CEH v13 TEST C
|
|
Title of test:
![]() CEH v13 TEST C Description: CEH v13 TEST C |



| New Comment |
|---|
NO RECORDS |
|
An audacious attacker is targeting a web server you oversee. He intends to perform a Slow HTTP POST attack, by manipulating 'a' HTTP connection. Each connection sends a byte of data every 'b' second, effectively holding up the connections for an extended period. Your server is designed to manage 'm' connections per second, but any connections exceeding this number tend to overwhelm the system. Given 'a=100' and variable 'm', along with the attacker's intention of maximizing the attack duration 'D=a*b', consider the following scenarios. Which is most likely to result in the longest duration of server unavailability?. m=90, b=15: The server can manage 90 connections per second, but the attacker's 100 connections exceed this, and with each connection held up for 15 seconds, the attack duration could be significant. m=105, b=12: The server can manage 105 connections per second, more than the attacker's 100 connections, likely maintaining operation despite a moderate hold-up time. m=110, b=20: Despite the attacker sending 100 connections, the server can handle 110 connections per second, therefore likely staying operative, regardless of the hold-up time per connection. m=95, b=10: Here, the server can handle 95 connections per second, but it falls short against the attacker's 100 connections, albeit the hold-up time per connection is lower. A large organization has recently performed a vulnerability assessment using Nessus Professional, and the security team is now preparing the final report. They have identified a high-risk vulnerability, named XYZ, which could potentially allow unauthorized access to the network. In preparing the report, which of the following elements would NOT be typically included in the detailed documentation for this specific vulnerability?. Proof of concept (PoC) of the vulnerability, if possible, to demonstrate its potential impact on the system. The total number of high, medium, and low-risk vulnerabilities detected throughout the network. The list of all affected systems within the organization that are susceptible to the identified vulnerability. The CVE ID of the vulnerability and its mapping to the vulnerability's name, XYZ. Recently, the employees of a company have been receiving emails that seem to be from their colleagues, but with suspicious attachments. When opened, these attachments appear to install malware on their systems. The IT department suspects that this is a targeted malware attack. Which of the following measures would be the most effective in preventing such attacks?. Disabling Autorun functionality on all drives. Avoiding the use of outdated web browsers and email software. Regularly scan systems for any new files and examine them. Applying the latest patches and updating software programs. A network security analyst, while conducting penetration testing, is aiming to identify a service account password using the Kerberos authentication protocol. They have a valid user authentication ticket (TGT) and decided to carry out a Kerberoasting attack. In the scenario described, which of the following steps should the analyst take next?. Carry out a passive wire sniffing operation using Internet packet sniffers. Perform a PRobability INfinite Chained Elements (PRINCE) attack. Extract plaintext passwords, hashes, PIN codes, and Kerberos tickets using a tool like Mimikatz. Request a service ticket for the service principal name of the target service account. As a cybersecurity analyst at IoT Defend, you are working with a large utility company that uses Industrial Control Systems (ICS) in its operational technology (OT) environment. The company has recently integrated IoT devices into this environment to enable remote monitoring and control. They want to ensure these devices do not become a weak link in their security posture. To identify potential vulnerabilities in the IoT devices, which of the following actions should you recommend as the first step?. Use stronger encryption algorithms for data transmission between IoT devices. Implement network segmentation to isolate IoT devices from the rest of the network. Conduct a vulnerability assessment specifically for the IoT devices. Install the latest antivirus software on each IoT device. A penetration tester is performing an enumeration on a client's network. The tester has acquired permission to perform enumeration activities. They have identified a remote inter-process communication (IPC) share and are trying to collect more information about it. The tester decides to use a common enumeration technique to collect the desired data. Which of the following techniques would be most appropriate for this scenario?. Probe the IPC share by attempting to brute force admin credentials. Brute force Active Directory. Extract usernames using email IDs. Conduct a DNS zone transfer. As a cybersecurity analyst at TechSafe Inc., you are working on a project to improve the security of a smart home system. This IoT-enabled system controls various aspects of the home, from heating and lighting to security cameras and door locks. Your client wants to ensure that even if one device is compromised, the rest of the system remains secure. Which of the following strategies would be most effective for this purpose?. Recommend using a strong password for the smart home system's main control panel. Suggest implementing two-factor authentication for the smart home system's mobile app. Propose frequent system resets to clear any potential malware. Advise using a dedicated network for the smart home system, separate from the home's main