Fourth Flashcards

1
Q

What is attempting an injection attack on a web server based on responses to True/False questions called?

A

Blind SQLi

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

The establishment of a TCP connection involves a negotiation called three-way handshake. What type of message does the client send to the server in order to begin this negotiation?

A

SYN

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

You need a tool that can do network intrusion prevention and intrusion detection, function as a network sniffer, and record network activity. What tool would you most likely select?

A

Snort

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

Which of the following will perform an Xmas scan using NMAP?

A

nmap -sX 192.168.1.254

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

Code injection is a form of attack in which a malicious user:

A

Inserts text into a data field that gets interpreted as code

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

The collection of potentially actionable, overt, and publicly available information is known as

A

Open-source intelligence

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

Which one of the following Google advanced search operators allows an attacker to restrict the results to those websites in the given domain?

A

[site:]

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

This asymmetry cipher is based on factoring the product of two large prime numbers. What cipher is described above?

A

RSA

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

Firewalls are the software or hardware systems that are able to control and monitor the traffic coming in and out the target network based on pre-defined set of rules. Which of the following types of firewalls can protect against SQL injection attacks?

A

Web application firewall

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

During a recent security assessment, you discover the organization has one Domain Name Server (DNS) in a Demilitarized Zone (DMZ) and a second DNS server on the internal network. What is this type of DNS configuration commonly called?

A

Split DNS

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

In which of the following cryptography attack methods, the attacker makes a series of interactive queries, choosing subsequent plaintexts based on the information from the previous encryptions?

A

Chosen-plaintext attack

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

Which of the following attacks exploits web page vulnerabilities that allow an attacker to force an unsuspecting user’s browser to send malicious requests they did not intend?

A

Cross-Site Request Forgery (CSRF)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

Which is the first step followed by Vulnerability Scanners for scanning a network?

A

Checking if the remote host is alive

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

Shellshock allowed an unauthorized user to gain access to a server. It affected many Internet-facing services, which OS did it not directly affect?

A

Windows

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

Alice encrypts her data using her public key PK and stores the encrypted data in the cloud. Which of the following attack scenarios will compromise the privacy of her data?

A

Alice also stores her private key in the cloud, and Harry breaks into the cloud server as before

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

A hacker named Jack is trying to compromise a bank’s computer system. He needs to know the operating system of that computer to launch further attacks. What process would help him?

A

Banner grabbing

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
17
Q

What two conditions must a digital signature meet?

A

Has to be unforgeable, and to be authentic

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
18
Q

Bob, a network administrator at BigUniversity, realized that some students are connecting their notebooks in the wired network to have Internet access. In the university campus, there are many Ethernet ports available for professors and authorized visitors but not for students. He identified this when the IDS alerted for malware activities in the network. What should Bob do to avoid this problem?

A

Use the 802.1x protocol

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
19
Q

Which of the following Bluetooth hacking techniques does an attacker use to send messages to users without the recipient’s consent, similar to email spamming?

A

Bluejacking

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
20
Q

Which method of password cracking takes the most time and effort?

A

Brute force

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
21
Q

Which of the following program infects the system boot sector and the executable files at the same time?

A

Multipartite virus

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
22
Q

You are a Penetration Tester and are assigned to scan a server. You need to use a scanning technique wherein the TCP Header is split into many packets so that it becomes difficult to detect what the packets are meant for. Which of the below scanning technique will you use?

A

IP Fragment scanning

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
23
Q

An IT employee got a call from one of our best customers. The caller wanted to know about the company’s network infrastructure, systems, and team. New opportunities of integration are in sight for both company and customer. What should this employee do?

A

The employee should not provide any information without previous management authorization

24
Q

You perform a scan of your company’s network and discover that TCP port 123 is open. What services by default run on TCP port 123?

A

Network Time Protocol

25
Q

Based on the below log, which of the following sentences are true?

Mar 1, 2016, 7:33:28 AM 10.240.250.23 – 54373 10.249.253.15 – 22 tcp_ip

A

Application is SSH and 10.240.250.23 is the client and 10.249.253.15 is the server

26
Q

You have successfully comprised a server having an IP address of 10.10.0.5. You would like to enumerate all machines in the same network quickly. What is the best Nmap command you will use?

A

nmap -T4 -F 10.10.0.0/24

27
Q

……..is an attack type for a rogue Wi-Fi access point that appears to be a legitimate one offered on the premises, but actually has been set up to eavesdrop on wireless communications. It is the wireless version of the phishing scam. An attacker fools wireless users into connecting a laptop or mobile phone to a tainted hotspot by posing as a legitimate provider. This type of attack may be used to steal the passwords of unsuspecting users by either snooping the communication link or by phishing, which involves setting up a fraudulent web site and luring people there. Fill in the blank with appropriate choice

A

Evil Twin Attack

28
Q

DNS cache snooping is a process of determining if the specified resource address is present in the DNS cache records. It may be useful during the examination of the network to determine what software update resources are used, thus discovering what software is installed. What command is used to determine if the entry is present in DNS cache?

A

nslookup -norecursive update.antivirus.com

29
Q

You are working as a Security Analyst in a company XYZ that owns the whole subnet range of 23.0.0.0/8 and 192.168.0.0/8. While monitoring the data, you find a high number of outbound connections. You see that IP’s owned by XYZ (Internal) and private IP’s are communicating to a Single Public IP. Therefore, the Internal IP’s are sending data to the Public IP. After further analysis, you find out that this Public IP is a blacklisted IP, and the internal communicating devices are compromised. What kind of attack does the above scenario depict?

