EC-Council 312-50v11 Certified Ethical Hacker Exam – C|EH v11 Online Training

1. Alice, a professional hacker, targeted an organization's cloud services. She infiltrated the targets MSP provider by sending spear-phishing emails and distributed custom-made malware to compromise user accounts and gain remote access to the cloud service. Further, she accessed the target customer profiles with her MSP account, compressed the customer data, and stored them in the MSP. Then, she used this information to launch further attacks on the target organization .

Which of the following cloud attacks did Alice perform in the above scenario?

2. Which of the following types of SQL injection attacks extends the results returned by the original query, enabling attackers to run two or more statements if they have the same structure as the original one?

3. Which of the following tools is used to analyze the files produced by several packet-capture programs such as tcpdump, WinDump, Wireshark, and EtherPeek?

4. Ethical hacker jane Smith is attempting to perform an SQL injection attach. She wants to test the response time of a true or false response and wants to use a second command to determine whether the database will return true or false results for user IDs.

Which two SQL Injection types would give her the results she is looking for?

5. What is the first step for a hacker conducting a DNS cache poisoning (DNS spoofing) attack against an organization?

6. The following is an entry captured by a network IDS. You are assigned the task of analyzing this entry. You notice the value 0x90, which is the most common NOOP instruction for the Intel processor. You figure that the attacker is attempting a buffer overflow attack.

You also notice "/bin/sh" in the ASCII part of the output.

As an analyst what would you conclude about the attack?

7. What hacking attack is challenge/response authentication used to prevent?

8. John wants to send Marie an email that includes sensitive information, and he does not trust the network that he is connected to. Marie gives him the idea of using PGP .

What should John do to communicate correctly using this type of encryption?

9. Which of the following steps for risk assessment methodology refers to vulnerability identification?

10. Which system consists of a publicly available set of databases that contain domain name registration contact information?

11. You want to do an ICMP scan on a remote computer using hping2 .

What is the proper syntax?

12. Jake, a professional hacker, installed spyware on a target iPhone to spy on the target user's activities. He can take complete control of the target mobile device by jailbreaking the device remotely and record audio, capture screenshots, and monitor all phone calls and SMS messages .

What is the type of spyware that Jake used to infect the target device?

13. You are programming a buffer overflow exploit and you want to create a NOP sled of 200 bytes in the program exploit.c





What is the hexadecimal value of NOP instruction?

14. How can you determine if an LM hash you extracted contains a password that is less than 8 characters long?

15. You are tasked to perform a penetration test. While you are performing information gathering, you find an employee list in Google. You find the receptionist’s email, and you send her an email changing the source email to her boss’s email ([email protected]). In this email, you ask for a pdf with information. She reads your email and sends back a pdf with links. You exchange the pdf links with your malicious links (these links contain malware) and send back the modified pdf, saying that the links don’t work. She reads your email, opens the links, and her machine gets infected. You now have access to the company network .

What testing method did you use?

16. BitLocker encryption has been implemented for all the Windows-based computers in an organization. You are concerned that someone might lose their cryptographic key. Therefore, a mechanism was implemented to recover the keys from Active Directory .

What is this mechanism called in cryptography?

17. Attempting an injection attack on a web server based on responses to True/False questions is called which of the following?

18. Your company was hired by a small healthcare provider to perform a technical assessment on the network.

What is the best approach for discovering vulnerabilities on a Windows-based computer?

19. Which results will be returned with the following Google search query?

site:target.com C site: Marketing.target.com accounting

20. Jack, a professional hacker, targets an organization and performs vulnerability scanning on the target web server to identify any possible weaknesses, vulnerabilities, and misconfigurations. In this process, Jack uses an automated tool that eases his work and performs vulnerability scanning to find hosts, services, and other vulnerabilities in the target server .

Which of the following tools is used by Jack to perform vulnerability scanning?

21. Joel, a professional hacker, targeted a company and identified the types of websites frequently visited by its employees. Using this information, he searched for possible loopholes in these websites and injected a malicious script that can redirect users from the web page and download malware onto a victim's machine. Joel waits for the victim to access the infected web application so as to compromise the victim's machine .

Which of the following techniques is used by Joel in the above scenario?

22. John is investigating web-application firewall logs and observers that someone is attempting to inject the following:

char buff[10];

buff[>o] - 'a':

What type of attack is this?

23. In an internal security audit, the white hat hacker gains control over a user account and attempts to acquire access to another account's confidential files and information .

How can he achieve this?

24. Which is the first step followed by Vulnerability Scanners for scanning a network?

25. Which of these is capable of searching for and locating rogue access points?

26. John, a security analyst working for an organization, found a critical vulnerability on the

organization's LAN that allows him to view financial and personal information about the rest of the employees. Before reporting the vulnerability, he examines the information shown by the vulnerability for two days without disclosing any information to third parties or other internal employees. He does so out of curiosity about the other employees and may take advantage of this information later .

What would John be considered as?

27. During an Xmas scan what indicates a port is closed?

28. You work for Acme Corporation as Sales Manager. The company has tight network security restrictions. You are trying to steal data from the company's Sales database (Sales.xls) and transfer them to your home computer. Your company filters and monitors traffic that leaves from the internal network to the Internet .

How will you achieve this without raising suspicion?

29. Hackers often raise the trust level of a phishing message by modeling the email to look similar to the internal email used by the target company. This includes using logos, formatting, and names of the target company. The phishing message will often use the name of the company CEO, President, or Managers.

The time a hacker spends performing research to locate this information about a company is known as?

