CEH Round 2

Question 1

What cryptography attack is usually performed without the use of a computer?

Answer 1

Rubber hose attack

Question 2

Attacker sniffs encrypted traffic from the network and is able to decrypt it. What cryptanalytic technique can the attacker use now to discover the encryption key?

Answer 2

chosen ciphertext attack

Question 3

Attacker has captured a target file that is encrypted with public key cryptography. What attack is likely to be used to crack the target file?

Answer 3

chosen plain text attack

Question 4

What cryptanalysis is applicable to symmetric key algorithms?

Answer 4

Differential cryptanalysis

Question 5

In what attack, can an attacker obtain ciphertexts encrypted under two different keys and gather plaintext and matching ciphertext?

Answer 5

Related-key attack

Question 6

Attacker breaks an n bit key cipher into 2 n/2 number of operations in order to recover the key. What is the cryptography attack?

Answer 6

Chosen-key attack

Question 7

What is a physical attack that is performed on a cryptographic device/cryptosystem to gain sensitive information?

Answer 7

Side channel attack

Question 8

What attack mainly affects any hardware/software using an ANSI X9.31 random number generator (RNG)?

Answer 8

DUHK attack

Question 9

What cryptographic algorithm uses multiple keys for encryption?

Answer 9

Meet-in-the-middle Attack

Question 10

What contains a public key and the identity of the owner and the corresponding private key

Answer 10

Signed certificates

Question 11

A person wants to send encrypted email from home and not pay any license fees. What should you recommend?

Answer 11

Pretty Good Privacy (PGP)

Question 12

What element of PKI verifies the applicant?

Answer 12

Registration Authority

Question 13

SDLC, Binary Analysis, Scanners, Web App Firewalls, Transactional Sec - are all at what layer of the cloud security control model?

Answer 13

Application

Question 14

NIDS/NIPS, firewalls, DPI, Anti-DDoS, QoS, DNSSEC, and OAuth are at what layer of the cloud security control model?

Answer 14

Network Layer

Question 15

DLP, CMF, Database activity monitoring and encryption are at what layer of cloud security control?

Answer 15

Information Layer

Question 16

What mechanism should be incorporated into cloud services to facilitate networks and resources to improve the response time of a job with maximum throughput?

Answer 16

Load Balancing

Question 17

What categories of security controls strengthens the system against incidents by minimizing or eliminating vulnerabilities?

Answer 17

Preventative Controls

Question 18

What is an example of a detective security control?

Answer 18

Employing IDS and IPS

Question 19

What cloud security control layer does DNSSEC, OAuth operate?

Answer 19

Network Layers

Question 20

What is not a legitimate cloud computing attack?

Answer 20

Port Scanning

Question 21

What is it called when an attacker try to control operations of other cloud customers to gain illegal access to the data?

Answer 21

Isolation Failure

Question 22

What threat occurs when an attacker creates anonymous access to the cloud services to carry out various attacks such as password and key cracking, hosting malicious data, and DDoS attack?

Answer 22

Abuse and nefarious use of cloud services

Question 23

What weakness is caused when a mistake in the access allocation system causes a customer third party, or employee to get more access rights than needed?

Answer 23

privilege escalation

Question 24

What attack occurs when an attacker steals a CSP’s or client’s credentials by methods such as phishing, pharming, social engineering, and exploitation of software vulnerabilites?

Answer 24

Service Hijacking Using Social Engineering Attacks

Question 25

What attack occurs when an attacker runs a virtual machine on the same physical host as the victim’s virtual machine and takes advantage of shared physical resources (processor cahce) to steal data (cryptographic key) from the victim?

Answer 25

Side Channel Attack

Question 26

What attack occurs when an attacker rides an active computer session by sending an email or tricking the user into visiting a malicious web page while they are logged into the targeted site?

Answer 26

Session Hijacking Using Session Riding

Question 27

What is not a type of DNS attack?

Answer 27

Session Hijacking

Question 28

What is not a type of side-channel attack?

Answer 28

Cybersquatting

Question 29

In what attack does an attacker diver a user to a spoofed website by poisoning the DNS server or the DNS cache on the user’s system?

Answer 29

DNS Poisoning

Question 30

XYZ wants to perform a root cause anaysis and discover if any data was exfiltrated and if so, what type of information did it contain? How would XYZ inc find out this information?

Answer 30

Cloud Forensics

Question 31

You are a security engineer for XYZ Corp. You are looking for a cloud-based e-mail provider to migrate the company’s legacy on-premise e-mail system to. What type of cloud service model will the new e-mail system be running on?

Answer 31

SaaS

Question 32

You are a security engineer for a cloud-based startup, XYZ Partners LLC, and they would like you to choose the best platform to run their environment from. The company stores sensitive PII and must be SOC 2 compliant. They would like to run their Windows server VMs and directory services from the cloud. Which of the following services and deployment models would meet the company’s requirements?

Answer 32

IaaS and Private

Question 33

What type of cloud computing services provides virtual machines and other abstracted hardware and operating systems (OSs) which may be controlled through a service API?

Answer 33

IaaS

Question 34

In what cloud deployment models does the provider make services such as applications, servers, and data storage available to the public over the Internet?

Answer 34

Public Cloud

Question 35

What is not a characteristic of virtualization in cloud computing technology?

Answer 35

Storage

Question 36

Which type of virtualization is used in increasing space utilization and reducing the hardware maintenance cost?

Answer 36

Server Virtualization

Question 37

In order to protect a device against insecure network services vulnerability, what solution should be implemented?

Answer 37

Disable UPnP

Question 38

What TCP/UDP port is used by the infected devices to spread malicious files to other devices in the network?

Answer 38

Port 48101

Question 39

What is a security consideration for the gateway component of IoT architecture?

Answer 39

Multi-directional encrypted communications, strong authentication of all the components, automatic updates

Question 40

In order to prevent an illegitimate user from performing a brute force attack, what security mechanism should be implemented to the accounts?

Answer 40

lockout mechanism

Question 41

What can be used to protect private data and home networks while preventing unauthorized access using PKI-based security solutions for IoT devices?

Answer 41

DigiCert IoT Security Solution

Question 42

Encrypted communications, strong authentication credentials, secure web interface, encrypted storage, and automatic updates are the security considerations for which of the following components?

Answer 42

Cloud Platform

Question 43

Secure update server, verify updates before installation, and sign updates are the solutions for what IoT device vulnerabilities?

Answer 43

Insecure Software / Firmware

Question 44

An attacker can perform attacks such as CSRF, SQLi, and XSS attack by exploiting which of the following IoT device vulnerability?

