CEH v13 Test B

Wilson, a professional hacker, targets an organization for financial benefit and plans to compromise its systems by sending malicious emails. For this purpose, he uses a tool to track the emails of the target and extracts information such as sender identities, mail servers, sender IP addresses, and sender locations from different public sources. He also checks if an email address was leaked using the haveibeenpwned.com API. Which of the following tools is used by Wilson in the above scenario?. Infoga. Netcraft. ZoomInfo. Factiva.

Which of the following is assured by the use of a hash?. Integrity. Availability. Confidentiality. Authentication.

Ethical hacker Jane Smith is attempting to perform an SQL injection attack. She wants to test the response time of a true or false response and wants to use a second command to determine whether the database will return true or false results for user IDs. Which two SQL injection types would give her the results she is looking for?. Out of band and boolean-based B. Union-based and error-based. Time-based and union-based. Time-based and boolean-based.

George is a security professional working for iTech Solutions. He was tasked with securely transferring sensitive data of the organization between industrial systems. In this process, he used a short-range communication protocol based on the IEEE 203.15.4 standard. This protocol is used in devices that transfer data infrequently at a low rate in a restricted area, within a range of 10-100 m. What is the short-range wireless communication technology George employed in the above scenario?. LPWAN. MQTT. NB-IoT. Zigbee.

Eric, a cloud security engineer, implements a technique for securing the cloud resources used by his organization. This technique assumes by default that a user attempting to access the network is not an authentic entity and verifies every incoming connection before allowing access to the network. Using this technique, he also imposed conditions such that employees can access only the resources required for their role. What is the technique employed by Eric to secure cloud resources?. Demilitarized zone. Zero trust network. Serverless computing. Container technology.

You are a penetration tester tasked with testing the wireless network of your client Brakeme SA. You are attempting to break into the wireless network with the SSID “Brakeme-Internal.” You realize that this network uses WPA3 encryption. Which of the following vulnerabilities is the promising to exploit?. Dragonblood. AP misconfiguration. Key reinstallation attack. Cross-site request forgery.

What is the common name for a vulnerability disclosure program opened by companies in platforms such as HackerOne?. White-hat hacking program. Bug bounty program. Ethical hacking program. Vulnerability hunting program.

A DDoS attack is performed at layer 7 to take down web infrastructure. Partial HTTP requests are sent to the web infrastructure or applications. Upon receiving a partial request, the target servers opens multiple connections and keeps waiting for the requests to complete. Which attack is being described here?. Desynchronization. Slowloris attack. Session splicing. Phlashing.

Andrew is an Ethical Hacker who was assigned the task of discovering all the active devices hidden by a restrictive firewall in the IPv4 range in a given target network. Which of the following host discovery techniques must he use to perform the given task?. UDP scan. ARP ping scan. ACK flag probe scan. TCP Maimon scan.

Abel, a cloud architect, uses container technology to deploy applications/software including all its dependencies, such as libraries and configuration files, binaries, and other resources that run independently from other processes in the cloud environment. For the containerization of applications, he follows the five-tier container technology architecture. Currently, Abel is verifying and validating image contents, signing images, and sending them to the registries. Which of the following tiers of the container technology architecture is Abel currently working in?. Tier-1: Developer machines. Tier-2: Testing and accreditation systems. Tier-3: Registries. Tier-4: Orchestrators.

Henry is a cyber security specialist hired by BlackEye – Cyber Security Solutions. He was tasked with discovering the operating system (OS) of a host. He used the Unicornscan tool to discover the OS of the target system. As a result, he obtained a TTL value, which indicates that the target system is running a Windows OS. Identify the TTL value Henry obtained, which indicates that the target OS is Windows. 128. 255. 64. 138.

Daniel is a professional hacker who is attempting to perform an SQL injection attack on a target website, www.moviescope.com. During this process, he encountered an IDS that detects SQL injection attempts based on predefined signatures. To evade any comparison statement, he attempted placing characters such as “’or ‘1’=‘1’” in any basic injection statement such as “or 1=1.” Identify the evasion technique used by Daniel in the above scenario. Char encoding. IP fragmentation. Variation. Null byte.

SQL injection (SQLi) attacks attempt to inject SQL syntax into web requests, which may bypass authentication and allow attackers to access and/or modify data attached to a web application. Which of the following SQLi types leverages a database server’s ability to make DNS requests to pass data to an attacker?. In-band SQLi. Union-based SQLi. Out-of-band SQLi. Time-based blind SQLi.

