Independence Day Special Limited Time 60% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: 1b2718643m

312-50v11 Exam Dumps - Certified Ethical Hacker Exam - CEH v11

Question # 4

While testing a web application in development, you notice that the web server does not properly ignore the “dot dot slash” (../) character string and instead returns the file listing of a folder structure of the server.

What kind of attack is possible in this scenario?

A.

Cross-site scripting

B.

Denial of service

C.

SQL injection

D.

Directory traversal

Full Access
Question # 5

When purchasing a biometric system, one of the considerations that should be reviewed is the processing speed. Which of the following best describes what it is meant by processing?

A.

The amount of time and resources that are necessary to maintain a biometric system

B.

How long it takes to setup individual user accounts

C.

The amount of time it takes to be either accepted or rejected from when an individual provides identification and authentication information

D.

The amount of time it takes to convert biometric data into a template on a smart card

Full Access
Question # 6

Bobby, an attacker, targeted a user and decided to hijack and intercept all their wireless communications. He installed a fake communication tower between two authentic endpoints to mislead the victim. Bobby used this virtual tower to interrupt the data transmission between the user and real tower, attempting to hijack an active session, upon receiving the users request. Bobby manipulated the traffic with the virtual tower and redirected the victim to a malicious website. What is the attack performed by Bobby in the above scenario?

A.

Wardriving

B.

KRACK attack

C.

jamming signal attack

D.

aLTEr attack

Full Access
Question # 7

John is investigating web-application firewall logs and observers that someone is attempting to inject the following:

char buff[10];

buff[>o] - 'a':

What type of attack is this?

A.

CSRF

B.

XSS

C.

Buffer overflow

D.

SQL injection

Full Access
Question # 8

You are working as a Security Analyst in a company XYZ that owns the whole subnet range of 23.0.0.0/8 and 192.168.0.0/8.

While monitoring the data, you find a high number of outbound connections. You see that IP’s owned by XYZ (Internal) and private IP’s are communicating to a Single Public IP. Therefore, the Internal IP’s are sending data to the Public IP.

After further analysis, you find out that this Public IP is a blacklisted IP, and the internal communicating devices are compromised.

What kind of attack does the above scenario depict?

A.

Botnet Attack

B.

Spear Phishing Attack

C.

Advanced Persistent Threats

D.

Rootkit Attack

Full Access
Question # 9

Jack, a professional hacker, targets an organization and performs vulnerability scanning on the target web server to identify any possible weaknesses, vulnerabilities, and misconfigurations. In this process, Jack uses an automated tool that eases his work and performs vulnerability scanning to find hosts, services, and other vulnerabilities in the target server. Which of the following tools is used by Jack to perform vulnerability scanning?

A.

Infoga

B.

WebCopier Pro

C.

Netsparker

D.

NCollector Studio

Full Access
Question # 10

Don, a student, came across a gaming app in a third-party app store and Installed it. Subsequently, all the legitimate apps in his smartphone were replaced by deceptive applications that appeared legitimate. He also received many advertisements on his smartphone after Installing the app. What is the attack performed on Don in the above scenario?

A.

SMS phishing attack

B.

SIM card attack

C.

Agent Smith attack

D.

Clickjacking

Full Access
Question # 11

Richard, an attacker, targets an MNC In this process, he uses a footprinting technique to gather as much information as possible. Using this technique, he gathers domain information such as the target domain name, contact details of its owner, expiry date, and creation date. With this information, he creates a map of the organization's network and misleads domain owners with social engineering to obtain internal details of its network. What type of footprinting technique is employed by Richard?

A.

VPN footprinting

B.

Email footprinting

C.

VoIP footprinting

D.

Whois footprinting

Full Access
Question # 12

What tool can crack Windows SMB passwords simply by listening to network traffic?

A.

This is not possible

B.

Netbus

C.

NTFSDOS

D.

L0phtcrack

Full Access
Question # 13

Which of the following LM hashes represent a password of less than 8 characters? (Choose two.)

A.

BA810DBA98995F1817306D272A9441BB

B.

44EFCE164AB921CQAAD3B435B51404EE

C.

0182BD0BD4444BF836077A718CCDF409

D.

CEC52EB9C8E3455DC2265B23734E0DAC

E.