Wi-Fi network. During your summer internship at a tech company, you have been asked to review the security settings of their web server. While inspecting, you notice the server reveals detailed error messages to users, including database query errors and internal server errors. As a cybersecurity beginner, what is your understanding of this setting, and how would you advise the company?. Retain the setting as it aids in troubleshooting user issues. Suppress detailed error messages, as they can expose sensitive information. Implement stronger encryption to secure the error messages. Increase the frequency of automated server backups. You are the chief security officer at AlphaTech, a tech company that specializes in data storage solutions. Your company is developing a new cloud storage platform where users can store their personal files. To ensure data security, the development team is proposing to use symmetric encryption for data at rest. However, they are unsure of how to securely manage and distribute the symmetric keys to users. Which of the following strategies would you recommend to them?. Use hash functions to distribute the keys. Use HTTPS protocol for secure key transfer. Use digital signatures to encrypt the symmetric keys. Implement the Diffie-Hellman protocol for secure key exchange. You work as a cloud security specialist at SkyNet Solutions. One of your clients is a healthcare organization that plans to migrate its electronic health record (EHR) system to the cloud. This system contains highly sensitive personal and medical data. As part of your job, you need to ensure the security and privacy of this data while it is being transferred and stored in the cloud. You recommend that data should be encrypted during transit and at rest. However, you also need to ensure that even if a cloud service provider(CSP) has access to encrypted data, they should not be able to decrypt it. Which of the following would be the most suitable strategy to meet this requirement?. Use SSL/TLS for data transfer and allow the CSP to manage encryption keys. Utilize the CSP's built-in data encryption services. Use client-side encryption and manage encryption keys independently of the CSP. Rely on network-level encryption protocols for data transfer. You are a cybersecurity professional managing cryptographic systems for a global corporation. The company uses a mix of Elliptic Curve Cryptography (ECC) for key exchange and symmetric encryption algorithms for data encryption. The time complexity of ECC key pair generation is O(n^3), where 'n' is the size of the key. An advanced threat actor group has a quantum computer that can potentially break ECC with a time complexity of O((log n)^2). Given that the ECC key size is 'n=512' and varying symmetric encryption algorithms and key sizes, which scenario would provide the best balance of security and performance?. Data encryption with AES-128: Provides moderate security and fast encryption, offering a balance between the two. Data encryption with AES-256: Provides high security with better performance than 3DES, but not as fast as other AES key sizes. Data encryption with 3DES using a 168-bit key: Offers high security but slower performance due to 3DES's inherent inefficiencies. Data encryption with Blowfish using a 448-bit key: Offers high security but potential compatibility issues due to Blowfish's less widespread use. You are a security analyst for CloudSec, a company providing cloud security solutions. One of your clients, a financial institution, wants to shift its operations to a public cloud while maintaining a high level of security control. They want to ensure that they can monitor all their cloud resources continuously and receive real-time alerts about potential security threats. They also want to enforce their security policies consistently across all cloud workloads. Which of the following solutions would best meet these requirements?. Implement a Virtual Private Network (VPN) for secure data transmission. Deploy a Cloud Access Security Broker (CASB). Use multi-factor authentication for all cloud user accounts. Use client-side encryption for all stored data. Consider a hypothetical situation where an attacker, known for his proficiency in SQL Injection attacks, is targeting your web server. This adversary meticulously crafts 'q' malicious SQL queries, each inducing a delay of 'd' seconds in the server response. This delay in response is an indicator of a potential attack. If the total delay, represented by the product 'q*d', crosses a defined threshold 'T', an alert is activated in your security system. Furthermore, it is observed that the attacker prefers prime numbers for 'q', and 'd' follows a pattern in the Fibonacci sequence. Now, consider 'd=13' seconds (a Fibonacci number) and various values of 'q' (a prime number) and 'T'. Which among the following scenarios will most likely trigger an alert?. q=17, T=220: Even though the attacker increases 'q', the total delay ('q*d' = 221 seconds) just surpasses the threshold, possibly activating an alert. q=13, T=180: In this case, the total delay caused by the attacker ('q*d' = 169 seconds) breaches the threshold, likely leading to the triggering of a security alert. q=11, T=150: Here, the total delay induced by the attacker ('q*d' = 143 seconds) does not surpass the threshold, so the security system remains dormant. q=19, T=260: Despite the attacker's increased effort, the total delay ('q*d' = 247 seconds) does not exceed the threshold, thus no alert is triggered. You are an ethical hacker contracted to conduct a security audit for a company. During the audit, you discover that the company's wireless network is using WEP