30. Which of the following tactics uses malicious code to redirect users' web traffic?

31. What does the following command in netcat do?

nc -l -u -p55555 < /etc/passwd

32. This form of encryption algorithm is asymmetric key block cipher that is characterized by a 128-bit block size, and its key size can be up to 256 bits .

Which among the following is this encryption algorithm?

33. Sam is a penetration tester hired by Inception Tech, a security organization. He was asked to perform port scanning on a target host in the network. While performing the given task, Sam sends FIN/ACK probes and determines that an RST packet is sent in response by the target host, indicating that the port is closed.

What is the port scanning technique used by Sam to discover open ports?

34. Mason, a professional hacker, targets an organization and spreads Emotet malware through malicious script. After infecting the victim's device. Mason further used Emotet to spread the infection across local networks and beyond to compromise as many machines as possible. In this process, he used a tool, which is a self-extracting RAR file, to retrieve information related to network resources such as writable share drives .

What is the tool employed by Mason in the above scenario?

35. An attacker utilizes a Wi-Fi Pineapple to run an access point with a legitimate-looking SSID for a nearby business in order to capture the wireless password .

What kind of attack is this?

36. Mike, a security engineer, was recently hired by BigFox Ltd. The company recently experienced disastrous DoS attacks. The management had instructed Mike to build defensive strategies for the company's IT infrastructure to thwart DoS/DDoS attacks. Mike deployed some countermeasures to handle jamming and scrambling attacks .

What is the countermeasure Mike applied to defend against jamming and scrambling attacks?

37. Which type of malware spreads from one system to another or from one network to another and causes similar types of damage as viruses do to the infected system?

38. Louis, a professional hacker, had used specialized tools or search engines to encrypt all his browsing activity and navigate anonymously to obtain sensitive/hidden information about official government or federal databases. After gathering the Information, he successfully performed an attack on the target government organization without being traced .

Which of the following techniques is described in the above scenario?

39. Fred is the network administrator for his company. Fred is testing an internal switch.

From an external IP address, Fred wants to try and trick this switch into thinking it already has established a session with his computer .

How can Fred accomplish this?

40. in this attack, an adversary tricks a victim into reinstalling an already-in-use key. This is achieved by manipulating and replaying cryptographic handshake messages. When the victim reinstall the key, associated parameters such as the incremental transmit packet number and receive packet number are reset to their initial values .

What is this attack called?

41. What term describes the amount of risk that remains after the vulnerabilities are classified and the countermeasures have been deployed?

42. CORRECT TEXT

A group of hackers were roaming around a bank office building in a city, driving a luxury car. They were using hacking tools on their laptop with the intention to find a free-access wireless network .

What is

43. Attacker creates a transparent 'iframe' in front of the URL which victim attempts to click, so victim thinks that he/she clicks to the 'Do you want to make $1000 in a day?' URL but actually he/she clicks to the content or URL that exists in the transparent 'iframe' which is setup by the attacker.

What is the name of the attack which is mentioned in the scenario?

44. On performing a risk assessment, you need to determine the potential impacts when some of the critical business processes of the company interrupt its service.

What is the name of the process by which you can determine those critical businesses?

45. A regional bank hires your company to perform a security assessment on their network after a recent data breach. The attacker was able to steal financial data from the bank by compromising only a single server.

Based on this information, what should be one of your key recommendations to the bank?

46. Which of the following DoS tools is used to attack target web applications by starvation of available sessions on the web server?

The tool keeps sessions at halt using never-ending POST transmissions and sending an arbitrarily large content-length header value.

47. DNS cache snooping is a process of determining if the specified resource address is present in the DNS cache records. It may be useful during the examination of the network to determine what software update resources are used, thus discovering what software is installed.

What command is used to determine if the entry is present in DNS cache?

48. What is the purpose of DNS AAAA record?

49. Log monitoring tools performing behavioral analysis have alerted several suspicious logins on a Linux server occurring during non-business hours. After further examination of all login activities, it is noticed that none of the logins have occurred during typical work hours. A Linux administrator who is investigating this problem realizes the system time on the Linux server is wrong by more than twelve hours .

What protocol used on Linux servers to synchronize the time has stopped working?

50. What does a firewall check to prevent particular ports and applications from getting packets into an organization?

51. An incident investigator asks to receive a copy of the event logs from all firewalls, proxy servers, and Intrusion Detection Systems (IDS) on the network of an organization that has experienced a possible breach of security. When the investigator attempts to correlate the information in all of the logs, the sequence of many of the logged events do not match up.

What is the most likely cause?

52. To create a botnet. the attacker can use several techniques to scan vulnerable machines. The attacker first collects Information about a large number of vulnerable machines to create a list. Subsequently, they infect the machines. The list Is divided by assigning half of the list to the newly compromised machines. The scanning process runs simultaneously. This technique ensures the spreading and installation of malicious code in little time.

Which technique is discussed here?

53. Henry is a penetration tester who works for XYZ organization. While performing enumeration on a client organization, he queries the DNS server for a specific cached DNS record. Further, by using this cached record, he determines the sites recently visited by the organization's user .

What is the enumeration technique used by Henry on the organization?

54. Alice needs to send a confidential document to her coworker. Bryan. Their company has public key infrastructure set up. Therefore. Alice both encrypts the message and digitally signs it. Alice uses_______to encrypt the message, and Bryan uses__________to confirm the digital signature.

55. You are a Network Security Officer. You have two machines. The first machine (192.168.0.99) has snort installed, and the second machine (192.168.0.150) has kiwi syslog installed. You perform a syn scan in your network, and you notice that kiwi syslog is not receiving the alert message from snort. You decide to run wireshark in the snort machine to check if the messages are going to the kiwi syslog machine .