B757BF5C0D87772FAAD3B435B51404EE

F.

E52CAC67419A9A224A3B108F3FA6CB6D

Full Access
Question # 14

You are a penetration tester working to test the user awareness of the employees of the client xyz. You harvested two employees' emails from some public sources and are creating a client-side backdoor to send it to the employees via email. Which stage of the cyber kill chain are you at?

A.

Reconnaissance

B.

Command and control

C.

Weaponization

D.

Exploitation

Full Access
Question # 15

Ricardo has discovered the username for an application in his targets environment. As he has a limited amount of time, he decides to attempt to use a list of common passwords he found on the Internet. He compiles them into a list and then feeds that list as an argument into his password-cracking application, what type of attack is Ricardo performing?

A.

Known plaintext

B.

Password spraying

C.

Brute force

D.

Dictionary

Full Access
Question # 16

Susan, a software developer, wants her web API to update other applications with the latest information. For this purpose, she uses a user-defined HTTP tailback or push APIs that are raised based on trigger events: when invoked, this feature supplies data to other applications so that users can instantly receive real-time Information.

Which of the following techniques is employed by Susan?

A.

web shells

B.

Webhooks

C.

REST API

D.

SOAP API

Full Access
Question # 17

Sam, a web developer, was instructed to incorporate a hybrid encryption software program into a web application to secure email messages. Sam used an encryption software, which is a free implementation of the OpenPGP standard that uses both symmetric-key cryptography and asymmetric-key cryptography for improved speed and secure key exchange. What is the encryption software employed by Sam for securing the email messages?

A.

PGP

B.

S/MIME

C.

SMTP

D.

GPG

Full Access
Question # 18

James is working as an ethical hacker at Technix Solutions. The management ordered James to discover how vulnerable its network is towards footprinting attacks. James took the help of an open-source framework for performing automated reconnaissance activities. This framework helped James in gathering information using free tools and resources. What is the framework used by James to conduct footprinting and reconnaissance activities?

A.

WebSploit Framework

B.

Browser Exploitation Framework

C.

OSINT framework

D.

SpeedPhish Framework

Full Access
Question # 19

Louis, a professional hacker, had used specialized tools or search engines to encrypt all his browsing activity and navigate anonymously to obtain sensitive/hidden information about official government or federal databases. After gathering the Information, he successfully performed an attack on the target government organization without being traced. Which of the following techniques is described in the above scenario?

A.

Dark web footprinting

B.

VoIP footpnnting

C.

VPN footprinting

D.

website footprinting

Full Access
Question # 20

You have compromised a server on a network and successfully opened a shell. You aimed to identify all operating systems running on the network. However, as you attempt to fingerprint all machines in the network using the nmap syntax below, it is not going through.

invictus@victim_server.~$ nmap -T4 -O 10.10.0.0/24 TCP/IP fingerprinting (for OS scan) xxxxxxx xxxxxx xxxxxxxxx. QUITTING!

What seems to be wrong?

A.

The nmap syntax is wrong.

B.

This is a common behavior for a corrupted nmap application.

C.

The outgoing TCP/IP fingerprinting is blocked by the host firewall.

D.

OS Scan requires root privileges.

Full Access
Question # 21

Bob is going to perform an active session hijack against Brownies Inc. He has found a target that allows session oriented connections (Telnet) and performs the sequence prediction on the target operating system. He manages to find an active session due to the high level of traffic on the network. What is Bob supposed to do next?

A.

Take over the session

B.

Reverse sequence prediction

C.

Guess the sequence numbers

D.

Take one of the parties offline

Full Access
Question # 22

Chandler works as a pen-tester in an IT-firm in New York. As a part of detecting viruses in the systems, he uses a detection method where the anti-virus executes the malicious codes on a virtual machine to simulate CPU and memory activities. Which type of virus detection method did Chandler use in this context?

A.

Heuristic Analysis

B.

Code Emulation

C.

Scanning

D.

Integrity checking

Full Access
Question # 23

While using your bank’s online servicing you notice the following string in the URL bar:

“http: // www. MyPersonalBank. com/ account?id=368940911028389 &Damount=10980&Camount=21”

You observe that if you modify the Damount & Camount values and submit the request, that data on the web page reflects the changes.

