- All Exams Instant Download
In this context, what can you say?
Bob, a system administrator at TPNQM SA, concluded one day that a DMZ is not needed if he properly configures the firewall to allow access just to servers/ports, which can have direct internet access, and block the access to workstations. Bob also concluded that DMZ makes sense just when a...
Why is a penetration test considered to be more thorough than vulnerability scan?
Why is a penetration test considered to be more thorough than vulnerability scan?A . Vulnerability scans only do host discovery and port scanning by default.B . A penetration test actively exploits vulnerabilities in the targeted infrastructure, while a vulnerability scan does not typically involve active exploitation.C . It is not...
Which of the following tools performs comprehensive tests against web servers, including dangerous files and CGIs?
Which of the following tools performs comprehensive tests against web servers, including dangerous files and CGIs?A . NiktoB . John the RipperC . DsniffD . SnortView AnswerAnswer: A Explanation: https://en.wikipedia.org/wiki/Nikto_(vulnerability_scanner) Nikto is a free software command-line vulnerability scanner that scans web servers for dangerous files/CGIs, outdated server software, and other...
Which is the first step followed by Vulnerability Scanners for scanning a network?
Which is the first step followed by Vulnerability Scanners for scanning a network?A . OS DetectionB . Firewall detectionC . TCP/UDP Port scanningD . Checking if the remote host is aliveView AnswerAnswer: D Explanation: Vulnerability scanning solutions perform vulnerability penetration tests on the organizational network in three steps:
What may be the problem?
You are the Network Admin, and you get a complaint that some of the websites are no longer accessible. You try to ping the servers and find them to be reachable. Then you type the IP address and then you try on the browser, and find it to be accessible....
What tool should the analyst use to perform a Blackjacking attack?
A large company intends to use Blackberry for corporate mobile phones and a security analyst is assigned to evaluate the possible threats. The analyst will use the Blackjacking attack method to demonstrate how an attacker could circumvent perimeter defenses and gain access to the Prometric Online Testing C Reports https://ibt1.prometric.com/users/custom/report_queue/rq_str......
What is not a PCI compliance recommendation?
What is not a PCI compliance recommendation?A . Use a firewall between the public network and the payment card data.B . Use encryption to protect all transmission of card holder data over any public network.C . Rotate employees handling credit card transactions on a yearly basis to different departments.D ....
What is the name of the attack which is mentioned in the scenario?
Attacker creates a transparent 'iframe' in front of the URL which victim attempts to click, so victim thinks that he/she clicks to the 'Do you want to make $1000 in a day?' URL but actually he/she clicks to the content or URL that exists in the transparent 'iframe' which is...
Which Linux-based tool can change any user’s password or activate disabled Windows accounts?
You have gained physical access to a Windows 2008 R2 server which has an accessible disc drive. When you attempt to boot the server and log in, you are unable to guess the password. In your toolkit, you have an Ubuntu 9.10 Linux LiveCD. Which Linux-based tool can change any...
Which file does the attacker need to modify?
An attacker has installed a RAT on a host. The attacker wants to ensure that when a user attempts to go to "www.MyPersonalBank.com", the user is directed to a phishing site. Which file does the attacker need to modify?A . Boot.iniB . SudoersC . NetworksD . HostsView AnswerAnswer: D
