Which of the following requirements would best fit under the objective, "Implement strong access control measures"?
The Payment Card Industry Data Security Standard (PCI DSS) contains six different categories of control objectives. Each objective contains one or more requirements, which must be followed in order to achieve compliance . Which of the following requirements would best fit under the objective, "Implement strong access control measures"?A ....
What would John be considered as?
John, a security analyst working for an organization, found a critical vulnerability on the organization's LAN that allows him to view financial and personal information about the rest of the employees. Before reporting the vulnerability, he examines the information shown by the vulnerability for two days without disclosing any information...
What is the proper syntax?
You want to do an ICMP scan on a remote computer using hping2 . What is the proper syntax?A . hping2 host.domain.comB . hping2 --set-ICMP host.domain.comC . hping2 -i host.domain.comD . hping2 -1 host.domain.comView AnswerAnswer: D
How can you determine if an LM hash you extracted contains a password that is less than 8 characters long?
How can you determine if an LM hash you extracted contains a password that is less than 8 characters long?A . There is no way to tell because a hash cannot be reversedB . The right most portion of the hash is always the sameC . The hash always starts...
What proxy tool will help you find web vulnerabilities?
When you are testing a web application, it is very useful to employ a proxy tool to save every request and response. You can manually test every request and analyze the response to find vulnerabilities. You can test parameter and headers manually to get more precise results than if using...
What is the short-range wireless communication technology George employed in the above scenario?
George is a security professional working for iTech Solutions. He was tasked with securely transferring sensitive data of the organization between industrial systems. In this process, he used a short-range communication protocol based on the IEEE 203.15.4 standard. This protocol is used in devices that transfer data infrequently at a...
What is the type of attack performed by Samuel in the above scenario?
Samuel, a professional hacker, monitored and Intercepted already established traffic between Bob and a host machine to predict Bob's ISN. Using this ISN, Samuel sent spoofed packets with Bob's IP address to the host machine. The host machine responded with <| packet having an Incremented ISN. Consequently. Bob's connection got...
Which of the following DoS tools is used to attack target web applications by starvation of available sessions on the web server?
Which of the following DoS tools is used to attack target web applications by starvation of available sessions on the web server? The tool keeps sessions at halt using never-ending POST transmissions and sending an arbitrarily large content-length header value.A . My DoomB . AstacheldrahtC . R-U-Dead-Yet?(RUDY)D . LOICView AnswerAnswer:...
Which two SQL Injection types would give her the results she is looking for?
Ethical hacker jane Smith is attempting to perform an SQL injection attach. She wants to test the response time of a true or false response and wants to use a second command to determine whether the database will return true or false results for user IDs. Which two SQL Injection...
What testing method did you use?
You are tasked to perform a penetration test. While you are performing information gathering, you find an employee list in Google. You find the receptionist’s email, and you send her an email changing the source email to her boss’s email (boss@company). In this email, you ask for a pdf with...