Answer 44

Insecure web interface

Question 45

Proper communication and storage encryption, no default credentials, strong passwords, and up-to-date components are the security considerations for which of the following component?

Answer 45

Edge

Question 46

What tool offers SaaS technology and assists in operating IoT products in a reliable, scalable, and secure manner?

Answer 46

SeaCat.io

Question 47

Second phase in IoT device hacking?

Answer 47

Vulnerability Scanning

Question 48

If an attacker wants to gather information such as IP address, hostname, ISP, device’s location, and the banner of the target IoT device, which of the following tools should he use to do so?

Answer 48

Shodan

Question 49

Which of the following tools can an attacker use to gather information such as open ports and services of IoT devices connected to the network?

Answer 49

Nmap

Question 50

What tool is used to perform a rolling code attack by obtaining the rolling code?

Answer 50

RF crack

Question 51

What tool can perform BlueBorne or airborne attacks such as replay, fuzzing, and jamming?

Answer 51

HackRF one

Question 52

If an attacker wants to reconstruct malicious firmware from a legitimate firmware in order to maintain access to the victim device, which of the following tools can he use to do so?

Answer 52

Firmware Mod Kit

Question 53

If an attacker wants to gather information such as IP address, hostname, ISP, device’s location, and the banner of the target IoT device, which of the following types of tools can he use to do so?

Answer 53

Information Gathering Tools

Question 54

What tool can be used to find buffer overflow vulnerabilities present in the system?

Answer 54

beSTORM

Question 55

What RFCrack command is used by an attacker to perform jamming?

Answer 55

python RFCrack.py -j -F 314000000

Question 56

IoT vulnerability that gives rise to issues such as weak credentials, lack of account lockout mechanism, and account enumeration?

Answer 56

Insecure web interface

Question 57

attack where an attacker uses multiple forged identities to create a strong illusion of traffic congestion, affecting communication between neighboring nodes and networks?

Answer 57

Sybil

Question 58

Attack where attacker uses a malicious script to exploit poorly patched vulnerabilities in an IoT device?

Answer 58

Exploit Kits

Question 59

What component in IoT is used to send some unwanted commands in order to trigger some events which are not planned?

Answer 59

Fake Server

Question 60

Attack where attacker intercepts legitimate messages from a valid communication and continuously send the intercepted message to the target device to crash the target device?

Answer 60

Replay Attack

Question 61

Nmap command used to identify IPv6 capabilities of an IoT device?

Answer 61

nmap -6 -n -Pn -sSU -pT:0-65535,U:0-65535 -v -A -oX

Question 62

IoT technology that bridges the gap between the IoT device and the end user?

Answer 62

IoT gateway

Question 63

IoT technology that collects data that undergoes data analysis, from the gateway?

Answer 63

cloud server/data storage

Question 64

What IoT architecture layer consists of all the hardware parts like sensors, RFID tags, readers or other soft sensors, and the device itself

Answer 64

Edge technology layer

Question 65

What IoT architecture layer carries out communication between two end points such as device-to-device, device-to-cloud, device-to-gateway, and back-end data-sharing?

Answer 65

Internet Layer

Question 66

What IoT devices is included in the buildings service sector?

Answer 66

HVAC, transport, fire and safety, lighting, security, access, etc.

Question 67

What protocol is a type of short-range wireless communication?

Answer 67

ZigBee

Question 68

What protocol uses magnetic field introduction to enable communication between two electronic devices?

Answer 68

Near Field Communication

Question 69

Communication model where the IoT devices use protocols such as ZigBee, Z-Wave or Bluetooth, to interact with each other?

Answer 69

Device-to-Device

Question 70

Communication model where the IoT devices communicate with the cloud service through gateways?

Answer 70

Device-to-gateway communication model

Question 71

Short range wireless communication protocol used for home automation that allows devices to communicate with each other on local wireless LAN?

Answer 71

Threat

Question 72

What is not a feature of Mobile Device Management?

Answer 72

Sharing confidential data among devices and networks

Question 73

What is a Mobile Device Management Software?

Answer 73

XenMobile

Question 74

If you are responsible for securing a network from any type of attack and if you have found that one of your employees is able to access any website that may lead to clickjacking, attacks, what would you do to avoid the attacks?

Answer 74

Harden browser permission rules

Question 75

In order to avoid data loss from a Mobile device, what Mobile Device Management security measures should you consider?

Answer 75

Perform periodic backup and synchronization

Question 76

What is not a countermeasure for phishing attacks?

Answer 76

Disable the “block texts from the internet” feature from your provider

Question 77

What refers to a policy allowing an employee to bring his or her personal devices such as laptops, smartphones, and tablets to the workplace and using them for accessing the organization’s resources as per their access privileges?

Answer 77

BYOD

Question 78

What can pose a risk to mobile platform security?

Answer 78

Connecting two separate networks such as Wi-Fi and Bluetooth simultaneously

Question 79

What browser applications encrypts your Internet traffic and then hides it by bouncing through a series of computers around the world?

Answer 79

ORBOT

Question 80

What application allows attackers to identify the target devices and block the access of Wi-Fi to the victim devices in a network?

Answer 80

NetCut

Question 81

What mobile application is used to perform Denial-of-Service Attacks?

Answer 81

Low Orbit Ion Cannon

Question 82

What Jailbreaking techniques will make the mobile device jailbroken after each reboot?

Answer 82

Untethered Jailbreaking

Question 83

What tool is not used for iOS Jailbreaking?

Answer 83

Unrevoked

Question 84

What process is supposed to install a modified set of kernel patches that allows users to run third-party applications not signed by the OS vendor?

Answer 84

Jailbreaking

Question 85

What statement is not true for securing iOS devices?

Answer 85

Disable Jailbreak detection

Question 86

What technique helps protect mobile systems and users by limiting the resources the mobile application can access on the mobile platform?

Answer 86

Sandbox

Question 87

What attack can be performed by Spam messages?

Answer 87

Phishing

Question 88

What Bluetooth attacks enables an attacker to gain remote access to the victims mobile and use its features without the victim’s knowledge or consent?

Answer 88

Bluebugging

Question 89

If an attacker is able to access the email contact list, text messages, photos, etc. on your mobile device, then what type of attack did the attacker employ?

Answer 89

Bluesnarfing

Question 90

What is not a mobile platform risk?

Answer 90

Sandboxing

Question 91

When Jason installed a malicious application on his mobile, the application modified the content in other applications on Jason’s mobile phone. What process did the malicious application perform?

Answer 91

Data Tampering

Question 92

Mark is working as a penetration tester in InfoSEC, Inc. One day, he notices that the traffic on the internal wireless router suddenly increases by more than 50%. He knows that the company is using a wireless 802.11 a/b/g/n/ac network. He decided to capture live packets and browse the traffic to investigate the issue to find out the actual cause. Which tool should Mark use to monitor the wireless network?

