Ethical Hacking as a Whole Flashcards

1
Q

Mark, a professional hacker, targets his opponent’s website. He finds susceptible user inputs, injects malicious SQL code into the database, and tampers with critical information.

A

Active attack:
Tamper with the data in transit or disrupt the communication or services between the systems to bypass or break into secured systems.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

Identify the type of attack vector that focuses on stealing information from the victim machine without its user being aware and tries to deliver a payload affecting computer performance.

A

APT Attack: Advanced Persistent Threat (APT) is an attack that focuses on stealing information from the victim machine without its user being aware of it. These attacks are generally targeted at large companies and government networks. APT attacks are slow in nature, so the effect on computer performance and Internet connections is negligible.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

Identify the insider attack wherein the miscreant can easily bypass security rules by using privileged access and cause a threat to the organization’s information systems.

A

Pod Slurping:
the act of using a portable data storage device such as an iPod digital audio player to illicitly download large quantities of confidential data by directly plugging it into a computer where the data are held, and which may be on the inside of a firewall.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

Which of the following titles of the Sarbanes Oxley Act (SOX) mandates that only senior executives should take individual responsibility for the accuracy and completeness of corporate financial reports?

A

Title III: Corporate Responsibility: Title III consists of eight sections and mandates that senior executives take individual responsibility for the accuracy and completeness of corporate financial reports.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

Which of the following titles in The Digital Millennium Copyright Act (DMCA) allows the owner of a copy of a program to make reproductions or adaptations when these are necessary to use the program in conjunction with a system?

A

Title III: Computer Maintenance or Repair

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

Which of the following countries has implemented the cyber law “Regulation of Investigatory Powers Act 2000”?

A

United Kingdom

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

Given below are the various phases involved in the cyber kill chain methodology.

Installation
Delivery
Reconnaissance
Actions on objectives
Weaponization
Exploitation
Command and control
What is the correct sequence of phases involved in the cyber kill chain methodology?

A

Reconnaissance
Weaponization
Delivery
Exploitation
Installation
Command and Control
Actions on Objectives

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

Identify the type of threat actors that include groups of individuals or communities involved in organized, planned, and prolonged criminal activities and who exploit victims from distinct jurisdictions on the Internet, making them difficult to locate.

A

Criminal Syndicates:
Criminal syndicates are groups of individuals or communities that are involved in organized, planned, and prolonged criminal activities.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

In which of the following hacking phases do attackers extract information such as live machines, port, port status, OS details, device type, and system uptime to launch further attacks?

A

Scanning:
Scanning refers to the pre- attack phase when the attacker scans the network for specific information based on information gathered during reconnaissance

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

Identify the term that refers to IT professionals who employ their hacking skills for defensive purposes, such as auditing their systems for known vulnerabilities and testing the organization’s network security for possible loopholes and vulnerabilities.

A

Ethical Hacker:
Ethical hacker refers to security professionals who employ their hacking skills for defensive purposes.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

Which of the following tools includes scanners such as comprehensive security scanners and port scanners and provides information such as NetBIOS names, configuration info, open TCP and UDP ports, transports, and shares?

A

Mega Ping
the ultimate must-have toolkit that provides all essential utilities for Information System specialists, system administrators, IT solution providers or individuals. Mega Ping includes: Scanners: Comprehensive Security Scanner, Port scanner (TCP and UDP ports), IP scanner, NetBIOS scanner, Share Scanner.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

Given below is the syntax of the nbtstat command.

nbtstat [-a RemoteName] [-A IP Address] [-c] [-n] [-r] [-R] [-RR] [-s] [-S] [Interval]

Which of the following Nbtstat parameters in the above syntax purges the name cache and reloads all #PRE-tagged entries from the Lmhosts file?

A

-R

Purges the name cache and reloads all #PRE-tagged entries from the Lmhosts file

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

Which of the following malware distribution techniques involves mimicking legitimate institutions in an attempt to steal login credentials?

A

Spear-phishing Sites: This technique is used for mimicking legitimate institutions, such as banks, to steal passwords, credit card and bank account data, and other sensitive information.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

Identify the trojan that uses port number 443 to infect the target systems and propagate malicious software to other systems.

