- All Exams Instant Download
Which of the following would allow the security professional to easily and programmatically manipulate the TCP header length and checksum using arbitrary numbers and to observe how the proprietary service responds?
A security professional wants to test an IoT device by sending an invalid packet to a proprietary service listening on TCP port 3011. Which of the following would allow the security professional to easily and programmatically manipulate the TCP header length and checksum using arbitrary numbers and to observe how...
In Python socket programming, SOCK_DGRAM type is:
In Python socket programming, SOCK_DGRAM type is:A . reliable. B. matrixed. C. connectionless. D. slower.View AnswerAnswer: C Explanation: Connectionless due to the Datagram portion mentioned so that would mean its using UDP.
Which of the following commands would be the BEST option when stealth is not a concern and the task is time sensitive?
A security analyst needs to perform a scan for SMB port 445 over a/16 network. Which of the following commands would be the BEST option when stealth is not a concern and the task is time sensitive?A . Nmap -s 445 -Pn -T5 172.21.0.0/16 B. Nmap -p 445 -n -T4...
You are a security analyst tasked with hardening a web server
HOTSPOT You are a security analyst tasked with hardening a web server. You have been given a list of HTTP payloads that were flagged as malicious. INSTRUCTIONS Given the following attack signatures, determine the attack type, and then identify the associated remediation to prevent the attack in the future. If...
Which of the following is an active reconnaissance tool that would be BEST to use to accomplish this task?
A consultant just performed a SYN scan of all the open ports on a remote host and now needs to remotely identify the type of services that are running on the host. Which of the following is an active reconnaissance tool that would be BEST to use to accomplish this...
You are a security analyst tasked with hardening a web server
HOTSPOT You are a security analyst tasked with hardening a web server. You have been given a list of HTTP payloads that were flagged as malicious. INSTRUCTIONS Given the following attack signatures, determine the attack type, and then identify the associated remediation to prevent the attack in the future. If...
Which of the following should the security company have acquired BEFORE the start of the assessment?
A new security firm is onboarding its first client. The client only allowed testing over the weekend and needed the results Monday morning. However, the assessment team was not able to access the environment as expected until Monday. Which of the following should the security company have acquired BEFORE the...
Which of the following describe the GREATEST concerns about using third-party open-source libraries in application code? (Choose two.)
Which of the following describe the GREATEST concerns about using third-party open-source libraries in application code? (Choose two.)A . The libraries may be vulnerable B. The licensing of software is ambiguous C. The libraries’ code bases could be read by anyone D. The provenance of code is unknown E. The...
conduct host delivery and write the discovery to files without returning results of the attack machine?
The attacking machine is on the same LAN segment as the target host during an internal penetration test. Which of the following commands will BEST enable the attacker to conduct host delivery and write the discovery to files without returning results of the attack machine?A . nmap snn exclude 10.1.1.15...
Which of the following actions is the tester MOST likely performing?
A penetration tester gains access to a system and establishes persistence, and then runs the following commands: cat /dev/null > temp touch Cr .bash_history temp mv temp .bash_history Which of the following actions is the tester MOST likely performing?A . Redirecting Bash history to /dev/null B. Making a copy of...