Answer 92

CommView for WiFi

Question 93

Andrew, a professional penetration tester, was hired by ABC Security, Inc., a small IT-based firm in the United States to conduct a test of the company’s wireless network. During the information-gathering process, Andrew discovers that the company is using the 802.11 g wireless standard. Using the NetSurveyor Wi-Fi network discovery tool, Andrew starts gathering information about wireless APs. After trying several times, he is not able to detect a single AP. What do you think is the reason behind this?

Answer 93

SSID broadcast feature must be disabled, so APs cannot be detected.

Question 94

What countermeasure helps in defending against KRACK attack?

Answer 94

Turn On auto-updates for all the wireless devices and patch the device firmware

Question 95

What device is used to analyze and monitor the RF spectrum?

Answer 95

WIDS

Question 96

What layer of wireless security does per frame/packet authentication provide protection against MITM attacks?

Answer 96

Connection Security

Question 97

What countermeasure helps in defending against WPA/WPA2 cracking?

Answer 97

Select a random passphrase that is not made up of dictionary words

Question 98

What countermeasure helps in defending against Bluetooth hacking?

Answer 98

Use non-regular patterns as PIN keys while pairing a device. Use those key combinations that are non-sequential on the keypad.

Question 99

What technique is used to detect rogue APs?

Answer 99

RF scanning

Question 100

What technique is used by network management software to detect rogue APs?

Answer 100

Wired side inputs

Question 101

What is to be used to keep certain default wireless messages from broadcasting the ID to everyone?

Answer 101

SSID Cloaking

Question 102

What Bluetooth attack allows attacker to gain remote access to a target Bluetooth-enabled device without the victim being aware of it?

Answer 102

Bluebugging

Question 103

Thomas is a cyber thief trying to hack Bluetooth-enabled devices at public places. He decided to hack Bluetooth-enabled devices by using a DoS attack. He started sending an oversized ping packet to a victim’s device, causing a buffer overflow and finally succeeded. What type of Bluetooth device attack is Thomas most likely performing?

Answer 103

Bluesmacking

Question 104

What bluetooth mode filters out non-matched IACs and reveals itself only to those that matched?

Answer 104

Limited discoverable

Question 105

What term is used to describe an attack in which an attacker gains remote access to a target Bluetooth-enabled device without the victim being aware of it?

Answer 105

Bluebugging

Question 106

What protocol is used by BlueJacking to send anonymous messages to other Bluetooth-equipped devices?

Answer 106

OBEX

Question 107

An attacker collects the make and model of target Bluetooth-enabled devices analyzes them in an attempt to find out whether the devices are in the range of vulnerability to exploit. Identify which type of attack is performed on Bluetooth devices.

Answer 107

Blueprinting

Question 108

What attack does the attacker exploit the vulnerability in the Object Exchange (OBEX) protocol that Bluetooth uses to exchange information?

Answer 108

Bluesnarfing

Question 109

In which type of bluetooth threat does an attacker trick Bluetooth users to lower security or disable authentication for Bluetooth connections in order to pair with them and steal information?

Answer 109

Social Engineering

Question 110

A large company intends to use Blackberry for corporate mobile phones and a security analyst is assigned to evaluate the possible threats. The analyst will use the Blackjacking attack method to demonstrate how an attacker could circumvent perimeter defenses and gain access to the corporate network. What tool should the analyst use to perform a Blackjacking attack?

Answer 110

BBProxy

Question 111

What is the art of collecting information about Bluetooth enabled devices such as manufacturer, device model and firmware version.

Answer 111

Blueprinting

Question 112

There is a WEP encrypted wireless AP with no clients connected. In order to crack the WEP key, a fake authentication needs to be performed. Which of the following steps need to be performed by the attacker for generating fake authentication?

Answer 112

Ensure association of source MAC address with the AP

Question 113

What attack involves exploiting the CSMA/CA Clear Channel Assessment (CCA) mechanism to make a channel appear busy?

Answer 113

Denial-of-Service

Question 114

John is a pen tester working with an information security consultant based in Paris. As part of a penetration testing assignment, he was asked to perform wireless penetration testing for a large MNC. John knows that the company provides free Wi-Fi access to its employees on the company premises. He sets up a rogue wireless access point with the same SSID as that of the company’s Wi-Fi network just outside the company premises. He sets up this rogue access point using the tools that he has and hopes that the employees might connect to it. What type of wireless confidentiality attack is John trying to do?

Answer 114

Evil Twin AP

Question 115

This application is a Wi-Fi security tool for mobile devices, It works on both Root and Non-root devices, and it can prevent ARP spoofing attacks such as MITM attacks, which are used by some applications such as WifiKill, dSploit, and sniffers.

Answer 115

WiFiGuard

Question 116

Steven, a wireless network administrator, has just finished setting up his company’s wireless network. He has enabled various security features such as changing the default SSID and enabling strong encryption on the company’s wireless router. Steven decides to test the wireless network for confidentiality attacks to check whether an attacker can intercept information sent over wireless associations, whether sent in clear text or encrypted by Wi-Fi protocols. As a part of testing, he tries to capture and decode unprotected application traffic to obtain potentially sensitive information using hardware or software tools such as Ettercap, Kismet, Wireshark, etc. What type of wireless confidentiality attack is Steven trying to do?

Answer 116

Eavesdropping

Question 117

Kenneth, a professional penetration tester, was hired by the XYZ Company to conduct wireless network penetration testing. Kenneth proceeds with the standard steps of wireless penetration testing. He tries to collect lots of initialization vectors (IVs) using the injection method to crack the WEP key. He uses the aircrack-ng tool to capture the IVs from a specific AP. Which of the following aircrack-ng commands will help Kenneth to do this?

Answer 117

airodump-ng -c 9 – bssid 00:14:6C:7E:40:80 -w output ath0

Question 118

Which of the following Wi-Fi discovery tools facilitates detection of Wireless LANs using the 802.11a/b/g WLAN standards and is commonly used for wardriving, verifying network configurations, finding locations with poor coverage and detecting rouge APs?

Answer 118

NetStumbler

Question 119

What protocol encapsulates the EAP within an encrypted and authenticated Transport Layer Security (TLS) tunnel?

Answer 119

PEAP

Question 120

What consists of 40/104 bit Encryption Key length

Answer 120

WEP

Question 121

What is a standard for Wireless Local Area Networks (WLANs) that provides improved encryption for networks that use 802.11a, 802.11b, and 802.11g standards?