What Wireshark filter will show the connections from the snort machine to kiwi syslog machine?

56. Which regulation defines security and privacy controls for Federal information systems and organizations?

57. Which of the following is the least-likely physical characteristic to be used in biometric control that supports a large company?

58. Tony is a penetration tester tasked with performing a penetration test. After gaining initial access to a target system, he finds a list of hashed passwords.

Which of the following tools would not be useful for cracking the hashed passwords?

59. In Trojan terminology, what is a covert channel?

60. Bob received this text message on his mobile phone: “Hello, this is Scott Smelby from the Yahoo Bank. Kindly contact me for a vital transaction on: [email protected]” .

Which statement below is true?

61. Which protocol is used for setting up secure channels between two devices, typically in

VPNs?

62. An organization has automated the operation of critical infrastructure from a remote location. For this purpose, all the industrial control systems are connected to the Internet. To empower the manufacturing process, ensure the reliability of industrial networks, and reduce downtime and service disruption, the organization deckled to install an OT security tool that further protects against security incidents such as cyber espionage, zero-day attacks, and malware .

Which of the following tools must the organization employ to protect its critical infrastructure?

63. An Internet Service Provider (ISP) has a need to authenticate users connecting via analog modems, Digital Subscriber Lines (DSL), wireless data services, and Virtual Private Networks (VPN) over a Frame Relay network.

Which AAA protocol is the most likely able to handle this requirement?

64. Which of the following is the structure designed to verify and authenticate the identity of individuals within the enterprise taking part in a data exchange?

65. Although FTP traffic is not encrypted by default, which layer 3 protocol would allow for end-to-end encryption of the connection?

66. An attacker changes the profile information of a particular user (victim) on the target website. The attacker uses this string to update the victim’s profile to a text file and then submit the data to the attacker’s database.

< iframe src=““http://www.vulnweb.com/updateif.php”” style=““display:none””</iframe> >

What is this type of attack (that can use either HTTP GET or HTTP POST) called?

67. Samuel, a professional hacker, monitored and Intercepted already established traffic between Bob and a host machine to predict Bob's ISN. Using this ISN, Samuel sent spoofed packets with Bob's IP address to the host machine. The host machine responded with <| packet having an Incremented ISN. Consequently. Bob's connection got hung, and Samuel was able to communicate with the host machine on behalf of Bob .

What is the type of attack performed by Samuel in the above scenario?

68. In the context of Windows Security, what is a 'null' user?

69. This TCP flag instructs the sending system to transmit all buffered data immediately.

70. When a normal TCP connection starts, a destination host receives a SYN (synchronize/start) packet from a source host and sends back a SYN/ACK (synchronize acknowledge). The destination host must then hear an ACK (acknowledge) of the SYN/ACK before the connection is established. This is referred to as the "TCP three-way handshake." While waiting for the ACK to the SYN ACK, a connection queue of finite size on the destination host keeps track of connections waiting to be completed. This queue typically empties quickly since the ACK is expected to arrive a few milliseconds after the SYN ACK.

How would an attacker exploit this design by launching TCP SYN attack?

71. Elante company has recently hired James as a penetration tester. He was tasked with performing enumeration on an organization's network. In the process of enumeration, James discovered a service that is accessible to external sources. This service runs directly on port 21 .

What is the service enumerated byjames in the above scenario?

72. When you are testing a web application, it is very useful to employ a proxy tool to save every request and response. You can manually test every request and analyze the response to find vulnerabilities. You can test parameter and headers manually to get more precise results than if using web vulnerability scanners.

What proxy tool will help you find web vulnerabilities?

73. in an attempt to increase the security of your network, you Implement a solution that will help keep your wireless network undiscoverable and accessible only to those that know It .

How do you accomplish this?

74. Which of the following programming languages is most susceptible to buffer overflow attacks, due to its lack of a built-in bounds checking mechanism?

Code:

#include <string.h> int main(){char buffer[8];

strcpy(buffer, ““11111111111111111111111111111””);} Output: Segmentation fault

75. Which of the following algorithms can be used to guarantee the integrity of messages being sent, in transit, or stored?

76. Which among the following is the best example of the hacking concept called "clearing tracks"?

77. Peter is surfing the internet looking for information about DX Company .

Which hacking process is Peter doing?

78. When analyzing the IDS logs, the system administrator noticed an alert was logged when the external router was accessed from the administrator’s Computer to update the router configuration .

What type of an alert is this?

79. Study the following log extract and identify the attack.

80. An attacker identified that a user and an access point are both compatible with WPA2 and WPA3 encryption. The attacker installed a rogue access point with only WPA2 compatibility in the vicinity and forced the victim to go through the WPA2 four-way handshake to get connected. After the connection was established, the attacker used automated tools to crack WPA2-encrypted messages .

What is the attack performed in the above scenario?

81. If a token and 4-digit personal identification number (PIN) are used to access a computer system and the token performs off-line checking for the correct PIN, what type of attack is possible?

82. What is the proper response for a NULL scan if the port is open?

83. Nathan is testing some of his network devices. Nathan is using Macof to try and flood the ARP cache of these switches.

If these switches' ARP cache is successfully flooded, what will be the result?

84. What did the following commands determine?

85. What do Trinoo, TFN2k, WinTrinoo, T-Sight, and Stracheldraht have in common?

86. Which of the following statements is TRUE?

87. George is a security professional working for iTech Solutions. He was tasked with securely transferring sensitive data of the organization between industrial systems. In this process, he used a short-range communication protocol based on the IEEE 203.15.4 standard. This protocol is used in devices that transfer data infrequently at a low rate in a restricted area, within a range of 10-100 m .