Which type of vulnerability is present on this site?

A.

Cookie Tampering

B.

SQL Injection

C.

Web Parameter Tampering

D.

XSS Reflection

Full Access
Question # 24

The network team has well-established procedures to follow for creating new rules on the firewall. This includes having approval from a manager prior to implementing any new rules. While reviewing the firewall configuration, you notice a recently implemented rule but cannot locate manager approval for it. What would be a good step to have in the procedures for a situation like this?

A.

Have the network team document the reason why the rule was implemented without prior manager approval.

B.

Monitor all traffic using the firewall rule until a manager can approve it.

C.

Do not roll back the firewall rule as the business may be relying upon it, but try to get manager approval as soon as possible.

D.

Immediately roll back the firewall rule until a manager can approve it

Full Access
Question # 25

in this attack, an adversary tricks a victim into reinstalling an already-in-use key. This is achieved by manipulating and replaying cryptographic handshake messages. When the victim reinstall the key, associated parameters such as the incremental transmit packet number and receive packet number are reset to their initial values. What is this attack called?

A.

Chop chop attack

B.

KRACK

C.

Evil twin

D.

Wardriving

Full Access
Question # 26

Which Intrusion Detection System is the best applicable for large environments where critical assets on the network need extra scrutiny and is ideal for observing sensitive network segments?

A.

Honeypots

B.

Firewalls

C.

Network-based intrusion detection system (NIDS)

D.

Host-based intrusion detection system (HIDS)

Full Access
Question # 27

Clark, a professional hacker, was hired by an organization lo gather sensitive Information about its competitors surreptitiously. Clark gathers the server IP address of the target organization using Whole footprinting. Further, he entered the server IP address as an input to an online tool to retrieve information such as the network range of the target organization and to identify the network topology and operating system used in the network. What is the online tool employed by Clark in the above scenario?

A.

AOL

B.

ARIN

C.

DuckDuckGo

D.

Baidu

Full Access
Question # 28

What port number is used by LDAP protocol?

A.

110

B.

389

C.

464

D.

445

Full Access
Question # 29

What is not a PCI compliance recommendation?

A.

Use a firewall between the public network and the payment card data.

B.

Use encryption to protect all transmission of card holder data over any public network.

C.

Rotate employees handling credit card transactions on a yearly basis to different departments.

D.

Limit access to card holder data to as few individuals as possible.

Full Access
Question # 30

Which of the following is a passive wireless packet analyzer that works on Linux-based systems?

A.

Burp Suite

B.

OpenVAS

C.

tshark

D.

Kismet

Full Access
Question # 31

Allen, a professional pen tester, was hired by xpertTech solutWns to perform an attack simulation on the organization's network resources. To perform the attack, he took advantage of the NetBIOS API and targeted the NetBIOS service. B/enumerating NetBIOS, he found that port 139 was open and could see the resources that could be accessed or viewed on a remote system. He came across many NetBIOS codes during enumeration.

identify the NetBIOS code used for obtaining the messenger service running for the logged-in user?

Full Access
Question # 32

What type of analysis is performed when an attacker has partial knowledge of inner-workings of the application?

A.

Black-box

B.

Announced

C.

White-box

D.

Grey-box

Full Access
Question # 33

“........is an attack type for a rogue Wi-Fi access point that appears to be a legitimate one offered on the premises, but actually has been set up to eavesdrop on wireless communications. It is the wireless version of the phishing scam. An attacker fools wireless users into connecting a laptop or mobile phone to a tainted hot-spot by posing as a legitimate provider. This type of attack may be used to steal the passwords of

unsuspecting users by either snooping the communication link or by phishing, which involves setting up a fraudulent web site and luring people there.”

Fill in the blank with appropriate choice.

A.

Evil Twin Attack

B.

Sinkhole Attack

C.

Collision Attack

D.

Signal Jamming Attack

Full Access
Question # 34

Jake, a professional hacker, installed spyware on a target iPhone to spy on the target user's activities. He can take complete control of the target mobile device by jailbreaking the device remotely and record audio, capture screenshots, and monitor all phone calls and SMS messages. What is the type of spyware that Jake used to infect the target device?

A.

DroidSheep

B.

