Ethical Hacking as a Whole

Question 1

Mark, a professional hacker, targets his opponent’s website. He finds susceptible user inputs, injects malicious SQL code into the database, and tampers with critical information.

Answer 1

Active attack:
Tamper with the data in transit or disrupt the communication or services between the systems to bypass or break into secured systems.

Question 2

Identify the type of attack vector that focuses on stealing information from the victim machine without its user being aware and tries to deliver a payload affecting computer performance.

Answer 2

APT Attack: Advanced Persistent Threat (APT) is an attack that focuses on stealing information from the victim machine without its user being aware of it. These attacks are generally targeted at large companies and government networks. APT attacks are slow in nature, so the effect on computer performance and Internet connections is negligible.

Question 3

Identify the insider attack wherein the miscreant can easily bypass security rules by using privileged access and cause a threat to the organization’s information systems.

Answer 3

Pod Slurping:
the act of using a portable data storage device such as an iPod digital audio player to illicitly download large quantities of confidential data by directly plugging it into a computer where the data are held, and which may be on the inside of a firewall.

Question 4

Which of the following titles of the Sarbanes Oxley Act (SOX) mandates that only senior executives should take individual responsibility for the accuracy and completeness of corporate financial reports?

Answer 4

Title III: Corporate Responsibility: Title III consists of eight sections and mandates that senior executives take individual responsibility for the accuracy and completeness of corporate financial reports.

Question 5

Which of the following titles in The Digital Millennium Copyright Act (DMCA) allows the owner of a copy of a program to make reproductions or adaptations when these are necessary to use the program in conjunction with a system?

Answer 5

Title III: Computer Maintenance or Repair

Question 6

Which of the following countries has implemented the cyber law “Regulation of Investigatory Powers Act 2000”?

Answer 6

United Kingdom

Question 7

Given below are the various phases involved in the cyber kill chain methodology.

Installation
Delivery
Reconnaissance
Actions on objectives
Weaponization
Exploitation
Command and control
What is the correct sequence of phases involved in the cyber kill chain methodology?

Answer 7

Reconnaissance
Weaponization
Delivery
Exploitation
Installation
Command and Control
Actions on Objectives

Question 8

Identify the type of threat actors that include groups of individuals or communities involved in organized, planned, and prolonged criminal activities and who exploit victims from distinct jurisdictions on the Internet, making them difficult to locate.

Answer 8

Criminal Syndicates:
Criminal syndicates are groups of individuals or communities that are involved in organized, planned, and prolonged criminal activities.

Question 9

In which of the following hacking phases do attackers extract information such as live machines, port, port status, OS details, device type, and system uptime to launch further attacks?

Answer 9

Scanning:
Scanning refers to the pre- attack phase when the attacker scans the network for specific information based on information gathered during reconnaissance

Question 10

Identify the term that refers to IT professionals who employ their hacking skills for defensive purposes, such as auditing their systems for known vulnerabilities and testing the organization’s network security for possible loopholes and vulnerabilities.

Answer 10

Ethical Hacker:
Ethical hacker refers to security professionals who employ their hacking skills for defensive purposes.

Question 11

Which of the following tools includes scanners such as comprehensive security scanners and port scanners and provides information such as NetBIOS names, configuration info, open TCP and UDP ports, transports, and shares?

Answer 11

Mega Ping
the ultimate must-have toolkit that provides all essential utilities for Information System specialists, system administrators, IT solution providers or individuals. Mega Ping includes: Scanners: Comprehensive Security Scanner, Port scanner (TCP and UDP ports), IP scanner, NetBIOS scanner, Share Scanner.

Question 12

Given below is the syntax of the nbtstat command.

nbtstat [-a RemoteName] [-A IP Address] [-c] [-n] [-r] [-R] [-RR] [-s] [-S] [Interval]

Which of the following Nbtstat parameters in the above syntax purges the name cache and reloads all #PRE-tagged entries from the Lmhosts file?

Answer 12

-R

Purges the name cache and reloads all #PRE-tagged entries from the Lmhosts file

Question 13

Which of the following malware distribution techniques involves mimicking legitimate institutions in an attempt to steal login credentials?

Answer 13

Spear-phishing Sites: This technique is used for mimicking legitimate institutions, such as banks, to steal passwords, credit card and bank account data, and other sensitive information.

Question 14

Identify the trojan that uses port number 443 to infect the target systems and propagate malicious software to other systems.