encryption. You understand the vulnerabilities associated with WEP and plan to recommend a more secure encryption method. Which of the following would you recommend as a suitable replacement to enhance the security of the company's wireless network?. Open System authentication. WPA2-PSK with AES encryption. SSID broadcast disabling. MAC address filtering. You are the lead cybersecurity analyst at a multinational corporation that uses a hybrid encryption system to secure inter-departmental communications. The system uses RSA encryption for key exchange and AES for data encryption, taking advantage of the strengths of both asymmetric and symmetric encryption. Each RSA key pair has a size of 'n' bits, with larger keys providing more security at the cost of slower performance. The time complexity of generating an RSA key pair is O(n^2), and AES encryption has a time complexity of O(n). An attacker has developed a quantum algorithm with time complexity O((log n)^2) to crack RSA encryption. Given 'n=4000' and variable 'AES key size', which scenario is likely to provide the best balance of security and performance?. AES key size=128 bits: This configuration provides less security than option A, but RSA key generation and AES encryption will be faster. AES key size=256 bits: This configuration provides a high level of security, but RSA key generation may be slow. AES key size=192 bits: This configuration is a balance between options A and B, providing moderate security and performance. AES key size=512 bits: This configuration provides the highest level of security but at a significant performance cost due to the large AES key size. An experienced cyber attacker has created a fake LinkedIn profile, successfully impersonating a high-ranking official from a well-established company, to execute a social engineering attack. The attacker then connected with other employees within the organization, receiving invitations to exclusive corporate events and gaining access to proprietary project details shared within the network. What advanced social engineering technique has the attacker primarily used to exploit the system and what is the most likely immediate threat to the organization?. Whaling and Targeted Attacks. Pretexting and Network Vulnerability. Spear Phishing and Spam. Baiting and Involuntary Data Leakage. You are a cybersecurity trainee tasked with securing a small home network. The homeowner is concerned about potential "Wi-Fi eavesdropping," where unauthorized individuals could intercept the wireless communications. What would be the most effective first step to mitigate this risk, considering the simplicity and the residential nature of the network?. Disable the network's SSID broadcast. Enable encryption on the wireless network. Enable MAC address filtering. Reduce the signal strength of the wireless router. A well-resourced attacker intends to launch a highly disruptive DDoS attack against a major online retailer. The attacker aims to exhaust all the network resources while keeping their identity concealed. Their method should be resistant to simple defensive measures such as IP-based blocking. Based on these objectives, which of the following attack strategies would be most effective?. The attacker should instigate a protocol-based SYN flood attack, consuming connection state tables on the retailer's servers. The attacker should leverage a botnet to launch a Pulse Wave attack, sending high-volume traffic pulses at regular intervals. The attacker should initiate a volumetric flood attack using a single compromised machine to overwhelm the retailer's network bandwidth. The attacker should execute a simple ICMP flood attack from a single IP, exploiting the retailer's ICMP processing. A large organization is investigating a possible identity theft case where an attacker has created a new identity by combining multiple pieces of information from different victims to open a new bank account. The attacker also managed to receive government benefits using a fraudulent identity. Given the circumstances, which type of identity theft is the organization dealing with?. Identity Cloning and Concealment. Child Identity Theft. Social Identity Theft. Synthetic Identity Theft. A company recently experienced a debilitating social engineering attack that led to substantial identity theft. An inquiry found that the employee inadvertently provided critical information during an innocuous phone conversation. Considering the specific guidelines issued by the company to thwart social engineering attacks, which countermeasure would have been the most successful in averting the incident?. Conduct comprehensive training sessions for employees on various social engineering methodologies and the risks associated with revealing confidential data. Implement a well-documented change management process for modifications related to hardware or software. Adopt a robust software policy that restricts the installation of unauthorized applications. Reinforce physical security measures to limit access to sensitive zones within the company premises, thereby warding off unauthorized intruders. An ethical hacker has been tasked with assessing the security of a major corporation's network. She suspects the network uses default SNMP community strings. To exploit this, she plans to extract valuable network information using SNMP enumeration. Which tool could best help her to get the information without directly modifying any parameters within the SNMP agent’s management information base (MIB)?. SnmpWalk, with a command to change an OID to a different value. snmp-check (snmp_enum Module) to gather a wide array of information about the target. Nmap, with a