Answer 121

802.11i

Question 122

In what do the station and access point use the same WEP key to provide authentication, which means that this key should be enabled and configured manually on both the access point and the client?

Answer 122

Shared key authentication process

Question 123

What is considered as a token to identify a 802.11 (Wi-Fi) network (by default it is the part of the frame header sent over a wireless local area network (WLAN))?

Answer 123

SSID

Question 124

What network is used for very long-distance communication?

Answer 124

WiMax

Question 125

What is considered as the method of transmitting radio signals by rapidly switching a carrier among many frequency channels?

Answer 125

Frequency-hopping Spread Spectrum (FHSS)

Question 126

What is the original data signal multiplied with a pseudo random noise spreading code?

Answer 126

Direct-sequence Spread Spectrum (DSSS)

Question 127

Snort rule to detect SQL injection attacks?

Answer 127

alert tcp $EXTERNAL_NET any -> 172.16.66.23 443 (msg:”“SQL Injection attempt on Finance Dept. webserver””; flow:to_server,estahlished; uricontent:”“.pl”“;pcre:””/(\%27)|(')|(--)|(%23)|(#)/i””; classtype:Web-application-attack; sid:9099; rev:5;) rule SQLiTester {

Question 128

Why are Web Applications vulnerable to SQL injection attacks?

Answer 128

Error messages reveal important information

Question 129

What tool is used for detecting SQL injection attacks?

Answer 129

IBM Security AppScan

Question 130

What tool provides automated web application security testing with innovative technologies including DeepScan and AcuSensor technology?

Answer 130

Acunetix web vulnerability scanner

Question 131

What tool is used to build rules that aim to detect SQL injection attacks?

Answer 131

Snort

Question 132

What countermeasure prevents buffer overruns?

Answer 132

Test the size and data type of the input and enforce appropriate limits

Question 133

Robert is a user with a privileged account and he is capable of connecting to the database. Rock wants to exploit Robert’s privilege account. How can he do that?

Answer 133

Access the database and perform malicious activities at the OS level

Question 134

What command has to be disabled to prevent exploitation at the OS level?

Answer 134

xp_cmdshell

Question 135

What is a Snort rule that is used to detect and block SQL injection attack?

Answer 135

/(\%27)|(')|(--)|(\%23)|(#)/ix

Question 136

During a penetration test, a tester finds a target that is running MS SQL 2000 with default credentials. The tester assumes that the service is running with a local system account. How can this weakness be exploited to access the system?

Answer 136

Invoking the stored procedure xp_cmdshell to spawn a Windows command shell

Question 137

What tool is used to automate SQL injections and exploit a database by forcing a given web application to connect to another database controlled by a hacker?

Answer 137

DataThief

Question 138

A tester has been hired to perform source code review of a web application to detect SQL injection vulnerabilities. As part of the testing process, he needs to get all the information about the project from the development team. During the discussion with the development team, he comes to know that the project is in the initial stage of the development cycle. As per the above scenario, which of the following processes does the tester need to follow in order to save the company’s time and money?

Answer 138

The tester needs to perform static code analysis as it covers the structural and statement coverage testing

Question 139

Robert, a penetration tester is trying to perform SQL penetration testing on the SQL database of the company to discover coding errors and security loopholes. Robert sends massive amounts of random data to the SQL database through the web application in order to crash the web application of the company. After observing the changes in the output, he comes to know that web application is vulnerable to SQL injection attacks. Which of the following testing techniques is Robert using to find out the loopholes?

Answer 139

Fuzzing Testing

Question 140

David, a penetration tester, was asked to check the MySQL database of the company for SQL injection attacks. He decided to check the back end database for a double blind SQL injection attack. He knows that double blind SQL injection exploitation is performed based on an analysis of time delays and he needs to use some functions to process the time delays. David wanted to use a function which does not use the processor resources of the server. Which of the following function David need to use?

Answer 140

sleep()

Question 141

Michel, a professional hacker, is trying to perform time-based blind SQL injection attacks on the MySQL backend database of RadioTV Inc. He decided to use an SQL injection tool to perform this attack. Michel surfed the Internet and finally found a tool which has the following features:
Sends heavy queries to the target database to perform a Time-Based Blind SQL Injection attack.
Database Schema extraction from SQL Server, Oracle and MySQL.
Data extraction from Microsoft Access 97/2000/2003/2007 databases.
Parameter Injection using HTTP GET or POST.
Which of the following tools does Michael use to perform time-based blind SQL injection attacks on the MySQL backend database?

Answer 141

Marathon Tool

Question 142

Steve works as a penetration tester in a firm named InfoSecurity. Recently, Steve was given an assignment to test the security of the company’s web applications and backend database. While conducting the test, he sends a malicious SQL query with conditional timing delays to the backend database through the web application. This conditional time delay forces the database to wait for a specified amount of time before responding. He performs the same task using different malicious SQL queries. By observing various query responses from the database, Steve came to know that the web application is vulnerable to an SQL injection attack.
What type of SQL injection attack is Steve most likely performing?

Answer 142

Blind SQL Injection

Question 143

What attack does an attacker use the same communication channel to perform the attack and retrieve the results?

Answer 143

In-band SQL injection

Question 144

What attack does an attacker use a conditional OR clause in such a way that the condition of the WHERE clause will always be true?

Answer 144

Tautology

Question 145

An attacker uses the following SQL query to perform an SQL injection attack SELECT * FROM users WHERE name = ‘’ OR ‘1’=‘1’; Identify the type of SQL injection attack performed.

Answer 145

Tautology

Question 146

What attack does an attacker inject an additional malicious query to the original query?

Answer 146

Piggybacked Query

Question 147

What attack does an attacker use an ORDER BY clause to find the right number of columns in a database table?

Answer 147

UNION SQL Injection

Question 148

What attack is time-intensive because the database should generate a new statement for each newly recovered bit?

Answer 148

Blind SQL Injection

Question 149

What command is used to make the CPU wait for a specified amount of time before executing an SQL query?

Answer 149

WAITFOR DELAY ‘0:0:10’–

Question 150

What SQL query is an example of a heavy query used in SQL injection?

Answer 150

SELECT * FROM products WHERE id=1 AND 1 < SELECT count(*) FROM all_users A, all_users B, all_users C

Question 151

What is the main difference between a “Normal” SQL injection and a “Blind” SQL injection vulnerability?

Answer 151

The vulnerable application does not display errors with information about the injection results to the attacker.

Question 152

What system table does MS SQL Server database use to store metadata? Hackers can use this system table to acquire database schema information to further compromise the database.

Answer 152

sysobjects

Question 153

What attack is not performed by an attacker who exploits SQL injection vulnerabilities?

Answer 153

Covering Tracks

Question 154

What method carries the requested data to the webserver as a part of the message body?