Answer 14

Emotet
Emotet uses functionality that helps the software evade detection by some anti-malware products. Emotet uses worm-like capabilities to help spread to other connected computers. This helps in distribution of the malware.

Question 15

Benson, a professional hacker, uses a technique that can exploit browser vulnerabilities. Using this technique, he is able to install malware simply by visiting a web page, and the victim system gets exploited whenever the webpage is being explored.

Which of the following technique was mentioned in the above scenario?

Answer 15

Drive-by downloads
This refers to exploiting flaws in browser software to install malware just by visiting a web page.

Question 16

Which of the following viruses combines the approach of file infectors and boot record infectors and attempts to simultaneously attack both the boot sector and executable or program files?

Answer 16

Multipartite Viruses: A multipartite virus combines the approach of file infectors and boot record infectors and attempts to simultaneously attack both the boot sector and the executable or program files. When the virus infects the boot sector, it will, in turn, affect the system files and vice versa.

Question 17

James, a student, was curious about hacking. Although he does not possess much knowledge about the subject, he initiated a DoS attack on a website using freely available tools on the Internet. As the website already has some sort of security controls, it detected unusual traffic and blocked James’s IP address.

Which of the following types of threat sources is discussed in the above scenario?

Answer 17

Unstructured external threats: Unstructured external threats are implemented by unskilled attackers, typically script kiddies who may be aspiring hackers, to access networks.

Question 18

Daniel, an employee working from home, was assigned a task to complete within a half-day, but due to frequent power failures at his residential area, he failed to accomplish the task.

Which of the following threats was demonstrated in the above scenario?

Answer 18

Natural Threats: Natural factors such as fires, floods, power failures, lightning, meteor, and earthquakes are potential threats to the assets of an organization.

Question 19

A computer user was trying to read the latest news articles from a popular website, but the user was prevented from accessing the resources of the website as certain underlying vulnerabilities in the webpage allowed an attacker to inject fake requests into the network; as a result, the server stopped responding to legitimate user requests.

What is the impact caused due to vulnerabilities in the above scenario?

Answer 19

Denial of service: Vulnerabilities may prevent users from accessing website services or other resources.

Question 20

Rogers, an administrator, has installed new software on an employee’s system and forgot to change the credentials provided by the software vendor. Robert, an attacker, on the other hand, browsed an online resource to obtain credentials provided by the software vendor and used those credentials to gain remote access to the employee’s system to steal valuable data.

Identify the type of vulnerability demonstrated in the above scenario.

Answer 20

Default password and settings
A default password is a password supplied by the manufacturer with new equipment (e.g., switches, hubs, routers) that is password protected.

Question 21

James, a professional pen tester, was appointed by an organization to perform a vulnerability assessment on server systems. James conducted a configuration-level check to identify system configurations, user directories, and file systems to evaluate the possibility of compromise for all the systems.

Identify the type of vulnerability assessment James performed in the above scenario.

Answer 21

Application assessment
An application assessment focuses on transactional web applications, traditional client- server applications, and hybrid systems.

Question 22

Identify the metric used in CVSS assessment that represents the features that continue to change during the lifetime of the vulnerability.

Answer 22

Temporal Metric: Represents the features that continue to change during the lifetime of the vulnerability.

Question 23

Which of the following malware masks itself as a benign application or software that initially appears to perform a desirable or benign function but steals information from a system?

Answer 23

Trojan: A Trojan is a program that masks itself as a benign application. The software initially appears to perform a desirable or benign function, but instead steals information or harms the system.

Question 24

Identify the type of password attack that does not require any technical knowledge about hacking or system exploitation.

Answer 24

Non-Electronic Attack: This is, for most cases, the attacker’s first attempt at gaining target system passwords. Non-electronic or non-technical attacks do not require any technical knowledge about hacking or system exploitation. Techniques used to perform non-electronic attacks include shoulder surfing, social engineering, dumpster diving, etc.

Question 25

Which of the following tools allows an attacker to crack the passwords of the target system?

Answer 25

Medusa: Medusa is a speedy, parallel, and modular, login brute-forcing tool.

Question 26

Which of the following tools allows you to reset unknown or lost Windows local administrator, domain administrator, and other user account passwords?

Answer 26

John the Ripper
an Open Source password security auditing and password recovery tool available for many operating systems.

