Fourth Flashcards
What is attempting an injection attack on a web server based on responses to True/False questions called?
Blind SQLi
The establishment of a TCP connection involves a negotiation called three-way handshake. What type of message does the client send to the server in order to begin this negotiation?
SYN
You need a tool that can do network intrusion prevention and intrusion detection, function as a network sniffer, and record network activity. What tool would you most likely select?
Snort
Which of the following will perform an Xmas scan using NMAP?
nmap -sX 192.168.1.254
Code injection is a form of attack in which a malicious user:
Inserts text into a data field that gets interpreted as code
The collection of potentially actionable, overt, and publicly available information is known as
Open-source intelligence
Which one of the following Google advanced search operators allows an attacker to restrict the results to those websites in the given domain?
[site:]
This asymmetry cipher is based on factoring the product of two large prime numbers. What cipher is described above?
RSA
Firewalls are the software or hardware systems that are able to control and monitor the traffic coming in and out the target network based on pre-defined set of rules. Which of the following types of firewalls can protect against SQL injection attacks?
Web application firewall
During a recent security assessment, you discover the organization has one Domain Name Server (DNS) in a Demilitarized Zone (DMZ) and a second DNS server on the internal network. What is this type of DNS configuration commonly called?
Split DNS
In which of the following cryptography attack methods, the attacker makes a series of interactive queries, choosing subsequent plaintexts based on the information from the previous encryptions?
Chosen-plaintext attack
Which of the following attacks exploits web page vulnerabilities that allow an attacker to force an unsuspecting user’s browser to send malicious requests they did not intend?
Cross-Site Request Forgery (CSRF)
Which is the first step followed by Vulnerability Scanners for scanning a network?
Checking if the remote host is alive
Shellshock allowed an unauthorized user to gain access to a server. It affected many Internet-facing services, which OS did it not directly affect?
Windows
Alice encrypts her data using her public key PK and stores the encrypted data in the cloud. Which of the following attack scenarios will compromise the privacy of her data?
Alice also stores her private key in the cloud, and Harry breaks into the cloud server as before
A hacker named Jack is trying to compromise a bank’s computer system. He needs to know the operating system of that computer to launch further attacks. What process would help him?
Banner grabbing
What two conditions must a digital signature meet?
Has to be unforgeable, and to be authentic
Bob, a network administrator at BigUniversity, realized that some students are connecting their notebooks in the wired network to have Internet access. In the university campus, there are many Ethernet ports available for professors and authorized visitors but not for students. He identified this when the IDS alerted for malware activities in the network. What should Bob do to avoid this problem?
Use the 802.1x protocol
Which of the following Bluetooth hacking techniques does an attacker use to send messages to users without the recipient’s consent, similar to email spamming?
Bluejacking
Which method of password cracking takes the most time and effort?
Brute force
Which of the following program infects the system boot sector and the executable files at the same time?
Multipartite virus
You are a Penetration Tester and are assigned to scan a server. You need to use a scanning technique wherein the TCP Header is split into many packets so that it becomes difficult to detect what the packets are meant for. Which of the below scanning technique will you use?
IP Fragment scanning