A

Emotet
Emotet uses functionality that helps the software evade detection by some anti-malware products. Emotet uses worm-like capabilities to help spread to other connected computers. This helps in distribution of the malware.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

Benson, a professional hacker, uses a technique that can exploit browser vulnerabilities. Using this technique, he is able to install malware simply by visiting a web page, and the victim system gets exploited whenever the webpage is being explored.

Which of the following technique was mentioned in the above scenario?

A

Drive-by downloads
This refers to exploiting flaws in browser software to install malware just by visiting a web page.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

Which of the following viruses combines the approach of file infectors and boot record infectors and attempts to simultaneously attack both the boot sector and executable or program files?

A

Multipartite Viruses: A multipartite virus combines the approach of file infectors and boot record infectors and attempts to simultaneously attack both the boot sector and the executable or program files. When the virus infects the boot sector, it will, in turn, affect the system files and vice versa.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
17
Q

James, a student, was curious about hacking. Although he does not possess much knowledge about the subject, he initiated a DoS attack on a website using freely available tools on the Internet. As the website already has some sort of security controls, it detected unusual traffic and blocked James’s IP address.

Which of the following types of threat sources is discussed in the above scenario?

A

Unstructured external threats: Unstructured external threats are implemented by unskilled attackers, typically script kiddies who may be aspiring hackers, to access networks.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
18
Q

Daniel, an employee working from home, was assigned a task to complete within a half-day, but due to frequent power failures at his residential area, he failed to accomplish the task.

Which of the following threats was demonstrated in the above scenario?

A

Natural Threats: Natural factors such as fires, floods, power failures, lightning, meteor, and earthquakes are potential threats to the assets of an organization.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
19
Q

A computer user was trying to read the latest news articles from a popular website, but the user was prevented from accessing the resources of the website as certain underlying vulnerabilities in the webpage allowed an attacker to inject fake requests into the network; as a result, the server stopped responding to legitimate user requests.

What is the impact caused due to vulnerabilities in the above scenario?

A

Denial of service: Vulnerabilities may prevent users from accessing website services or other resources.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
20
Q

Rogers, an administrator, has installed new software on an employee’s system and forgot to change the credentials provided by the software vendor. Robert, an attacker, on the other hand, browsed an online resource to obtain credentials provided by the software vendor and used those credentials to gain remote access to the employee’s system to steal valuable data.

Identify the type of vulnerability demonstrated in the above scenario.

A

Default password and settings
A default password is a password supplied by the manufacturer with new equipment (e.g., switches, hubs, routers) that is password protected.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
21
Q

James, a professional pen tester, was appointed by an organization to perform a vulnerability assessment on server systems. James conducted a configuration-level check to identify system configurations, user directories, and file systems to evaluate the possibility of compromise for all the systems.

Identify the type of vulnerability assessment James performed in the above scenario.

A

Application assessment
An application assessment focuses on transactional web applications, traditional client- server applications, and hybrid systems.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
22
Q

Identify the metric used in CVSS assessment that represents the features that continue to change during the lifetime of the vulnerability.

A

Temporal Metric: Represents the features that continue to change during the lifetime of the vulnerability.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
23
Q

Which of the following malware masks itself as a benign application or software that initially appears to perform a desirable or benign function but steals information from a system?

A

Trojan: A Trojan is a program that masks itself as a benign application. The software initially appears to perform a desirable or benign function, but instead steals information or harms the system.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
24
Q

Identify the type of password attack that does not require any technical knowledge about hacking or system exploitation.

A

Non-Electronic Attack: This is, for most cases, the attacker’s first attempt at gaining target system passwords. Non-electronic or non-technical attacks do not require any technical knowledge about hacking or system exploitation. Techniques used to perform non-electronic attacks include shoulder surfing, social engineering, dumpster diving, etc.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
25
Q

Which of the following tools allows an attacker to crack the passwords of the target system?

A

Medusa: Medusa is a speedy, parallel, and modular, login brute-forcing tool.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
26
Q

Which of the following tools allows you to reset unknown or lost Windows local administrator, domain administrator, and other user account passwords?

A

John the Ripper
an Open Source password security auditing and password recovery tool available for many operating systems.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
27
Q

Which of the following practices can help administrators protect an organization’s server from password cracking attempts?