Androrat

C.

Zscaler

D.

Trident

Full Access
Question # 35

Which Nmap option would you use if you were not concerned about being detected and wanted to perform a very fast scan?

A.

-T5

B.

-O

C.

-T0

D.

-A

Full Access
Question # 36

Attacker Simon targeted the communication network of an organization and disabled the security controls of NetNTLMvl by modifying the values of LMCompatibilityLevel, NTLMMinClientSec, and RestrictSendingNTLMTraffic. He then extracted all the non-network logon tokens from all the active processes to masquerade as a legitimate user to launch further attacks. What is the type of attack performed by Simon?

A.

Internal monologue attack

B.

Combinator attack

C.

Rainbow table attack

D.

Dictionary attack

Full Access
Question # 37

An attacker with access to the inside network of a small company launches a successful STP manipulation attack. What will he do next?

A.

He will create a SPAN entry on the spoofed root bridge and redirect traffic to his computer.

B.

He will activate OSPF on the spoofed root bridge.

C.

He will repeat this action so that it escalates to a DoS attack.

D.

He will repeat the same attack against all L2 switches of the network.

Full Access
Question # 38

An attacker runs netcat tool to transfer a secret file between two hosts.

He is worried about information being sniffed on the network.

How would the attacker use netcat to encrypt the information before transmitting onto the wire?

A.

Machine A: netcat -l -p -s password 1234 < testfileMachine B: netcat 1234

B.

Machine A: netcat -l -e magickey -p 1234 < testfileMachine B: netcat 1234

C.

Machine A: netcat -l -p 1234 < testfile -pw passwordMachine B: netcat 1234 -pw password

D.

Use cryptcat instead of netcat

Full Access
Question # 39

To create a botnet. the attacker can use several techniques to scan vulnerable machines. The attacker first collects Information about a large number of vulnerable machines to create a list. Subsequently, they infect the machines. The list Is divided by assigning half of the list to the newly compromised machines. The scanning process runs simultaneously. This technique ensures the spreading and installation of malicious code in little time.

Which technique is discussed here?

A.

Hit-list-scanning technique

B.

Topological scanning technique

C.

Subnet scanning technique

D.

Permutation scanning technique

Full Access
Question # 40

You just set up a security system in your network. In what kind of system would you find the following string of characters used as a rule within its configuration? alert tcp any any -> 192.168.100.0/24 21 (msg: ““FTP on the network!””;)

A.

A firewall IPTable

B.

FTP Server rule

C.

A Router IPTable

D.

An Intrusion Detection System

Full Access
Question # 41

ViruXine.W32 virus hides their presence by changing the underlying executable code.

This Virus code mutates while keeping the original algorithm intact, the code changes itself each time it runs, but the function of the code (its semantics) will not change at all.

Here is a section of the Virus code:

What is this technique called?

A.

Polymorphic Virus

B.

Metamorphic Virus

C.

Dravidic Virus

D.

Stealth Virus

Full Access
Question # 42

An attacker scans a host with the below command. Which three flags are set?

# nmap -sX host.domain.com

A.

This is SYN scan. SYN flag is set.

B.

This is Xmas scan. URG, PUSH and FIN are set.

C.

This is ACK scan. ACK flag is set.

D.

This is Xmas scan. SYN and ACK flags are set.

Full Access
Question # 43

The tools which receive event logs from servers, network equipment, and applications, and perform analysis and correlation on those logs, and can generate alarms for security relevant issues, are known as what?

A.

network Sniffer

B.

Vulnerability Scanner

C.

Intrusion prevention Server

D.

Security incident and event Monitoring

Full Access
Question # 44

During the process of encryption and decryption, what keys are shared?

A.

Private keys

B.

User passwords

C.

Public keys

D.

Public and private keys

Full Access
Question # 45

Under what conditions does a secondary name server request a zone transfer from a primary name server?

A.

When a primary SOA is higher that a secondary SOA

B.

When a secondary SOA is higher that a primary SOA

C.

When a primary name server has had its service restarted

D.

When a secondary name server has had its service restarted

E.