What is the short-range wireless communication technology George employed in the above scenario?

88. Larry, a security professional in an organization, has noticed some abnormalities In the user accounts on a web server. To thwart evolving attacks, he decided to harden the security of the web server by adopting a countermeasures to secure the accounts on the web server.

Which of the following countermeasures must Larry implement to secure the user accounts on the web server?

89. When purchasing a biometric system, one of the considerations that should be reviewed is the processing speed .

Which of the following best describes what it is meant by processing?

90. Internet Protocol Security IPsec is actually a suite pf protocols. Each protocol within the suite provides different functionality. Collective IPsec does everything except.

91. You have successfully logged on a Linux system. You want to now cover your trade Your login attempt may be logged on several files located in /var/log .

Which file does NOT belongs to the list:

92. The Payment Card Industry Data Security Standard (PCI DSS) contains six different categories of control objectives. Each objective contains one or more requirements, which must be followed in order to achieve compliance .

Which of the following requirements would best fit under the objective, "Implement strong access control measures"?

93. Tremp is an IT Security Manager, and he is planning to deploy an IDS in his small company.

He is looking for an IDS with the following characteristics:

- Verifies success or failure of an attack

- Monitors system activities Detects attacks that a network-based IDS fails to detect

- Near real-time detection and response

- Does not require additional hardware

- Lower entry cost Which type of IDS is best suited for Tremp's requirements?

94. What is one of the advantages of using both symmetric and asymmetric cryptography in SSL/TLS?

95. What is not a PCI compliance recommendation?

96. A penetration tester is conducting a port scan on a specific host. The tester found several ports opened that were confusing in concluding the Operating System (OS) version installed.

Considering that NMAP result below, which of the following is likely to be installed on the target machine by the OS?

Starting NMAP 5.21 at 2011-03-15 11:06 NMAP scan report for 172.16.40.65 Host is up (1.00s latency). Not shown: 993 closed ports PORT STATE SERVICE 21/tcp open ftp 23/tcp open telnet 80/tcp open http 139/tcp open netbios-ssn 515/tcp open 631/tcp open ipp 9100/tcp open MAC Address: 00:00:48:0D:EE:8

97. A large mobile telephony and data network operator has a data center that houses network elements. These are essentially large computers running on Linux. The perimeter of the data center is secured with firewalls and IPS systems.

What is the best security policy concerning this setup?

98. You went to great lengths to install all the necessary technologies to prevent hacking attacks, such as expensive firewalls, antivirus software, anti-spam systems and intrusion detection/prevention tools in your company's network. You have configured the most secure policies and tightened every device on your network. You are confident that hackers will never be able to gain access to your network with complex security system in place.

Your peer, Peter Smith who works at the same department disagrees with you.

He says even the best network security technologies cannot prevent hackers gaining access to the network because of presence of "weakest link" in the security chain.

What is Peter Smith talking about?

99. What is a NULL scan?

100. To invisibly maintain access to a machine, an attacker utilizes a toolkit that sits undetected In the core components of the operating system .

What is this type of rootkit an example of?

101. Alice, a professional hacker, targeted an organization's cloud services. She infiltrated the targets MSP provider by sending spear-phishing emails and distributed custom-made malware to compromise user accounts and gain remote access to the cloud service. Further, she accessed the target customer profiles with her MSP account, compressed the customer data, and stored them in the MSP. Then, she used this information to launch further attacks on the target organization .

Which of the following cloud attacks did Alice perform in the above scenario?

102. Which of the following types of SQL injection attacks extends the results returned by the original query, enabling attackers to run two or more statements if they have the same structure as the original one?

103. Which of the following tools is used to analyze the files produced by several packet-capture programs such as tcpdump, WinDump, Wireshark, and EtherPeek?

104. Ethical hacker jane Smith is attempting to perform an SQL injection attach. She wants to test the response time of a true or false response and wants to use a second command to determine whether the database will return true or false results for user IDs.

Which two SQL Injection types would give her the results she is looking for?

105. What is the first step for a hacker conducting a DNS cache poisoning (DNS spoofing) attack against an organization?

106. The following is an entry captured by a network IDS. You are assigned the task of analyzing this entry. You notice the value 0x90, which is the most common NOOP instruction for the Intel processor. You figure that the attacker is attempting a buffer overflow attack.

You also notice "/bin/sh" in the ASCII part of the output.

As an analyst what would you conclude about the attack?

107. What hacking attack is challenge/response authentication used to prevent?

108. John wants to send Marie an email that includes sensitive information, and he does not trust the network that he is connected to. Marie gives him the idea of using PGP .

What should John do to communicate correctly using this type of encryption?

109. Which of the following steps for risk assessment methodology refers to vulnerability identification?

110. Which system consists of a publicly available set of databases that contain domain name registration contact information?

111. You want to do an ICMP scan on a remote computer using hping2 .

What is the proper syntax?

112. Jake, a professional hacker, installed spyware on a target iPhone to spy on the target user's activities. He can take complete control of the target mobile device by jailbreaking the device remotely and record audio, capture screenshots, and monitor all phone calls and SMS messages .

What is the type of spyware that Jake used to infect the target device?

113. You are programming a buffer overflow exploit and you want to create a NOP sled of 200 bytes in the program exploit.c





What is the hexadecimal value of NOP instruction?