Question 27

Which of the following practices can help administrators protect an organization’s server from password cracking attempts?

Answer 27

Enable account lockout with a certain number of attempts, counter time, and lockout duration.

Question 28

Which of the following practices can make devices or networks vulnerable to password cracking attempts?

Answer 28

Using the system’s default passwords,
DO NOT USE any system’s default passwords.

Question 29

Ross, a professional hacker, created a fake website and posted fake testimonials about a malicious anti-malware program that he developed. Upon reading the fake testimonials, some of the lured customers downloaded and installed the anti-malware.

Identify the behavior that made customers vulnerable to attack in the above scenario.

Answer 29

Social Proof: Consensus or social proof refers to the fact that people are usually willing to like things or do things that other people like or do. Attackers take advantage of this by doing things like creating websites and posting fake testimonials from users about the benefits of certain products such as anti-malware (rogue ware). Therefore, if users search the Internet to download the rogue ware, they encounter these websites and believe the forged testimonials.

Question 30

Given below are different phases of social engineering attacks.

1. Develop a relationship
2. Exploit the relationship
3. Research the target company
4. Select a target
   What is the correct sequence of steps attackers follow to execute a successful social engineering attack?

Answer 30

3 -> 4 -> 1 -> 2
Research the target company
Select a target
Develop a relationship
Exploit the relationship

Question 31

Jade, a professional hacker, was planning to enter the premises of an organization that allows access only to authorized persons. For this purpose, he creates a fake ID resembling the ID of the office staff and enters the restricted area by closely following an authorized person through a door that requires key access.

Identify the type of attack performed by Jade in the above scenario.

Answer 31

Tailgating
Tailgating implies accessing a building or secured area without the consent of the authorized person.

Question 32

Which of the following malware tricks the computer users into visiting malware-infested websites by telling the target user that their machine has been infected with malware?

Answer 32

Scareware: Scareware is a type of malware that tricks computer users into visiting malware-infested websites or downloading or buying potentially malicious software. Scareware is often seen in pop-ups that tell the target user that their machine has been infected with malware.

Question 33

Abin, an attacker intending to access the critical assets and computing devices of an organization, impersonated Sally, a system administrator. Abin masquerades as Sally and gathers critical information from computing devices of the target organization.

Identify the type of insider threat demonstrated in the above scenario.

Answer 33

Compromised insider
An insider with access to critical assets of an organization who is compromised by an outside threat actor.

Question 34

Which of the following encompasses all forms of identity theft, where the perpetrators attempt to impersonate someone else simply to hide their original profile?

Answer 34

Identity Cloning and Concealment: This type of identity theft encompasses all forms of identity theft, where the perpetrators attempt to impersonate someone else simply in order to hide their identity.

Question 35

Which of the following is the best practice to be followed to increase password security?

Answer 35

Avoid using the same password for different accounts

Question 36

Which of the following countermeasures can assist users in reducing the chances of identity theft?

Answer 36

Enable two-factor authentication on all online accounts

Question 37

Which of the following protocols is used to communicate through port 23 and allows an attacker to log in to a network machine remotely via a TCP connection to sniff keystrokes, including usernames and passwords, that are sent in cleartext?

Answer 37

Telnet: Telnet is a protocol used for communicating with a remote host (via port 23) on a network using a command-line terminal. rlogin enables an attacker to log into a network machine remotely via a TCP connection. Neither of these protocols provides encryption; therefore, data traveling between clients connected through any of these protocols are in plaintext and vulnerable to sniffing. Attackers can sniff keystrokes, including usernames and passwords.

Question 38

In which of the following OSI layers do sniffers operate and perform an initial compromise?

Answer 38

The data link layer is the second layer of the OSI model. In this layer, data packets are encoded and decoded into bits. Sniffers operate at the data link layer and can capture packets from this layer. Networking layers in the OSI model are designed to work independently of each other; thus, if a sniffer sniffs data in the data link layer, the upper OSI layers will not be aware of the sniffing.

Question 39

Which of the following tool helps an attacker perform an ARP poisoning attack?

Answer 39

BetterCAP: bettercap is an ARP poisoning tool and also it is the Swiss Army knife for WiFi, Bluetooth Low Energy, wireless HID hijacking and Ethernet networks reconnaissance and MITM attacks.

Question 40

Identify the technique that sends non-broadcast ARP to all the nodes in the network, and the node that runs in promiscuous mode broadcasts a ping message on the network with the local IP address but a different MAC address.