script to retrieve all running SNMP processes and associated ports. OpUtils, are mainly designed for device management and not SNMP enumeration. During a recent vulnerability assessment of a major corporation's IT systems, the security team identified several potential risks. They want to use a vulnerability scoring system to quantify and prioritize these vulnerabilities. They decide to use the Common Vulnerability Scoring System (CVSS). Given the characteristics of the identified vulnerabilities, which of the following statements is the most accurate regarding the metric types used by CVSS to measure these vulnerabilities?. Temporal metric represents the inherent qualities of a vulnerability. Base metric represents the inherent qualities of a vulnerability. Temporal metric involves measuring vulnerabilities based on a specific environment or implementation. Environmental metric involves the features that change during the lifetime of the vulnerability. In an advanced digital security scenario, a multinational enterprise is being targeted with a complex series of assaults aimed to disrupt operations, manipulate data integrity, and cause serious financial damage. As the Lead Cybersecurity Analyst with CEH and CISSP certifications, your responsibility is to correctly identify the specific type of attack based on the following indicators: The attacks are exploiting a vulnerability in the target system's hardware, inducing misprediction of future instructions in a program's control flow. The attackers are strategically inducing the victim process to speculatively execute instructions sequences that would not have been executed in the absence of the misprediction, leading to subtle side effects. These side effects, which are observable from the shared state, are then utilized to infer the values of in-flight data. What type of attack best describes this scenario?. Rowhammer Attack. Watering Hole Attack. Side-Channel Attack. Privilege Escalation Attack. In your cybersecurity class, you are learning about common security risks associated with web servers. One topic that comes up is the risk posed by using default server settings. Why is using default settings on a web server considered a security risk, and what would be the best initial step to mitigate this risk?. Default settings allow unlimited login attempts; setup account lockout. Default settings reveal server software type; change these settings. Default settings cause server malfunctions; simplify the settings. Default settings enable auto-updates; disable and manually patch. As a junior security analyst for a small business, you are tasked with setting up the company's first wireless network. The company wants to ensure the network is secure from potential attacks. Given that the company's workforce is relatively small and the need for simplicity in managing network security, which of the following measures would you consider a priority to protect the network?. Hide the network SSID. Enable WPA2 or WPA3 encryption on the wireless router. Implement a MAC address whitelist. Establish a regular schedule for changing the network password. During a reconnaissance mission, an ethical hacker uses Maltego, a popular footprinting tool, to collect information about a target organization. The information includes the target's Internet infrastructure details (domains, DNS names, Netblocks, IP address information). The hacker decides to use social engineering techniques to gain further information. Which of the following would be the least likely method of social engineering to yield beneficial information based on the data collected?. Dumpster diving in the target company's trash bins for valuable printouts. Impersonating an ISP technical support agent to trick the target into providing further network details. Shoulder surfing to observe sensitive credentials input on the target’s computers. Eavesdropping on internal corporate conversations to understand key topics. An organization has been experiencing intrusion attempts despite deploying an Intrusion Detection System (IDS) and Firewalls. As a Certified Ethical Hacker, you are asked to reinforce the intrusion detection process and recommend a better rule-based approach. The IDS uses Snort rules and the new recommended tool should be able to complement it. You suggest using YARA rules with an additional tool for rule generation. Which of the following tools would be the best choice for this purpose and why?. yarGen - Because it generates YARA rules from strings identified in malware files while removing strings that also appear in goodware files. Koodous - Because it combines social networking with antivirus signatures and YARA rules to detect malware. YaraRET - Because it helps in reverse engineering Trojans to generate YARA rules. AutoYara - Because it automates the generation of YARA rules from a set of malicious and benign files. During an ethical hacking engagement, you have been assigned to evaluate the security of a large organization's network. While examining the network traffic, you notice numerous incoming requests on various ports from different locations that show a pattern of an orchestrated attack. Based on your analysis, you deduce that the requests are likely to be automated scripts being run by unskilled hackers. What type of hacker classification does this scenario most likely represent?. Script Kiddies trying to compromise the system using pre-made scripts. Gray Hats testing system vulnerabilities to help vendors improve security. White Hats conducting penetration testing to identify security weaknesses. Black Hats trying to exploit system vulnerabilities for malicious intent. Your company suspects a