-phishing
What does the following command in netcat do?
nc -l -u -p55555 < /etc/passwd
- A . logs the incoming connections to /etc/passwd file
- B . loads the /etc/passwd file to the UDP port 55555
- C . grabs the /etc/passwd file when connected to UDP port 55555
- D . deletes the /etc/passwd file when connected to the UDP port 55555
This form of encryption algorithm is asymmetric key block cipher that is characterized by a 128-bit block size, and its key size can be up to 256 bits .
Which among the following is this encryption algorithm?
- A . Twofish encryption algorithm
- B . HMAC encryption algorithm
- C . IDEA
- D . Blowfish encryption algorithm
A
Explanation:
Twofish is an encryption algorithm designed by Bruce Schneier. It’s a symmetric key block cipher with a block size of 128 bits, with keys up to 256 bits. it’s associated with AES (Advanced Encryption Standard) and an earlier block cipher called Blowfish. Twofish was actually a finalist to become the industry standard for encryption, but was ultimately beaten out by the present AES. Twofish has some distinctive features that set it aside from most other cryptographic protocols. For one, it uses pre-computed, key-dependent S-boxes. An S-box (substitution-box) may be a basic component of any symmetric key algorithm which performs substitution. within the context of Twofish’s block cipher, the S-box works to obscure the connection of the key to the ciphertext. Twofish uses a pre-computed, key-dependent S-box which suggests that the S-box is already provided, but depends on the cipher key to decrypt the knowledge.
How Secure is Twofish? Twofish is seen as a really secure option as far as encryption protocols go. one among the explanations that it wasn’t selected because the advanced encryption standard is thanks to its slower speed. Any encryption standard that uses a 128-bit or higher key, is theoretically safe from brute force attacks. Twofish is during this category. Because Twofish uses “pre-computed key-dependent S-boxes”, it are often susceptible to side channel attacks. this is often thanks to the tables being pre-computed. However, making these tables key-dependent helps mitigate that risk. There are a couple of attacks on Twofish, but consistent with its creator, Bruce Schneier, it didn’t constitute a real cryptanalysis. These attacks didn’t constitue a practical break within the cipher. Products That Use TwofishGnuPG: GnuPG may be a complete and free implementation of the OpenPGP standard as defined by RFC4880 (also referred to as PGP). GnuPG allows you to encrypt and sign your data and communications; it features a flexible key management system, along side access modules for all types of public key directories. KeePass: KeePass may be a password management tool that generates passwords with top-notch security. It’s a free, open source, lightweight and easy-to-use password manager with many extensions and plugins. Password Safe: Password Safe uses one master password to stay all of your passwords protected, almost like the functionality of most of the password managers on this list. It allows you to store all of your passwords during a single password database, or multiple databases for various purposes. Creating a database is straightforward, just create the database, set your master password. PGP (Pretty Good Privacy): PGP is employed mostly for email encryption, it encrypts the content of the e-mail. However, Pretty Good Privacy doesn’t encrypt the topic and sender of the e-mail, so make certain to never put sensitive information in these fields when using PGP. TrueCrypt: TrueCrypt may be a software program that encrypts and protects files on your devices. With TrueCrypt the encryption is transparent to the user and is completed locally at the user’s computer. this suggests you’ll store a TrueCrypt file on a server and TrueCrypt will encrypt that file before it’s sent over the network.
Sam is a penetration tester hired by Inception Tech, a security organization. He was asked to perform port scanning on a target host in the network. While performing the given task, Sam sends FIN/ACK probes and determines that an RST packet is sent in response by the target host, indicating that the port is closed.
What is the port scanning technique used by Sam to discover open ports?
- A . Xmas scan
- B . IDLE/IPID header scan
- C . TCP Maimon scan
- D . ACK flag probe scan
Mason, a professional hacker, targets an organization and spreads Emotet malware through malicious script. After infecting the victim’s device. Mason further used Emotet to spread the infection across local networks and beyond to compromise as many machines as possible. In this process, he used a tool, which is a self-extracting RAR file, to retrieve information related to network resources such as writable share drives .
What is the tool employed by Mason in the above scenario?
- A . NetPass.exe
- B . Outlook scraper
- C . WebBrowserPassView
- D . Credential enumerator
An attacker utilizes a Wi-Fi Pineapple to run an access point with a legitimate-looking SSID for a nearby business in order to capture the wireless password .
What kind of attack is this?
- A . MAC spoofing attack
- B . Evil-twin attack
- C . War driving attack
- D . Phishing attack
Mike, a security engineer, was recently hired by BigFox Ltd. The company recently experienced disastrous DoS attacks. The management had instructed Mike to build defensive strategies for the company’s IT infrastructure to thwart DoS/DDoS attacks. Mike deployed some countermeasures to handle jamming and scrambling attacks .
What is the countermeasure Mike applied to defend against jamming and scrambling attacks?
- A . Allow the usage of functions such as gets and strcpy
- B . Allow the transmission of all types of addressed packets at the ISP level
- C . Implement cognitive radios in the physical layer
- D . A Disable TCP SYN cookie protection
Which type of malware spreads from one system to another or from one network to another and causes similar types of damage as viruses do to the infected system?
