Hustle 4 Flashcards by Sid Omar

There are multiple cloud deployment options depending on how isolated a customer’s resources are from those of other customers. Shared environments share the costs and allow each customer to enjoy lower
operations expenses. One solution Is for a customer to Join with a group of users or organizations to share a cloud environment. What is this cloud deployment option called?
A. Hybrid
B. Community
C. Public
D. Private

B. Community

How well did you know this?

Not at all

Perfectly

Bob was recently hired by a medical company after it experienced a major cyber security breach.
Many patients are complaining that their personal medical records are fully exposed on the Internet and someone can find them with a simple Google search. Bob’s boss is very worried because of regulations that
protect those dat a. Which of the following regulations is mostly violated?
A. HIPPA/PHl
B. Pll
C. PCIDSS
D. ISO 2002

A. HIPPA/PHl

How well did you know this?

Not at all

Perfectly

What is the common name for a vulnerability disclosure program opened by companies In platforms such as HackerOne?
A. Vulnerability hunting program
B. Bug bounty program
C. White-hat hacking program
D. Ethical hacking program

B. Bug bounty program

How well did you know this?

Not at all

Perfectly

Which file is a rich target to discover the structure of a website during web-server footprinting?
A. Document root
B. Robots.txt
C. domain.txt
D. index.html

B. Robots.txt

How well did you know this?

Not at all

Perfectly

John wants to send Marie an email that includes sensitive information, and he does not trust the network that he is connected to. Marie gives him the idea of using PGP. What should John do to communicate
correctly using this type of encryption?
A. Use his own public key to encrypt the message.
B. Use Marie’s public key to encrypt the message.
C. Use his own private key to encrypt the message.
D. Use Marie’s private key to encrypt the message.

B. Use Marie’s public key to encrypt the message.

How well did you know this?

Not at all

Perfectly

Attacker Steve targeted an organization’s network with the aim of redirecting the company’s web traffic to another malicious website. To achieve this goal, Steve performed DNS cache poisoning by exploiting the
vulnerabilities In the DNS server software and modified the original IP address of the target website to that of a fake website. What is the technique employed by Steve to gather information for identity theft?
A. Pretexting
B. Pharming
C. Wardriving
D. Skimming

B. Pharming

How well did you know this?

Not at all

Perfectly

Wilson, a professional hacker, targets an organization for financial benefit and plans to compromise its systems by sending malicious emails. For this purpose, he uses a tool to track the emails of the target and
extracts information such as sender identities, mall servers, sender IP addresses, and sender locations from different public sources. He also checks if an email address was leaked using the haveibeenpwned.com API.
Which of the following tools is used by Wilson in the above scenario?
A. Factiva
B. Netcraft
C. infoga
D. Zoominfo

C. infoga

How well did you know this?

Not at all

Perfectly

While testing a web application in development, you notice that the web server does not properly ignore the “dot dot slash” (../) character string and instead returns the file listing of a folder structure of the server.
What kind of attack is possible in this scenario?
A. Cross-site scripting
B. Denial of service
C. SQL injection
D. Directory traversal

D. Directory traversal

How well did you know this?

Not at all

Perfectly

Henry Is a cyber security specialist hired by BlackEye - Cyber security solutions. He was tasked with discovering the operating system (OS) of a host. He used the Unkornscan tool to discover the OS of the target
system. As a result, he obtained a TTL value, which Indicates that the target system is running a Windows OS. Identify the TTL value Henry obtained, which indicates that the target OS is Windows.
A. 64
B. 128
C. 255
D. 138

B. 128

How well did you know this?

Not at all

Perfectly

Ethical backer jane Doe is attempting to crack the password of the head of the it department of PLUS company. She Is utilizing a rainbow table and notices upon entering a password that extra characters are added to
the password after submitting. What countermeasure is the company using to protect against rainbow tables?
A. Password key hashing
B. Password salting
C. Password hashing
D. Account lockout

B. Password salting

How well did you know this?

Not at all

Perfectly

which of the following protocols can be used to secure an LDAP service against anonymous queries?
A. SSO
B. RADIUS
C. WPA
D. NTLM

D. NTLM

How well did you know this?

Not at all

Perfectly

Allen, a professional pen tester, was hired by xpertTech solutWns to perform an attack simulation on the organization’s network resources. To perform the attack, he took advantage of the NetBIOS API and targeted
the NetBIOS service. B/ enumerating NetBIOS, he found that port 139 was open and could see the resources that could be accessed or viewed on a remote system. He came across many NetBIOS codes during
enumeration. identify the NetBIOS code used for obtaining the messenger service running for the logged-in user?
A. <1B>
B. <00>
C. <03>
D. <20>

C. <03>

How well did you know this?