A

Enable account lockout with a certain number of attempts, counter time, and lockout duration.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
28
Q

Which of the following practices can make devices or networks vulnerable to password cracking attempts?

A

Using the system’s default passwords,
DO NOT USE any system’s default passwords.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
29
Q

Ross, a professional hacker, created a fake website and posted fake testimonials about a malicious anti-malware program that he developed. Upon reading the fake testimonials, some of the lured customers downloaded and installed the anti-malware.

Identify the behavior that made customers vulnerable to attack in the above scenario.

A

Social Proof: Consensus or social proof refers to the fact that people are usually willing to like things or do things that other people like or do. Attackers take advantage of this by doing things like creating websites and posting fake testimonials from users about the benefits of certain products such as anti-malware (rogue ware). Therefore, if users search the Internet to download the rogue ware, they encounter these websites and believe the forged testimonials.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
30
Q

Given below are different phases of social engineering attacks.

  1. Develop a relationship
  2. Exploit the relationship
  3. Research the target company
  4. Select a target
    What is the correct sequence of steps attackers follow to execute a successful social engineering attack?
A

3 -> 4 -> 1 -> 2
Research the target company
Select a target
Develop a relationship
Exploit the relationship

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
31
Q

Jade, a professional hacker, was planning to enter the premises of an organization that allows access only to authorized persons. For this purpose, he creates a fake ID resembling the ID of the office staff and enters the restricted area by closely following an authorized person through a door that requires key access.

Identify the type of attack performed by Jade in the above scenario.

A

Tailgating
Tailgating implies accessing a building or secured area without the consent of the authorized person.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
32
Q

Which of the following malware tricks the computer users into visiting malware-infested websites by telling the target user that their machine has been infected with malware?

A

Scareware: Scareware is a type of malware that tricks computer users into visiting malware-infested websites or downloading or buying potentially malicious software. Scareware is often seen in pop-ups that tell the target user that their machine has been infected with malware.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
33
Q

Abin, an attacker intending to access the critical assets and computing devices of an organization, impersonated Sally, a system administrator. Abin masquerades as Sally and gathers critical information from computing devices of the target organization.

Identify the type of insider threat demonstrated in the above scenario.

A

Compromised insider
An insider with access to critical assets of an organization who is compromised by an outside threat actor.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
34
Q

Which of the following encompasses all forms of identity theft, where the perpetrators attempt to impersonate someone else simply to hide their original profile?

A

Identity Cloning and Concealment: This type of identity theft encompasses all forms of identity theft, where the perpetrators attempt to impersonate someone else simply in order to hide their identity.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
35
Q

Which of the following is the best practice to be followed to increase password security?

A

Avoid using the same password for different accounts

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
36
Q

Which of the following countermeasures can assist users in reducing the chances of identity theft?

A

Enable two-factor authentication on all online accounts

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
37
Q

Which of the following protocols is used to communicate through port 23 and allows an attacker to log in to a network machine remotely via a TCP connection to sniff keystrokes, including usernames and passwords, that are sent in cleartext?

A

Telnet: Telnet is a protocol used for communicating with a remote host (via port 23) on a network using a command-line terminal. rlogin enables an attacker to log into a network machine remotely via a TCP connection. Neither of these protocols provides encryption; therefore, data traveling between clients connected through any of these protocols are in plaintext and vulnerable to sniffing. Attackers can sniff keystrokes, including usernames and passwords.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
38
Q

In which of the following OSI layers do sniffers operate and perform an initial compromise?

A

The data link layer is the second layer of the OSI model. In this layer, data packets are encoded and decoded into bits. Sniffers operate at the data link layer and can capture packets from this layer. Networking layers in the OSI model are designed to work independently of each other; thus, if a sniffer sniffs data in the data link layer, the upper OSI layers will not be aware of the sniffing.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
39
Q

Which of the following tool helps an attacker perform an ARP poisoning attack?

A

BetterCAP: bettercap is an ARP poisoning tool and also it is the Swiss Army knife for WiFi, Bluetooth Low Energy, wireless HID hijacking and Ethernet networks reconnaissance and MITM attacks.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
40
Q

Identify the technique that sends non-broadcast ARP to all the nodes in the network, and the node that runs in promiscuous mode broadcasts a ping message on the network with the local IP address but a different MAC address.

