- All Exams Instant Download
Which file does the attacker need to modify?
An attacker has installed a RAT on a host. The attacker wants to ensure that when a user attempts to go to "www.MyPersonalBank.com", that the user is directed to a phishing site. Which file does the attacker need to modify?A . Boot.iniB . SudoersC . NetworksD . HostsView AnswerAnswer: D
You are attempting to run an Nmap port scan on a web server. Which of the following commands would result in a scan of common ports with the least amount of noise in order to evade IDS?
You are attempting to run an Nmap port scan on a web server. Which of the following commands would result in a scan of common ports with the least amount of noise in order to evade IDS?A . nmap CA - PnB . nmap CsP Cp-65535-T5C . nmap CsT CO...
Alice encrypts her data using her public key PK and stores the encrypted data in the cloud. Which of the following attack scenarios will compromise the privacy of her data?
Alice encrypts her data using her public key PK and stores the encrypted data in the cloud. Which of the following attack scenarios will compromise the privacy of her data?A . None of these scenarios compromise the privacy of Alice’s dataB . Agent Andrew subpoenas Alice, forcing her to reveal...
Which of the following requests best illustrates an attempt to exploit an insecure direct object reference vulnerability?
Insecure direct object reference is a type of vulnerability where the application does not verify if the user is authorized to access the internal object via its name or key. Suppose a malicious user Rob tries to get access to the account of a benign user Ned. Which of the...
What kind of Web application vulnerability likely exists in their software?
A company's Web development team has become aware of a certain type of security vulnerability in their Web software. To mitigate the possibility of this vulnerability being exploited, the team wants to modify the software requirements to disallow users from entering HTML as input into their Web application. What kind...
Which one of the following Google advanced search operators allows an attacker to restrict the results to those websites in the given domain?
Which one of the following Google advanced search operators allows an attacker to restrict the results to those websites in the given domain?A . [cache:]B . [site:]C . [inurl:]D . [link:]View AnswerAnswer: B
You have gained physical access to a Windows 2008 R2 server which has an accessible disc drive. When you attempt to boot the server and log in, you are unable to guess the password. In your toolkit, you have an Ubuntu 9.10 Linux LiveCD. Which Linux-based tool can change any user’s password or activate disabled Windows accounts?
You have gained physical access to a Windows 2008 R2 server which has an accessible disc drive. When you attempt to boot the server and log in, you are unable to guess the password. In your toolkit, you have an Ubuntu 9.10 Linux LiveCD. Which Linux-based tool can change any...
Which of these is capable of searching for and locating rogue access points?
Which of these is capable of searching for and locating rogue access points?A . HIDSB . NIDSC . WISSD . WIPSView AnswerAnswer: D
What is this type of DNS configuration commonly called?
During a recent security assessment, you discover the organization has one Domain Name Server (DNS) in a Demilitarized Zone (DMZ) and a second DNS server on the internal network. What is this type of DNS configuration commonly called?A . DynDNSB . DNS SchemeC . DNSSECD . Split DNSView AnswerAnswer: D
The "white box testing" methodology enforces what kind of restriction?
The "white box testing" methodology enforces what kind of restriction?A . Only the internal operation of a system is known to the tester.B . The internal operation of a system is completely known to the tester.C . The internal operation of a system is only partly accessible to the tester.D...