Attacker Rony installed a rogue access point within an organization’s perimeter and attempted to intrude into its internal network. Johnson, a security auditor, identified some unusual traffic in the internal network that is aimed at cracking the authentication mechanism. He immediately turned off the targeted network and tested for any weak and outdated security mechanisms that are open to attack. What is the type of vulnerability assessment performed by Johnson in the above scenario?. Wireless network assessment. Application assessment. Host-based assessment. Distributed assessment.

In this attack, an adversary tricks a victim into reinstalling an already-in-use key. This is achieved by manipulating and replaying cryptographic handshake messages. When the victim reinstalls the key, associated parameters such as the incremental transmit packet number and receive packet number are reset to their initial values. What is this attack called?. Evil twin. Chop chop attack. Wardriving. KRACK.

After an audit, the auditors inform you that there is a critical finding that you must tackle immediately. You read the audit report, and the problem is the service running on port 389. Which service is this and how can you tackle the problem?. The service is NTP, and you have to change it from UDP to TCP in order to encrypt it. The service is LDAP, and you must change it to 636, which is LDAPS. The findings do not require immediate actions and are only suggestions. The service is SMTP, and you must change it to SMIME, which is an encrypted way to send emails.

You are using a public Wi-Fi network inside a coffee shop. Before surfing the web, you use your VPN to prevent intruders from sniffing your traffic. If you did not have a VPN, how would you identify whether someone is performing an ARP spoofing attack on your laptop?. You should check your ARP table and see if there is one IP address with two different MAC addresses. You should scan the network using Nmap to check the MAC addresses of all the hosts and look for duplicates. You should use netstat to check for any suspicious connections with another IP address within the LAN. You cannot identify such an attack and must use a VPN to protect your traffic.

Techno Security Inc. recently hired John as a penetration tester. He was tasked with identifying open ports in the target network and determining whether the ports are online and any firewall rule sets are encountered. John decided to perform a TCP SYN ping scan on the target network. Which of the following Nmap commands must John use to perform the TCP SYN ping scan?. nmap -sn -PO < target IP address >. nmap -sn -PS < target IP address >. nmap -sn -PA < target IP address >. nmap -sn -PP < target IP address >.

Ricardo has discovered the username for an application in his target’s environment. As he has a limited amount of time, he decides to attempt to use a list of common passwords he found on the Internet. He compiles them into a list and then feeds that list as an argument into his password-cracking application. What type of attack is Ricardo performing?. Brute force. Known plaintext. Dictionary. Password spraying.

When analyzing the IDS logs, the system administrator noticed an alert was logged when the external router was accessed from the administrator’s Computer to update the router configuration. What type of an alert is this?. False negative. True negative. True positive. False positive.

Emily, an extrovert obsessed with social media, posts a large amount of private information, photographs, and location tags of recently visited places. Realizing this, James, a professional hacker, targets Emily and her acquaintances, conducts a location search to detect their geolocation by using an automated tool, and gathers information to perform other sophisticated attacks. What is the tool employed by James in the above scenario?. ophcrack. VisualRoute. Hootsuite. HULK.

What is the file that determines the basic configuration (specifically activities, services, broadcast receivers, etc.) in an Android application?. AndroidManifest.xml. resources.asrc. classes.dex. APK.info.

Mason, a professional hacker, targets an organization and spreads Emotet malware through malicious script. After infecting the victim's device, Mason further used Emotet to spread the infection across local networks and beyond to compromise as many machines as possible. In this process, he used a tool, which is a self-extracting RAR file, to retrieve information related to network resources such as writable share drives. What is the tool employed by Mason in the above scenario?. NetPass.exe. Outlook scraper. WebBrowserPassView. Credential enumerator.

Which of the following Bluetooth hacking techniques refers to the theft of information from a wireless device through Bluetooth?. Bluesmacking. Bluesnarfing. Bluejacking. Bluebugging.

While browsing his Facebook feed, Matt sees a picture one of his friends posted with the caption, “Learn more about your friends!”, as well as a number of personal questions. Matt is suspicious and texts his friend, who confirms that he did indeed post it. With assurance that the post is legitimate, Matt responds to the questions on the post. A few days later, Matt’s bank account has been accessed, and the password has been changed. What most likely happened?. Matt inadvertently provided the answers to his security questions when responding to the post. Matt inadvertently provided his password when responding to the post. Matt’s computer was infected with a keylogger. Matt’s bank account login information was brute forced.