A

ARP method
Address Resolution Protocol (ARP) is a protocol that enables network communications to reach a specific device on the network. ARP translates Internet Protocol (IP) addresses to a Media Access Control (MAC) address, and vice versa.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
41
Q

Which of the following techniques is useful in detecting a system that runs in promiscuous mode and in turn helps detect sniffers installed on the network?

A

Ping Method: To detect a sniffer on a network, identify the system on the network running in promiscuous mode. The ping method is useful in detecting a system that runs in promiscuous mode, which in turn helps to detect sniffers installed on the network.

42
Q

Identify the type of attack in which the attacker sends a large number of connection requests to the target server with fake source IP addresses, creating incomplete TCP connections that use up all network resources.

A

SYN Flood Attack: In a SYN attack, the attacker sends a large number of SYN requests to the target server (victim) with fake source IP addresses. The attack creates incomplete TCP connections that use up network resources.

43
Q

Williams, a professional hacker, was hired by an organization to damage the reputation of their rival company. Williams spoofed a customer’s rival company’s IP address and initiated sending multiple ICMP ECHO request packets to an IP broadcast network. As a result, all the hosts together started sending responses to the customer’s IP address. These responses were sent to the customer machine, diverting significant traffic toward it and crashing it in the process.

Identify the type of attack performed by Williams in the above scenario.

A

Smurf attack
In a Smurf attack, the attacker spoofs the source IP address with the victim’s IP address and sends a large number of ICMP ECHO request packets to an IP broadcast network.

44
Q

Which of the following best practices should be followed to thwart DoS/DDoS attacks?

A

Block all inbound packets originating from the service ports

45
Q

Which of the following countermeasures helps security professionals defend against DoS/DDoS attacks?

A

Secure remote administration and connectivity testing

46
Q

Identify the type of attack in which an attacker seizes control of a valid TCP communication between two computers and gains access to a machine while the communication is in progress.

A

Session Hijacking: Session hijacking is an attack in which an attacker takes over a valid Transmission Control Protocol (TCP) communication session between two computers. Because most types of authentication are performed only at the start of a TCP session, an attacker can gain access to a machine while a session is in progress. Attackers can sniff all the traffic from established TCP sessions and perform identity theft, information theft, fraud, etc.

47
Q

In which of the following session hijacking phases does an attacker break the connection to the victim’s machine by knowing the next sequence number (NSN)?

A

Session Desynchronization: Break the connection to the victim’s machine. It is easy to accomplish this attack if the attacker knows the next sequence number (NSN) used by the client. A session can be hijacked by using that sequence number before the client uses it.

48
Q

Which of the following countermeasures should be followed to defend against session hijacking?

A

Use HPKP to allow users to authenticate web servers
(HPKP works by allowing a website to tell browsers that it should only accept certificates using specified encryption keys. This is done with an HTTP header the browser remembers (or “pins”) for a configured time period.)

49
Q

Identify the web-based attack in which the attacker makes unauthorized changes to a website’s content that results in changes to the visual appearance of the web page or website.

A

Website Defacement: Attackers can completely change the appearance of a website by replacing its original data. They deface the target website by changing the visuals and displaying different pages with messages of their own

50
Q

Which of the following components of a web server is located between the web client and web server to pass all the requests and is also used to prevent IP blocking and maintain anonymity?

A

Web Proxy: A proxy server is located between the web client and web server. Owing to the placement of web proxies, all requests from clients are passed on to the web server through the web proxies. They are used to prevent IP blocking and maintain anonymity.

51
Q

Which of the following practices makes web servers vulnerable to various online attacks?

A

Apply unrestricted ACLs and allow remote registry administration

52
Q

Joseph, an administrator in an organization, has installed server software on a machine. Soon after installing the software, he updated the server machine with all the necessary solutions to secure the server and the network.

Which of the following security practice does Joseph need to follow to secure the web server?

A

Screen and filter incoming traffic requests.

53
Q

Identify the operation in web service architecture that involves obtaining the service interface description at development time and obtaining the binding and location description calls at run time.

A

Find: During this operation, the requester tries to obtain the service descriptions. This operation can be processed in two different phases: obtaining the service interface description at development time and obtain the binding and location description calls at run time.