Answer 40

ARP method
Address Resolution Protocol (ARP) is a protocol that enables network communications to reach a specific device on the network. ARP translates Internet Protocol (IP) addresses to a Media Access Control (MAC) address, and vice versa.

Question 41

Which of the following techniques is useful in detecting a system that runs in promiscuous mode and in turn helps detect sniffers installed on the network?

Answer 41

Ping Method: To detect a sniffer on a network, identify the system on the network running in promiscuous mode. The ping method is useful in detecting a system that runs in promiscuous mode, which in turn helps to detect sniffers installed on the network.

Question 42

Identify the type of attack in which the attacker sends a large number of connection requests to the target server with fake source IP addresses, creating incomplete TCP connections that use up all network resources.

Answer 42

SYN Flood Attack: In a SYN attack, the attacker sends a large number of SYN requests to the target server (victim) with fake source IP addresses. The attack creates incomplete TCP connections that use up network resources.

Question 43

Williams, a professional hacker, was hired by an organization to damage the reputation of their rival company. Williams spoofed a customer’s rival company’s IP address and initiated sending multiple ICMP ECHO request packets to an IP broadcast network. As a result, all the hosts together started sending responses to the customer’s IP address. These responses were sent to the customer machine, diverting significant traffic toward it and crashing it in the process.

Identify the type of attack performed by Williams in the above scenario.

Answer 43

Smurf attack
In a Smurf attack, the attacker spoofs the source IP address with the victim’s IP address and sends a large number of ICMP ECHO request packets to an IP broadcast network.

Question 44

Which of the following best practices should be followed to thwart DoS/DDoS attacks?

Answer 44

Block all inbound packets originating from the service ports

Question 45

Which of the following countermeasures helps security professionals defend against DoS/DDoS attacks?

Answer 45

Secure remote administration and connectivity testing

Question 46

Identify the type of attack in which an attacker seizes control of a valid TCP communication between two computers and gains access to a machine while the communication is in progress.

Answer 46

Session Hijacking: Session hijacking is an attack in which an attacker takes over a valid Transmission Control Protocol (TCP) communication session between two computers. Because most types of authentication are performed only at the start of a TCP session, an attacker can gain access to a machine while a session is in progress. Attackers can sniff all the traffic from established TCP sessions and perform identity theft, information theft, fraud, etc.

Question 47

In which of the following session hijacking phases does an attacker break the connection to the victim’s machine by knowing the next sequence number (NSN)?

Answer 47

Session Desynchronization: Break the connection to the victim’s machine. It is easy to accomplish this attack if the attacker knows the next sequence number (NSN) used by the client. A session can be hijacked by using that sequence number before the client uses it.

Question 48

Which of the following countermeasures should be followed to defend against session hijacking?

Answer 48

Use HPKP to allow users to authenticate web servers
(HPKP works by allowing a website to tell browsers that it should only accept certificates using specified encryption keys. This is done with an HTTP header the browser remembers (or “pins”) for a configured time period.)

Question 49

Identify the web-based attack in which the attacker makes unauthorized changes to a website’s content that results in changes to the visual appearance of the web page or website.

Answer 49

Website Defacement: Attackers can completely change the appearance of a website by replacing its original data. They deface the target website by changing the visuals and displaying different pages with messages of their own

Question 50

Which of the following components of a web server is located between the web client and web server to pass all the requests and is also used to prevent IP blocking and maintain anonymity?

Answer 50

Web Proxy: A proxy server is located between the web client and web server. Owing to the placement of web proxies, all requests from clients are passed on to the web server through the web proxies. They are used to prevent IP blocking and maintain anonymity.

Question 51

Which of the following practices makes web servers vulnerable to various online attacks?

Answer 51

Apply unrestricted ACLs and allow remote registry administration

Question 52

Joseph, an administrator in an organization, has installed server software on a machine. Soon after installing the software, he updated the server machine with all the necessary solutions to secure the server and the network.

Which of the following security practice does Joseph need to follow to secure the web server?

Answer 52

Screen and filter incoming traffic requests.

Question 53

Identify the operation in web service architecture that involves obtaining the service interface description at development time and obtaining the binding and location description calls at run time.

Answer 53

Find: During this operation, the requester tries to obtain the service descriptions. This operation can be processed in two different phases: obtaining the service interface description at development time and obtain the binding and location description calls at run time.