When the TTL falls to zero

Full Access
Question # 46

Samuel, a professional hacker, monitored and Intercepted already established traffic between Bob and a host machine to predict Bob's ISN. Using this ISN, Samuel sent spoofed packets with Bob's IP address to the host machine. The host machine responded with <| packet having an Incremented ISN. Consequently. Bob's connection got hung, and Samuel was able to communicate with the host machine on behalf of Bob. What is the type of attack performed by Samuel in the above scenario?

A.

UDP hijacking

B.

Blind hijacking

C.

TCP/IP hacking

D.

Forbidden attack

Full Access
Question # 47

An attacker can employ many methods to perform social engineering against unsuspecting employees, including scareware.

What is the best example of a scareware attack?

A.

A pop-up appears to a user stating, "You have won a free cruise! Click here to claim your prize!"

B.

A banner appears to a user stating, "Your account has been locked. Click here to reset your password and unlock your account."

C.

A banner appears to a user stating, "Your Amazon order has been delayed. Click here to find out your new delivery date."

D.

A pop-up appears to a user stating, "Your computer may have been infected with spyware. Click here to install an anti-spyware tool to resolve this issue."

Full Access
Question # 48

A new wireless client is configured to join a 802.11 network. This client uses the same hardware and software as many of the other clients on the network. The client can see the network, but cannot connect. A wireless packet sniffer shows that the Wireless Access Point (WAP) is not responding to the association requests being sent by the wireless client. What is a possible source of this problem?

A.

The WAP does not recognize the client’s MAC address

B.

The client cannot see the SSID of the wireless network

C.

Client is configured for the wrong channel

D.

The wireless client is not configured to use DHCP

Full Access
Question # 49

Which tool can be used to silently copy files from USB devices?

A.

USB Grabber

B.

USB Snoopy

C.

USB Sniffer

D.

Use Dumper

Full Access
Question # 50

Which Metasploit Framework tool can help penetration tester for evading Anti-virus Systems?

A.

msfpayload

B.

msfcli

C.

msfd

D.

msfencode

Full Access
Question # 51

Given below are different steps involved in the vulnerability-management life cycle.

1) Remediation

2) Identify assets and create a baseline

3) Verification

4) Monitor

5) Vulnerability scan

6) Risk assessment

Identify the correct sequence of steps involved in vulnerability management.

A.

2-->5-->6-->1-->3-->4

B.

2-->1-->5-->6-->4-->3

C.

2-->4-->5-->3-->6--> 1

D.

1-->2-->3-->4-->5-->6

Full Access
Question # 52

Which of the following incident handling process phases is responsible for defining rules, collaborating human workforce, creating a back-up plan, and testing the plans for an organization?

A.

Preparation phase

B.

Containment phase

C.

Identification phase

D.

Recovery phase

Full Access
Question # 53

Identify the UDP port that Network Time Protocol (NTP) uses as its primary means of communication?

A.

113

B.

69

C.

123

D.

161

Full Access
Question # 54

A newly joined employee. Janet, has been allocated an existing system used by a previous employee. Before issuing the system to Janet, it was assessed by Martin, the administrator. Martin found that there were possibilities of compromise through user directories, registries, and other system parameters. He also Identified vulnerabilities such as native configuration tables, incorrect registry or file permissions, and software configuration errors. What is the type of vulnerability assessment performed by Martin?

A.

Credentialed assessment

B.

Database assessment

C.

Host-based assessment

D.

Distributed assessment

Full Access
Question # 55

In order to tailor your tests during a web-application scan, you decide to determine which web-server version is hosting the application. On using the sV flag with Nmap. you obtain the following response:

80/tcp open http-proxy Apache Server 7.1.6

what Information-gathering technique does this best describe?

A.

WhOiS lookup

B.

Banner grabbing

C.

Dictionary attack

D.

Brute forcing

Full Access
Question # 56

MX record priority increases as the number increases. (True/False.)

A.

True

B.

False

Full Access
Question # 57

Lewis, a professional hacker, targeted the loT cameras and devices used by a target venture-capital firm. He used an information-gathering tool to collect information about the loT devices connected to a network, open ports and services, and the attack surface area. Using this tool, he also generated statistical reports on broad usage patterns and trends. This tool helped Lewis continually monitor every reachable server and device on the Internet, further allowing him to exploit these devices in the network. Which of the following tools was employed by Lewis in the above scenario?