- A . Rootkit
- B . Trojan
- C . A Worm
- D . Adware
Louis, a professional hacker, had used specialized tools or search engines to encrypt all his browsing activity and navigate anonymously to obtain sensitive/hidden information about official government or federal databases. After gathering the Information, he successfully performed an attack on the target government organization without being traced .
Which of the following techniques is described in the above scenario?
- A . Dark web footprinting
- B . VoIP footpnnting
- C . VPN footprinting
- D . website footprinting
A
Explanation:
VoIP (Voice over Internet Protocol) is a web convention that permits the transmission of voice brings over the web. It does as such by changing over the ordinary telephone signals into advanced signs. Virtual Private Networks(VPN) give a protected association with an associations’ organization. Along these lines, VoIP traffic can disregard a SSL-based VPN, successfully scrambling VoIP administrations.
When leading surveillance, in the underlying phases of VoIP footprinting, the accompanying freely accessible data can be normal:
✑ All open ports and administrations of the gadgets associated with the VoIP organization
✑ The public VoIP worker IP address
✑ The working arrangement of the worker running VoIP
✑ The organization framework
Fred is the network administrator for his company. Fred is testing an internal switch.
From an external IP address, Fred wants to try and trick this switch into thinking it already has established a session with his computer .
How can Fred accomplish this?
- A . Fred can accomplish this by sending an IP packet with the RST/SIN bit and the source address of his computer.
- B . He can send an IP packet with the SYN bit and the source address of his computer.
- C . Fred can send an IP packet with the ACK bit set to zero and the source address of the switch.
- D . Fred can send an IP packet to the switch with the ACK bit and the source address of his machine.
in this attack, an adversary tricks a victim into reinstalling an already-in-use key. This is achieved by manipulating and replaying cryptographic handshake messages. When the victim reinstall the key, associated parameters such as the incremental transmit packet number and receive packet number are reset to their initial values .
What is this attack called?
- A . Chop chop attack
- B . KRACK
- C . Evil twin
- D . Wardriving
B
Explanation:
In this attack KRACK is an acronym for Key Reinstallation Attack. KRACK may be a severe replay attack on Wi-Fi Protected Access protocol (WPA2), which secures your Wi-Fi connection. Hackers use KRACK to take advantage of a vulnerability in WPA2. When in close range of a possible victim, attackers can access and skim encrypted data using KRACK.
How KRACK Works Your Wi-Fi client uses a four-way handshake when attempting to attach to a protected network. The handshake confirms that both the client ― your smartphone, laptop, et cetera ― and therefore the access point share the right credentials, usually a password for the network. This establishes the Pairwise passkey (PMK), which allows for encoding. Overall, this handshake procedure allows for quick logins and connections and sets up a replacement encryption key with each connection. this is often what keeps data secure on Wi-Fi connections, and every one protected Wi-Fi connections use the four-way
handshake for security. This protocol is that the reason users are encouraged to use private or credential-protected Wi-Fi instead of public connections. RACK affects the third step of the handshake, allowing the attacker to control and replay the WPA2 encryption key to trick it into installing a key already in use. When the key’s reinstalled, other parameters related to it ― the incremental transmit packet number called the nonce and therefore the replay counter ― are set to their original values. Rather than move to the fourth step within the four-way handshake, nonce resets still replay transmissions of the third step. This sets up the encryption protocol for attack, and counting on how the attackers replay the third-step transmissions, they will take down Wi-Fi security.
Why KRACK may be a ThreatThink of all the devices you employ that believe Wi-Fi. it isn’t almost laptops and smartphones; numerous smart devices now structure the web of Things (IoT). due to the vulnerability in WPA2, everything connected to Wi-Fi is in danger of being hacked or hijacked. Attackers using KRACK can gain access to usernames and passwords also as data stored on devices. Hackers can read emails and consider photos of transmitted data then use that information to blackmail users or sell it on the Dark Web. Theft of stored data requires more steps, like an HTTP content injection to load malware into the system. Hackers could conceivably take hold of any device used thereon Wi-Fi connection. Because the attacks require hackers to be on the brink of the target, these internet security threats could also cause physical security threats. On the opposite hand, the necessity to be in close proximity is that the only excellent news associated with KRACK, as meaning a widespread attack would be extremely difficult. Victims are specifically targeted. However, there are concerns that a experienced attacker could develop the talents to use HTTP content injection to load malware onto websites to make a more widespread affect.
Everyone is in danger from KRACK vulnerability. Patches are available for Windows and iOS devices, but a released patch for Android devices is currently in question (November 2017). There are issues with the discharge, and lots of question if all versions and devices are covered. The real problem is with routers and IoT devices. These devices aren’t updated as regularly as computer operating systems, and for several devices, security flaws got to be addressed on the manufacturing side. New devices should address KRACK, but the devices you have already got in your home probably aren’t protected. The best protection against KRACK is to make sure any device connected to Wi-Fi is patched and updated with the newest firmware. that has checking together with your router’s manufacturer periodically to ascertain if patches are available.