Answer 154

HTTP POST

Question 155

What is the most effective technique in identifying vulnerabilities or flaws in the web page code?

Answer 155

Code Analysis

Question 156

An attacker injects the following SQL query:

blah’ AND 1=(SELECT COUNT(*) FROM mytable); – What is the intention of the attacker?

Answer 156

Identifying the Table Name

Question 157

A security analyst in an insurance company is assigned to test a new web application that will be used by clients to help them choose and apply for an insurance plan. The analyst discovers that the application has been developed in ASP scripting language and it uses MSSQL as a database backend. The analyst locates the application’s search form and introduces the following code in the search input field:

IMG SRC=vbscript:msgbox(“Vulnerable”);> originalAttribute=”SRC” originalPath=”vbscript:msgbox(“Vulnerable”);>”

When the analyst submits the form, the browser returns a pop-up window that says “Vulnerable.”
Which web applications vulnerability did the analyst discover?

Answer 157

Cross-site scripting

Question 158

An attacker has been successfully modifying the purchase price of items purchased on the company’s website. The security administrators verify the webserver and Oracle database have not been compromised directly. They have also verified the intrusion detection system (IDS) logs and found no attacks that could have caused this. What is the most likely way the attacker has been able to modify the purchase price?

Answer 158

changing hidden form values

Question 159

What is a web application that does not have the secure flag set and that is implemented by OWASP that is full of known vulnerabilites?

Answer 159

WebGoat

Question 160

What condition must be given to allow a tester to exploit a Cross-Site Request Forgery (CSRF) vulnerable web application?

Answer 160

The web application should not use random tokens

Question 161

An attacker identifies the kind of websites a target company/individual is frequently surfing and tests those particular websites to identify any possible vulnerabilities. When the attacker identifies the vulnerabilities in the website, the attacker injects malicious script/code into the web application that can redirect the webpage and download the malware onto the victim’s machine. After infecting the vulnerable web application, the attacker waits for the victim to access the infected web application. What kind of an attack is this?

Answer 161

Water hole attack

Question 162

What is a DNS interrogation tool?

Answer 162

DIG

Question 163

What automatically discover hidden content and functionality by parsing HTML form and client-side JavaScript requests and responses?

Answer 163

Web Spiders

Question 164

An attacker wants to exploit a webpage. From which of the following points does he start his attack process?

Answer 164

Identify entry points for user input

Question 165

An attacker tries to enumerate the username and password of an account named “rini Mathew” on wordpress.com. On the first attempt, the attacker tried to login as “rini.mathews,” which resulted in the login failure message “invalid email or username.” On the second attempt, the attacker tried to login as “rinimathews,” which resulted in a message stating that the password entered for the username was incorrect, thus confirming that the username “rinimathews” exists. What is the attack that is performed by the attacker?

Answer 165

Username enumeration

Question 166

What involves injection of malicious code through a web application?

Answer 166

Command Injection

Question 167

What attack can take place due to flaws such as insecure cryptographic storage and information leakage?

Answer 167

Sensitive data exposure

Question 168

An attacker exploits a web application by tampering with the form and parameter of the web application and he is successful in exploiting the web application and gaining access. Which type of vulnerability did the attacker exploit?

Answer 168

Security Misconfiguration

Question 169

If a threat detection software installed in any organization network either does not record the malicious event or ignores the important details about the event, then what kind of vulnerability is it?

Answer 169

Insufficient Logging and monitoring

Question 170

What attack exploits vulnerabilities in dynamically generated webpages, which enables malicious attackers to inject client-side scripts into webpages viewed by other users?

Answer 170

Cross-site scripting

Question 171

What provides an interface between end users and webservers?

Answer 171

Web applications

Question 172

If your web application sets any cookie with a secure attribute, what does this mean?

Answer 172

The client will send the cookie only over an HTTPS connection

Question 173

In which type of fuzz testing do the current data samples create new test data and the new test data again mutates to generate further random data?

Answer 173

Mutation-based

Question 174

In which type of fuzz testing does the protocol fuzzer send forged packets to the target application that is to be tested?

Answer 174

Protocol-based

Question 175

What is used to detect bugs and irregularities in web applications?

Answer 175

Source code review

Question 176

What is considered as a quality checking and assurance technique used to identify coding errors and security loopholes in web applications?

Answer 176

Fuzz Testing

Question 177

What team has the responsibility to check for updates and patches regularly?

Answer 177

Patch Management Team

Question 178

A security administrator is looking for a patch management tool which scans the organization’s network and manages security and non-security patches. Which of the following patch management tool, he/she can use in order to perform the required task?

Answer 178

GFI LanGuard

Question 179

What is not a webserver security tool?

Answer 179

Netcraft

Question 180

What is not a patch management tool?

Answer 180

Burp Suite

Question 181

What is the patch management process?

Answer 181

Detect -> Assess -> Acquire -> Test -> Deploy -> Maintain

Question 182

What is considered as a repair job to a programming problem?

Answer 182

Patch

Question 183

A network administrator has observed that the computers in his network have Windows 7 operating system. The administrator has learned that the WannaCry ransomeware is affecting Windows 7 Systems across the globe. Which of the following is the best option that the network administrator has to provide efficient security and defend his network?

Answer 183

Update Security Patches and fixes provided by Microsoft

Question 184

What is defined as a package that is used to address a critical defect in a live environment, and contains a fix for a single issue

Answer 184

Hotfix

Question 185

Andrew, a software developer in CyberTech organization has released a security update that acts as a defensive technique against the vulnerabilities in the software product the company has released earlier. Identify the technique used by Andrew to resolve the software vulnerabilities?

Answer 185

Patch Management

Question 186

What term refers to a set of hotfixes packed together?

Answer 186

Service pack

Question 187

What tool can be used to detect web server hacking attempts and alert you through emails?

Answer 187

WebsiteCDS

Question 188

What tool determines the OS of the queried host by looking in detail at the network characteristics of the HTTP response received from the website?

Answer 188

Netcraft

Question 189

What is not a defensive measure for web server attacks while implementing Machine.config?

Answer 189

Ensure that tracing is enabled and debug compiles are turned on

Question 190

What security tool helps to prevent potentially harmful HTTP requests from reaching applications on the server?

Answer 190

URLScan

Question 191

What is NOT a best approach to protect your firm against web server attacks?

Answer 191

Allow remote registry administration

Question 192

What technique defends servers against blind response forgery?

Answer 192

UDP source port randomization

Question 193

What is NOT a best approach to protect your firm against web server files and directories?

Answer 193

Enable serving of directory resources

Question 194

Where should a web server be placed in a network in order to provide the most security?