114. How can you determine if an LM hash you extracted contains a password that is less than 8 characters long?

115. You are tasked to perform a penetration test. While you are performing information gathering, you find an employee list in Google. You find the receptionist’s email, and you send her an email changing the source email to her boss’s email ([email protected]). In this email, you ask for a pdf with information. She reads your email and sends back a pdf with links. You exchange the pdf links with your malicious links (these links contain malware) and send back the modified pdf, saying that the links don’t work. She reads your email, opens the links, and her machine gets infected. You now have access to the company network .

What testing method did you use?

116. BitLocker encryption has been implemented for all the Windows-based computers in an organization. You are concerned that someone might lose their cryptographic key. Therefore, a mechanism was implemented to recover the keys from Active Directory .

What is this mechanism called in cryptography?

117. Attempting an injection attack on a web server based on responses to True/False questions is called which of the following?

118. Your company was hired by a small healthcare provider to perform a technical assessment on the network.

What is the best approach for discovering vulnerabilities on a Windows-based computer?

119. Which results will be returned with the following Google search query?

site:target.com C site: Marketing.target.com accounting

120. Jack, a professional hacker, targets an organization and performs vulnerability scanning on the target web server to identify any possible weaknesses, vulnerabilities, and misconfigurations. In this process, Jack uses an automated tool that eases his work and performs vulnerability scanning to find hosts, services, and other vulnerabilities in the target server .

Which of the following tools is used by Jack to perform vulnerability scanning?

121. Joel, a professional hacker, targeted a company and identified the types of websites frequently visited by its employees. Using this information, he searched for possible loopholes in these websites and injected a malicious script that can redirect users from the web page and download malware onto a victim's machine. Joel waits for the victim to access the infected web application so as to compromise the victim's machine .

Which of the following techniques is used by Joel in the above scenario?

122. John is investigating web-application firewall logs and observers that someone is attempting to inject the following:

char buff[10];

buff[>o] - 'a':

What type of attack is this?

123. In an internal security audit, the white hat hacker gains control over a user account and attempts to acquire access to another account's confidential files and information .

How can he achieve this?

124. Which is the first step followed by Vulnerability Scanners for scanning a network?

125. Which of these is capable of searching for and locating rogue access points?

126. John, a security analyst working for an organization, found a critical vulnerability on the

organization's LAN that allows him to view financial and personal information about the rest of the employees. Before reporting the vulnerability, he examines the information shown by the vulnerability for two days without disclosing any information to third parties or other internal employees. He does so out of curiosity about the other employees and may take advantage of this information later .

What would John be considered as?

127. During an Xmas scan what indicates a port is closed?

128. You work for Acme Corporation as Sales Manager. The company has tight network security restrictions. You are trying to steal data from the company's Sales database (Sales.xls) and transfer them to your home computer. Your company filters and monitors traffic that leaves from the internal network to the Internet .

How will you achieve this without raising suspicion?

129. Hackers often raise the trust level of a phishing message by modeling the email to look similar to the internal email used by the target company. This includes using logos, formatting, and names of the target company. The phishing message will often use the name of the company CEO, President, or Managers.

The time a hacker spends performing research to locate this information about a company is known as?

130. Which of the following tactics uses malicious code to redirect users' web traffic?

131. What does the following command in netcat do?

nc -l -u -p55555 < /etc/passwd

132. This form of encryption algorithm is asymmetric key block cipher that is characterized by a 128-bit block size, and its key size can be up to 256 bits .

Which among the following is this encryption algorithm?

133. Sam is a penetration tester hired by Inception Tech, a security organization. He was asked to perform port scanning on a target host in the network. While performing the given task, Sam sends FIN/ACK probes and determines that an RST packet is sent in response by the target host, indicating that the port is closed.

What is the port scanning technique used by Sam to discover open ports?

134. Mason, a professional hacker, targets an organization and spreads Emotet malware through malicious script. After infecting the victim's device. Mason further used Emotet to spread the infection across local networks and beyond to compromise as many machines as possible. In this process, he used a tool, which is a self-extracting RAR file, to retrieve information related to network resources such as writable share drives .

What is the tool employed by Mason in the above scenario?

135. An attacker utilizes a Wi-Fi Pineapple to run an access point with a legitimate-looking SSID for a nearby business in order to capture the wireless password .

What kind of attack is this?

136. Mike, a security engineer, was recently hired by BigFox Ltd. The company recently experienced disastrous DoS attacks. The management had instructed Mike to build defensive strategies for the company's IT infrastructure to thwart DoS/DDoS attacks. Mike deployed some countermeasures to handle jamming and scrambling attacks .

What is the countermeasure Mike applied to defend against jamming and scrambling attacks?

137. Which type of malware spreads from one system to another or from one network to another and causes similar types of damage as viruses do to the infected system?

138. Louis, a professional hacker, had used specialized tools or search engines to encrypt all his browsing activity and navigate anonymously to obtain sensitive/hidden information about official government or federal databases. After gathering the Information, he successfully performed an attack on the target government organization without being traced .

Which of the following techniques is described in the above scenario?

139. Fred is the network administrator for his company. Fred is testing an internal switch.

From an external IP address, Fred wants to try and trick this switch into thinking it already has established a session with his computer .

How can Fred accomplish this?

140. in this attack, an adversary tricks a victim into reinstalling an already-in-use key. This is achieved by manipulating and replaying cryptographic handshake messages. When the victim reinstall the key, associated parameters such as the incremental transmit packet number and receive packet number are reset to their initial values .

What is this attack called?

141. What term describes the amount of risk that remains after the vulnerabilities are classified and the countermeasures have been deployed?

142. CORRECT TEXT

A group of hackers were roaming around a bank office building in a city, driving a luxury car. They were using hacking tools on their laptop with the intention to find a free-access wireless network .