Attacker Simon targeted the communication network of an organization and disabled the security controls of NetNTLMv1 by modifying the values of LMCompatibilityLevel, NTLMMinClientSec, and RestrictSendingNTLMTraffic. He then extracted all the non-network logon tokens from all the active processes to masquerade as a legitimate user to launch further attacks. What is the type of attack performed by Simon?. Combinator attack. Dictionary attack. Rainbow table attack. Internal monologue attack.

Steve, an attacker, created a fake profile on a social media website and sent a request to Stella. Stella was enthralled by Steve’s profile picture and the description given for his profile, and she initiated a conversation with him soon after accepting the request. After a few days, Steve started asking about her company details and eventually gathered all the essential information regarding her company. What is the social engineering technique Steve employed in the above scenario?. Baiting. Piggybacking. Diversion theft. Honey trap.

Attacker Lauren has gained the credentials of an organization’s internal server system, and she was often logging in during irregular times to monitor the network activities. The organization was skeptical about the login times and appointed security professional Robert to determine the issue. Robert analyzed the compromised device to find incident details such as the type of attack, its severity, target, impact, method of propagation, and vulnerabilities exploited. What is the incident handling and response (IH&R) phase, in which Robert has determined these issues?. Incident triage. Preparation. Incident recording and assignment. Eradication.

At what stage of the cyber kill chain theory model does data exfiltration occur?. Weaponization. Actions on objectives. Command and control. Installation.

As a certified ethical hacker, you are tasked with gaining information about an enterprise's internal network. You are permitted to test the network's security using enumeration techniques. You successfully obtain a list of usernames using email IDs and execute a DNS Zone Transfer. Which enumeration technique would be most effective for your next move given that you have identified open TCP ports 25 (SMTP) and 139 (NetBIOS Session Service)?. Perform a brute force attack on Microsoft Active Directory to extract valid usernames. Exploit the NetBIOS Session Service on TCP port 139 to gain unauthorized access to the file system. Use SNMP to extract usernames given the community strings. Exploit the NFS protocol on TCP port 2049 to gain control over a remote system.

An organization decided to harden its security against web-application and web-server attacks. John, a security personnel in the organization, employed a security scanner to automate web-application security testing and to guard the organization's web infrastructure against web-application threats. Using that tool, he also wants to detect XSS, directory transversal problems, fault injection, SQL injection, attempts to execute commands, and several other attacks. Which of the following security scanners will help John perform the above task?. AlienVault® OSSIMTM. Syhunt Hybrid. Saleae Logic Analyzer. Cisco ASA.

Which of the following Metasploit post-exploitation modules can be used to escalate privileges on Windows systems?. getsystem. getuid. keylogrecorder. autoroute.

Sam is a penetration tester hired by Inception Tech, a security organization. He was asked to perform port scanning on a target host in the network. While performing the given task, Sam sends FIN/ACK probes and determines that an RST packet is sent in response by the target host, indicating that the port is closed. What is the port scanning technique used by Sam to discover open ports?. Xmas scan. IDLE/IPID header scan. TCP Maimon scan. ACK flag probe scan.

An organization has automated the operation of critical infrastructure from a remote location. For this purpose, all the industrial control systems are connected to the Internet. To empower the manufacturing process, ensure the reliability of industrial networks, and reduce downtime and service disruption, the organization decided to install an OT security tool that further protects against security incidents such as cyber espionage, zero-day attacks, and malware. Which of the following tools must the organization employ to protect its critical infrastructure?. Robotium. BalenaCloud. Flowmon. IntentFuzzer.

Heather’s company has decided to use a new customer relationship management tool. After performing the appropriate research, they decided to purchase a subscription to a cloud-hosted solution. The only administrative task that Heather will need to perform is the management of user accounts. The provider will take care of the hardware, operating system, and software administration including patching and monitoring. Which of the following is this type of solution?. IaaS. SaaS. PaaS. CaaS.

Juliet, a security researcher in an organization, was tasked with checking for the authenticity of images to be used in the organization's magazines. She used these images as a search query and tracked the original source and details of the images, which included photographs, profile pictures, and memes. Which of the following footprinting techniques did Rachel use to finish her task?. Google advanced search. Meta search engines. Reverse image search. Advanced image search.