Question 54

In which of the following layers of the vulnerability stack do attackers flood the switches with numerous requests that exhaust the CAM table, causing it to behave like a hub?

Answer 54

Layer 2: Routers/switches route network traffic only to specific machines. Attackers flood these switches with numerous requests that exhaust the CAM table, causing it to behave like a hub. Then, they focus on the target website by sniffing data (in the network), which can include credentials or other personal information.

Question 55

Bob, a user, has been accessing “www.certifiedhacker.com” using his registered account. Don, an attacker, on the other hand, targeted Bob’s system browser, used a sniffer to sniff the cookie that contains Bob’s current session ID. Using the session ID, Don impersonated Bob and accessed Bob’s already logged-in page.

Identify the application security risk demonstrated in the above scenario.

Answer 55

A2 – Broken authentication
(OWASP Application functions related to authentication and session management are often implemented incorrectly, allowing attackers to compromise passwords, keys, or session tokens, or to exploit other implementation flaws to assume other users’ identities temporarily or permanently.)

Question 56

Which of the following built-in tool of Burp Suite is used for testing the randomness of session tokens?

Answer 56

Sequencer tool: For testing the randomness of session tokens.

Question 57

Which of the following countermeasures helps a security specialist defend the application against command injection attacks?

Answer 57

Avoid executing commands such as exec

Question 58

Which of the following countermeasures should be followed to protect web applications against broken authentication and session management attacks?

Answer 58

Apply pass phrasing with at least five random words

Question 59

Freddy, a professional hacker, targets an organization and identifies that the target web application is vulnerable to an SQL injection, but he cannot view the results. He, therefore, uses a technique for retrieving a large amount of data that can perform time delay SQL injection attacks by using multiple joins on the system tables.

Identify the type of attack performed by Freddy in the above scenario.

Answer 59

Heavy query
A structured query language (SQL) injection is defined as a cybersecurity attack technique or vulnerability, where malicious types of SQL statements are placed inside entry fields in backend databases, either deliberately or inadvertently, which facilitates attacks on data-driven applications.(SQL injection is a technique used to take advantage of un- sanitized input vulnerabilities to pass SQL commands through a web application for execution by a backend database.)

Question 60

Which of the following practices helps developers defend against SQL injection attacks?

Answer 60

Test the content of string variables and accept only expected values

Question 61

Identify the IEEE 802.16 standard, a wireless communications standard designed to provide multiple physical layer (PHY) and MAC options.

Answer 61

802.16 (WiMax): The IEEE 802.16 standard is a wireless communications standard designed to provide multiple physical layer (PHY) and MAC options. It is also known as WiMax. This standard is a specification for fixed broadband wireless metropolitan access networks (MANs) that use a point-to-multipoint architecture.

Question 62

Which of the following protocols is an 802.15.4 standard and transmits long-distance data through a mesh network?

Answer 62

ZigBee
protocol defines methods for implementing security services such as cryptographic key establishment, key transport, frame protection, and device management.

Question 63

Identify the protocol that is a component of IEEE 802.11 WLAN standards, the primary purpose of which is to ensure data confidentiality on wireless networks at a level equivalent to that of wired LANs.

Answer 63

WEP
WEP is an encryption algorithm for IEEE 802.11 wireless networks. It is an old wireless security standard and can be cracked easily.

Question 64

Which of the following protocols uses AES-GCMP 256 encryption algorithm, ECDH and ECDSA key management, and BIP-GMAC-256 integrity check mechanism to secure wireless communication?

Answer 64

WPA3
It is a third- generation Wi- Fi security protocol that provides new features for personal and enterprise usage.

Question 65

Smith, a professional hacker, has performed an attack on an organization’s employees by taking advantage of a security flaw present in a wireless access point. He changed the SSID of a rogue access point with the SSID of the organization’s access point and sent beacons advertising the rogue AP to lure employees into connecting to it. Consequently, Smith gained access to sensitive information such as the usernames and passwords of connected users.

Identify the type of attack performed by Smith in the above scenario.

Answer 65

Client mis-association attack
Mis-association is a security flaw that can occur when a network client connects with a neighboring AP.

Question 66

David, a professional hacker, has performed an attack to crack WPA2 encryption used in the target wireless network. He employed a tool from the Aircrack-ng Suite to switch his wireless interface from the managed mode to the monitor mode.