The safest connection option may be a private VPN, especially when publicly spaces. If you would like a VPN for private use, avoid free options, as they need their own security problems and there’ll even be issues with HTTPs. Use a paid service offered by a trusted vendor like Kaspersky. Also, more modern networks use WPA3 for better security. Avoid using public Wi-Fi, albeit it’s password protection. That password is out there to almost anyone, which reduces the safety level considerably. All the widespread implications of KRACK and therefore the WPA2 vulnerability aren’t yet clear. what’s certain is that everybody who uses Wi-Fi is in danger and wishes to require precautions to guard their data and devices.
What term describes the amount of risk that remains after the vulnerabilities are classified and the countermeasures have been deployed?
- A . Residual risk
- B . Impact risk
- C . Deferred risk
- D . Inherent risk
CORRECT TEXT
A group of hackers were roaming around a bank office building in a city, driving a luxury car. They were using hacking tools on their laptop with the intention to find a free-access wireless network .
What is
- A . this hacking process known as?
- B . GPS mapping
- C . Spectrum analysis
- D . Wardriving Wireless sniffing
CORRECT TEXT
A group of hackers were roaming around a bank office building in a city, driving a luxury car. They were using hacking tools on their laptop with the intention to find a free-access wireless network .
What is
- A . this hacking process known as?
- B . GPS mapping
- C . Spectrum analysis
- D . Wardriving Wireless sniffing
CORRECT TEXT
A group of hackers were roaming around a bank office building in a city, driving a luxury car. They were using hacking tools on their laptop with the intention to find a free-access wireless network .
What is
- A . this hacking process known as?
- B . GPS mapping
- C . Spectrum analysis
- D . Wardriving Wireless sniffing
CORRECT TEXT
A group of hackers were roaming around a bank office building in a city, driving a luxury car. They were using hacking tools on their laptop with the intention to find a free-access wireless network .
What is
- A . this hacking process known as?
- B . GPS mapping
- C . Spectrum analysis
- D . Wardriving Wireless sniffing
CORRECT TEXT
A group of hackers were roaming around a bank office building in a city, driving a luxury car. They were using hacking tools on their laptop with the intention to find a free-access wireless network .
What is
- A . this hacking process known as?
- B . GPS mapping
- C . Spectrum analysis
- D . Wardriving Wireless sniffing
Attacker creates a transparent ‘iframe’ in front of the URL which victim attempts to click, so victim thinks that he/she clicks to the ‘Do you want to make $1000 in a day?’ URL but actually he/she clicks to the content or URL that exists in the transparent ‘iframe’ which is setup by the attacker.
What is the name of the attack which is mentioned in the scenario?
- A . Session Fixation
- B . HTML Injection
- C . HTTP Parameter Pollution
- D . Clickjacking Attack
On performing a risk assessment, you need to determine the potential impacts when some of the critical business processes of the company interrupt its service.
What is the name of the process by which you can determine those critical businesses?
- A . Emergency Plan Response (EPR)
- B . Business Impact Analysis (BIA)
- C . Risk Mitigation
- D . Disaster Recovery Planning (DRP)
A regional bank hires your company to perform a security assessment on their network after a recent data breach. The attacker was able to steal financial data from the bank by compromising only a single server.
Based on this information, what should be one of your key recommendations to the bank?
- A . Place a front-end web server in a demilitarized zone that only handles external web traffic
- B . Require all employees to change their anti-virus program with a new one
- C . Move the financial data to another server on the same IP subnet
- D . Issue new certificates to the web servers from the root certificate authority
Which of the following DoS tools is used to attack target web applications by starvation of available sessions on the web server?
The tool keeps sessions at halt using never-ending POST transmissions and sending an arbitrarily large content-length header value.
- A . My Doom
- B . Astacheldraht
- C . R-U-Dead-Yet?(RUDY)
- D . LOIC
DNS cache snooping is a process of determining if the specified resource address is present in the DNS cache records. It may be useful during the examination of the network to determine what software update resources are used, thus discovering what software is installed.
What command is used to determine if the entry is present in DNS cache?
- A . nslookup -fullrecursive update.antivirus.com
- B . dnsnooping Crt update.antivirus.com
- C . nslookup -norecursive update.antivirus.com
- D . dns –snoop update.antivirus.com
What is the purpose of DNS AAAA record?
- A . Authorization, Authentication and Auditing record
- B . Address prefix record
- C . Address database record
- D . IPv6 address resolution record
Log monitoring tools performing behavioral analysis have alerted several suspicious logins on a Linux server occurring during non-business hours. After further examination of all login activities, it is noticed that none of the logins have occurred during typical work hours. A Linux administrator who is investigating this problem realizes the system time on the Linux server is wrong by more than twelve hours .
What protocol used on Linux servers to synchronize the time has stopped working?
- A . Time Keeper
- B . NTP
- C . PPP
- D . OSPP
What does a firewall check to prevent particular ports and applications from getting packets into an organization?