54
Q

In which of the following layers of the vulnerability stack do attackers flood the switches with numerous requests that exhaust the CAM table, causing it to behave like a hub?

A

Layer 2: Routers/switches route network traffic only to specific machines. Attackers flood these switches with numerous requests that exhaust the CAM table, causing it to behave like a hub. Then, they focus on the target website by sniffing data (in the network), which can include credentials or other personal information.

55
Q

Bob, a user, has been accessing “www.certifiedhacker.com” using his registered account. Don, an attacker, on the other hand, targeted Bob’s system browser, used a sniffer to sniff the cookie that contains Bob’s current session ID. Using the session ID, Don impersonated Bob and accessed Bob’s already logged-in page.

Identify the application security risk demonstrated in the above scenario.

A

A2 – Broken authentication
(OWASP Application functions related to authentication and session management are often implemented incorrectly, allowing attackers to compromise passwords, keys, or session tokens, or to exploit other implementation flaws to assume other users’ identities temporarily or permanently.)

56
Q

Which of the following built-in tool of Burp Suite is used for testing the randomness of session tokens?

A

Sequencer tool: For testing the randomness of session tokens.

57
Q

Which of the following countermeasures helps a security specialist defend the application against command injection attacks?

A

Avoid executing commands such as exec

58
Q

Which of the following countermeasures should be followed to protect web applications against broken authentication and session management attacks?

A

Apply pass phrasing with at least five random words

59
Q

Freddy, a professional hacker, targets an organization and identifies that the target web application is vulnerable to an SQL injection, but he cannot view the results. He, therefore, uses a technique for retrieving a large amount of data that can perform time delay SQL injection attacks by using multiple joins on the system tables.

Identify the type of attack performed by Freddy in the above scenario.

A

Heavy query
A structured query language (SQL) injection is defined as a cybersecurity attack technique or vulnerability, where malicious types of SQL statements are placed inside entry fields in backend databases, either deliberately or inadvertently, which facilitates attacks on data-driven applications.(SQL injection is a technique used to take advantage of un- sanitized input vulnerabilities to pass SQL commands through a web application for execution by a backend database.)

60
Q

Which of the following practices helps developers defend against SQL injection attacks?

A

Test the content of string variables and accept only expected values

61
Q

Identify the IEEE 802.16 standard, a wireless communications standard designed to provide multiple physical layer (PHY) and MAC options.

A

802.16 (WiMax): The IEEE 802.16 standard is a wireless communications standard designed to provide multiple physical layer (PHY) and MAC options. It is also known as WiMax. This standard is a specification for fixed broadband wireless metropolitan access networks (MANs) that use a point-to-multipoint architecture.

62
Q

Which of the following protocols is an 802.15.4 standard and transmits long-distance data through a mesh network?

A

ZigBee
protocol defines methods for implementing security services such as cryptographic key establishment, key transport, frame protection, and device management.

63
Q

Identify the protocol that is a component of IEEE 802.11 WLAN standards, the primary purpose of which is to ensure data confidentiality on wireless networks at a level equivalent to that of wired LANs.

A

WEP
WEP is an encryption algorithm for IEEE 802.11 wireless networks. It is an old wireless security standard and can be cracked easily.

64
Q

Which of the following protocols uses AES-GCMP 256 encryption algorithm, ECDH and ECDSA key management, and BIP-GMAC-256 integrity check mechanism to secure wireless communication?

A

WPA3
It is a third- generation Wi- Fi security protocol that provides new features for personal and enterprise usage.

65
Q

Smith, a professional hacker, has performed an attack on an organization’s employees by taking advantage of a security flaw present in a wireless access point. He changed the SSID of a rogue access point with the SSID of the organization’s access point and sent beacons advertising the rogue AP to lure employees into connecting to it. Consequently, Smith gained access to sensitive information such as the usernames and passwords of connected users.

Identify the type of attack performed by Smith in the above scenario.

A

Client mis-association attack
Mis-association is a security flaw that can occur when a network client connects with a neighboring AP.

66
Q

David, a professional hacker, has performed an attack to crack WPA2 encryption used in the target wireless network. He employed a tool from the Aircrack-ng Suite to switch his wireless interface from the managed mode to the monitor mode.

Identify the tool employed by David in the above scenario.