potential security breach and has hired you as a Certified Ethical Hacker to investigate. You discover evidence of footprinting through search engines and advanced Google hacking techniques. The attacker utilized Google search operators to extract sensitive information. You further notice queries that indicate the use of the Google Hacking Database (CHDB) with an emphasis on VPN footprinting. Which of the following Google advanced search operators would be the LEAST useful in providing the attacker with sensitive VPN-related information?. location: This operator finds information for a specific location. inurl: This operator restricts the results to only the pages containing the specified word in the URL. link: This operator searches websites or pages that contain links to the specified website or page. intitle: This operator restricts results to only the pages containing the specified term in the title. In a recent cyber-attack against a large corporation, an unknown adversary compromised the network and began escalating privileges and lateral movement. The security team identified that the adversary used a sophisticated set of techniques, specifically targeting zero-day vulnerabilities. As a Certified Ethical Hacker (CEH) hired to understand this attack and propose preventive measures, which of the following actions will be most crucial for your initial analysis?. Identifying the specific tools used by the adversary for privilege escalation. Analyzing the initial exploitation methods, the adversary used. Checking the persistence mechanisms used by the adversary in compromised systems. Investigating the data exfiltration methods used by the adversary. As the lead security engineer for a retail corporation, you are assessing the security of the wireless networks in the company's stores. One of your main concerns is the potential for "Wardriving" attacks, where attackers drive around with a Wi-Fi-enabled device to discover vulnerable wireless networks. Given the nature of the retail stores, you need to ensure that any security measures you implement do not interfere with customer experience, such as their ability to access in-store Wi-Fi. Taking into consideration these factors, which of the following would be the most suitable measure to mitigate the risk of Wardriving attacks?. Limit the range of the store's wireless signals. Implement MAC address filtering. Disable SSID broadcasting. Implement WPA3 encryption for the store's Wi-Fi network. A penetration tester was assigned to scan a large network range to find live hosts. The network is known for using strict TCP filtering rules on its firewall, which may obstruct common host discovery techniques. The tester needs a method that can bypass these firewall restrictions and accurately identify live systems. What host discovery technique should the tester use?. ICMP Timestamp Ping Scan. ICMP ECHO Ping Scan. TCP SYN Ping Scan. UDP Ping Scan. As part of a college project, you have set up a web server for hosting your team’s application. Given your interest in cybersecurity, you have taken the lead in securing the server. You are aware that hackers often attempt to exploit server misconfigurations. Which of the following actions would best protect your web server from potential misconfiguration-based attacks?. Regularly backing up server data. Enabling multi-factor authentication for users. Implementing a firewall to filter traffic. Performing regular server configuration audits. In this form of encryption algorithm, every individual block contains 64-bit data, and three keys are used, where each key consists of 56 bits. Which is this encryption algorithm?. IDEA. Triple Data Encryption Standard. AES. MD5 encryption algorithm. Annie, a cloud security engineer, uses the Docker architecture to employ a client/server model in the application she is working on. She utilizes a component that can process API requests and handle various Docker objects, such as containers, volumes, images, and networks. What is the component of the Docker architecture used by Annie in the above scenario?. Docker objects. Docker daemon. Docker client. Docker registries. Gilbert, a web developer, uses a centralized web API to reduce complexity and increase the integrity of updating and changing data. For this purpose, he uses a web service that uses HTTP methods such as PUT, POST, GET, and DELETE and can improve the overall performance, visibility, scalability, reliability, and portability of an application. What is the type of web-service API mentioned in the above scenario?. RESTful API. JSON-RPC. SOAP API. REST API. Dorian is sending a digitally signed email to Poly. With which key is Dorian signing this message and how is Poly validating it?. Dorian is signing the message with his public key, and Poly will verify that the message came from Dorian by using Dorian’s private key. Dorian is signing the message with Poly’s private key, and Poly will verify that the message came from Dorian by using Dorian’s public key. Dorian is signing the message with his private key, and Poly will verify that the message came from Dorian by using Dorian’s public key. Dorian is signing the message with Poly’s public key, and Poly will verify that the message came from Dorian by using Dorian’s public key. Joe turns on his home computer to access personal online banking. When he enters the URL www.bank.com, the website is displayed, but it prompts him to re-enter his credentials as if he has never visited the site before. When he examines the website URL closer, he finds that the site is not secure and the web address appears different. What type of attack he is experiencing?. DHCP spoofing. DoS attack. ARP cache