Not at all

Perfectly

what firewall evasion scanning technique make use of a zombie system that has low network activity as well as its fragment identification numbers?
A. Decoy scanning
B. Packet fragmentation scanning
C. Spoof source address scanning
D. Idle scanning

D. Idle scanning

How well did you know this?

Not at all

Perfectly

What is the first step for a hacker conducting a DNS cache poisoning (DNS spoofing) attack against an organization?
A. The attacker queries a nameserver using the DNS resolver.
B. The attacker makes a request to the DNS resolver.
C. The attacker forges a reply from the DNS resolver.
D. The attacker uses TCP to poison the ONS resofver.

B. The attacker makes a request to the DNS resolver.

How well did you know this?

Not at all

Perfectly

in an attempt to increase the security of your network, you Implement a solution that will help keep your wireless network undiscoverable and accessible only to those that know It. How do you accomplish this?
A. Delete the wireless network
B. Remove all passwords
C. Lock all users
D. Disable SSID broadcasting

D. Disable SSID broadcasting

How well did you know this?

Not at all

Perfectly

what is the port to block first in case you are suspicious that an loT device has been compromised?
A. 22
B. 443
C. 48101
D. 80

C. 48101

How well did you know this?

Not at all

Perfectly

Robin, an attacker, is attempting to bypass the firewalls of an organization through the DNS tunneling method in order to exfiltrate dat a. He is using the NSTX tool for bypassing the firewalls. On which of the
following ports should Robin run the NSTX tool?
A. Port 53
B. Port 23
C. Port 50
D. Port 80

A. Port 53

How well did you know this?

Not at all

Perfectly

Morris, a professional hacker, performed a vulnerability scan on a target organization by sniffing the traffic on the network lo identify the active systems, network services, applications, and vulnerabilities. He also
obtained the list of the users who are currently accessing the network. What is the type of vulnerability assessment that Morris performed on the target organization?
A. internal assessment
B. Passive assessment
C. External assessment
D. Credentialed assessment

B. Passive assessment

How well did you know this?

Not at all

Perfectly

Bob, an attacker, has managed to access a target loT device. He employed an online tool to gather information related to the model of the loT device and the certifications granted to it. Which of the following tools
did Bob employ to gather the above Information?
A. search.com
B. EarthExplorer
C. Google image search
D. FCC ID search

D. FCC ID search

How well did you know this?

Not at all

Perfectly

Larry, a security professional in an organization, has noticed some abnormalities In the user accounts on a web server. To thwart evolving attacks, he decided to harden the security of the web server by adopting a
countermeasures to secure the accounts on the web server.
Which of the following countermeasures must Larry implement to secure the user accounts on the web server?
A. Enable unused default user accounts created during the installation of an OS
B. Enable all non-interactive accounts that should exist but do not require interactive login
C. Limit the administrator or toot-level access to the minimum number of users
D. Retain all unused modules and application extensions

C. Limit the administrator or toot-level access to the minimum number of users

How well did you know this?

Not at all

Perfectly

Bella, a security professional working at an it firm, finds that a security breach has occurred while transferring important files. Sensitive data, employee usernames. and passwords are shared In plaintext, paving the
way for hackers 10 perform successful session hijacking. To address this situation. Bella Implemented a protocol that sends data using encryption and digital certificates.
Which of the following protocols Is used by Bella?
A. FTP
B. HTTPS
C. FTPS
D. IP

C. FTPS

How well did you know this?

Not at all

Perfectly

Abel, a cloud architect, uses container technology to deploy applications/software including all its dependencies, such as libraries and configuration files, binaries, and other resources that run independently from
other processes in the cloud environment. For the containerization of applications, he follows the five-tier container technology architecture. Currently. Abel is verifying and validating image contents, signing images,
and sending them to the registries. Which of the following tiers of the container technology architecture Is Abel currently working in?
A. Tier-1: Developer machines
B. Tier-4: Orchestrators
C. Tier-3: Registries
D. Tier-2: Testing and accreditation systems

D. Tier-2: Testing and accreditation systems

How well did you know this?

Not at all

Perfectly

which of the following Bluetooth hacking techniques refers to the theft of information from a wireless device through Bluetooth?
A. Bluesmacking
B. Bluebugging
C. Bluejacking
D. Bluesnarfing

D. Bluesnarfing

How well did you know this?

Not at all

Perfectly

if you send a TCP ACK segment to a known closed port on a firewall but it does not respond with an RST. what do you know about the firewall you are scanning?
A. There is no firewall in place.
B. This event does not tell you encrypting about the firewall.
C. It is a stateful firewall
D. It Is a non-stateful firewall.

C. It is a stateful firewall

How well did you know this?