What is

143. Attacker creates a transparent 'iframe' in front of the URL which victim attempts to click, so victim thinks that he/she clicks to the 'Do you want to make $1000 in a day?' URL but actually he/she clicks to the content or URL that exists in the transparent 'iframe' which is setup by the attacker.

What is the name of the attack which is mentioned in the scenario?

144. On performing a risk assessment, you need to determine the potential impacts when some of the critical business processes of the company interrupt its service.

What is the name of the process by which you can determine those critical businesses?

145. A regional bank hires your company to perform a security assessment on their network after a recent data breach. The attacker was able to steal financial data from the bank by compromising only a single server.

Based on this information, what should be one of your key recommendations to the bank?

146. Which of the following DoS tools is used to attack target web applications by starvation of available sessions on the web server?

The tool keeps sessions at halt using never-ending POST transmissions and sending an arbitrarily large content-length header value.

147. DNS cache snooping is a process of determining if the specified resource address is present in the DNS cache records. It may be useful during the examination of the network to determine what software update resources are used, thus discovering what software is installed.

What command is used to determine if the entry is present in DNS cache?

148. What is the purpose of DNS AAAA record?

149. Log monitoring tools performing behavioral analysis have alerted several suspicious logins on a Linux server occurring during non-business hours. After further examination of all login activities, it is noticed that none of the logins have occurred during typical work hours. A Linux administrator who is investigating this problem realizes the system time on the Linux server is wrong by more than twelve hours .

What protocol used on Linux servers to synchronize the time has stopped working?

150. What does a firewall check to prevent particular ports and applications from getting packets into an organization?

151. An incident investigator asks to receive a copy of the event logs from all firewalls, proxy servers, and Intrusion Detection Systems (IDS) on the network of an organization that has experienced a possible breach of security. When the investigator attempts to correlate the information in all of the logs, the sequence of many of the logged events do not match up.

What is the most likely cause?

152. To create a botnet. the attacker can use several techniques to scan vulnerable machines. The attacker first collects Information about a large number of vulnerable machines to create a list. Subsequently, they infect the machines. The list Is divided by assigning half of the list to the newly compromised machines. The scanning process runs simultaneously. This technique ensures the spreading and installation of malicious code in little time.

Which technique is discussed here?

153. Henry is a penetration tester who works for XYZ organization. While performing enumeration on a client organization, he queries the DNS server for a specific cached DNS record. Further, by using this cached record, he determines the sites recently visited by the organization's user .

What is the enumeration technique used by Henry on the organization?

154. Alice needs to send a confidential document to her coworker. Bryan. Their company has public key infrastructure set up. Therefore. Alice both encrypts the message and digitally signs it. Alice uses_______to encrypt the message, and Bryan uses__________to confirm the digital signature.

155. You are a Network Security Officer. You have two machines. The first machine (192.168.0.99) has snort installed, and the second machine (192.168.0.150) has kiwi syslog installed. You perform a syn scan in your network, and you notice that kiwi syslog is not receiving the alert message from snort. You decide to run wireshark in the snort machine to check if the messages are going to the kiwi syslog machine .

What Wireshark filter will show the connections from the snort machine to kiwi syslog machine?

156. Which regulation defines security and privacy controls for Federal information systems and organizations?

157. Which of the following is the least-likely physical characteristic to be used in biometric control that supports a large company?

158. Tony is a penetration tester tasked with performing a penetration test. After gaining initial access to a target system, he finds a list of hashed passwords.

Which of the following tools would not be useful for cracking the hashed passwords?

159. In Trojan terminology, what is a covert channel?

160. Bob received this text message on his mobile phone: “Hello, this is Scott Smelby from the Yahoo Bank. Kindly contact me for a vital transaction on: [email protected]” .

Which statement below is true?

161. Which protocol is used for setting up secure channels between two devices, typically in

VPNs?

162. An organization has automated the operation of critical infrastructure from a remote location. For this purpose, all the industrial control systems are connected to the Internet. To empower the manufacturing process, ensure the reliability of industrial networks, and reduce downtime and service disruption, the organization deckled to install an OT security tool that further protects against security incidents such as cyber espionage, zero-day attacks, and malware .

Which of the following tools must the organization employ to protect its critical infrastructure?

163. An Internet Service Provider (ISP) has a need to authenticate users connecting via analog modems, Digital Subscriber Lines (DSL), wireless data services, and Virtual Private Networks (VPN) over a Frame Relay network.

Which AAA protocol is the most likely able to handle this requirement?

164. Which of the following is the structure designed to verify and authenticate the identity of individuals within the enterprise taking part in a data exchange?

165. Although FTP traffic is not encrypted by default, which layer 3 protocol would allow for end-to-end encryption of the connection?

166. An attacker changes the profile information of a particular user (victim) on the target website. The attacker uses this string to update the victim’s profile to a text file and then submit the data to the attacker’s database.

< iframe src=““http://www.vulnweb.com/updateif.php”” style=““display:none””</iframe> >

What is this type of attack (that can use either HTTP GET or HTTP POST) called?

167. Samuel, a professional hacker, monitored and Intercepted already established traffic between Bob and a host machine to predict Bob's ISN. Using this ISN, Samuel sent spoofed packets with Bob's IP address to the host machine. The host machine responded with <| packet having an Incremented ISN. Consequently. Bob's connection got hung, and Samuel was able to communicate with the host machine on behalf of Bob .

What is the type of attack performed by Samuel in the above scenario?