poisoning. DNS hijacking. Boney, a professional hacker, targets an organization for financial benefits. He performs an attack by sending his session ID using an MITM attack technique. Boney first obtains a valid session ID by logging into a service and later feeds the same session ID to the target employee. The session ID links the target employee to Boney’s account page without disclosing any information to the victim. When the target employee clicks on the link, all the sensitive payment details entered in a form are linked to Boney’s account. What is the attack performed by Boney in the above scenario?. Forbidden attack. CRIME attack. Session donation attack. Session fixation attack. There are multiple cloud deployment options depending on how isolated a customer’s resources are from those of other customers. Shared environments share the costs and allow each customer to enjoy lower operations expenses. One solution is for a customer to join with a group of users or organizations to share a cloud environment. What is this cloud deployment option called?. Private. Community. Public. Hybrid. Clark, a professional hacker, was hired by an organization to gather sensitive information about its competitors surreptitiously. Clark gathers the server IP address of the target organization using Whois footprinting. Further, he entered the server IP address as an input to an online tool to retrieve information such as the network range of the target organization and to identify the network topology and operating system used in the network. What is the online tool employed by Clark in the above scenario?. DuckDuckGo. AOL. ARIN. Baidu. Widespread fraud at Enron, WorldCom, and Tyco led to the creation of a law that was designed to improve the accuracy and accountability of corporate disclosures. It covers accounting firms and third parties that provide financial services to some organizations and came into effect in 2002. This law is known by what acronym?. SOX. FedRAMP. HIPAA. PCI DSS. This form of encryption algorithm is a symmetric key block cipher that is characterized by a 128-bit block size, and its key size can be up to 256 bits. Which among the following is this encryption algorithm?. HMAC encryption algorithm. Twofish encryption algorithm. IDEA. Blowfish encryption algorithm. While testing a web application in development, you notice that the web server does not properly ignore the “dot dot slash” (../) character string and instead returns the file listing of a folder higher up in the folder structure of the server. What kind of attack is possible in this scenario?. Cross-site scripting. SQL injection. Denial of service. Directory traversal. Your company was hired by a small healthcare provider to perform a technical assessment on the network. What is the best approach for discovering vulnerabilities on a Windows-based computer?. Use the built-in Windows Update tool. Use a scan tool like Nessus. Check MITRE.org for the latest list of CVE findings. Create a disk image of a clean Windows installation. What firewall evasion scanning technique make use of a zombie system that has low network activity as well as its fragment identification numbers?. Packet fragmentation scanning. Spoof source address scanning. Decoy scanning. Idle scanning. David is a security professional working in an organization, and he is implementing a vulnerability management program in the organization to evaluate and control the risks and vulnerabilities in its IT infrastructure. He is currently executing the process of applying fixes on vulnerable systems to reduce the impact and severity of vulnerabilities. Which phase of the vulnerability-management life cycle is David currently in?. Remediation. Verification. Risk assessment. Vulnerability scan. Judy created a forum. One day, she discovers that a user is posting strange images without writing comments. She immediately calls a security expert, who discovers that the following code is hidden behind those images: What issue occurred for the users who clicked on the image?. This php file silently executes the code and grabs the user’s session cookie and session ID. The code redirects the user to another site. The code injects a new cookie to the browser. The code is a virus that is attempting to gather the user’s username and password. Jason, an attacker, targeted an organization to perform an attack on its Internetfacing web server with the intention of gaining access to backend servers, which are protected by a firewall. In this process, he used a URL https://xyz.com/ feed.php?url=externalsite.com/feed/to to obtain a remote feed and altered the URL input to the local host to view all the local resources on the target server. What is the type of attack Jason performed in the above scenario?. Web server misconfiguration. Server-side request forgery (SSRF) attack. Web cache poisoning attack. Website defacement. Mike, a security engineer, was recently hired by BigFox Ltd. The company recently experienced disastrous DoS attacks. The management had instructed Mike to build defensive strategies for the company's IT infrastructure to thwart DoS/DDoS attacks. Mike deployed some countermeasures to handle jamming and scrambling attacks. What is the countermeasure Mike applied to defend against jamming and scrambling attacks?. Allow the transmission of all types of addressed packets at the ISP level. Disable TCP SYN cookie protection. Allow the usage of functions such as gets and strcpy. Implement cognitive radios in the physical layer. Lewis, a professional hacker, targeted the IoT cameras and devices used by a target venture-capital firm. He used an information-gathering tool to collect information about