Not at all

Perfectly

Samuel, a professional hacker, monitored and Intercepted already established traffic between Bob and a host machine to predict Bob's ISN. Using this ISN, Samuel sent spoofed packets with Bob's IP address to the host machine. The host machine responded with <| packet having an Incremented ISN. Consequently. Bob's connection got hung, and Samuel was able to communicate with the host machine on behalf of Bob. What is the type of attack performed by Samuel in the above scenario? A. UDP hijacking B. Blind hijacking C. TCP/IP hacking D. Forbidden attack

C. TCP/IP hacking

Dorian Is sending a digitally signed email to Polly, with which key is Dorian signing this message and how is Poly validating It? A. Dorian is signing the message with his public key. and Poly will verify that the message came from Dorian by using Dorian's private key. B. Dorian Is signing the message with Polys public key. and Poly will verify that the message came from Dorian by using Dorian's public key. C. Dorian is signing the message with his private key. and Poly will verify that the message came from Dorian by using Dorian's public key. D. Dorian is signing the message with Polys private key. and Poly will verify mat the message came from Dorian by using Dorian's public key.

C. Dorian is signing the message with his private key. and Poly will verify that the message came from Dorian by using Dorian's public key.

Louis, a professional hacker, had used specialized tools or search engines to encrypt all his browsing activity and navigate anonymously to obtain sensitive/hidden information about official government or federal databases. After gathering the Information, he successfully performed an attack on the target government organization without being traced. Which of the following techniques is described in the above scenario? A. Dark web footprinting B. VoIP footpnnting C. VPN footprinting D. website footprinting

A. Dark web footprinting

An organization has automated the operation of critical infrastructure from a remote location. For this purpose, all the industrial control systems are connected to the Internet. To empower the manufacturing process, ensure the reliability of industrial networks, and reduce downtime and service disruption, the organization deckled to install an OT security tool that further protects against security incidents such as cyber espionage, zero-day attacks, and malware. Which of the following tools must the organization employ to protect its critical infrastructure? A. Robotium B. BalenaCloud C. Flowmon D. IntentFuzzer

C. Flowmon

By performing a penetration test, you gained access under a user account. During the test, you established a connection with your own machine via the SMB service and occasionally entered your login and password in plaintext. Which file do you have to clean to clear the password? A. .X session-log B. .bashrc C. .profile D. .bash_history

D. .bash_history

Don, a student, came across a gaming app in a third-party app store and Installed it. Subsequently, all the legitimate apps in his smartphone were replaced by deceptive applications that appeared legitimate. He also received many advertisements on his smartphone after Installing the app. What is the attack performed on Don in the above scenario? A. SMS phishing attack B. SIM card attack C. Agent Smith attack D. Clickjacking

C. Agent Smith attack

You start performing a penetration test against a specific website and have decided to start from grabbing all the links from the main page. What Is the best Linux pipe to achieve your milestone? A. dirb https://site.com | grep "site" B. curl -s https://sile.com | grep ''< a href-\'http" | grep "Site-com- | cut -d "V" -f 2 C. wget https://stte.com | grep "< a href=\*http" | grep "site.com" D. wgethttps://site.com | cut-d"http-

C. wget https://stte.com | grep "< a href=\*http" | grep "site.com"

in this form of encryption algorithm, every Individual block contains 64-bit data, and three keys are used, where each key consists of 56 bits. Which is this encryption algorithm? A. IDEA B. Triple Data Encryption standard C. MDS encryption algorithm D. AES

B. Triple Data Encryption standard

Richard, an attacker, targets an MNC. in this process, he uses a footprinting technique to gather as much information as possible. Using this technique, he gathers domain information such as the target domain name, contact details of its owner, expiry date, and creation date. With this information, he creates a map of the organization's network and misleads domain owners with social engineering to obtain internal details of its network. What type of footprinting technique is employed by Richard? A. VoIP footprinting B. VPN footprinting C. Whois footprinting D. Email footprinting

C. Whois footprinting

John, a professional hacker, performs a network attack on a renowned organization and gains unauthorized access to the target network. He remains in the network without being detected for a long time and obtains sensitive information without sabotaging the organization. Which of the following attack techniques is used by John? A. Advanced persistent theft B. threat Diversion theft C. Spear-phishing sites D. insider threat

A. Advanced persistent theft

To create a botnet. the attacker can use several techniques to scan vulnerable machines. The attacker first collects Information about a large number of vulnerable machines to create a list. Subsequently, they infect the machines. The list Is divided by assigning half of the list to the newly compromised machines. The scanning process runs simultaneously. This technique ensures the spreading and installation of malicious code in little time. Which technique is discussed here? A. Hit-list-scanning technique B. Topological scanning technique C. Subnet scanning technique D. Permutation scanning technique

A. Hit-list-scanning technique

You have been authorized to perform a penetration test against a website. You want to use Google dorks to footprint the site but only want results that show file extensions. What Google dork operator would you use? A. filetype B. ext C. inurl D. site

A. filetype

Judy created a forum, one day. she discovers that a user is posting strange images without writing comments. She immediately calls a security expert, who discovers that the following code is hidden behind those images: What issue occurred for the users who clicked on the image? A. The code inject a new cookie to the browser. B. The code redirects the user to another site. C. The code is a virus that is attempting to gather the users username and password. D. This php file silently executes the code and grabs the users session cookie and session ID.