A

Botnet attack

30
Q

Which of the following is an adaptive SQL Injection testing technique used to discover coding errors by inputting massive amounts of random data and observing the changes in the output?

A

Fuzzing testing

31
Q

Some clients of TPNQM SA were redirected to a malicious site when they tried to access the TPNQM main site. Bob, a system administrator at TPNQM SA, found that they were victims of DNS Cache Poisoning. What should Bob recommend to deal with such a threat?

A

The use of DNSSEC

32
Q

In which of the following password protection technique, random strings of characters are added to the password before calculating their hashes?

A

Salting

33
Q

Which Nmap option would you use if you were not concerned about being detected and wanted to perform a very fast scan?

A

-T5

34
Q

Which of the following provides a security professional with most information about the system’s security posture?

A

Port scanning, banner grabbing, service identification

35
Q

What is the most common method to exploit the “Bash Bug” or “ShellShock” vulnerability?

A

Through Web servers utilizing CGI (Common Gateway Interface) to send a malformed environment variable to a vulnerable Web server

36
Q

What term describes the amount of risk that remains after the vulnerabilities are classified and the countermeasures have been deployed?

A

Residual risk

37
Q

A hacker has managed to gain access to a Linux host and stolen the password file from /etc/passwd. How can he use it?

A

The password file does not contain the passwords themselves

38
Q

A technician is resolving an issue where a computer is unable to connect to the Internet using a wireless access point. The computer is able to transfer files locally to other machines, but cannot successfully reach the Internet. When the technician examines the IP address and default gateway they are both on the 192.168.1.0/24. Which of the following has occurred?

A

The gateway is not routing to a public IP address

39
Q

Chandler works as a pen-tester in an IT-firm in New York. As a part of detecting viruses in the systems, he uses a detection method where the anti-virus executes the malicious codes on a virtual machine to simulate CPU and memory activities. Which type of virus detection method did Chandler use in this context?

A

Code emulation

40
Q
An attacker scans a host with the below command. Which three flags are set? (Choose three.)
#nmap –sX host.domain.com
A

This is Xmas scan. URG, PUSH and FIN are set

41
Q

Due to a slowdown of normal network operations, the IT department decided to monitor internet traffic for all of the employees. From a legal standpoint, what would be troublesome to take this kind of measure?

A

Not informing the employees that they are going to be monitored could be an invasion of privacy

42
Q

Which component of IPsec performs protocol-level functions that are required to encrypt and decrypt the packets?

A

Internet Key Exchange (IKE)

43
Q

An attacker, using a rogue wireless AP, performed an MITM attack and injected an HTML code to embed a malicious applet in all HTTP connections. When users accessed any page, the applet ran and exploited many machines. Which one of the following tools the hacker probably used to inject HTML code?

A

Ettercap

44
Q

You are monitoring the network of your organizations. You notice that:
1. There are huge outbound connections from your Internal Network to External IPs
2. On further investigation, you see that the external IPs are blacklisted
3. Some connections are accepted, and some are dropped
4. You find that it is a CnC communication
Which of the following solution will you suggest?

A

Update the latest signatures on your IDS/IPS.

Clean the malware which are trying to communicate with the external blacklist IP’s

45
Q

Security Policy is a definition of what it means to be secure for a system, organization or other entity. For Information Technologies, there are sub-policies like Computer Security Policy, Information Protection Policy, Information Security Policy, network Security Policy, Physical Security Policy, Remote Access Policy, and User Account Policy. What is the main theme of the sub-policies for Information Technologies?

A

Confidentiality, Integrity, Availability

46
Q

Which of the following antennas is commonly used in communications for a frequency band of 10 MHz to VHF and UHF?

A

Yagi antenna

47
Q

Why should the security analyst disable/remove unnecessary ISAPI filters?

A

To defend against webserver attacks

48
Q

Which of the following security policies defines the use of VPN for gaining access to an internal corporate network?

A

Remote access policy

49
Q

To determine if a software program properly handles a wide range of invalid input, a form of automated testing can be used to randomly generate invalid input in an attempt to crash the program. What term is commonly used when referring to this type of testing?

A

Fuzzing

50
Q

If you want only to scan fewer ports than the default scan using Nmap tool, which option would you use?

A

-F

51
Q

In Risk Management, how is the term “likelihood” related to the concept of “threat?”

A

Likelihood is the probability that a threat-source will exploit a vulnerability.

52
Q

Which of the following statements is TRUE?

A

Sniffers operate on Layer 2 of the OSI model

53
Q

What is the least important information when you analyze a public IP address in a security alert?

A

ARP

54
Q

You are the Network Admin, and you get a complaint that some of the websites are no longer accessible. You try to ping the servers and find them to be reachable. Then you type the IP address and then you try on the browser, and find it to be accessible. But they are not accessible when you try using the URL. What may be the problem?

A

Traffic is blocked on UDP port 53

55
Q

Internet Protocol Security IPSec is actually a suite of protocols. Each protocol within the suite provides different functionality. Collective IPSec does everything except.

A

Work at the data link layer