CEH v13 TEST C

An audacious attacker is targeting a web server you oversee. He intends to perform a Slow HTTP POST attack, by manipulating 'a' HTTP connection. Each connection sends a byte of data every 'b' second, effectively holding up the connections for an extended period. Your server is designed to manage 'm' connections per second, but any connections exceeding this number tend to overwhelm the system. Given 'a=100' and variable 'm', along with the attacker's intention of maximizing the attack duration 'D=a*b', consider the following scenarios. Which is most likely to result in the longest duration of server unavailability?. m=90, b=15: The server can manage 90 connections per second, but the attacker's 100 connections exceed this, and with each connection held up for 15 seconds, the attack duration could be significant. m=105, b=12: The server can manage 105 connections per second, more than the attacker's 100 connections, likely maintaining operation despite a moderate hold-up time. m=110, b=20: Despite the attacker sending 100 connections, the server can handle 110 connections per second, therefore likely staying operative, regardless of the hold-up time per connection. m=95, b=10: Here, the server can handle 95 connections per second, but it falls short against the attacker's 100 connections, albeit the hold-up time per connection is lower.

A large organization has recently performed a vulnerability assessment using Nessus Professional, and the security team is now preparing the final report. They have identified a high-risk vulnerability, named XYZ, which could potentially allow unauthorized access to the network. In preparing the report, which of the following elements would NOT be typically included in the detailed documentation for this specific vulnerability?. Proof of concept (PoC) of the vulnerability, if possible, to demonstrate its potential impact on the system. The total number of high, medium, and low-risk vulnerabilities detected throughout the network. The list of all affected systems within the organization that are susceptible to the identified vulnerability. The CVE ID of the vulnerability and its mapping to the vulnerability's name, XYZ.

Recently, the employees of a company have been receiving emails that seem to be from their colleagues, but with suspicious attachments. When opened, these attachments appear to install malware on their systems. The IT department suspects that this is a targeted malware attack. Which of the following measures would be the most effective in preventing such attacks?. Disabling Autorun functionality on all drives. Avoiding the use of outdated web browsers and email software. Regularly scan systems for any new files and examine them. Applying the latest patches and updating software programs.

A network security analyst, while conducting penetration testing, is aiming to identify a service account password using the Kerberos authentication protocol. They have a valid user authentication ticket (TGT) and decided to carry out a Kerberoasting attack. In the scenario described, which of the following steps should the analyst take next?. Carry out a passive wire sniffing operation using Internet packet sniffers. Perform a PRobability INfinite Chained Elements (PRINCE) attack. Extract plaintext passwords, hashes, PIN codes, and Kerberos tickets using a tool like Mimikatz. Request a service ticket for the service principal name of the target service account.

As a cybersecurity analyst at IoT Defend, you are working with a large utility company that uses Industrial Control Systems (ICS) in its operational technology (OT) environment. The company has recently integrated IoT devices into this environment to enable remote monitoring and control. They want to ensure these devices do not become a weak link in their security posture. To identify potential vulnerabilities in the IoT devices, which of the following actions should you recommend as the first step?. Use stronger encryption algorithms for data transmission between IoT devices. Implement network segmentation to isolate IoT devices from the rest of the network. Conduct a vulnerability assessment specifically for the IoT devices. Install the latest antivirus software on each IoT device.

A penetration tester is performing an enumeration on a client's network. The tester has acquired permission to perform enumeration activities. They have identified a remote inter-process communication (IPC) share and are trying to collect more information about it. The tester decides to use a common enumeration technique to collect the desired data. Which of the following techniques would be most appropriate for this scenario?. Probe the IPC share by attempting to brute force admin credentials. Brute force Active Directory. Extract usernames using email IDs. Conduct a DNS zone transfer.

As a cybersecurity analyst at TechSafe Inc., you are working on a project to improve the security of a smart home system. This IoT-enabled system controls various aspects of the home, from heating and lighting to security cameras and door locks. Your client wants to ensure that even if one device is compromised, the rest of the system remains secure. Which of the following strategies would be most effective for this purpose?. Recommend using a strong password for the smart home system's main control panel. Suggest implementing two-factor authentication for the smart home system's mobile app. Propose frequent system resets to clear any potential malware. Advise using a dedicated network for the smart home system, separate from the home's main Wi-Fi network.

During your summer internship at a tech company, you have been asked to review the security settings of their web server. While inspecting, you notice the server reveals detailed error messages to users, including database query errors and internal server errors. As a cybersecurity beginner, what is your understanding of this setting, and how would you advise the company?. Retain the setting as it aids in troubleshooting user issues. Suppress detailed error messages, as they can expose sensitive information. Implement stronger encryption to secure the error messages. Increase the frequency of automated server backups.