D. This php file silently executes the code and grabs the users session cookie and session ID.

in this attack, an adversary tricks a victim into reinstalling an already-in-use key. This is achieved by manipulating and replaying cryptographic handshake messages. When the victim reinstall the key, associated parameters such as the incremental transmit packet number and receive packet number are reset to their initial values. What is this attack called? A. Chop chop attack B. KRACK C. Evil twin D. Wardriving

B. KRACK

John, a professional hacker, decided to use DNS to perform data exfiltration on a target network, in this process, he embedded malicious data into the DNS protocol packets that even DNSSEC cannot detect. Using this technique. John successfully injected malware to bypass a firewall and maintained communication with the victim machine and C&C server. What is the technique employed by John to bypass the firewall? A. DNS cache snooping B. DNSSEC zone walking C. DNS tunneling method D. DNS enumeration

C. DNS tunneling method

John is investigating web-application firewall logs and observers that someone is attempting to inject the following: char buff[10]; buff[>o] - 'a': What type of attack is this? A. CSRF B. XSS C. Buffer overflow D. SQL injection

C. Buffer overflow

A post-breach forensic investigation revealed that a known vulnerability in Apache Struts was to blame for the Equifax data breach that affected 143 million customers. A fix was available from the software vendor for several months prior 10 the Intrusion. This Is likely a failure in which of the following security processes? A. vendor risk management B. Security awareness training C. Secure deployment lifecycle D. Patch management

D. Patch management

After an audit, the auditors Inform you that there is a critical finding that you must tackle Immediately. You read the audit report, and the problem is the service running on port 389. Which service Is this and how can you tackle the problem? A. The service is LDAP. and you must change it to 636. which is LDPAPS. B. The service is NTP. and you have to change It from UDP to TCP in order to encrypt it C. The findings do not require immediate actions and are only suggestions. D. The service is SMTP, and you must change it to SMIME. which is an encrypted way to send emails.

A. The service is LDAP. and you must change it to 636. which is LDPAPS.

Kevin, a professional hacker, wants to penetrate CyberTech Inc.'s network. He employed a technique, using which he encoded packets with Unicode characters. The company's IDS cannot recognize the packet, but the target web server can decode them. What is the technique used by Kevin to evade the IDS system? A. Desynchronization B. Obfuscating C. Session splicing D. Urgency flag

B. Obfuscating

Heather's company has decided to use a new customer relationship management tool. After performing the appropriate research, they decided to purchase a subscription to a cloud-hosted solution. The only administrative task that Heather will need to perform is the management of user accounts. The provider will take care of the hardware, operating system, and software administration including patching and monitoring. Which of the following is this type of solution? A. SaaS B. IaaS C. CaaS D. PasS

A. SaaS

A DDOS attack is performed at layer 7 to take down web infrastructure. Partial HTTP requests aresent to the web infrastructure or applications. Upon receiving a partial request, the target serversopens multiple connections and keeps waiting for the requests to complete. Which attack is being described here? A. Desynchronization B. Slowloris attack C. Session splicing D. Phlashing

B. Slowloris attack

Which iOS jailbreaking technique patches the kernel during the device boot so that it becomes jailbroken after each successive reboot? A. Tethered jailbreaking B. Semi-tethered jailbreaking C. Untethered jailbreaking D. Semi-Untethered jailbreaking

C. Untethered jailbreaking

The network users are complaining because their system are slowing down. Further, every time they attempt to go a website, they receive a series of pop-ups with advertisements. What types of malware have the system been infected with? A. Virus B. Spyware C. Trojan D. Adware

D. Adware

You are a penetration tester and are about to perform a scan on a specific server. The agreement that you signed with the client contains the following specific condition for the scan: "The attacker must scan every port on the server several times using a set of spoofed sources IP addresses. " Suppose that you are using Nmap to perform this scan. What flag will you use to satisfy this requirement? A. The -A flag B. The -g flag C. The -f flag D. The -D flag

D. The -D flag

A penetration tester is performing the footprinting process and is reviewing publicly available information about an organization by using the Google search engine. Which of the following advanced operators would allow the pen tester to restrict the search to the organization's web domain? A. [allinurl:] B. [location:] C. [site:] D. [link:]