Answer 194

Inside DeMilitarized Zones (DMZ)

Question 195

Attackers use GET and CONNECT requests to use vulnerable web servers as which of the following?

Answer 195

Proxies

Question 196

What is not a session hijacking technique?

Answer 196

DNS hijacking

Question 197

What command does an attacker use to detect HTTP Trace?

Answer 197

nmap -p80 –script http-trace

Question 198

What command does an attacker use to enumerate common web applications?

Answer 198

nmap –script http-enum -p80

Question 199

An attacker wants to exploit a target machine. In order to do this, he needs to identify potential vulnerabilities that are present in the target machine. What tool should he use to achieve his objective?

Answer 199

Nessus

Question 200

An attacker wants to perform a session hijacking attack. What tool should he use to achieve his objective?

Answer 200

Burp Suite

Question 201

An attacker wants to crack passwords using attack techniques like brute-forcing, dictionary attack, and password guessing attack. What tool should he use to achieve his objective?

Answer 201

Hydra

Question 202

What statement best describes a server type under an N-tier architecture?

Answer 202

A group of servers with a unique role

Question 203

Identify the component of the web server that provides storage on a different machine or a disk after the original disk is filled-up?

Answer 203

Virtual document tree

Question 204

What stores critical HTML files related to the webpages of a domain name that will be served in response to requests?

Answer 204

Document root

Question 205

What stores a server’s configuration, error, executable, and log files?

Answer 205

Server root

Question 206

What provides storage on a different machine or disk after the original disk is filled up?

Answer 206

Virtual Document Tree

Question 207

An attacker sends numerous fake requests to the webserver from various random systems that results in the webserver crashing or becoming unavailable to the legitimate users. Which attack did the attacker perform?

Answer 207

DoS attack

Question 208

If an attacker compromises a DNS server and changes the DNS settings so that all the requests coming to the target webserver are redirected to his/her own malicious server, then which attack did he perform?

Answer 208

DNS server hijacking

Question 209

Jamie is an on-call security analyst. He had a contract to improve security for the company’s firewall. Jamie focused specifically on some of the items on the security of the Company’s firewall.
After working for some time on the items, Jamie creates the following list to fix them:
1. Set ssh timeout to 30 minutes.
2. Set telnet timeout to 30 minutes.
3. Set console timeout to 30 minutes.
4. Set login password retry lockout.
Which task should Jamie perform if he has time for just one change before leaving the organization?

Answer 209

Set login password retry lockout.

Question 210

Which honeypot detection tools has following features:

Checks lists of HTTPS, SOCKS4, and SOCKS5 proxies with any ports
Checks several remote or local proxylists at once Can upload “Valid proxies” and “All except honeypots” files to FTP
Can process proxylists automatically every specified period
May be used for usual proxylist validating as well

Answer 210

Send-Safe Honeypot Hunter

Question 211

When an alert rule is matched in a network-based IDS like snort, the IDS does which of the following.

Answer 211

Continues to evaluate the packet until all rules are checked

Question 212

In what way do the attackers identify the presence of layer 7 tar pits?

Answer 212

By looking at the latency of the response from the service

Question 213

Riya wants to defend against the polymorphic shellcode problem. What countermeasure should she take against this IDS evasion technique?

Answer 213

Look for the nop opcode other than 0x90

Question 214

Siya is using a tool to defend critical data and applications without affecting performance and productivity. Following are the features of the tool:

Pre-built, real-time reports that display big-picture analyses on traffic, top applications, and filtered attack events.
Permits to see, control, and leverage the rules, shared services, and profiles of all the firewall devices throughout the network.
Comprises of in-line, bump-in-the-wire intrusion prevention system with layer two fallback capabilities.
Gives an overview of current performance for all HP systems in the network, including launch capabilities into targeted management applications by using monitors.
Identify the tool used by Siya-

Answer 214

TippingPoint IPS

Question 215

What firewall is used to secure mobile device?

Answer 215

NetPatch firewall

Question 216

Manav wants to simulate a complete system and provide an appealing target to push hackers away from the production systems of his organization. By using some honeypot detection tool, he offers typical Internet services such as SMTP, FTP, POP3, HTTP, and TELNET, which appear perfectly normal to attackers. However, it is a trap for an attacker by messing them so that he leaves some traces knowing that they had connected to a decoy system that does none of the things it appears to do; but instead, it logs everything and notifies the appropriate people. Can you identify the tool?

Answer 216

SPECTER

Question 217

What firewall solution tool has the following features:
● Two-way firewall that monitors and blocks inbound as well as outbound traffic
● Allows users to browse the web privately
● Identity protection services help to prevent identity theft by guarding crucial data of the users. It also offers PC protection and data encryption
● Through Do Not Track, it stops data-collecting companies from tracking the online users
● Online Backup to backs up files and restores the data in the event of loss, theft, accidental deletion or disk failure

Answer 217

ZoneAlarm PRO FIREWALL 2018

Question 218

A pentester gains access to a Windows application server and needs to determine the settings of the built-in Windows firewall. Which command would be used?

Answer 218

Netsh firewall show config

Question 219

Check Point’s FireWall-1 listens to which of the following TCP ports?

Answer 219

259

Question 220

Which method of firewall identification has the following characteristics:

uses TTL values to determine gateway ACL filters
maps networks by analyzing IP packet response
probes ACLs on packet filtering routers/firewalls using the same method as trace-routing
sends TCP or UDP packets into the firewall with TTL value is one hop greater than the targeted firewall

Answer 220

Firewalking

Question 221

What tool is used to execute commands of choice by tunneling them inside the payload of ICMP echo packets if ICMP is allowed through a firewall?

Answer 221

Loki

Question 222

What is a two-way HTTP tunneling software tool that allows HTTP, HTTPS, and SOCKS tunneling of any TCP communication between any client–server systems?

Answer 222

Super network tunnel

Question 223

Which feature of Secure Pipes tool open application communication ports to remote servers without opening those ports to public networks?

Answer 223

Local forwards

Question 224

An attacker sends an e-mail containing a malicious Microsoft office document to target WWW/FTP servers and embed Trojan horse files as software installation files, mobile phone software, and so on to lure a user to access them.
Identify by which method the attacker is trying to bypass the firewall.

Answer 224

Bypassing firewall through content

Question 225

What is a hijacking technique where an attacker masquerades as a trusted host to conceal his identity, hijack browsers or websites, or gain unauthorized access to a network?

Answer 225

IP Address spoofing

Question 226

What term is used to refer service announcements provided by services in response to connection requests and often carry vendor’s version of information?

Answer 226

Banner

Question 227

What type of intrusion detection system can monitor and alert on attacks, but cannot stop them?