Mary, a penetration tester, has found password hashes in a client system she managed to breach. She needs to use these passwords to continue with the test, but she does not have time to find the passwords that correspond to these hashes. Which type of attack can she implement in order to continue?. Pass the hash. Internal monologue attack. LLMNR/NBT-NS poisoning. Pass the ticket.

Morris, a professional hacker, performed a vulnerability scan on a target organization by sniffing the traffic on the network to identify the active systems, network services, applications, and vulnerabilities. He also obtained the list of the users who are currently accessing the network. What is the type of vulnerability assessment that Morris performed on the target organization?. Credentialed assessment. Internal assessment. External assessment. Passive assessment.

Which of the following protocols can be used to secure an LDAP service against anonymous queries?. NTLM. RADIUS. WPA. SSO.

Jane invites her friends Alice and John over for a LAN party. Alice and John access Jane’s wireless network without a password. However, Jane has a long, complex password on her router. What attack has likely occurred?. Wardriving. Wireless sniffing. Evil twin. Piggybacking.

There have been concerns in your network that the wireless network component is not sufficiently secure. You perform a vulnerability scan of the wireless network and find that it is using an old encryption protocol that was designed to mimic wired encryption. What encryption protocol is being used?. RADIUS. WPA. WEP. WPA3.

As a part of an ethical hacking exercise, an attacker is probing a target network that is suspected to employ various honeypot systems for security. The attacker needs to detect and bypass these honeypots without alerting the target. The attacker decides to utilize a suite of techniques. Which of the following techniques would NOT assist in detecting a honeypot?. Implementing a brute force attack to verify system vulnerability. Probing system services and observing the three-way handshake. Using honeypot detection tools like Send-Safe Honeypot Hunter. Analyzing the MAC address to detect instances running on VMware.

A skilled ethical hacker was assigned to perform a thorough OS discovery on a potential target. They decided to adopt an advanced fingerprinting technique and sent a TCP packet to an open TCP port with specific flags enabled. Upon receiving the reply, they noticed the flags were SYN and ECN-Echo. Which test did the ethical hacker conduct and why was this specific approach adopted?. Test 3: The test was executed to observe the response of the target system when a packet with URC, PSH, SYN, and FIN flags was sent, thereby identifying the OS. Test 2: This test was chosen because a TCP packet with no flags enabled is known as a NULL packet and this would allow the hacker to assess the OS of the target. Test 1: The test was conducted because SYN and ECN-Echo flags enabled to allow the hacker to probe the nature of the response and subsequently determine the OS fingerprint. Test 6: The hacker selected this test because a TCP packet with the ACK flag enabled sent to a closed TCP port would yield more information about the OS.

A large enterprise has been experiencing sporadic system crashes and instability, resulting in limited access to its web services. The security team suspects it could be a result of a Denial of Service (DoS) attack. A significant increase in traffic was noticed in the network logs, with patterns suggesting packet sizes exceeding the prescribed size limit. Which among the following DoS attack techniques best describes this scenario?. Smurf attack. UDP flood attack. Pulse wave attack. Ping of Death attack.

Your company has been receiving regular alerts from its IDS about potential intrusions. On further investigation, you notice that these alerts have been false positives triggered by certain goodware files. In response, you are planning to enhance the IDS with YARA rules, reducing these false positives while improving the detection of real threats. Based on the scenario and the principles of YARA and IDS, which of the following strategies would best serve your purpose?. Incorporating YARA rules to detect patterns in all files regardless of their nature. Creating YARA rules to examine only the private database for intrusions. Implementing YARA rules that focus solely on known malware signatures. Writing YARA rules specifically to identify the goodware files triggering false positives.

Jake, a network security specialist, is trying to prevent network-level session hijacking attacks in his company. While studying different types of such attacks, he learns about a technique where an attacker inserts their machine into the communication between a client and a server, making it seem like the packets are flowing through the original path. This technique is primarily used to reroute the packets. Which of the following types of network-level session hijacking attacks is Jake studying?. TCP/IP Hijacking. RST Hijacking. UDP Hijacking. Man-in-the-middle Attack Using Forged ICMP and ARP Spoofing.