- A . Transport layer port numbers and application layer headers
- B . Presentation layer headers and the session layer port numbers
- C . Network layer headers and the session layer port numbers
- D . Application layer port numbers and the transport layer headers
An incident investigator asks to receive a copy of the event logs from all firewalls, proxy servers, and Intrusion Detection Systems (IDS) on the network of an organization that has experienced a possible breach of security. When the investigator attempts to correlate the information in all of the logs, the sequence of many of the logged events do not match up.
What is the most likely cause?
- A . The network devices are not all synchronized.
- B . Proper chain of custody was not observed while collecting the logs.
- C . The attacker altered or erased events from the logs.
- D . The security breach was a false positive.
To create a botnet. the attacker can use several techniques to scan vulnerable machines. The attacker first collects Information about a large number of vulnerable machines to create a list. Subsequently, they infect the machines. The list Is divided by assigning half of the list to the newly compromised machines. The scanning process runs simultaneously. This technique ensures the spreading and installation of malicious code in little time.
Which technique is discussed here?
- A . Hit-list-scanning technique
- B . Topological scanning technique
- C . Subnet scanning technique
- D . Permutation scanning technique
A
Explanation:
One of the biggest problems a worm faces in achieving a very fast rate of infection is “getting off the ground.” although a worm spreads exponentially throughout the early stages of infection, the time needed to infect say the first 10,000 hosts dominates the infection time.
There is a straightforward way for an active worm a simple this obstacle, that we term hit-list scanning. Before the worm is free, the worm author collects a listing of say ten,000 to 50,000 potentially vulnerable machines, ideally ones with sensible network connections.
The worm, when released onto an initial machine on this hit-list, begins scanning down the list. once it infects a machine, it divides the hit-list in half, communicating half to the recipient worm, keeping the other half.
This fast division ensures that even if only 10-20% of the machines on the hit-list are actually vulnerable, an active worm can quickly bear the hit-list and establish itself on all vulnerable machines in only some seconds. though the hit-list could begin at 200 kilobytes, it quickly shrinks to nothing during the partitioning. This provides a great benefit in constructing a quick worm by speeding the initial infection.
The hit-list needn’t be perfect: a simple list of machines running a selected server sort could serve, though larger accuracy can improve the unfold. The hit-list itself is generated victimization one or many of the following techniques, ready well before, typically with very little concern of detection.
✑ Stealthy scans. Portscans are so common and then wide ignored that even a quick scan of the whole net would be unlikely to attract law enforcement attention or over gentle comment within the incident response community. However, for attackers wish to be particularly careful, a randomised sneaky scan taking many months would be not possible to attract much attention, as most intrusion detection systems are not currently capable of detecting such low-profile scans. Some portion of the scan would be out of date by the time it had been used, however abundant of it’d not.
✑ Distributed scanning. an assailant might scan the web using a few dozen to some thousand already-compromised “zombies,” the same as what DDOS attackers assemble in a very fairly routine fashion. Such distributed scanning has already been seen within the wildCLawrence Berkeley National Laboratory received ten throughout the past year.
✑ DNS searches. Assemble a list of domains (for example, by using wide offered spam mail lists, or trolling the address registries). The DNS will then be searched for the science addresses of mail-servers (via mx records) or net servers (by looking for www.domain.com).
✑ Spiders. For net server worms (like Code Red), use Web-crawling techniques the same as search engines so as to produce a list of most Internet-connected web sites. this would be unlikely to draw in serious attention.
✑ Public surveys. for many potential targets there may be surveys available listing them, like the Netcraft survey.
✑ Just listen. Some applications, like peer-to-peer networks, wind up advertising many of their servers. Similarly, many previous worms effectively broadcast that the infected machine is vulnerable to further attack. easy, because of its widespread scanning, during the Code Red I infection it was easy to select up the addresses of upwards of 300,000 vulnerable IIS serversCbecause each came knock on everyone’s door!
Henry is a penetration tester who works for XYZ organization. While performing enumeration on a client organization, he queries the DNS server for a specific cached DNS record. Further, by using this cached record, he determines the sites recently visited by the organization’s user .
What is the enumeration technique used by Henry on the organization?
- A . DNS zone walking
- B . DNS cache snooping
- C . DNS SEC zone walking
- D . DNS cache poisoning
Alice needs to send a confidential document to her coworker. Bryan. Their company has public key infrastructure set up. Therefore. Alice both encrypts the message and digitally signs it. Alice uses_______to encrypt the message, and Bryan uses__________to confirm the digital signature.
- A . Bryan’s public key; Bryan’s public key
- B . Alice’s public key; Alice’s public key
- C . Bryan’s private key; Alice’s public key
- D . Bryan’s public key; Alice’s public key
You are a Network Security Officer. You have two machines. The first machine (192.168.0.99) has snort installed, and the second machine (192.168.0.150) has kiwi syslog installed. You perform a syn scan in your network, and you notice that kiwi syslog is not receiving the alert message from snort. You decide to run wireshark in the snort machine to check if the messages are going to the kiwi syslog machine .
What Wireshark filter will show the connections from the snort machine to kiwi syslog machine?