C. [site:]

Mr. Omkar performed tool-based vulnerability assessment and found two vulnerabilities. During analysis, he found that these issues are not true vulnerabilities. What will you call these issues? A. False positives B. True negatives C. True positives D. False negatives

A. False positives

Sam is a penetration tester hired by Inception Tech, a security organization. He was asked to perform port scanning on a target host in the network. While performing the given task, Sam sends FIN/ACK probes and determines that an RST packet is sent in response by the target host, indicating that the port is closed. What is the port scanning technique used by Sam to discover open ports? A. Xmas scan B. IDLE/IPID header scan C. TCP Maimon scan D. ACK flag probe scan

C. TCP Maimon scan

Based on the below log, which of the following sentences are true? Mar 1, 2016, 7:33:28 AM 10.240.250.23 - 54373 10.249.253.15 - 22 tcp_ip A. Application is FTP and 10.240.250.23 is the client and 10.249.253.15 is the server. B. Application is SSH and 10.240.250.23 is the server and 10.249.253.15 is the client. C. SSH communications are encrypted; it's impossible to know who is the client or the server. D. Application is SSH and 10.240.250.23 is the client and 10.249.253.15 is the server.

D. Application is SSH and 10.240.250.23 is the client and 10.249.253.15 is the server.

You want to analyze packets on your wireless network. Which program would you use? A. Wireshark with Airpcap B. Airsnort with Airpcap C. Wireshark with Winpcap D. Ethereal with Winpcap

A. Wireshark with Airpcap

When conducting a penetration test, it is crucial to use all means to get all available information about the target network. One of the ways to do that is by sniffing the network. Which of the following cannot be performed by the passive network sniffing? A. Identifying operating systems, services, protocols and devices B. Modifying and replaying captured network traffic C. Collecting unencrypted information about usernames and passwords D. Capturing a network traffic for further analysis

B. Modifying and replaying captured network traffic

An unauthorized individual enters a building following an employee through the employee entrance after the lunch rush. What type of breach has the individual just performed? A. Reverse Social Engineering B. Tailgating C. Piggybacking D. Announced

B. Tailgating

Which of these is capable of searching for and locating rogue access points? A. HIDS B. WISS C. WIPS D. NIDS

C. WIPS

You are tasked to configure the DHCP server to lease the last 100 usable IP addresses in subnet to. A. 4.0/23. Which of the following IP addresses could be teased as a result of the new configuration? B. 210.1.55.200 C. 10.1.4.254 D. 10.1.5.200 E. 10.1.4.156

D. 10.1.5.200

You want to do an ICMP scan on a remote computer using hping2. What is the proper syntax? A. hping2 host.domain.com B. hping2 --set-ICMP host.domain.com C. hping2 -i host.domain.com D. hping2 -1 host.domain.com

D. hping2 -1 host.domain.com

An Internet Service Provider (ISP) has a need to authenticate users connecting via analog modems, Digital Subscriber Lines (DSL), wireless data services, and Virtual Private Networks (VPN) over a Frame Relay network. Which AAA protocol is the most likely able to handle this requirement? A. TACACS+ B. DIAMETER C. Kerberos D. RADIUS

D. RADIUS

Which of the following options represents a conceptual characteristic of an anomaly-based IDS over a signature-based IDS? A. Produces less false positives B. Can identify unknown attacks C. Requires vendor updates for a new threat D. Cannot deal with encrypted network traffic

B. Can identify unknown attacks

Cross-site request forgery involves: A. A request sent by a malicious user from a browser to a server B. Modification of a request by a proxy between client and server C. A browser making a request to a server without the user's knowledge D. A server making a request to another server without the user's knowledge

C. A browser making a request to a server without the user's knowledge

Which of the following is considered an exploit framework and has the ability to perform automated attacks on services, ports, applications and unpatched security flaws in a computer system? A. Wireshark B. Maltego C. Metasploit D. Nessus

C. Metasploit

A computer science student needs to fill some information into a secured Adobe PDF job application that was received from a prospective employer. Instead of requesting a new document that allowed the forms to be completed, the student decides to write a script that pulls passwords from a list of commonly used passwords to try against the secured PDF until the correct password is found or the list is exhausted. Which cryptography attack is the student attempting? A. Man-in-the-middle attack B. Brute-force attack C. Dictionary attack D. Session hijacking

C. Dictionary attack

You are logged in as a local admin on a Windows 7 system and you need to launch the Computer Management Console from command line. Which command would you use? A. c:\compmgmt.msc B. c:\services.msc C. c:\ncpa.cp D. c:\gpedit