A

Airmon-ng
This script can be used to enable monitor mode on wireless interfaces. It may also be used to kill network managers, or go back from monitor mode to managed mode. Entering the airmon-ng command without parameters will show the interfaces status.

67
Q

Meghan, a professional hacker, was researching the latest vulnerabilities and practicing how to compromise them. She targeted an employee and performed footprinting to determine the make and model of the employee’s Bluetooth-enabled device. She used the gathered information to create infographics of the model and manufacturer and analyzed the information to check whether the device had any exploitable vulnerabilities.

Identify the type of attack performed by Meghan in the above scenario.

A

BluePrinting:
BluePrinting is a footprinting technique performed by an attacker to determine the make and model of a target Bluetooth-enabled device. Attackers collect this information to create infographics of the model, manufacturer, etc. and analyze them to determine whether the device has exploitable vulnerabilities.

68
Q

Patrick, a parent of school-going kids, is frustrated with his children continuously playing an online game. After realizing that direct confrontation may not be the most effective option in the long term, he turned on the Bluetooth on their devices and performed an over-the-air attack by sending annoying messages to the children’s devices. As a result, his children lost interest in the game.

Identify the type of Bluetooth attack performed by Patrick in the above scenario.

A

Bluejacking
Bluejacking is the use of Bluetooth to send messages to users without the recipient’s consent, similar to email spamming.

69
Q

Which of the following practices is NOT a countermeasure against Bluetooth attacks?
Keep the device in the non-discoverable (hidden) mode
Do not accept any unknown or unexpected request for pairing
Keep Bluetooth in the disabled state and enable it only when needed. Disable Bluetooth immediately after the intended task is completed.
Disable automatic connections to public Wi-Fi networks for protecting Bluetooth devices from unsecured sources.
Update the software and drivers of the Bluetooth devices and regularly change the passwords.
Use a VPN for secure connections between Bluetooth devices.

A

Keep the device in the non-discoverable (hidden) mode

70
Q

Which of the following practices can allow attackers to evade the wireless authentication process?

A

Keep drivers on all wireless equipment updated.
Never update drivers on all wireless equipment

71
Q

Walter, a professional hacker, was trying to exploit nascent vulnerabilities in a target mobile application. He utilized a technique to analyze the final core binary to determine its source code and libraries. Further, this analysis gave him insights into the inner workings of the application.

Identify the mobile risk exploited by Walter in the above scenario.

A

Reverse engineering
the process of taking something apart to see how it works, whether it’s a physical object such as a lock or in this case, a mobile application. Decompiling is a form of reverse engineering in which a mobile app is analyzed by looking at its source code.

72
Q

Roger, a professional hacker, targeted an employee’s mobile device, which the organization allocated as a part of BYOD policy. Roger tricked the target employee into clicking on a malicious link that appeared to be sent by the security team. Soon after the employee clicked on the link, Roger installed malicious software that exploited the device’s browser, cookies, and security permissions.

Identify the type of attack performed by Roger in the above scenario.

A

User-initiated code
( it runs the risk of spreading to other work devices, networks or servers. Users may unwittingly send infected files via email, or have their login credentials for work servers and software stolen, and used by malicious actors.)

73
Q

Joe targeted a coffee shop and wanted to sniff customers’ credentials who were paying bills from their Android devices. To achieve this, he hosted a free Wi-Fi hotspot using an Android application that lured customers to connect to it. After the devices got connected to his network, Joe performed a MITM attack to hijack their sessions with banking portals and recorded credentials being entered to log in.

Which of the following tools has Joe employed in the above scenario?

A

zANTI: zANTI is an android application that allows you to perform the following attacks:
Create malicious Wi-Fi hotspot to capture victims to control and hijack their device traffic
MITM and DoS attack
View, modify, and redirect all HTTP requests and responses
Redirect HTTPS to HTTP; redirect HTTP request to a particular IP or web page
Insert HTML code into web pages
Hijack sessions
View and replace all images that are transmitted over the network

74
Q

David, a professional hacker, was hired to attack mobile devices owned by an organization. He broadcasted a well-crafted text message with a malicious link to all the organization’s mobile numbers to collect their personal and financial information.

Identify the type of attack performed by David in the above scenario.