You are the chief security officer at AlphaTech, a tech company that specializes in data storage solutions. Your company is developing a new cloud storage platform where users can store their personal files. To ensure data security, the development team is proposing to use symmetric encryption for data at rest. However, they are unsure of how to securely manage and distribute the symmetric keys to users. Which of the following strategies would you recommend to them?. Use hash functions to distribute the keys. Use HTTPS protocol for secure key transfer. Use digital signatures to encrypt the symmetric keys. Implement the Diffie-Hellman protocol for secure key exchange.

You work as a cloud security specialist at SkyNet Solutions. One of your clients is a healthcare organization that plans to migrate its electronic health record (EHR) system to the cloud. This system contains highly sensitive personal and medical data. As part of your job, you need to ensure the security and privacy of this data while it is being transferred and stored in the cloud. You recommend that data should be encrypted during transit and at rest. However, you also need to ensure that even if a cloud service provider(CSP) has access to encrypted data, they should not be able to decrypt it. Which of the following would be the most suitable strategy to meet this requirement?. Use SSL/TLS for data transfer and allow the CSP to manage encryption keys. Utilize the CSP's built-in data encryption services. Use client-side encryption and manage encryption keys independently of the CSP. Rely on network-level encryption protocols for data transfer.

You are a cybersecurity professional managing cryptographic systems for a global corporation. The company uses a mix of Elliptic Curve Cryptography (ECC) for key exchange and symmetric encryption algorithms for data encryption. The time complexity of ECC key pair generation is O(n^3), where 'n' is the size of the key. An advanced threat actor group has a quantum computer that can potentially break ECC with a time complexity of O((log n)^2). Given that the ECC key size is 'n=512' and varying symmetric encryption algorithms and key sizes, which scenario would provide the best balance of security and performance?. Data encryption with AES-128: Provides moderate security and fast encryption, offering a balance between the two. Data encryption with AES-256: Provides high security with better performance than 3DES, but not as fast as other AES key sizes. Data encryption with 3DES using a 168-bit key: Offers high security but slower performance due to 3DES's inherent inefficiencies. Data encryption with Blowfish using a 448-bit key: Offers high security but potential compatibility issues due to Blowfish's less widespread use.

You are a security analyst for CloudSec, a company providing cloud security solutions. One of your clients, a financial institution, wants to shift its operations to a public cloud while maintaining a high level of security control. They want to ensure that they can monitor all their cloud resources continuously and receive real-time alerts about potential security threats. They also want to enforce their security policies consistently across all cloud workloads. Which of the following solutions would best meet these requirements?. Implement a Virtual Private Network (VPN) for secure data transmission. Deploy a Cloud Access Security Broker (CASB). Use multi-factor authentication for all cloud user accounts. Use client-side encryption for all stored data.

Consider a hypothetical situation where an attacker, known for his proficiency in SQL Injection attacks, is targeting your web server. This adversary meticulously crafts 'q' malicious SQL queries, each inducing a delay of 'd' seconds in the server response. This delay in response is an indicator of a potential attack. If the total delay, represented by the product 'q*d', crosses a defined threshold 'T', an alert is activated in your security system. Furthermore, it is observed that the attacker prefers prime numbers for 'q', and 'd' follows a pattern in the Fibonacci sequence. Now, consider 'd=13' seconds (a Fibonacci number) and various values of 'q' (a prime number) and 'T'. Which among the following scenarios will most likely trigger an alert?. q=17, T=220: Even though the attacker increases 'q', the total delay ('q*d' = 221 seconds) just surpasses the threshold, possibly activating an alert. q=13, T=180: In this case, the total delay caused by the attacker ('q*d' = 169 seconds) breaches the threshold, likely leading to the triggering of a security alert. q=11, T=150: Here, the total delay induced by the attacker ('q*d' = 143 seconds) does not surpass the threshold, so the security system remains dormant. q=19, T=260: Despite the attacker's increased effort, the total delay ('q*d' = 247 seconds) does not exceed the threshold, thus no alert is triggered.

You are an ethical hacker contracted to conduct a security audit for a company. During the audit, you discover that the company's wireless network is using WEP encryption. You understand the vulnerabilities associated with WEP and plan to recommend a more secure encryption method. Which of the following would you recommend as a suitable replacement to enhance the security of the company's wireless network?. Open System authentication. WPA2-PSK with AES encryption. SSID broadcast disabling. MAC address filtering.