A.

Censys

B.

Wapiti

C.

NeuVector

D.

Lacework

Full Access
Question # 58

Clark is a professional hacker. He created and configured multiple domains pointing to the same host to switch quickly between the domains and avoid detection.

Identify the behavior of the adversary In the above scenario.

A.

use of command-line interface

B.

Data staging

C.

Unspecified proxy activities

D.

Use of DNS tunneling

Full Access
Question # 59

You want to do an ICMP scan on a remote computer using hping2. What is the proper syntax?

A.

hping2 host.domain.com

B.

hping2 --set-ICMP host.domain.com

C.

hping2 -i host.domain.com

D.

hping2 -1 host.domain.com

Full Access
Question # 60

An LDAP directory can be used to store information similar to a SQL database. LDAP uses a _____ database structure instead of SQL’s _____ structure. Because of this, LDAP has difficulty representing many-to-one relationships.

A.

Relational, Hierarchical

B.

Strict, Abstract

C.

Hierarchical, Relational

D.

Simple, Complex

Full Access
Question # 61

Which of the following statements about a zone transfer is correct? (Choose three.)

A.

A zone transfer is accomplished with the DNS

B.

A zone transfer is accomplished with the nslookup service

C.

A zone transfer passes all zone information that a DNS server maintains

D.

A zone transfer passes all zone information that a nslookup server maintains

E.

A zone transfer can be prevented by blocking all inbound TCP port 53 connections

F.

Zone transfers cannot occur on the Internet

Full Access
Question # 62

While scanning with Nmap, Patin found several hosts which have the IP ID of incremental sequences. He then decided to conduct: nmap -Pn -p- -si kiosk.adobe.com www.riaa.com. kiosk.adobe.com is the host with incremental IP ID sequence. What is the purpose of using "-si" with Nmap?

A.

Conduct stealth scan

B.

Conduct ICMP scan

C.

Conduct IDLE scan

D.

Conduct silent scan

Full Access
Question # 63

Which of the following tactics uses malicious code to redirect users' web traffic?

A.

Spimming

B.

Pharming

C.

Phishing

D.

Spear-phishing

Full Access
Question # 64

You have retrieved the raw hash values from a Windows 2000 Domain Controller. Using social engineering, you come to know that they are enforcing strong passwords. You understand that all users are required to use passwords that are at least 8 characters in length. All passwords must also use 3 of the 4 following categories: lower case letters, capital letters, numbers and special characters. With your existing knowledge of users, likely user account names and the possibility that they will choose the easiest passwords possible, what would be the fastest type of password cracking attack you can run against these hash values and still get results?

A.

Online Attack

B.

Dictionary Attack

C.

Brute Force Attack

D.

Hybrid Attack

Full Access
Question # 65

This is an attack that takes advantage of a web site vulnerability in which the site displays content that includes un-sanitized user-provided data.

What is this attack?

A.

Cross-site-scripting attack

B.

SQL Injection

C.

URL Traversal attack

D.

Buffer Overflow attack

Full Access
Question # 66

Fingerprinting an Operating System helps a cracker because:

A.

It defines exactly what software you have installed

B.

It opens a security-delayed window based on the port being scanned

C.

It doesn't depend on the patches that have been applied to fix existing security holes

D.

It informs the cracker of which vulnerabilities he may be able to exploit on your system

Full Access
Question # 67

Session splicing is an IDS evasion technique in which an attacker delivers data in multiple, small sized packets to the target computer, making it very difficult for an IDS to detect the attack signatures. Which tool can be used to perform session splicing attacks?

A.

tcpsplice

B.

Burp

C.

Hydra

D.

Whisker

Full Access
Question # 68

Which of the following tools can be used to perform a zone transfer?

A.

NSLookup

B.

Finger

C.

Dig

D.

Sam Spade

E.

Host

F.

Netcat

G.

Neotrace

Full Access
Question # 69

In this attack, a victim receives an e-mail claiming from PayPal stating that their account has been disabled and confirmation is required before activation. The attackers then scam to collect not one but two credit card numbers, ATM PIN number and other personal details. Ignorant users usually fall prey to this scam.

Which of the following statement is incorrect related to this attack?

A.