A. c:\compmgmt.msc

Which of the following scanning method splits the TCP header into several packets and makes it difficult for packet filters to detect the purpose of the packet? A. ACK flag probe scanning B. ICMP Echo scanning C. SYN/FIN scanning using IP fragments D. IPID scanning

C. SYN/FIN scanning using IP fragments

You have compromised a server and successfully gained a root access. You want to pivot and pass traffic undetected over the network and evade any possible Intrusion Detection System. What is the best approach? A. Use Alternate Data Streams to hide the outgoing packets from this server. B. Use HTTP so that all traffic can be routed vis a browser, thus evading the internal IntrusionDetection Systems. C. Install Cryptcat and encrypt outgoing packets from this server. D. Install and use Telnet to encrypt all outgoing traffic from this server.

C. Install Cryptcat and encrypt outgoing packets from this server.

A hacker has successfully infected an internet-facing server which he will then use to send junk mail, take part in coordinated attacks, or host junk email content. Which sort of trojan infects this server? A. Botnet Trojan B. Banking Trojans C. Turtle Trojans D. Ransomware Trojans

A. Botnet Trojan

How can rainbow tables be defeated? A. Use of non-dictionary words B. All uppercase character passwords C. Password salting D. Lockout accounts under brute force password cracking attempts

C. Password salting

Bob, your senior colleague, has sent you a mail regarding a deal with one of the clients. You are requested to accept the offer and you oblige. After 2 days, Bab denies that he had ever sent a mail. What do you want to ""know"" to prove yourself that it was Bob who had send a mail? A. Non-Repudiation B. Integrity C. Authentication D. Confidentiality

A. Non-Repudiation

Attempting an injection attack on a web server based on responses to True/False A. Compound SQLi B. Blind SQLi C. Classic SQLi D. DMS-specific SQLi

B. Blind SQLi

What would be the purpose of running "wget 192.168.0.15 -q -S" against a web server? A. Performing content enumeration on the web server to discover hidden B. Using wget to perform banner grabbing on the webserver C. Flooding the web server with requests to perform a DoS attack D. Downloading all the contents of the web page locally for further examination

B. Using wget to perform banner grabbing on the webserver

The security administrator of PLUS needs to permit Internet traffic in the host 10.0.0.2 and UDP traffic in the host 10.0.0.3. He also needs to permit all FTP traffic to the rest of the network and deny all other traffic. After he applied his ACL configuration in the router, nobody can access the ftp, and the permitted hosts cannot access the Internet. According to the next configuration, what is happening in the network? access-list 102 deny tcp any any access-list 104 permit udp host 10.0.0.3 any access-list 110 permit tcp host 10.0.0.2 eq www any access-list 108 permit tcp any eq ftp any A. The ACL 104 needs to be first because is UDP B. The first ACL is denying all TCP traffic and the other ACLs are being ignored by the router C. The ACL for FTP must be before the ACL 110 D. The ACL 110 needs to be changed to port 80

B. The first ACL is denying all TCP traffic and the other ACLs are being ignored by the router

Which of the following provides a security professional with most information about the system's security posture? A. Phishing, spamming, sending trojans B. Social engineering, company site browsing tailgating C. Wardriving, warchalking, social engineering D. Port scanning, banner grabbing service identification

D. Port scanning, banner grabbing service identification

Firewalls are the software or hardware systems that are able to control and monitor the traffic coming in and out the target network based on pre-defined set of rules. Which of the following types of firewalls can protect against SQL injection attacks? A. Data-driven firewall B. Packet firewall C. Web application firewall D. Stateful firewall

C. Web application firewall

# nmap -sX host.domain.com An attacker scans a host with the below command. Which three flags are set? A. This is SYN scan. SYN flag is set. B. This is Xmas scan. URG, PUSH and FIN are set. C. This is ACK scan. ACK flag is set. D. This is Xmas scan. SYN and ACK flags are set.

B. This is Xmas scan. URG, PUSH and FIN are set.

If executives are found liable for not properly protecting their company's assets and information systems, what type of law would apply in this situation? A. Criminal B. International C. Common D. Civil

D. Civil

Which access control mechanism allows for multiple systems to use a central authentication server (CAS) that permits users to authenticate once and gain access to multiple systems? A. Role Based Access Control (RBAC) B. Discretionary Access Control (DAC) C. Single sign-on D. Windows authentication

C. Single sign-on

What would you enter if you wanted to perform a stealth scan using Nmap? A. nmap -sM B. nmap -sU C. nmap -sS D. nmap -sT

C. nmap -sS

Which protocol is used for setting up secure channels between two devices, typically in VPNs? A. PEM B. ppp C. IPSEC D. SET

C. IPSEC

using the nmap syntax below, it is not going through. invictus@victim_server.~$ nmap -T4 -O 10.10.0.0/24 TCP/IP fingerprinting (for OS scan) xxxxxxx xxxxxx xxxxxxxxx. QUITTING! What seems to be wrong? A. The nmap syntax is wrong. B. This is a common behavior for a corrupted nmap application. C. The outgoing TCP/IP fingerprinting is blocked by the host firewall. D. OS Scan requires root privileges.