168. In the context of Windows Security, what is a 'null' user?

169. This TCP flag instructs the sending system to transmit all buffered data immediately.

170. When a normal TCP connection starts, a destination host receives a SYN (synchronize/start) packet from a source host and sends back a SYN/ACK (synchronize acknowledge). The destination host must then hear an ACK (acknowledge) of the SYN/ACK before the connection is established. This is referred to as the "TCP three-way handshake." While waiting for the ACK to the SYN ACK, a connection queue of finite size on the destination host keeps track of connections waiting to be completed. This queue typically empties quickly since the ACK is expected to arrive a few milliseconds after the SYN ACK.

How would an attacker exploit this design by launching TCP SYN attack?

171. Elante company has recently hired James as a penetration tester. He was tasked with performing enumeration on an organization's network. In the process of enumeration, James discovered a service that is accessible to external sources. This service runs directly on port 21 .

What is the service enumerated byjames in the above scenario?

172. When you are testing a web application, it is very useful to employ a proxy tool to save every request and response. You can manually test every request and analyze the response to find vulnerabilities. You can test parameter and headers manually to get more precise results than if using web vulnerability scanners.

What proxy tool will help you find web vulnerabilities?

173. in an attempt to increase the security of your network, you Implement a solution that will help keep your wireless network undiscoverable and accessible only to those that know It .

How do you accomplish this?

174. Which of the following programming languages is most susceptible to buffer overflow attacks, due to its lack of a built-in bounds checking mechanism?

Code:

#include <string.h> int main(){char buffer[8];

strcpy(buffer, ““11111111111111111111111111111””);} Output: Segmentation fault

175. Which of the following algorithms can be used to guarantee the integrity of messages being sent, in transit, or stored?

176. Which among the following is the best example of the hacking concept called "clearing tracks"?

177. Peter is surfing the internet looking for information about DX Company .

Which hacking process is Peter doing?

178. When analyzing the IDS logs, the system administrator noticed an alert was logged when the external router was accessed from the administrator’s Computer to update the router configuration .

What type of an alert is this?

179. Study the following log extract and identify the attack.

180. An attacker identified that a user and an access point are both compatible with WPA2 and WPA3 encryption. The attacker installed a rogue access point with only WPA2 compatibility in the vicinity and forced the victim to go through the WPA2 four-way handshake to get connected. After the connection was established, the attacker used automated tools to crack WPA2-encrypted messages .

What is the attack performed in the above scenario?

181. If a token and 4-digit personal identification number (PIN) are used to access a computer system and the token performs off-line checking for the correct PIN, what type of attack is possible?

182. What is the proper response for a NULL scan if the port is open?

183. Nathan is testing some of his network devices. Nathan is using Macof to try and flood the ARP cache of these switches.

If these switches' ARP cache is successfully flooded, what will be the result?

184. What did the following commands determine?

185. What do Trinoo, TFN2k, WinTrinoo, T-Sight, and Stracheldraht have in common?

186. Which of the following statements is TRUE?

187. George is a security professional working for iTech Solutions. He was tasked with securely transferring sensitive data of the organization between industrial systems. In this process, he used a short-range communication protocol based on the IEEE 203.15.4 standard. This protocol is used in devices that transfer data infrequently at a low rate in a restricted area, within a range of 10-100 m .

What is the short-range wireless communication technology George employed in the above scenario?

188. Larry, a security professional in an organization, has noticed some abnormalities In the user accounts on a web server. To thwart evolving attacks, he decided to harden the security of the web server by adopting a countermeasures to secure the accounts on the web server.

Which of the following countermeasures must Larry implement to secure the user accounts on the web server?

189. When purchasing a biometric system, one of the considerations that should be reviewed is the processing speed .

Which of the following best describes what it is meant by processing?

190. Internet Protocol Security IPsec is actually a suite pf protocols. Each protocol within the suite provides different functionality. Collective IPsec does everything except.

191. You have successfully logged on a Linux system. You want to now cover your trade Your login attempt may be logged on several files located in /var/log .

Which file does NOT belongs to the list:

192. The Payment Card Industry Data Security Standard (PCI DSS) contains six different categories of control objectives. Each objective contains one or more requirements, which must be followed in order to achieve compliance .

Which of the following requirements would best fit under the objective, "Implement strong access control measures"?

193. Tremp is an IT Security Manager, and he is planning to deploy an IDS in his small company.

He is looking for an IDS with the following characteristics:

- Verifies success or failure of an attack

- Monitors system activities Detects attacks that a network-based IDS fails to detect

- Near real-time detection and response

- Does not require additional hardware

- Lower entry cost Which type of IDS is best suited for Tremp's requirements?

194. What is one of the advantages of using both symmetric and asymmetric cryptography in SSL/TLS?

195. What is not a PCI compliance recommendation?

196. A penetration tester is conducting a port scan on a specific host. The tester found several ports opened that were confusing in concluding the Operating System (OS) version installed.

Considering that NMAP result below, which of the following is likely to be installed on the target machine by the OS?

Starting NMAP 5.21 at 2011-03-15 11:06 NMAP scan report for 172.16.40.65 Host is up (1.00s latency). Not shown: 993 closed ports PORT STATE SERVICE 21/tcp open ftp 23/tcp open telnet 80/tcp open http 139/tcp open netbios-ssn 515/tcp open 631/tcp open ipp 9100/tcp open MAC Address: 00:00:48:0D:EE:8

197. A large mobile telephony and data network operator has a data center that houses network elements. These are essentially large computers running on Linux. The perimeter of the data center is secured with firewalls and IPS systems.

What is the best security policy concerning this setup?

198. You went to great lengths to install all the necessary technologies to prevent hacking attacks, such as expensive firewalls, antivirus software, anti-spam systems and intrusion detection/prevention tools in your company's network. You have configured the most secure policies and tightened every device on your network. You are confident that hackers will never be able to gain access to your network with complex security system in place.