A

SMiShing: SMS phishing (also known as SMiShing) is a type of phishing fraud in which an attacker uses SMS to send text messages containing deceptive links of malicious websites or telephone numbers to a victim.

75
Q

David, a technical support team member, leveraged the BYOD policy and copied confidential data into his device. He immediately tried to forward it to the rival company using the company’s Wi-Fi network but failed to do so, as the company had enforced restrictions on sending corporate data to the outside network.

Which of the following BYOD risks was demonstrated in the above scenario?

A

Disgruntled employees: Disgruntled employees in an organization can misuse corporate data stored on their mobile devices. They may also leak sensitive information to competitors.

76
Q

Which of the following solutions helps system administrators to deploy and manage software applications across all enterprise mobile devices to secure, monitor, manage, and support devices?

A

IBM MaaS360: IBM Security MaaS360 with Watson transforms how IT is securing smartphones, tablets, laptops, desktops, wearables, and the Internet of Things (IoT) without sacrificing a great user experience.

77
Q

Which of the following guidelines must be followed to secure a mobile device against malicious attacks?

A

Do not share information within GPS-enabled apps unless necessary

78
Q

Which of the following tools helps users protect their mobile devices against cyber threats or mobile-based security issues?

A

Lookout Personal
helps keep your personal information private by showing you which apps can access your location, contacts, messages, and identity information. Confidently browse the web without worrying about websites that might infect your phone or steal your personal information.

79
Q

Identify the layer in IoT architecture that acts as an interface between the application and hardware layer and is responsible for data management, device management, data analysis, data aggregation, and data filtering.

A

Middleware Layer: This is one of the most critical layers that operates in two-way mode. As the name suggests, this layer sits in the middle of the application layer and the hardware layer, thus behaving as an interface between these two layers. It is responsible for important functions such as data management, device management, and various issues like data analysis, data aggregation, data filtering, device information discovery, and access control.

80
Q

Identify the layer in IoT architecture that consists of all the hardware components, including sensors, RFID tags, readers, and plays an important part in data collection and connecting devices within the network.

A

Edge technology layer
The edge is the main physical device in the IoT ecosystem that interacts with its surroundings and contains various components like sensors, actuators, operating systems, hardware and network, and communication capabilities.

81
Q

Austen, a professional hacker, has targeted the IoT devices of an organization and plans to dig up the encryption details used by the devices. He uses a technique to extract information about the encryption keys used by the IoT devices by observing the emission of signals.

Identify the attack technique employed by Austen in the above scenario.

A

Side-Channel Attack: Attackers perform side-channel attacks by extracting information about encryption keys by observing the emission of signals, i.e., “side channels”, from IoT devices.

82
Q

Identify the attack in which an attacker creates a strong illusion of traffic congestion using multiple forged identities.

A

Sybil attack
an online exploit where hackers infiltrate a network by controlling multiple computers or accounts. Such attacks aim to gain majority control of a network and use it to influence transactions and other functions of the network.

83
Q

Which of the following practices can make IoT infrastructure vulnerable to online attacks?

A

Allow all the IP addresses to access the device from the Internet

84
Q

Which of the following countermeasures help security professionals defend the IoT network against cyberattacks?

A

Locate control system networks and devices behind firewalls, and isolate them from the business network

85
Q

Which of the following components belongs to the IT network that can be integrated with OT systems to improve security, quality, and productivity?

A

Cloud
refers to servers that are accessed over the Internet, and the software and databases that run on those servers.

86
Q

Robert, a security specialist, was appointed by a manufacturing company to design an interruptible production environment. He implemented the Purdue model, which divides the IT/OT network into separate zones. A zone in the Purdue model restricts the direct communication between IT and OT systems to continue production even if any errors are generated from the working systems.

Which of the following zones of the Purdue model segregates the IT and OT systems to provide an uninterruptible production environment?

A

Industrial Demilitarized Zone: The demilitarized zone is a barrier between the manufacturing zone (OT systems) and enterprise zone (IT systems). This zone is created to inspect overall architecture. If any errors or intrusions compromise the working systems, the IDMZ holds the error and allows production to be continued without interruption.

87
Q

James, an attacker, targeted an industrial network to halt the operations of SCADA devices. He exploited a stack-based buffer overflow vulnerability in the operational software that resulted in a crash of the program that operates SCADA devices.