the IoT devices connected to a network, open ports and services, and the attack surface area. Using this tool, he also generated statistical reports on broad usage patterns and trends. This tool helped Lewis continually monitor every reachable server and device on the Internet, further allowing him to exploit these devices in the network. Which of the following tools was employed by Lewis in the above scenario?. NeuVector. Lacework. Censys. Wapiti. What would be the fastest way to perform content enumeration on a given web server by using the Gobuster tool?. Performing content enumeration using the bruteforce mode and 10 threads. Performing content enumeration using the bruteforce mode and random file extensions. Skipping SSL certificate verification. Performing content enumeration using a wordlist. Garry is a network administrator in an organization. He uses SNMP to manage networked devices from a remote location. To manage nodes in the network, he uses MIB, which contains formal descriptions of all network objects managed by SNMP. He accesses the contents of MIB by using a web browser either by entering the IP address and Lseries.mib or by entering the DNS library name and Lseries.mib. He is currently retrieving information from an MIB that contains object types for workstations and server services. Which of the following types of MIB is accessed by Garry in the above scenario?. LNMIB2.MIB. DHCP.MIB. MIB_II.MIB. WINS.MIB. Alice needs to send a confidential document to her coworker, Bryan. Their company has public key infrastructure set up. Therefore, Alice both encrypts the message and digitally signs it. Alice uses _______________ to encrypt the message, and Bryan uses _______________ to confirm the digital signature. Bryan’s public key; Bryan’s public key. Alice’s public key; Alice’s public key. Bryan’s private key; Alice’s public key. Bryan’s public key; Alice’s public key. Hackers often raise the trust level of a phishing message by modeling the email to look similar to the internal email used by the target company. This includes using logos, formatting, and names of the target company. The phishing message will often use the name of the company CEO, President, or Managers. The time a hacker spends performing research to locate this information about a company is known as?. Exploration. Investigation. Reconnaissance. Enumeration. During the enumeration phase, Lawrence performs banner grabbing to obtain information such as OS details and versions of services running. The service that he enumerated runs directly on TCP port 445. Which of the following services is enumerated by Lawrence in this scenario?. Remote procedure call (RPC). Telnet. Server Message Block (SMB). Network File System (NFS). Which file is a rich target to discover the structure of a website during webserver footprinting?. domain.txt. Robots.txt. Document root. index.html. John, a professional hacker, decided to use DNS to perform data exfiltration on a target network. In this process, he embedded malicious data into the DNS protocol packets that even DNSSEC cannot detect. Using this technique, John successfully injected malware to bypass a firewall and maintained communication with the victim machine and C&C server. What is the technique employed by John to bypass the firewall?. DNSSEC zone walking. DNS cache snooping. DNS enumeration. DNS tunneling method. You are a cybersecurity specialist at CloudTech Inc., a company providing cloudbased services. You are managing a project for a client who wants to migrate their sensitive data to a public cloud service. To comply with regulatory requirements, the client insists on maintaining full control over the encryption keys even when the data is at rest on the cloud. Which of the following practices should you implement to meet this requirement?. Encrypt data client-side before uploading to the cloud and retain control of the encryption keys. Use the cloud service provider's encryption services but store keys on-premises. Use the cloud service provider's default encryption and key management services. Rely on Secure Sockets Layer (SSL) encryption for data at rest. In an advanced persistent threat scenario, an adversary follows a detailed set of procedures in the cyber kill chain. During one such instance, the adversary has successfully gained access to a corporate network and now attempts to obfuscate malicious traffic within legitimate network traffic. Which of the following actions would most likely be part of the adversary's current procedures?. Employing data staging techniques to collect and aggregate sensitive data. Initiating DNS tunneling to communicate with the command-and-control server. Establishing a command-and-control server to communicate with compromised systems. Conducting internal reconnaissance using PowerShell scripts. The security team of Debry Inc. decided to upgrade Wi-Fi security to thwart attacks such as dictionary attacks and key recovery attacks. For this purpose, the security team started implementing cutting-edge technology that uses a modern key establishment protocol called the simultaneous authentication of equals (SAE), also known as dragonfly key exchange, which replaces the PSK concept. What is the Wi-Fi encryption technology implemented by Debry Inc.?. WPA. WEP. WPA3. WPA2. A security analyst uses Zenmap to perform an ICMP timestamp ping scan to acquire information related to the current time from the target host machine. Which of the following Zenmap options must the analyst use to perform the ICMP timestamp ping scan?. -Pn. -PU. -PP. -PY. An attacker decided to crack the passwords used by industrial control systems. In this process, he employed a loop strategy to recover these passwords. He used one character at a time to check whether the first character entered is correct; if so, he continued the loop for consecutive characters. If not, he terminated the loop. Furthermore, the attacker checked how much time the device took to finish one complete password authentication process, through which he deduced how many characters entered are correct. What is the attack technique employed by the attacker to crack the passwords of the industrial control systems?. Buffer overflow attack. Side-channel attack. Denial-of-service attack. HMI-based attack. Given below are different steps involved in the vulnerability-management life cycle. 