- A . tcp.srcport= = 514 && ip.src= = 192.168.0.99
- B . tcp.srcport= = 514 && ip.src= = 192.168.150
- C . tcp.dstport= = 514 && ip.dst= = 192.168.0.99
- D . tcp.dstport= = 514 && ip.dst= = 192.168.0.150
Which regulation defines security and privacy controls for Federal information systems and organizations?
- A . HIPAA
- B . EU Safe Harbor
- C . PCI-DSS
- D . NIST-800-53
Which of the following is the least-likely physical characteristic to be used in biometric control that supports a large company?
- A . Iris patterns
- B . Voice
- C . Height and Weight
- D . Fingerprints
Tony is a penetration tester tasked with performing a penetration test. After gaining initial access to a target system, he finds a list of hashed passwords.
Which of the following tools would not be useful for cracking the hashed passwords?
- A . John the Ripper
- B . Hashcat
- C . netcat
- D . THC-Hydra
In Trojan terminology, what is a covert channel?
- A . A channel that transfers information within a computer system or network in a way that violates the security policy
- B . A legitimate communication path within a computer system or network for transfer of data
- C . It is a kernel operation that hides boot processes and services to mask detection
- D . It is Reverse tunneling technique that uses HTTPS protocol instead of HTTP protocol to establish connections
Bob received this text message on his mobile phone: “Hello, this is Scott Smelby from the Yahoo Bank. Kindly contact me for a vital transaction on: scottsmelby@yahoo.com” .
Which statement below is true?
- A . This is a scam as everybody can get a @yahoo address, not the Yahoo customer service employees.
- B . This is a scam because Bob does not know Scott.
- C . Bob should write to scottmelby@yahoo.com to verify the identity of Scott.
- D . This is probably a legitimate message as it comes from a respectable organization.
Which protocol is used for setting up secure channels between two devices, typically in
VPNs?
- A . PEM
- B . ppp
- C . IPSEC
- D . SET
An organization has automated the operation of critical infrastructure from a remote location. For this purpose, all the industrial control systems are connected to the Internet. To empower the manufacturing process, ensure the reliability of industrial networks, and reduce downtime and service disruption, the organization deckled to install an OT security tool that further protects against security incidents such as cyber espionage, zero-day attacks, and malware .
Which of the following tools must the organization employ to protect its critical infrastructure?
- A . Robotium
- B . BalenaCloud
- C . Flowmon
- D . IntentFuzzer
An Internet Service Provider (ISP) has a need to authenticate users connecting via analog modems, Digital Subscriber Lines (DSL), wireless data services, and Virtual Private Networks (VPN) over a Frame Relay network.
Which AAA protocol is the most likely able to handle this requirement?
- A . TACACS+
- B . DIAMETER
- C . Kerberos
- D . RADIUS
Which of the following is the structure designed to verify and authenticate the identity of individuals within the enterprise taking part in a data exchange?
- A . SOA
- B . biometrics
- C . single sign on
- D . PKI
Although FTP traffic is not encrypted by default, which layer 3 protocol would allow for end-to-end encryption of the connection?
- A . SFTP
- B . Ipsec
- C . SSL
- D . FTPS
An attacker changes the profile information of a particular user (victim) on the target website. The attacker uses this string to update the victim’s profile to a text file and then submit the data to the attacker’s database.
< iframe src=““http://www.vulnweb.com/updateif.php”” style=““display:none””</iframe> >
What is this type of attack (that can use either HTTP GET or HTTP POST) called?
- A . Browser Hacking
- B . Cross-Site Scripting
- C . SQL Injection
- D . Cross-Site Request Forgery
Samuel, a professional hacker, monitored and Intercepted already established traffic between Bob and a host machine to predict Bob’s ISN. Using this ISN, Samuel sent spoofed packets with Bob’s IP address to the host machine. The host machine responded with <| packet having an Incremented ISN. Consequently. Bob’s connection got hung, and Samuel was able to communicate with the host machine on behalf of Bob .
What is the type of attack performed by Samuel in the above scenario?
- A . UDP hijacking
- B . Blind hijacking
- C . TCP/IP hacking
- D . Forbidden attack
C
Explanation:
A TCP/IP hijack is an attack that spoofs a server into thinking it’s talking with a sound client, once actually it’s communication with an assaulter that has condemned (or hijacked) the tcp session. Assume that the client has administrator-level privileges, which the attacker needs to steal that authority so as to form a brand new account with root-level access of the server to be used afterward. A tcp Hijacking is sort of a two-phased man-in-the-middle attack. The man-in-the-middle assaulter lurks within the circuit between a shopper and a server so as to work out what port and sequence numbers are being employed for the conversation.
First, the attacker knocks out the client with an attack, like Ping of Death, or ties it up with some reasonably ICMP storm. This renders the client unable to transmit any packets to the server. Then, with the client crashed, the attacker assumes the client’s identity so as to talk with the server. By this suggests, the attacker gains administrator-level access to the server.
One of the most effective means of preventing a hijack attack is to want a secret, that’s a shared secret between the shopper and also the server. looking on the strength of security desired, the key may be used for random exchanges. this is often once a client and server periodically challenge each other, or it will occur with each exchange, like Kerberos.