D. OS Scan requires root privileges.

What is the most common method to exploit the "Bash Bug" or "Shellshock" vulnerability? A. SYN Flood B. SSH C. Through Web servers utilizing CGI (Common Gateway Interface) to send a malformed environment variable to a vulnerable Web server D. Manipulate format strings in text fields

C. Through Web servers utilizing CGI (Common Gateway Interface) to send a malformed environment variable to a vulnerable Web server

Firewalk has just completed the second phase (the scanning phase) and a technician receives the output shown below. What conclusions can be drawn based on these scan results? TCP port 21 no response TCP port 22 no response TCP port 23 Time-to-live exceeded A. The lack of response from ports 21 and 22 indicate that those services are not running on the destination server B. The scan on port 23 was able to make a connection to the destination host prompting the firewall to respond with a TTL error C. The scan on port 23 passed through the filtering device. This indicates that port 23 was not blocked at the firewall D. The firewall itself is blocking ports 21 through 23 and a service is listening on port 23 of the target host

C. The scan on port 23 passed through the filtering device. This indicates that port 23 was not blocked at the firewall

#!/usr/bin/python import socket buffer=[""A""] counter=50 while len(buffer)<=100: buffer.append (""A""*counter) counter=counter+50 commands= [""HELP"",""STATS ."",""RTIME ."",""LTIME. "",""SRUN ."',""TRUN ."",""GMON ."",""GDOG ."",""KSTET .",""GTER ."",""HTER ."", ""LTER .",""KSTAN .""] for command in commands: for buffstring in buffer: print ""Exploiting"" +command +"":""+str(len(buffstring)) s=socket.socket(socket.AF_INET, socket.SOCK_STREAM) s.connect (('127.0.0.1', 9999)) s.recv(50) s.send(command+buffstring) s.close() What is the code written for? A. Denial-of-service (DOS) B. Buffer Overflow C. Bruteforce D. Encryption

B. Buffer Overflow

Which tier in the N-tier application architecture is responsible for moving and processing data between the tiers? A. Presentation tier B. Application Layer C. Logic tier D. Data tier

C. Logic tier

In both pharming and phishing attacks, an attacker can create websites that look similar to legitimate sites with the intent of collecting personal identifiable information from its victims. What is the difference between pharming and phishing attacks? A. In a pharming attack, a victim is redirected to a fake website by modifying their host configuration file or by exploiting vulnerabilities in DNS. In a phishing attack, an attacker provides the victim with a URL that is either misspelled or looks similar to the actual websites domain name B. In a phishing attack, a victim is redirected to a fake website by modifying their host configuration file or by exploiting vulnerabilities in DNS. In a pharming attack, an attacker provides the victim with a URL that is either misspelled or looks very similar to the actual websites domain name C. Both pharming and phishing attacks are purely technical and are not considered forms of social engineering D. Both pharming and phishing attacks are identical

A. In a pharming attack, a victim is redirected to a fake website by modifying their host configuration file or by exploiting vulnerabilities in DNS. In a phishing attack, an attacker provides the victim with a URL that is either misspelled or looks similar to the actual websites domain name

When configuring wireless on his home router, Javik disables SSID broadcast. He leaves authentication "open" but sets the SSID to a 32-character string of random letters and numbers. What is an accurate assessment of this scenario from a security perspective? A. Since the SSID is required in order to connect, the 32-character string is sufficient to prevent bruteforce attacks. B. Disabling SSID broadcast prevents 802.11 beacons from being transmitted from the access point, resulting in a valid setup leveraging "security through obscurity". C. It is still possible for a hacker to connect to the network after sniffing the SSID from a successful wireless association. D. Javik's router is still vulnerable to wireless hacking attempts because the SSID broadcast setting can be enabled using a specially crafted packet sent to the hardware address of the access point.

C. It is still possible for a hacker to connect to the network after sniffing the SSID from a successful wireless association.

Chandler works as a pen-tester in an IT-firm in New York. As a part of detecting viruses in the systems, he uses a detection method where the anti-virus executes the malicious codes on a virtual machine to simulate CPU and memory activities. Which type of virus detection method did Chandler use in this context? A. Heuristic Analysis B. Code Emulation C. Scanning D. Integrity checking

B. Code Emulation

Which of the following statements is TRUE? A. Packet Sniffers operate on the Layer 1 of the OSI model. B. Packet Sniffers operate on Layer 2 of the OSI model. C. Packet Sniffers operate on both Layer 2 & Layer 3 of the OSI model. D. Packet Sniffers operate on Layer 3 of the OSI model.