Do not reply to email messages or popup ads asking for personal or financial information

B.

Do not trust telephone numbers in e-mails or popup ads

C.

Review credit card and bank account statements regularly

D.

Antivirus, anti-spyware, and firewall software can very easily detect these type of attacks

E.

Do not send credit card numbers, and personal or financial information via e-mail

Full Access
Question # 70

_________ is a type of phishing that targets high-profile executives such as CEOs, CFOs, politicians, and celebrities who have access to confidential and highly valuable information.

A.

Spear phishing

B.

Whaling

C.

Vishing

D.

Phishing

Full Access
Question # 71

You work for Acme Corporation as Sales Manager. The company has tight network security restrictions. You are trying to steal data from the company's Sales database (Sales.xls) and transfer them to your home computer. Your company filters and monitors traffic that leaves from the internal network to the Internet. How will you achieve this without raising suspicion?

A.

Encrypt the Sales.xls using PGP and e-mail it to your personal gmail account

B.

Package the Sales.xls using Trojan wrappers and telnet them back your home computer

C.

You can conceal the Sales.xls database in another file like photo.jpg or other files and send it out in an innocent looking email or file transfer using Steganography techniques

D.

Change the extension of Sales.xls to sales.txt and upload them as attachment to your hotmail account

Full Access
Question # 72

To determine if a software program properly handles a wide range of invalid input, a form of automated testing can be used to randomly generate invalid input in an attempt to crash the program.

What term is commonly used when referring to this type of testing?

A.

Randomizing

B.

Bounding

C.

Mutating

D.

Fuzzing

Full Access
Question # 73

Which of the following tools is used to detect wireless LANs using the 802.11a/b/g/n WLAN standards on a linux platform?

A.

Kismet

B.

Abel

C.

Netstumbler

D.

Nessus

Full Access
Question # 74

Sam is a penetration tester hired by Inception Tech, a security organization. He was asked to perform port scanning on a target host in the network. While performing the given task, Sam sends FIN/ACK probes and determines that an RST packet is sent in response by the target host, indicating that the port is closed.

What is the port scanning technique used by Sam to discover open ports?

A.

Xmas scan

B.

IDLE/IPID header scan

C.

TCP Maimon scan

D.

ACK flag probe scan

Full Access
Question # 75

in the Common Vulnerability Scoring System (CVSS) v3.1 severity ratings, what range does medium vulnerability fall in?

A.

3.0-6.9

B.

40-6.0

C.

4.0-6.9

D.

3.9-6.9

Full Access
Question # 76

To reach a bank web site, the traffic from workstations must pass through a firewall. You have been asked to review the firewall configuration to ensure that workstations in network 10.10.10.0/24 can only reach the bank web site 10.20.20.1 using https. Which of the following firewall rules meets this requirement?

A.

If (source matches 10.10.10.0/24 and destination matches 10.20.20.1 and port matches 443) then permit

B.

If (source matches 10.10.10.0/24 and destination matches 10.20.20.1 and port matches 80 or 443) then permit

C.

If (source matches 10.20.20.1 and destination matches 10.10.10.0/24 and port matches 443) then permit

D.

If (source matches 10.10.10.0 and destination matches 10.20.20.1 and port matches 443) then permit

Full Access
Question # 77

Which of the following are well known password-cracking programs?

A.

L0phtcrack

B.

NetCat

C.

Jack the Ripper

D.

Netbus

E.

John the Ripper

Full Access
Question # 78

Which of the following programming languages is most susceptible to buffer overflow attacks, due to its lack of a built-in bounds checking mechanism?

Code:

#include int main(){char buffer[8];

strcpy(buffer, ““11111111111111111111111111111””);} Output: Segmentation fault

A.

C#

B.

Python

C.

Java

D.

C++

Full Access
Question # 79

John, a professional hacker, targeted CyberSol Inc., an MNC. He decided to discover the loT devices connected in the target network that are using default credentials and are vulnerable to various hijacking attacks. For this purpose, he used an automated tool to scan the target network for specific types of loT devices and detect whether they are using the default, factory-set credentials. What is the tool employed by John in the above scenario?

A.

loTSeeker

B.

loT Inspector

C.

AT&T loT Platform

D.

Azure loT Central

Full Access