In the context of Windows Security, what is a ‘null’ user?
- A . A user that has no skills
- B . An account that has been suspended by the admin
- C . A pseudo account that has no username and password
- D . A pseudo account that was created for security administration purpose
This TCP flag instructs the sending system to transmit all buffered data immediately.
- A . SYN
- B . RST
- C . PSH
- D . URG
- E . FIN
When a normal TCP connection starts, a destination host receives a SYN (synchronize/start) packet from a source host and sends back a SYN/ACK (synchronize acknowledge). The destination host must then hear an ACK (acknowledge) of the SYN/ACK before the connection is established. This is referred to as the "TCP three-way handshake." While waiting for the ACK to the SYN ACK, a connection queue of finite size on the destination host keeps track of connections waiting to be completed. This queue typically empties quickly since the ACK is expected to arrive a few milliseconds after the SYN ACK.
How would an attacker exploit this design by launching TCP SYN attack?
- A . Attacker generates TCP SYN packets with random destination addresses towards a victim host
- B . Attacker floods TCP SYN packets with random source addresses towards a victim host
- C . Attacker generates TCP ACK packets with random source addresses towards a victim host
- D . Attacker generates TCP RST packets with random source addresses towards a victim host
Elante company has recently hired James as a penetration tester. He was tasked with performing enumeration on an organization’s network. In the process of enumeration, James discovered a service that is accessible to external sources. This service runs directly on port 21 .
What is the service enumerated byjames in the above scenario?
- A . Border Gateway Protocol (BGP)
- B . File Transfer Protocol (FTP)
- C . Network File System (NFS)
- D . Remote procedure call (RPC)
When you are testing a web application, it is very useful to employ a proxy tool to save every request and response. You can manually test every request and analyze the response to find vulnerabilities. You can test parameter and headers manually to get more precise results than if using web vulnerability scanners.
What proxy tool will help you find web vulnerabilities?
- A . Maskgen
- B . Dimitry
- C . Burpsuite
- D . Proxychains
in an attempt to increase the security of your network, you Implement a solution that will help keep your wireless network undiscoverable and accessible only to those that know It .
How do you accomplish this?
- A . Delete the wireless network
- B . Remove all passwords
- C . Lock all users
- D . Disable SSID broadcasting
Which of the following programming languages is most susceptible to buffer overflow attacks, due to its lack of a built-in bounds checking mechanism?
Code:
#include <string.h> int main(){char buffer[8];
strcpy(buffer, ““11111111111111111111111111111””);} Output: Segmentation fault
- A . C#
- B . Python
- C . Java
- D . C++
Which of the following algorithms can be used to guarantee the integrity of messages being sent, in transit, or stored?
- A . symmetric algorithms
- B . asymmetric algorithms
- C . hashing algorithms
- D . integrity algorithms
Which among the following is the best example of the hacking concept called "clearing tracks"?
- A . After a system is breached, a hacker creates a backdoor to allow re-entry into a system.
- B . During a cyberattack, a hacker injects a rootkit into a server.
- C . An attacker gains access to a server through an exploitable vulnerability.
- D . During a cyberattack, a hacker corrupts the event logs on all machines.
Peter is surfing the internet looking for information about DX Company .
Which hacking process is Peter doing?
- A . Scanning
- B . Footprinting
- C . Enumeration
- D . System Hacking
When analyzing the IDS logs, the system administrator noticed an alert was logged when the external router was accessed from the administrator’s Computer to update the router configuration .
What type of an alert is this?
- A . False negative
- B . True negative
- C . True positive
- D . False positive
Study the following log extract and identify the attack.
- A . Hexcode Attack
- B . Cross Site Scripting
- C . Multiple Domain Traversal Attack
- D . Unicode Directory Traversal Attack
An attacker identified that a user and an access point are both compatible with WPA2 and WPA3 encryption. The attacker installed a rogue access point with only WPA2 compatibility in the vicinity and forced the victim to go through the WPA2 four-way handshake to get connected. After the connection was established, the attacker used automated tools to crack WPA2-encrypted messages .
What is the attack performed in the above scenario?
- A . Timing-based attack
- B . Side-channel attack
- C . Downgrade security attack
- D . Cache-based attack
If a token and 4-digit personal identification number (PIN) are used to access a computer system and the token performs off-line checking for the correct PIN, what type of attack is possible?
- A . Birthday
- B . Brute force
- C . Man-in-the-middle
- D . Smurf
What is the proper response for a NULL scan if the port is open?
- A . SYN
- B . ACK
- C . FIN
- D . PSH
- E . RST
- F . No response
Nathan is testing some of his network devices. Nathan is using Macof to try and flood the ARP cache of these switches.
If these switches’ ARP cache is successfully flooded, what will be the result?
- A . The switches will drop into hub mode if the ARP cache is successfully flooded.
- B . If the ARP cache is flooded, the switches will drop into pix mode making it less susceptible to attacks.
- C . Depending on the switch manufacturer, the device will either delete every entry in its ARP cache or reroute packets to the nearest switch.
- D . The switches will route all traffic to the broadcast address created collisions.
What did the following commands determine?