You are the lead cybersecurity analyst at a multinational corporation that uses a hybrid encryption system to secure inter-departmental communications. The system uses RSA encryption for key exchange and AES for data encryption, taking advantage of the strengths of both asymmetric and symmetric encryption. Each RSA key pair has a size of 'n' bits, with larger keys providing more security at the cost of slower performance. The time complexity of generating an RSA key pair is O(n^2), and AES encryption has a time complexity of O(n). An attacker has developed a quantum algorithm with time complexity O((log n)^2) to crack RSA encryption. Given 'n=4000' and variable 'AES key size', which scenario is likely to provide the best balance of security and performance?. AES key size=128 bits: This configuration provides less security than option A, but RSA key generation and AES encryption will be faster. AES key size=256 bits: This configuration provides a high level of security, but RSA key generation may be slow. AES key size=192 bits: This configuration is a balance between options A and B, providing moderate security and performance. AES key size=512 bits: This configuration provides the highest level of security but at a significant performance cost due to the large AES key size.

An experienced cyber attacker has created a fake LinkedIn profile, successfully impersonating a high-ranking official from a well-established company, to execute a social engineering attack. The attacker then connected with other employees within the organization, receiving invitations to exclusive corporate events and gaining access to proprietary project details shared within the network. What advanced social engineering technique has the attacker primarily used to exploit the system and what is the most likely immediate threat to the organization?. Whaling and Targeted Attacks. Pretexting and Network Vulnerability. Spear Phishing and Spam. Baiting and Involuntary Data Leakage.

You are a cybersecurity trainee tasked with securing a small home network. The homeowner is concerned about potential "Wi-Fi eavesdropping," where unauthorized individuals could intercept the wireless communications. What would be the most effective first step to mitigate this risk, considering the simplicity and the residential nature of the network?. Disable the network's SSID broadcast. Enable encryption on the wireless network. Enable MAC address filtering. Reduce the signal strength of the wireless router.

A well-resourced attacker intends to launch a highly disruptive DDoS attack against a major online retailer. The attacker aims to exhaust all the network resources while keeping their identity concealed. Their method should be resistant to simple defensive measures such as IP-based blocking. Based on these objectives, which of the following attack strategies would be most effective?. The attacker should instigate a protocol-based SYN flood attack, consuming connection state tables on the retailer's servers. The attacker should leverage a botnet to launch a Pulse Wave attack, sending high-volume traffic pulses at regular intervals. The attacker should initiate a volumetric flood attack using a single compromised machine to overwhelm the retailer's network bandwidth. The attacker should execute a simple ICMP flood attack from a single IP, exploiting the retailer's ICMP processing.

A large organization is investigating a possible identity theft case where an attacker has created a new identity by combining multiple pieces of information from different victims to open a new bank account. The attacker also managed to receive government benefits using a fraudulent identity. Given the circumstances, which type of identity theft is the organization dealing with?. Identity Cloning and Concealment. Child Identity Theft. Social Identity Theft. Synthetic Identity Theft.

A company recently experienced a debilitating social engineering attack that led to substantial identity theft. An inquiry found that the employee inadvertently provided critical information during an innocuous phone conversation. Considering the specific guidelines issued by the company to thwart social engineering attacks, which countermeasure would have been the most successful in averting the incident?. Conduct comprehensive training sessions for employees on various social engineering methodologies and the risks associated with revealing confidential data. Implement a well-documented change management process for modifications related to hardware or software. Adopt a robust software policy that restricts the installation of unauthorized applications. Reinforce physical security measures to limit access to sensitive zones within the company premises, thereby warding off unauthorized intruders.

An ethical hacker has been tasked with assessing the security of a major corporation's network. She suspects the network uses default SNMP community strings. To exploit this, she plans to extract valuable network information using SNMP enumeration. Which tool could best help her to get the information without directly modifying any parameters within the SNMP agent’s management information base (MIB)?. SnmpWalk, with a command to change an OID to a different value. snmp-check (snmp_enum Module) to gather a wide array of information about the target. Nmap, with a script to retrieve all running SNMP processes and associated ports. OpUtils, are mainly designed for device management and not SNMP enumeration.

During a recent vulnerability assessment of a major corporation's IT systems, the security team identified several potential risks. They want to use a vulnerability scoring system to quantify and prioritize these vulnerabilities. They decide to use the Common Vulnerability Scoring System (CVSS). Given the characteristics of the identified vulnerabilities, which of the following statements is the most accurate regarding the metric types used by CVSS to measure these vulnerabilities?. Temporal metric represents the inherent qualities of a vulnerability. Base metric represents the inherent qualities of a vulnerability. Temporal metric involves measuring vulnerabilities based on a specific environment or implementation. Environmental metric involves the features that change during the lifetime of the vulnerability.