Identify the tool employed by David in the above scenario.

Answer 66

Airmon-ng
This script can be used to enable monitor mode on wireless interfaces. It may also be used to kill network managers, or go back from monitor mode to managed mode. Entering the airmon-ng command without parameters will show the interfaces status.

Question 67

Meghan, a professional hacker, was researching the latest vulnerabilities and practicing how to compromise them. She targeted an employee and performed footprinting to determine the make and model of the employee’s Bluetooth-enabled device. She used the gathered information to create infographics of the model and manufacturer and analyzed the information to check whether the device had any exploitable vulnerabilities.

Identify the type of attack performed by Meghan in the above scenario.

Answer 67

BluePrinting:
BluePrinting is a footprinting technique performed by an attacker to determine the make and model of a target Bluetooth-enabled device. Attackers collect this information to create infographics of the model, manufacturer, etc. and analyze them to determine whether the device has exploitable vulnerabilities.

Question 68

Patrick, a parent of school-going kids, is frustrated with his children continuously playing an online game. After realizing that direct confrontation may not be the most effective option in the long term, he turned on the Bluetooth on their devices and performed an over-the-air attack by sending annoying messages to the children’s devices. As a result, his children lost interest in the game.

Identify the type of Bluetooth attack performed by Patrick in the above scenario.

Answer 68

Bluejacking
Bluejacking is the use of Bluetooth to send messages to users without the recipient’s consent, similar to email spamming.

Question 69

Which of the following practices is NOT a countermeasure against Bluetooth attacks?
Keep the device in the non-discoverable (hidden) mode
Do not accept any unknown or unexpected request for pairing
Keep Bluetooth in the disabled state and enable it only when needed. Disable Bluetooth immediately after the intended task is completed.
Disable automatic connections to public Wi-Fi networks for protecting Bluetooth devices from unsecured sources.
Update the software and drivers of the Bluetooth devices and regularly change the passwords.
Use a VPN for secure connections between Bluetooth devices.

Answer 69

Keep the device in the non-discoverable (hidden) mode

Question 70

Which of the following practices can allow attackers to evade the wireless authentication process?

Answer 70

Keep drivers on all wireless equipment updated.
Never update drivers on all wireless equipment

Question 71

Walter, a professional hacker, was trying to exploit nascent vulnerabilities in a target mobile application. He utilized a technique to analyze the final core binary to determine its source code and libraries. Further, this analysis gave him insights into the inner workings of the application.

Identify the mobile risk exploited by Walter in the above scenario.

Answer 71

Reverse engineering
the process of taking something apart to see how it works, whether it’s a physical object such as a lock or in this case, a mobile application. Decompiling is a form of reverse engineering in which a mobile app is analyzed by looking at its source code.

Question 72

Roger, a professional hacker, targeted an employee’s mobile device, which the organization allocated as a part of BYOD policy. Roger tricked the target employee into clicking on a malicious link that appeared to be sent by the security team. Soon after the employee clicked on the link, Roger installed malicious software that exploited the device’s browser, cookies, and security permissions.

Identify the type of attack performed by Roger in the above scenario.

Answer 72

User-initiated code
( it runs the risk of spreading to other work devices, networks or servers. Users may unwittingly send infected files via email, or have their login credentials for work servers and software stolen, and used by malicious actors.)

Question 73

Joe targeted a coffee shop and wanted to sniff customers’ credentials who were paying bills from their Android devices. To achieve this, he hosted a free Wi-Fi hotspot using an Android application that lured customers to connect to it. After the devices got connected to his network, Joe performed a MITM attack to hijack their sessions with banking portals and recorded credentials being entered to log in.

Which of the following tools has Joe employed in the above scenario?

Answer 73

zANTI: zANTI is an android application that allows you to perform the following attacks:
Create malicious Wi-Fi hotspot to capture victims to control and hijack their device traffic
MITM and DoS attack
View, modify, and redirect all HTTP requests and responses
Redirect HTTPS to HTTP; redirect HTTP request to a particular IP or web page
Insert HTML code into web pages
Hijack sessions
View and replace all images that are transmitted over the network

Question 74

David, a professional hacker, was hired to attack mobile devices owned by an organization. He broadcasted a well-crafted text message with a malicious link to all the organization’s mobile numbers to collect their personal and financial information.

Identify the type of attack performed by David in the above scenario.