B. Packet Sniffers operate on Layer 2 of the OSI model.

Insecure direct object reference is a type of vulnerability where the application does not verify if the user is authorized to access the internal object via its name or key. Suppose a malicious user Rob tries to get access to the account of a benign user Ned. Which of the following requests best illustrates an attempt to exploit an insecure direct object reference vulnerability? A. "GET /restricted/goldtransfer?to=Rob&from=1 or 1=1' HTTP/1.1Host: westbank.com" B. "GET /restricted/\r\n\%00account%00Ned%00access HTTP/1.1 Host: westbank.com" C. "GET /restricted/accounts/?name=Ned HTTP/1.1 Host westbank.com" D. "GET /restricted/ HTTP/1.1 Host: westbank.com

C. "GET /restricted/accounts/?name=Ned HTTP/1.1 Host westbank.com"

Mary found a high vulnerability during a vulnerability scan and notified her server team. After analysis, they sent her proof that a fix to that issue had already been applied. The vulnerability that Marry found is called what? A. False-negative B. False-positive C. Brute force attack D. Backdoor

B. False-positive

What is the least important information when you analyze a public IP address in a security alert? A. DNS B. Whois C. Geolocation D. ARP

D. ARP

You are a security officer of a company. You had an alert from IDS that indicates that one PC on your Intranet is connected to a blacklisted IP address (C2 Server) on the Internet. The IP address was blacklisted just before the alert. You are starting an investigation to roughly analyze the severity of the situation. Which of the following is appropriate to analyze? A. IDS log B. Event logs on domain controller C. Internet Firewall/Proxy log. D. Event logs on the PC

C. Internet Firewall/Proxy log.

Which of the following antennas is commonly used in communications for a frequency band of 10 MHz to VHF and UHF? A. Yagi antenna B. Dipole antenna C. Parabolic grid antenna D. Omnidirectional antenna

A. Yagi antenna

From the following table, identify the wrong answer in terms of Range (ft). Standard Range (ft) 802.11a 150-150 802.11b 150-150 802.11g 150-150 802.16 (WiMax) 30 miles A. 802.16 (WiMax) B. 802.11g C. 802.11b D. 802.11a

A. 802.16 (WiMax)

Which tool can be used to silently copy files from USB devices? A. USB Grabber B. USB Snoopy C. USB Sniffer D. Use Dumper

D. Use Dumper

A security analyst is performing an audit on the network to determine if there are any deviations from the security policies in place. The analyst discovers that a user from the IT department had a dial-out modem installed. Which security policy must the security analyst check to see if dial-out modems are allowed? A. Firewall-management policy B. Acceptable-use policy C. Permissive policy D. Remote-access policy

D. Remote-access policy

ping-* 6 192.168.0.101 Output: Pinging 192.168.0.101 with 32 bytes of data: Reply from 192.168.0.101: bytes=32 time<1ms TTL=128 Reply from 192.168.0.101: bytes=32 time<1ms TTL=128 Reply from 192.168.0.101: bytes=32 time<1ms TTL=128 Reply from 192.168.0.101: bytes=32 time<1ms TTL=128 Reply from 192.168.0.101: bytes=32 time<1ms TTL=128 Reply from 192.168.0.101: Ping statistics for 192.168.0101 Packets: Sent = 6, Received = 6, Lost = 0 (0% loss). Approximate round trip times in milli-seconds: Minimum = 0ms, Maximum = 0ms, Average = 0ms What does the option * indicate? A. t B. s C. a D. n

D. n

Which of the following is a passive wireless packet analyzer that works on Linux-based systems? A. Burp Suite B. OpenVAS C. tshark D. Kismet

C. tshark

A company's Web development team has become aware of a certain type of security vulnerability in their Web software. To mitigate the possibility of this vulnerability being exploited, the team wants to modify the software requirements to disallow users from entering HTML as input into their Web application. What kind of Web application vulnerability likely exists in their software? A. Cross-site scripting vulnerability B. SQL injection vulnerability C. Web site defacement vulnerability D. Gross-site Request Forgery vulnerability

A. Cross-site scripting vulnerability

On performing a risk assessment, you need to determine the potential impacts when some of the critical business processes of the company interrupt its service. What is the name of the process by which you can determine those critical businesses? A. Emergency Plan Response (EPR) B. Business Impact Analysis (BIA) C. Risk Mitigation D. Disaster Recovery Planning (DRP)

B. Business Impact Analysis (BIA)

Hustle 4 Flashcards

(100 cards)