Given the complexities of an organization’s network infrastructure, a threat actor has exploited an unidentified vulnerability, leading to a major data breach. As a Certified Ethical Hacker (CEH). you are tasked with enhancing the organization's security stance. To ensure a comprehensive security defense, you recommend a certain security strategy. Which of the following best represents the strategy you would likely suggest and why?. Develop an in-depth Risk Management process, involving identification, assessment, treatment, tracking, and review of risks to control the potential effects on the organization. Establish a Defense-in-Depth strategy, incorporating multiple layers of security measures to increase the complexity and decrease the likelihood of a successful attack. Implement an Information Assurance (IA) policy focusing on ensuring the integrity, availability, confidentiality, and authenticity of information systems. Adopt a Continual/Adaptive Security Strategy involving ongoing prediction, prevention, detection, and response actions to ensure comprehensive computer network defense.

You're the security manager for a tech company that uses a database to store sensitive customer data. You have implemented countermeasures against SQL injection attacks. Recently, you noticed some suspicious activities and suspect an attacker is using SQL injection techniques. The attacker is believed to use different forms of payloads in his SQL queries. In the case of a successful SQL injection attack, which of the following payloads would have the most significant impact?. ' OR username LIKE '%': This payload uses the LIKE operator to search for a specific pattern in a column. UNION SELECT NULL, NULL, NULL -- : This payload manipulates the UNION SQL operator, enabling the attacker to retrieve data from different database tables. ' OR '1'='l: This payload manipulates the WHERE clause of an SQL statement, allowing the attacker to view unauthorized data. ' OR 'a'='a; DROP TABLE members; --: This payload combines the manipulation of the WHERE clause with a destructive action, causing data loss.

A malicious user has acquired a Ticket Granting Service from the domain controller using a valid user's Ticket Granting Ticket in a Kerberoasting attack. He exhorted the TGS tickets from memory for offline cracking. But the attacker was stopped before he could complete his attack. The system administrator needs to investigate and remediate the potential breach. What should be the immediate step the system administrator takes?. Perform a system reboot to clear the memory. Delete the compromised user's account. Change the NTLM password hash used to encrypt the ST. Invalidate the TGS the attacker acquired.

You are a cybersecurity consultant for a healthcare organization that utilizes Internet of Medical Things (IoMT) devices, such as connected insulin pumps and heart rate monitors, to provide improved patientcare. Recently, the organization has been targeted by ransomware attacks. While the IT infrastructure was unaffected due to robust security measures, they are worried that the IoMT devices could be potential entry points for future attacks. What would be your main recommendation to protect these devices from such threats?. Disable all wireless connectivity on IoMT devices. Regularly change the IP addresses of all IoMT devices. Use network segmentation to isolate IoMT devices from the main network. Implement multi-factor authentication for all IoMT devices.

As a cybersecurity professional, you are responsible for securing a high-traffic web application that uses MySQL as its backend database. Recently, there has been a surge of unauthorized login attempts, and you suspect that a seasoned black-hat hacker is behind them. This hacker has shown proficiency in SQL Injection and appears to be using the 'UNION' SQL keyword to trick the login process into returning additional data. However, your application’s security measures include filtering special characters in user inputs, a method usually effective against such attacks. In this challenging environment, if the hacker still intends to exploit this SQL Injection vulnerability, which strategy is he most likely to employ?. The hacker tries to manipulate the 'UNION' keyword in such a way that it triggers a database error, potentially revealing valuable information about the database's structure. The hacker switches tactics and resorts to a 'time-based blind' SQL Injection attack, which would force the application to delay its response, thereby revealing information based on the duration of the delay. The hacker attempts to bypass the special character filter by encoding his malicious input, which could potentially enable him to successfully inject damaging SQL queries. The hacker alters his approach and injects a DROP TABLE' statement, a move that could potentially lead to the loss of vital data stored in the application's database.

XYZ company recently discovered a potential vulnerability on their network, originating from misconfigurations. It was found that some of their host servers had enabled debugging functions and unknown users were granted administrative permissions. As a Certified Ethical Hacker, what would be the most potent risk associated with this misconfiguration?. An attacker may be able to inject a malicious DLL into the current running process. Weak encryption might be allowing man-in-the-middle attacks, leading to data tampering. Unauthorized users may perform privilege escalation using unnecessarily created accounts. An attacker may carry out a Denial-of-Service assault draining the resources of the server in the process.

An organization suspects a persistent threat from a cybercriminal. They hire an ethical hacker, John, to evaluate their system security. John identifies several vulnerabilities and advises the organization on preventive measures. However, the organization has limited resources and opts to fix only the most severe vulnerability. Subsequently, a data breach occurs exploiting a different vulnerability. Which of the following statements best describes this scenario?. The organization is at fault because it did not fix all identified vulnerabilities. Both the organization and John share responsibility because they did not adequately manage the vulnerabilities. John is at fault because he did not emphasize the necessity of patching all vulnerabilities. The organization is not at fault because they used their resources as per their understanding.