Answer 227

Passive

Question 228

Jamie has been informed by the local helpdesk team that there has been a security issue related to some detected malware. The helpdesk has asked Jamie to help in finding out the location of the malware on the network. Jamie knows that the deployed firewall log data can show various bits of information about files moving through the network. What can Jamie do to help the team to match the file actually causing the malware concern given the sha256 of the suspected file by the team?
Of the below, what should Jamie do to help the team?

Answer 228

Add a sha256 certificate to the firewall to find the sha256 of the file.

Question 229

Susan works for “CustomData Intl.” and she has to deploy a guest Wi-Fi. She did everything by the manual and deployed the guest Wi-Fi successfully. The deployed guest Wi-Fi is separated from the company network, it is protected with WPA2 and every user wants to use the Wi-Fi has to ask for a username and password. There is one problem though—after a few months she noticed that the users connecting to the guest Wi-Fi are being attacked with MitM attacks. She identified that the MitM attack was initiated with ARP spoofing. She found that someone is stealing users’ web application credentials, including Windows system credentials in some cases. Unfortunately, internal users have also become prey to these attacks since they used guest Wi-Fi because it was more open than their internal network. So, only external guests are not being compromised. She wanted to mitigate this issue and the first step she took was to ban all internal users from guest using Wi-Fi network. What, according to you, is the easiest and probably the best way to prevent the ARP spoofing attacks on Wi-Fi networks?

Answer 229

Use Client isolation WiFi feature

Question 230

Which session hijacking detection technique involves using packet-sniffing software such as Wireshark and SteelCentral packet analyzer to monitor session hijacking attacks?

Answer 230

Manual method

Question 231

What technique allows users to authenticate web servers?

Answer 231

HPKP

Question 232

A tester wants to test an organization’s network against session hijacking attacks. Which of the following tools can he use to detect session hijacking attacks?

Answer 232

LogRhythm

Question 233

What protocol defines the payload formats, types of exchange, and naming conventions for security information such as cryptographic algorithm or security policies. Identify from the following options.

Answer 233

DOI

Question 234

What tool can be used by a pentester to test the security of web applications?

Answer 234

Fiddler

Question 235

A user wants to securely establish a remote connection to a system without any interference from perpetrators. Which of the following methods should he incorporate in order to do so?

Answer 235

VPN

Question 236

John, a malicious attacker, was intercepting packets during transmission between the client and server in a TCP and UDP session, what is this type of attack called?

Answer 236

Network level hijacking

Question 237

Network-level session hijacking attacks what level protocols?

Answer 237

Transport and internet level protocols

Question 238

If an attacker intercepts an established connection between two communicating parties using spoofed packets, and then pretends to be one of them, then which network-level hijacking is he performing?

Answer 238

TCP/IP hijacking

Question 239

What network-level session hijacking technique is useful in gaining unauthorized access to a computer with the help of a trusted host’s IP address?

Answer 239

IP spoofing: source routed packets

Question 240

What tool can be used to perform RST hijacking on a network?

Answer 240

Colasoft’s Packet Builder

Question 241

What network-level session hijacking technique can be used to inject malicious data or commands into the intercepted communications in a TCP session?

Answer 241

Blind Hijacking

Question 242

What protocol is an extension of IP to send error messages? An attacker can use it to send messages to fool the client and the server.

Answer 242

ICMP

Question 243

During the penetration testing in company “Credit Cards Rus Ltd.” Marin was using sslstrip tool in order to sniff HTTP traffic. Unfortunately, no data was received. Marin double checked the setup, tested the setup between his virtual machines, and was successful in intercepting the traffic here, but when he tried to do it against other machines on the same network, nothing happened. Marin was puzzled with that and he did not understand why that was happening. Help Marin and explain why he was unsuccessful with intercepting the traffic with sslstrip?

Answer 243

Sslstrip can show the data only if the initial request to the server is sent as HTTP

Question 244

During a penetration test, Marin discovered a session token that had had the content: 20170801135433_Robert. Why is this session token weak, and what is the name used for this type of vulnerability?

Answer 244

Predictable session token

Question 245

Marin is performing penetration testing on the target organization. He discovered some vulnerabilities in the organization’s website. He decided to insert malicious JavaScript code into a vulnerable dynamic web page to collect information such as credentials, cookies, etc. Identify the attack performed by Marin?

Answer 245

Cross-site scripting attack

Question 246

What is considered to be a session hijacking attack?

Answer 246

Taking over a TCP session

Question 247

When a person (or software) steals, can calculate, or can guess part of the communication channel between client and the server application or protocols used in the communication, he can hijack the what?

Answer 247

Session

Question 248

During a penetration test, Marin exploited a blind SQLi and exfiltrated session tokens from the database. What can he do with this data?

Answer 248

Marin can do Session hijacking

Question 249

Which honeypot detection tools has following features:

Checks lists of HTTPS, SOCKS4, and SOCKS5 proxies with any ports
Checks several remote or local proxylists at once Can upload “Valid proxies” and “All except honeypots” files to FTP
Can process proxylists automatically every specified period
May be used for usual proxylist validating as well

Answer 249

Send-Safe Honeypot Hunter

Question 250

In what way do the attackers identify the presence of layer 7 tar pits?

Answer 250

By looking at the latency of the response from the service

Question 251

Riya wants to defend against the polymorphic shellcode problem. What countermeasure should she take against this IDS evasion technique?

Answer 251

Look for the nop opcode other than 0x90

Question 252

What firewall is used to secure mobile device?

Answer 252

NetPatch firewall

Question 253

Manav wants to simulate a complete system and provide an appealing target to push hackers away from the production systems of his organization. By using some honeypot detection tool, he offers typical Internet services such as SMTP, FTP, POP3, HTTP, and TELNET, which appear perfectly normal to attackers. However, it is a trap for an attacker by messing them so that he leaves some traces knowing that they had connected to a decoy system that does none of the things it appears to do; but instead, it logs everything and notifies the appropriate people. Can you identify the tool?

Answer 253

SPECTER

Question 254

What DoS attack detection techniques analyzes network traffic in terms of spectral components? It divides incoming signals into various frequencies and examines different frequency components separately

Answer 254

Wavelet-based Signal Analysis

Question 255

What is the DoS/DDoS countermeasure strategy to at least keep the critical services functional?

Answer 255

Degrading services

Question 256

What algorithm does the “sequential change-point detection” technique use to identify and locate the DoS attacks?

Answer 256

Cumulative Sum

Question 257

Smith, a network security administrator, is configuring routers in his organization to protect the network from DoS attacks. Which router feature can he use to prevent SYN flooding effectively?