Which of the following vulnerabilities is exploited by James in the above scenario?

A

Memory corruption
the vulnerability that may occur in a computer system when its memory is altered without an explicit assignment. The contents of a memory location are modified due to programming errors which enable attackers to execute an arbitrary code.

88
Q

Justin, a security professional, performs continuous monitoring and anomaly detection of the OT systems in his organization to thwart any type of malfunctioning of the OT devices. For this purpose, he deployed a tool that ensures the reliability of networks and avoids downtime and disruption of service continuity.

Identify the tool utilized by Justin to protect the OT systems and networks.

A

Flowmon
processes network telemetry data including IP flows and raw packets, which it collects from a variety of network devices. Dedicated proprietary sensors called Flowmon Probes can be used to improve performance, increase data granularity, and enrich the flow data with L7-information.

89
Q

Which of the following cloud computing models provides penetration testing, authentication, intrusion detection, and anti-malware services to corporate infrastructure in a cost-effective way?

A

Security-as-a-service
service provider integrates their security services into a corporate infrastructure on a subscription basis more cost-effectively than most individuals or corporations can provide on their own when the total cost of ownership is considered

90
Q

Which of the following entities in the NIST cloud deployment reference architecture is a party that performs an independent examination of cloud service controls to express an opinion and verify adherence to standards through a review of the objective evidence?

A

Cloud Auditor: A cloud auditor is a party that performs an independent examination of cloud service controls to express an opinion thereon. Audits verify adherence to standards through a review of the objective evidence.

91
Q

Which of the following components in the container network model encompasses the container network stack configuration to manage container interfaces, routing tables, and DNS settings?

A

Sandbox: Sandbox comprises the container network stack configuration for the management of container interfaces, routing tables, and domain name system (DNS) settings.

92
Q

Which of the following components in Docker architecture refers to locations where images are stored and pulled whenever required?

A

Docker Registries
is a storage and distribution system for named Docker images. The same image might have multiple different versions, identified by their tags. A Docker registry is organized into Docker repositories , where a repository holds all the versions of a specific image.

93
Q

Which of the following cloud computing threats is caused by incomplete and non-transparent terms of use and hidden dependencies created by cross-cloud applications?

A

Supply chain failure

94
Q

Smith, a professional hacker, was assigned to perform an attack on AWS S3 buckets. He employed a tool to brute-force AWS S3 buckets with different permutations to breach the security mechanism and inject malware into the bucket files.

Identify the tool employed by Smith in the above scenario.

A

lazys3
A Ruby script to bruteforce for AWS s3 buckets using different permutations.

95
Q

Which of the following countermeasures helps security teams protect the cloud environment against online threats?

A

Verify one’s own cloud in public domain blacklists

96
Q

Which of the following countermeasures helps security professionals secure the cloud network from cryptojacking attacks?

A

Review all third-party components used by the company’s websites

97
Q

Smith, a certified pen tester, was assigned to perform penetration testing on the organization’s network. As he knew that penetration testing might harm the network, he followed a guideline that involves collecting sufficient evidence to determine whether any vulnerabilities exist in the network.

Which of the following guidelines did Smith follow in the above scenario?

A

Use indirect testing

98
Q

Identify the penetration testing approach representing an adversarial goal-based assessment where the pen tester mimics a real attacker and targets an environment.

A

Red-team-oriented penetration testing approach: This approach is an adversarial goal-based assessment in which the pen tester must mimic a real attacker and target an environment.

99
Q

Identify the pen testing operation that involves gathering all the information significant to security vulnerabilities and testing the targeted environment, including network configuration, topology, hardware, and software.

A

Performing the Penetration Test: Each company ensures that the processes they implement for penetration testing are appropriate. Therefore, proper methodologies must be used for performing a good penetration test. The tester is responsible for checking the system for any existing or new applications, networks, and systems, in addition to checking whether the system is vulnerable to a security risk that could allow unauthorized access.

100
Q

Identify the penetration testing methodology compiled by Pete Herzog and a standard set for penetration testing to achieve security metrics.

A

Open Source Security Testing Methodology Manual: The Open Source Security Testing Methodology Manual was compiled by Pete Herzog. It is a standard set for penetration testing to achieve security metrics.