- A . That the Joe account has a SID of 500
- B . These commands demonstrate that the guest account has NOT been disabled
- C . These commands demonstrate that the guest account has been disabled
- D . That the true administrator is Joe
- E . Issued alone, these commands prove nothing
What do Trinoo, TFN2k, WinTrinoo, T-Sight, and Stracheldraht have in common?
- A . All are hacking tools developed by the legion of doom
- B . All are tools that can be used not only by hackers, but also security personnel
- C . All are DDOS tools
- D . All are tools that are only effective against Windows
- E . All are tools that are only effective against Linux
Which of the following statements is TRUE?
- A . Packet Sniffers operate on the Layer 1 of the OSI model.
- B . Packet Sniffers operate on Layer 2 of the OSI model.
- C . Packet Sniffers operate on both Layer 2 & Layer 3 of the OSI model.
- D . Packet Sniffers operate on Layer 3 of the OSI model.
George is a security professional working for iTech Solutions. He was tasked with securely transferring sensitive data of the organization between industrial systems. In this process, he used a short-range communication protocol based on the IEEE 203.15.4 standard. This protocol is used in devices that transfer data infrequently at a low rate in a restricted area, within a range of 10-100 m .
What is the short-range wireless communication technology George employed in the above scenario?
- A . MQTT
- B . LPWAN
- C . Zigbee
- D . NB-IoT
C
Explanation:
Zigbee could be a wireless technology developed as associate open international normal to deal with the unique desires of affordable, low-power wireless IoT networks. The Zigbee normal operates on the IEEE 802.15.4 physical radio specification and operates in unauthorised bands as well as a pair of.4 GHz, 900 MHz and 868 MHz.
The 802.15.4 specification upon that the Zigbee stack operates gained confirmation by the Institute of Electrical and physical science Engineers (IEEE) in 2003. The specification could be a packet-based radio protocol supposed for affordable, battery-operated devices. The protocol permits devices to speak in an exceedingly kind of network topologies and may have battery life lasting many years.
The Zigbee three.0 Protocol
The Zigbee protocol has been created and ratified by member corporations of the Zigbee Alliance. Over three hundred leading semiconductor makers, technology corporations, OEMs and repair corporations comprise the Zigbee Alliance membership. The Zigbee protocol was designed to supply associate easy-to-use wireless information answer characterised by secure, reliable wireless network architectures.
THE ZIGBEE ADVANTAGE
The Zigbee 3.0 protocol is intended to speak information through rip-roaring RF environments that area unit common in business and industrial applications. Version 3.0 builds on the prevailing Zigbee normal however unifies the market-specific application profiles to permit all devices to be wirelessly connected within the same network, no matter their market designation and performance. what is more, a Zigbee 3.0 certification theme ensures the ability of product from completely different makers. Connecting Zigbee three.0 networks to the information science domain unveil observance and management from devices like smartphones and tablets on a local area network or WAN, as well as the web, and brings verity net of Things to fruition.
Zigbee protocol options include:
✑ Support for multiple network topologies like point-to-point, point-to-multipoint and mesh networks
✑ Low duty cycle C provides long battery life
✑ Low latency
✑ Direct Sequence unfold Spectrum (DSSS)
✑ Up to 65,000 nodes per network
✑ 128-bit AES encryption for secure information connections
✑ Collision avoidance, retries and acknowledgements
Larry, a security professional in an organization, has noticed some abnormalities In the user accounts on a web server. To thwart evolving attacks, he decided to harden the security of the web server by adopting a countermeasures to secure the accounts on the web server.
Which of the following countermeasures must Larry implement to secure the user accounts on the web server?
- A . Enable unused default user accounts created during the installation of an OS
- B . Enable all non-interactive accounts that should exist but do not require interactive login
- C . Limit the administrator or toot-level access to the minimum number of users
- D . Retain all unused modules and application extensions
When purchasing a biometric system, one of the considerations that should be reviewed is the processing speed .
Which of the following best describes what it is meant by processing?
- A . The amount of time and resources that are necessary to maintain a biometric system
- B . How long it takes to setup individual user accounts
- C . The amount of time it takes to be either accepted or rejected from when an individual provides identification and authentication information
- D . The amount of time it takes to convert biometric data into a template on a smart card
Internet Protocol Security IPsec is actually a suite pf protocols. Each protocol within the suite provides different functionality. Collective IPsec does everything except.
- A . Protect the payload and the headers
- B . Encrypt
- C . Work at the Data Link Layer
- D . Authenticate
You have successfully logged on a Linux system. You want to now cover your trade Your login attempt may be logged on several files located in /var/log .
Which file does NOT belongs to the list:
- A . user.log
- B . auth.fesg
- C . wtmp
- D . btmp
The Payment Card Industry Data Security Standard (PCI DSS) contains six different categories of control objectives. Each objective contains one or more requirements, which must be followed in order to achieve compliance .
Which of the following requirements would best fit under the objective, "Implement strong access control measures"?
- A . Regularly test security systems and processes.
- B . Encrypt transmission of cardholder data across open, public networks.
- C . Assign a unique ID to each person with computer access.