Answer 257

TCP Intercept

Question 258

What is an attack detection technique that monitors the network packet’s header information? This technique also determines the increase in overall number of distinct clusters and activity levels among the network flow clusters?

Answer 258

Activity profiling

Question 259

Don Parker, a security analyst, is hired to perform a DoS test on a company. What tool can he successfully utilize to perform this task?

Answer 259

Hping3

Question 260

Paul has been contracted to test a network, and he intends to test for any DoS vulnerabilities of the network servers. Which of the following automated tools can be used to discover systems that are vulnerable to DoS?

Answer 260

Nmap

Question 261

Martha is a network administrator in a company named “Dubrovnik Walls Ltd.” She realizes that her network is under a DDoS attack. After careful analysis, she realizes that large amounts of UDP packets are being sent to the organizational servers that are present behind the “Internet facing firewall.”

What type of DDoS attack is this?

Answer 261

Volume (volumetric) attack

Question 262

Martha is a network administrator in a company named “Dubrovnik Walls Ltd.”. She realizes that her network is under a DDoS attack. After careful analysis, she realizes that a large amount of fragmented packets are being sent to the servers present behind the “Internet facing firewall.”

What type of DDoS attack is this?

Answer 262

Protocol Attack

Question 263

The DDoS tool used by anonyous in the so-called Operation Payback is called what?

Answer 263

LOIC

Question 264

Identify the DoS attack that does not use botnets for the attack. Instead, the attackers exploit flaws found in the network that uses the DC++ (direct connect) protocol, which allows the exchange of files between instant messaging clients.

Answer 264

Peer-to-peer attack

Question 265

Attack where an attacker acquires information from different victims to create a new identify

Answer 265

Synthetic identify theft

Question 266

Insider threat that is caused due to the employee’s laxity toward security measures, policies, and practices?

Answer 266

Negligent insider

Question 267

Roy is a network administrator at an organization. He decided to establish security policies at different levels in the organization. He decided to restrict the installation of USB drives in the organization and decided to disable all the USB ports. Which of the following countermeasure Roy must employ?

Answer 267

Implement proper access privileges

Question 268

What toolbar is used to provide an open application program interface (API) for developers and researchers to integrate anti-phishing data into their applications?

Answer 268

Netcraft

Question 269

What is an appropriate defense strategy to prevent attacks such as piggybacking and tailgating?

Answer 269

Implement strict badge, token or biometric authentication, employee training, and security guards

Question 270

What is a generic exploit designed to perform advanced attacks against human elements to compromise a target to offer sensitive information?

Answer 270

Social-engineer toolkit (SET)

Question 271

What refers to a generic exploit designed to perform advanced attacks against human elements to compromise a target to offer sensitive information?

Answer 271

Pharming

Question 272

What attack can be prevented by implementing token or biometric authentication as a defense strategy?

Answer 272

Impersonation

Question 273

Jean Power wants to try and locate passwords from company XYZ. He waits until nightfall and climbs into the paper recycling dumpster behind XYZ, searching for information. What is Jean doing?

Answer 273

Dumpster diving

Question 274

A tester wants to securely encrypt the session to prevent the network against sniffing attack, which of the following protocols should he use as a replacement of Telnet?

Answer 274

SSH

Question 275

What tool can a tester can use to detect a system that runs in promiscuous mode, which in turns helps to detect sniffers installed on the network?

Answer 275

Nmap

Question 276

What command is used to set the maximum number of secure MAC addresses for the interface on a Cisco switch?

Answer 276

switchport port-security maximum 1 vlan access

Question 277

What is a defense technique for MAC spoofing used in switches that restricts the IP traffic on untrusted Layer 2 ports by filtering traffic based on the DHCP snooping binding database?

Answer 277

IP Source Guard

Question 278

An ethical hacker is performing penetration testing on the target organization. He decided to test the organization’s network to identify the systems running in promiscuous mode. Identify the tool that the ethical hacker needs to employ?

Answer 278

Nmap

Question 279

What tool would be used to collect wireless packet data?

Answer 279

NetStumbler

Question 280

A hacker, who posed as a heating and air conditioning specialist, was able to install a sniffer program in a switched environment network. Which attack could have been used by the hacker to sniff all of the packets in the network?

Answer 280

MAC flood attack

Question 281

What method should be incorporated by a network administrator to prevent the organization’s network against ARP poisoning

Answer 281

Implement dynamic arp inspection (DAI) using the dynamic host configuration protocol (DHCP) snooping binding table

Question 282

What problem can be solved by Wireshark?

Answer 282

Troubleshooting communication resets between two systems

Question 283

What is the correct pcap filter to capture all transmission control protocol (TCP)traffic going to or from host 192.168.0.125 on port 25?

Answer 283

tcp.port==25 and ip.addr==192.168.0.125

Question 284

Marina is a malware analyst with a bank in London. One day, she suspects a file to be a malware and tries to perform static analysis to identify its nature. She wants to analyze the suspicious file and extract the embedded strings in the file into a readable format. What tool can she use to perform this task?

Answer 284

BinText

Question 285

What technique involves going through the executable binary code without actually executing it to have a better understanding of the malware and its purpose?

Answer 285

Static malware analysis

Question 286

Identify the monitoring tool that exhibits the following features:

Reliable capture of process details, including image path, command line, user and session ID.
Configurable and moveable columns for any event property.
Filters can be set for any data field, including fields not configured as columns.
Advanced logging architecture scales to tens of millions of captured events and gigabytes of log data.
Process tree tool shows the relationship of all processes referenced in a trace.
Native log format preserves all data for loading in a different Process Monitor instance

Answer 286

Process Monitor

Question 287

What windows service vulnerability does the WannaCry ransomware exploit during the attack on any windows machine?

Answer 287

SMB

Question 288

What tool is an antivirus program that is used to detect viruses?

Answer 288

ClamWin

Question 289

What virus tries to hide from anti-virus programs by actively altering and corrupting the chosen service call interruptions when they are being run?

Answer 289

Stealth Virus

Question 290

Trojan port 1863

Answer 290

XtremeRAT

Question 291

A hacker wants to encrypt and compress 32-bit executables and .NET apps without affecting their direct functionality. What cryptor tool should be used by the hacker?

Answer 291

BitCrypter

Question 292

Tool to achieve compliance with PCI requirement 11?

Answer 292

Nessus

Question 293

What tool is used to schedule scans across multiple scanners, use wizards to easily and quickly create policies?

Answer 293

Nessus Proessional

Question 294

What tool is used to schedule scans across multiple scanners, use wizards to easily and quickly create policies?

Answer 294

Nessus Professional

Question 295

What is IPMI for?

Answer 295

managing servers remotely