Answer 74

SMiShing: SMS phishing (also known as SMiShing) is a type of phishing fraud in which an attacker uses SMS to send text messages containing deceptive links of malicious websites or telephone numbers to a victim.

Question 75

David, a technical support team member, leveraged the BYOD policy and copied confidential data into his device. He immediately tried to forward it to the rival company using the company’s Wi-Fi network but failed to do so, as the company had enforced restrictions on sending corporate data to the outside network.

Which of the following BYOD risks was demonstrated in the above scenario?

Answer 75

Disgruntled employees: Disgruntled employees in an organization can misuse corporate data stored on their mobile devices. They may also leak sensitive information to competitors.

Question 76

Which of the following solutions helps system administrators to deploy and manage software applications across all enterprise mobile devices to secure, monitor, manage, and support devices?

Answer 76

IBM MaaS360: IBM Security MaaS360 with Watson transforms how IT is securing smartphones, tablets, laptops, desktops, wearables, and the Internet of Things (IoT) without sacrificing a great user experience.

Question 77

Which of the following guidelines must be followed to secure a mobile device against malicious attacks?

Answer 77

Do not share information within GPS-enabled apps unless necessary

Question 78

Which of the following tools helps users protect their mobile devices against cyber threats or mobile-based security issues?

Answer 78

Lookout Personal
helps keep your personal information private by showing you which apps can access your location, contacts, messages, and identity information. Confidently browse the web without worrying about websites that might infect your phone or steal your personal information.

Question 79

Identify the layer in IoT architecture that acts as an interface between the application and hardware layer and is responsible for data management, device management, data analysis, data aggregation, and data filtering.

Answer 79

Middleware Layer: This is one of the most critical layers that operates in two-way mode. As the name suggests, this layer sits in the middle of the application layer and the hardware layer, thus behaving as an interface between these two layers. It is responsible for important functions such as data management, device management, and various issues like data analysis, data aggregation, data filtering, device information discovery, and access control.

Question 80

Identify the layer in IoT architecture that consists of all the hardware components, including sensors, RFID tags, readers, and plays an important part in data collection and connecting devices within the network.

Answer 80

Edge technology layer
The edge is the main physical device in the IoT ecosystem that interacts with its surroundings and contains various components like sensors, actuators, operating systems, hardware and network, and communication capabilities.

Question 81

Austen, a professional hacker, has targeted the IoT devices of an organization and plans to dig up the encryption details used by the devices. He uses a technique to extract information about the encryption keys used by the IoT devices by observing the emission of signals.

Identify the attack technique employed by Austen in the above scenario.

Answer 81

Side-Channel Attack: Attackers perform side-channel attacks by extracting information about encryption keys by observing the emission of signals, i.e., “side channels”, from IoT devices.

Question 82

Identify the attack in which an attacker creates a strong illusion of traffic congestion using multiple forged identities.

Answer 82

Sybil attack
an online exploit where hackers infiltrate a network by controlling multiple computers or accounts. Such attacks aim to gain majority control of a network and use it to influence transactions and other functions of the network.

Question 83

Which of the following practices can make IoT infrastructure vulnerable to online attacks?

Answer 83

Allow all the IP addresses to access the device from the Internet

Question 84

Which of the following countermeasures help security professionals defend the IoT network against cyberattacks?

Answer 84

Locate control system networks and devices behind firewalls, and isolate them from the business network

Question 85

Which of the following components belongs to the IT network that can be integrated with OT systems to improve security, quality, and productivity?

Answer 85

Cloud
refers to servers that are accessed over the Internet, and the software and databases that run on those servers.

Question 86

Robert, a security specialist, was appointed by a manufacturing company to design an interruptible production environment. He implemented the Purdue model, which divides the IT/OT network into separate zones. A zone in the Purdue model restricts the direct communication between IT and OT systems to continue production even if any errors are generated from the working systems.

Which of the following zones of the Purdue model segregates the IT and OT systems to provide an uninterruptible production environment?

Answer 86

Industrial Demilitarized Zone: The demilitarized zone is a barrier between the manufacturing zone (OT systems) and enterprise zone (IT systems). This zone is created to inspect overall architecture. If any errors or intrusions compromise the working systems, the IDMZ holds the error and allows production to be continued without interruption.

Question 87

James, an attacker, targeted an industrial network to halt the operations of SCADA devices. He exploited a stack-based buffer overflow vulnerability in the operational software that resulted in a crash of the program that operates SCADA devices.