An ethical hacker is attempting to crack NTLM hashed passwords from a Windows SAM file using a rainbow table attack. He has dumped the on-disk contents of the SAM file successfully and noticed that all LM hashes are blank. Given this scenario, which of the following would be the most likely reason for the blank LM hashes?. The SAM file has been encrypted using the SYSKEY function. The passwords exceeded 14 characters in length and therefore, the LM hashes were set to a “dummy" value. The Windows system is Vista or a later version, where LM hashes are disabled by default. The Windows system is using the Kerberos authentication protocol as the default method.

A Certified Ethical Hacker (CEH) is given the task to perform an LDAP enumeration on a target system. The system is secured and accepts connections only on secure LDAP. The CEH uses Python for the enumeration process. After successfully installing LDAP and establishing a connection with the target, he attempts to fetch details like the domain name and naming context but is unable to receive the expected response. Considering the circumstances, which of the following is the most plausible reason for this situation?. The system failed to establish a connection due to an incorrect port number. The enumeration process was blocked by the target system's intrusion detection system. The secure LDAP connection was not properly initialized due to a lack of 'use_ssl = True' in the server object creation. The Python version installed on the CEH's machine is incompatible with the Idap3 library.

You are a cybersecurity consultant for a major airport that offers free Wi-Fi to travelers. The management is concerned about the possibility of "Evil Twin" attacks, where a malicious actor sets up a rogue access point that mimics the legitimate one. They are looking for a solution that would not significantly impact the user experience or require travelers to install additional software. What is the most effective security measure you could recommend that fits these constraints, considering the airport's unique operational environment?. Regularly change the SSID of the airport's Wi-Fi network. Use MAC address filtering on the airport's Wi-Fi network. Implement WPA3 encryption for the airport's Wi-Fi network. Display a captive portal page that warns users about the possibility of Evil Twin attacks.

As a Certified Ethical Hacker, you are conducting a footprinting and reconnaissance operation against a target organization. You discover a range of IP addresses associated with the target using the SecurityTrails tool. Now, you need to perform a reverse DNS lookup on these IP addresses to find the associated domain names, as well as determine the nameservers and mail exchange (MX) records. Which of the following DNSRecon commands would be most effective for this purpose?. dnsrecon -r 192.168.1.0/24 -n nsl.example.com -t axfr. dnsrecon -r 10.0.0.0/24 -n nsl.example.com -t zonewalk. dnsrecon -r 162.241.216.0/24 -n nsl.example.com -t std. dnsrecon -r 162.241.216.0/24 -d example.com -t brt.

You are an ethical hacker tasked with conducting an enumeration of a company's network. Given a Windows Answered Marked for Review 37.6% system with NetBIOS enabled, port 139 open, and file and printer sharing active, you are about to run some nbtstat commands to enumerate NetBIOS names. The company uses IPv6 for its network. Which of the following actions should you take next?. Switch to an enumeration tool that supports IPv6. Use nbtstat -a followed by the IPv6 address of the target machine. Use nbtstat -c to get the contents of the NetBIOS name cache. Utilize Nmap Scripting Engine (NSE) for NetBIOS enumeration.

During a red team assessment, a CEH is given a task to perform network scanning on the target network without revealing its IP address. They are also required to find an open port and the services available on the target machine. What scanning technique should they employ, and which command in Zenmap should they use?. Use SCTP INIT Scan with the command "-sY". Use UDP Raw ICMP Port Unreachable Scanning with the command "-sU". Use the ACK flag probe scanning technique with the command "-sA". Use the IDLE/IPID header scan technique with the command "-sI".

A large corporation is planning to implement preventive measures to counter a broad range of social engineering techniques. The organization has implemented a signature-based IDS, intrusion detection system, to detect known attack payloads and network flow analysis to monitor data entering and leaving the network. The organization is deliberating on the next step. Considering the information provided about various social engineering techniques, what should be the organization's next course of action?. Implement endpoint detection and response solution to oversee endpoint activities. Set up a honeypot to attract potential attackers into a controlled environment for analysis. Deploy more security personnel to physically monitor key points of access. Organize regular employee awareness training regarding social engineering techniques and preventive measures.