MISSED QUIZ QUESTIONS

Question 1

Allen, a professional pen tester, was hired by XpertTech Solutions to perform an attack simulation on the organization’s network resources. To perform the attack, he took advantage of the NetBIOS API and targeted the NetBIOS service. By enumerating NetBIOS, he found that port 139 was open and could see the resources that could be accessed or viewed on a remote system. He came across many NetBIOS codes during enumeration. Identify the NetBIOS code used for obtaining the messenger service running for the logged-in user?

a. <20>
b. <03>
c. <1B>
d. <00>

Answer 1

b. <03>

Question 2

Andrew is an Ethical Hacker who was assigned the task of discovering all the active devices hidden by a restrictive firewall in the IPv4 range in a given target network. Which of the following host discovery techniques must he use to perform the given task?

a. UDP Scan
b. ARP Ping Scan
c. ACK Flag probe scan
d. TCP Maimon Scan

Answer 2

b. ARP Ping Scan

Question 3

By performing a penetration test, you gained access under a user account. During the test, you established a connection with your own machine via the SMB service and occasionally entered your login and password in plaintext. Which file do you have to clean to clear the password?

.bash_history
.profile
.bashrc
.xsession-log

Answer 3

.bash_history

Question 4

An organization is performing a vulnerability assessment for mitigating threats. James, a pen tester, scanned the organization by building an inventory of the protocols found on the organization’s machines to detect which ports are attached to services such as an email server, a webserver, or a database server. After identifying the services, he selected the vulnerabilities on each machine and started executing only the relevant tests. What is the type of vulnerability assessment solution that James employed in the above scenario?

a. Service-based solutions
b. Product-based solutions
c. Tree-based assessment
d. Inference-based assessment

Answer 4

d. Inference-based assessment

Question 5

Which of the following act requires employer’s standard national numbers to identify them on standard transactions?

HIPAA
PCI-DSS
SOX
DMCA

Answer 5

HIPAA

Question 6

Mike, a security engineer, was recently hired by BigFox Ltd. The company recently experienced disastrous DoS attacks. The management had instructed Mike to build defensive strategies for the company’s IT infrastructure to thwart DoS/DDoS attacks. Mike deployed some countermeasures to handle jamming and scrambling attacks. What is the countermeasure Mike applied to defend against jamming and scrambling attacks?

Disable TCP SYN cookie protection
Implement cognitive radios in the physical layer
Allow the transmission of all types of addressed packets at the ISP level
Allow the usage of functions such as gets and strcpy

Answer 6

Implement cognitive radios in the physical layer

Question 7

Which type of virus can change its own code and then cipher itself multiple times as it replicates?

Stealth virus
Cavity virus
Tunneling virus
Encryption virus

Answer 7

Stealth virus

Question 8

Security administrator John Smith has noticed abnormal amounts of traffic coming from local computers at night. Upon reviewing, he finds that user data have been exfiltrated by an attacker. AV tools are unable to find any malicious software, and the IDS/IPS has not reported on any non-whitelisted programs. What type of malware did the attacker use to bypass the company’s application whitelisting?

File-less malware
Logic bomb
Phishing malware
Zero-day malware

Answer 8

File-less malware

Question 9

Wilson, a professional hacker, targets an organization for financial benefit and plans to compromise its systems by sending malicious emails. For this purpose, he uses a tool to track the emails of the target and extracts information such as sender identities, mail servers, sender IP addresses, and sender locations from different public sources. He also checks if an email address was leaked using the haveibeenpwned.com API. Which of the following tools is used by Wilson in the above scenario?

Factiva
Infoga
Zoominfo
Netcraft

Answer 9

Infoga

Question 10

A DDoS attack is performed at layer 7 to take down web infrastructure. Partial HTTP requests are sent to the web infrastructure or applications. Upon receiving a partial request, the target servers opens multiple connections and keeps waiting for the requests to complete. Which attack is being described here?

Desynchronization
Phlashing
Session splicing
Slowloris attack

Answer 10

Slowloris attack

Question 11

Steve, an attacker, created a fake profile on a social media website and sent a request to Stella. Stella was enthralled by Steve’s profile picture and the description given for his profile, and she initiated a conversation with him soon after accepting the request. After a few days, Steve started asking about her company details and eventually gathered all the essential information regarding her company. What is the social engineering technique Steve employed in the above scenario?

Baiting
Diversion theft
Honey trap
Piggybacking

Answer 11

Honey trap

Question 12

Robin, a professional hacker, targeted an organization’s network to sniff all the traffic. During this process, Robin plugged in a rogue switch to an unused port in the LAN with a priority lower than any other switch in the network so that he could make it a root bridge that will later allow him to sniff all the traffic in the network. What is the attack performed by Robin in the above scenario?

ARP spoofing attack
DNS poisoning attack
VLAN hopping attack
STP Attack

Answer 12

STP Attack