Which of the following vulnerabilities is exploited by James in the above scenario?

Answer 87

Memory corruption
the vulnerability that may occur in a computer system when its memory is altered without an explicit assignment. The contents of a memory location are modified due to programming errors which enable attackers to execute an arbitrary code.

Question 88

Justin, a security professional, performs continuous monitoring and anomaly detection of the OT systems in his organization to thwart any type of malfunctioning of the OT devices. For this purpose, he deployed a tool that ensures the reliability of networks and avoids downtime and disruption of service continuity.

Identify the tool utilized by Justin to protect the OT systems and networks.

Answer 88

Flowmon
processes network telemetry data including IP flows and raw packets, which it collects from a variety of network devices. Dedicated proprietary sensors called Flowmon Probes can be used to improve performance, increase data granularity, and enrich the flow data with L7-information.

Question 89

Which of the following cloud computing models provides penetration testing, authentication, intrusion detection, and anti-malware services to corporate infrastructure in a cost-effective way?

Answer 89

Security-as-a-service
service provider integrates their security services into a corporate infrastructure on a subscription basis more cost-effectively than most individuals or corporations can provide on their own when the total cost of ownership is considered

Question 90

Which of the following entities in the NIST cloud deployment reference architecture is a party that performs an independent examination of cloud service controls to express an opinion and verify adherence to standards through a review of the objective evidence?

Answer 90

Cloud Auditor: A cloud auditor is a party that performs an independent examination of cloud service controls to express an opinion thereon. Audits verify adherence to standards through a review of the objective evidence.

Question 91

Which of the following components in the container network model encompasses the container network stack configuration to manage container interfaces, routing tables, and DNS settings?

Answer 91

Sandbox: Sandbox comprises the container network stack configuration for the management of container interfaces, routing tables, and domain name system (DNS) settings.

Question 92

Which of the following components in Docker architecture refers to locations where images are stored and pulled whenever required?

Answer 92

Docker Registries
is a storage and distribution system for named Docker images. The same image might have multiple different versions, identified by their tags. A Docker registry is organized into Docker repositories , where a repository holds all the versions of a specific image.

Question 93

Which of the following cloud computing threats is caused by incomplete and non-transparent terms of use and hidden dependencies created by cross-cloud applications?

Answer 93

Supply chain failure

Question 94

Smith, a professional hacker, was assigned to perform an attack on AWS S3 buckets. He employed a tool to brute-force AWS S3 buckets with different permutations to breach the security mechanism and inject malware into the bucket files.

Identify the tool employed by Smith in the above scenario.

Answer 94

lazys3
A Ruby script to bruteforce for AWS s3 buckets using different permutations.

Question 95

Which of the following countermeasures helps security teams protect the cloud environment against online threats?

Answer 95

Verify one’s own cloud in public domain blacklists

Question 96

Which of the following countermeasures helps security professionals secure the cloud network from cryptojacking attacks?

Answer 96

Review all third-party components used by the company’s websites

Question 97

Smith, a certified pen tester, was assigned to perform penetration testing on the organization’s network. As he knew that penetration testing might harm the network, he followed a guideline that involves collecting sufficient evidence to determine whether any vulnerabilities exist in the network.

Which of the following guidelines did Smith follow in the above scenario?

Answer 97

Use indirect testing

Question 98

Identify the penetration testing approach representing an adversarial goal-based assessment where the pen tester mimics a real attacker and targets an environment.

Answer 98

Red-team-oriented penetration testing approach: This approach is an adversarial goal-based assessment in which the pen tester must mimic a real attacker and target an environment.

Question 99

Identify the pen testing operation that involves gathering all the information significant to security vulnerabilities and testing the targeted environment, including network configuration, topology, hardware, and software.

Answer 99

Performing the Penetration Test: Each company ensures that the processes they implement for penetration testing are appropriate. Therefore, proper methodologies must be used for performing a good penetration test. The tester is responsible for checking the system for any existing or new applications, networks, and systems, in addition to checking whether the system is vulnerable to a security risk that could allow unauthorized access.

Question 100

Identify the penetration testing methodology compiled by Pete Herzog and a standard set for penetration testing to achieve security metrics.

Answer 100

Open Source Security Testing Methodology Manual: The Open Source Security Testing Methodology Manual was compiled by Pete Herzog. It is a standard set for penetration testing to achieve security metrics.