1) Remediation 2) Identify assets and create a baseline 3) Verification 4) Monitor 5) Vulnerability scan 6) Risk assessment Identify the correct sequence of steps involved in vulnerability management. 2 → 5 → 6 → 1 → 3 → 4. 2 → 4 → 5 → 3 → 6 → 1. 2 → 1 → 5 → 6 → 4 → 3. 1 → 2 → 3 → 4 → 5 → 6. Which type of attack attempts to overflow the content-addressable memory (CAM) table in an Ethernet switch?. DDoS attack. Evil twin attack. DNS cache flooding. MAC flooding. What is the following command used for?. Retrieving SQL statements being executed on the database. Creating backdoors using SQL injection. Enumerating the databases in the DBMS for the URL. Searching database statements at the IP address given. Jane is working as a security professional at CyberSol Inc. She was tasked with ensuring the authentication and integrity of messages being transmitted in the corporate network. To encrypt the messages, she implemented a security model in which every user in the network maintains a ring of public keys. In this model, a user needs to encrypt a message using the receiver’s public key, and only the receiver can decrypt the message using their private key. What is the security model implemented by Jane to secure corporate messages?. Zero trust network. Secure Socket Layer(SSL). Transport Layer Security(TLS). Web of trust (WOT). Clark, a professional hacker, attempted to perform a Btlejacking attack using an automated tool, BtleJack, and hardware tool, micro:bit. This attack allowed Clark to hijack, read, and export sensitive information shared between connected devices. To perform this attack, Clark executed various btlejack commands. Which of the following commands was used by Clark to hijack the connections?. btlejack -f 0x9c68fd30 -t -m 0x1fffffffff. btlejack -c any. btlejack -d /dev/ttyACM0 -d /dev/ttyACM2 -s. btlejack -f 0x129f3244 -j. John, a professional hacker, targeted CyberSol Inc., an MNC. He decided to discover the IoT devices connected in the target network that are using default credentials and are vulnerable to various hijacking attacks. For this purpose, he used an automated tool to scan the target network for specific types of IoT devices and detect whether they are using the default, factory-set credentials. What is the tool employed by John in the above scenario?. IoT Inspector. AT&T IoT Platform. IoTSeeker. Azure IoT Central. To hide the file on a Linux system, you have to start the filename with a specific character. What is the character?. Tilde (~). Underscore (_). Period (.). Exclamation mark (!). George, an employee of an organization, is attempting to access restricted websites from an official computer. For this purpose, he used an anonymizer that masked his real IP address and ensured complete and continuous anonymity for all his online activities. Which of the following anonymizers helps George hide his activities?. https://www.baidu.com. https://www.guardster.com. https://www.wolframalpha.com. https://karmadecay.com. Jake, a professional hacker, installed spyware on a target iPhone to spy on the target user’s activities. He can take complete control of the target mobile device by jailbreaking the device remotely and record audio, capture screenshots, and monitor all phone calls and SMS messages. What is the type of spyware that Jake used to infect the target device?. DroidSheep. Androrat. Trident. Zscaler. Kevin, an encryption specialist, implemented a technique that enhances the security of keys used for encryption and authentication. Using this technique, Kevin input an initial key to an algorithm that generated an enhanced key that is resistant to brute-force attacks. What is the technique employed by Kevin to improve the security of encryption keys?. Key stretching. Public key infrastructure. Key derivation function. Key reinstallation. Robert, a professional hacker, is attempting to execute a fault injection attack on a target IoT device. In this process, he injects faults into the power supply that can be used for remote execution, also causing the skipping of key instructions. He also injects faults into the clock network used for delivering a synchronized signal across the chip. Which of the following types of fault injection attack is performed by Robert in the above scenario?. Frequency/voltage tampering. Optical, electromagnetic fault injection (EMFI). Temperature attack. Power/clock/reset glitching. Kate dropped her phone and subsequently encountered an issue with the phone's internal speaker. Thus, she is using the phone's loudspeaker for phone calls and other activities. Bob, an attacker, takes advantage of this vulnerability and secretly exploits the hardware of Kate's phone so that he can monitor the loudspeaker's output from data sources such as voice assistants, multimedia messages, and audio files by using a malicious app to breach speech privacy. What is the type of attack Bob performed on Kate in the above scenario?. SIM card attack. aLTEr attack. Spearphone attack. Man-in-the-disk attack. |