- D . Use and regularly update anti-virus software on all systems commonly affected by malware.
Tremp is an IT Security Manager, and he is planning to deploy an IDS in his small company.
He is looking for an IDS with the following characteristics:
– Verifies success or failure of an attack
– Monitors system activities Detects attacks that a network-based IDS fails to detect
– Near real-time detection and response
– Does not require additional hardware
– Lower entry cost Which type of IDS is best suited for Tremp’s requirements?
- A . Gateway-based IDS
- B . Network-based IDS
- C . Host-based IDS
- D . Open source-based
What is one of the advantages of using both symmetric and asymmetric cryptography in SSL/TLS?
- A . Symmetric algorithms such as AES provide a failsafe when asymmetric methods fail.
- B . Asymmetric cryptography is computationally expensive in comparison. However, it is well-suited to securely negotiate keys for use with symmetric cryptography.
- C . Symmetric encryption allows the server to securely transmit the session keys out-of-band.
- D . Supporting both types of algorithms allows less-powerful devices such as mobile phones to use symmetric encryption instead.
What is not a PCI compliance recommendation?
- A . Use a firewall between the public network and the payment card data.
- B . Use encryption to protect all transmission of card holder data over any public network.
- C . Rotate employees handling credit card transactions on a yearly basis to different departments.
- D . Limit access to card holder data to as few individuals as possible.
A penetration tester is conducting a port scan on a specific host. The tester found several ports opened that were confusing in concluding the Operating System (OS) version installed.
Considering that NMAP result below, which of the following is likely to be installed on the target machine by the OS?
Starting NMAP 5.21 at 2011-03-15 11:06 NMAP scan report for 172.16.40.65 Host is up (1.00s latency). Not shown: 993 closed ports PORT STATE SERVICE 21/tcp open ftp 23/tcp open telnet 80/tcp open http 139/tcp open netbios-ssn 515/tcp open 631/tcp open ipp 9100/tcp open MAC Address: 00:00:48:0D:EE:8
- A . The host is likely a Linux machine.
- B . The host is likely a printer.
- C . The host is likely a router.
- D . The host is likely a Windows machine.
A large mobile telephony and data network operator has a data center that houses network elements. These are essentially large computers running on Linux. The perimeter of the data center is secured with firewalls and IPS systems.
What is the best security policy concerning this setup?
- A . Network elements must be hardened with user ids and strong passwords. Regular security tests and audits should be performed.
- B . As long as the physical access to the network elements is restricted, there is no need for additional measures.
- C . There is no need for specific security measures on the network elements as long as firewalls and IPS systems exist.
- D . The operator knows that attacks and down time are inevitable and should have a backup site.
You went to great lengths to install all the necessary technologies to prevent hacking attacks, such as expensive firewalls, antivirus software, anti-spam systems and intrusion detection/prevention tools in your company’s network. You have configured the most secure policies and tightened every device on your network. You are confident that hackers will never be able to gain access to your network with complex security system in place.
Your peer, Peter Smith who works at the same department disagrees with you.
He says even the best network security technologies cannot prevent hackers gaining access to the network because of presence of "weakest link" in the security chain.
What is Peter Smith talking about?
- A . Untrained staff or ignorant computer users who inadvertently become the weakest link in your security chain
- B . "zero-day" exploits are the weakest link in the security chain since the IDS will not be able to detect these attacks
- C . "Polymorphic viruses" are the weakest link in the security chain since the Anti-Virus scanners will not be able to detect these attacks
- D . Continuous Spam e-mails cannot be blocked by your security system since spammers use different techniques to bypass the filters in your gateway
What is a NULL scan?
- A . A scan in which all flags are turned off
- B . A scan in which certain flags are off
- C . A scan in which all flags are on
- D . A scan in which the packet size is set to zero
- E . A scan with an illegal packet size
To invisibly maintain access to a machine, an attacker utilizes a toolkit that sits undetected In the core components of the operating system .
What is this type of rootkit an example of?
- A . Mypervisor rootkit
- B . Kernel toolkit
- C . Hardware rootkit
- D . Firmware rootkit
B
Explanation:
Kernel-mode rootkits run with the best operating system privileges (Ring 0) by adding code or replacement parts of the core operating system, as well as each the kernel and associated device drivers. Most operative systems support kernel-mode device drivers, that execute with a similar privileges because the software itself. As such, several kernel-mode rootkits square measure developed as device drivers or loadable modules,
like loadable kernel modules in Linux or device drivers in Microsoft Windows. This category of rootkit has unrestricted security access, however is tougher to jot down. The quality makes bugs common, and any bugs in code operative at the kernel level could seriously impact system stability, resulting in discovery of the rootkit. one amongst the primary wide familiar kernel rootkits was developed for Windows NT four.0 and discharged in Phrack magazine in 1999 by Greg Hoglund. Kernel rootkits is particularly tough to observe and take away as a result of they operate at a similar security level because the software itself, and square measure therefore able to intercept or subvert the foremost sure software operations. Any package, like antivirus package, running on the compromised system is equally vulnerable. during this scenario, no a part of the system is sure.