Your peer, Peter Smith who works at the same department disagrees with you.

He says even the best network security technologies cannot prevent hackers gaining access to the network because of presence of "weakest link" in the security chain.

What is Peter Smith talking about?

199. What is a NULL scan?

200. To invisibly maintain access to a machine, an attacker utilizes a toolkit that sits undetected In the core components of the operating system .

What is this type of rootkit an example of?

201. Cross-site request forgery involves:

202. John, a professional hacker, decided to use DNS to perform data exfiltration on a target network, in this process, he embedded malicious data into the DNS protocol packets that even DNSSEC cannot detect. Using this technique. John successfully injected malware to bypass a firewall and maintained communication with the victim machine and C&C server.

What is the technique employed by John to bypass the firewall?

203. While using your bank’s online servicing you notice the following string in the URL bar:

“http: // www. MyPersonalBank. com/ account?id=368940911028389&Damount=10980&Camount=21”

You observe that if you modify the Damount & Camount values and submit the request, that data on the web page reflects the changes.

Which type of vulnerability is present on this site?

204. in this attack, an adversary tricks a victim into reinstalling an already-in-use key. This is achieved by manipulating and replaying cryptographic handshake messages. When the victim reinstall the key, associated parameters such as the incremental transmit packet number and receive packet number are reset to their initial values.

What is this attack called?

205. These hackers have limited or no training and know how to use only basic techniques or tools.

What kind of hackers are we talking about?

206. Which of the following is an extremely common IDS evasion technique in the web world?

207. is a set of extensions to DNS that provide the origin authentication of DNS data to DNS clients (resolvers) so as to reduce the threat of DNS poisoning, spoofing, and similar types of attacks.

208. To invisibly maintain access to a machine, an attacker utilizes a toolkit that sits undetected. In the core components of the operating system.

What is this type of rootkit an example of?

209. Bob, a system administrator at TPNQM SA, concluded one day that a DMZ is not needed if he properly configures the firewall to allow access just to servers/ports, which can have direct internet access, and block the access to workstations.

Bob also concluded that DMZ makes sense just when a stateful firewall is available, which is not the case of TPNQM SA.

In this context, what can you say?

210. While browsing his Facebook teed, Matt sees a picture one of his friends posted with the caption. "Learn more about your friends!", as well as a number of personal questions. Matt is suspicious and texts his friend, who confirms that he did indeed post it. With assurance that the post is legitimate. Matt responds to the questions on the post, a few days later. Mates bank account has been accessed, and the password has been changed.

What most likely happened?

211. What do Trinoo, TFN2k, WinTrinoo, T-Sight, and Stracheldraht have in common?

212. jane invites her friends Alice and John over for a LAN party. Alice and John access Jane's wireless network without a password. However. Jane has a long, complex password on her router.

What attack has likely occurred?

213. What would you enter if you wanted to perform a stealth scan using Nmap?

214. During an Xmas scan what indicates a port is closed?

215. You have successfully logged on a Linux system. You want to now cover your trade Your login attempt may be logged on several files located in /var/log.

Which file does NOT belongs to the list:

216. Which of the following is not a Bluetooth attack?

217. You are tasked to perform a penetration test. While you are performing information gathering, you find an employee list in Google. You find the receptionist’s email, and you send her an email changing the source email to her boss’s email ([email protected]). In this email, you ask for a pdf with information. She reads your email and sends back a pdf with links. You exchange the pdf links with your malicious links (these links contain malware) and send back the modified pdf, saying that the links don’t work. She reads your email, opens the links, and her machine gets infected. You now have access to the company network.

What testing method did you use?

218. The configuration allows a wired or wireless network interface controller to pass all traffic it receives to the Central Processing Unit (CPU), rather than passing only the frames that the controller is intended to receive.

Which of the following is being described?

219. Nathan is testing some of his network devices. Nathan is using Macof to try and flood the ARP cache of these switches.

If these switches' ARP cache is successfully flooded, what will be the result?

220. Let's imagine three companies (A, B and C), all competing in a challenging global environment. Company A and B are working together in developing a product that will generate a major competitive advantage for them. Company A has a secure DNS server while company B has a DNS server vulnerable to spoofing. With a spoofing attack on the DNS server of company B, company C gains access to outgoing e-mails from company B.

How do you prevent DNS spoofing?

221. John is an incident handler at a financial institution. His steps in a recent incident are not up to the standards of the company. John frequently forgets some steps and procedures while handling responses as they are very stressful to perform.

Which of the following actions should John take to overcome this problem with the least administrative effort?

222. You have compromised a server on a network and successfully opened a shell. You aimed to identify all operating systems running on the network. However, as you attempt to fingerprint all machines in the network using the nmap syntax below, it is not going through.

[email protected]_server.~$ nmap -T4 -O 10.10.0.0/24 TCP/IP fingerprinting (for OS scan)

xxxxxxx xxxxxx

xxxxxxxxx. QUITTING!

What seems to be wrong?

223. You just set up a security system in your network.

In what kind of system would you find the following string of characters used as a rule within its configuration? alert tcp any any -> 192.168.100.0/24 21 (msg: ““FTP on the network!””;)

224. Which of these is capable of searching for and locating rogue access points?

225. Yancey is a network security administrator for a large electric company. This company provides power for over 100, 000 people in Las Vegas. Yancey has worked for his company for over 15 years and has become very successful. One day, Yancey comes in to work and finds out that the company will be downsizing and he will be out of a job in two weeks. Yancey is very angry and decides to place logic bombs, viruses, Trojans, and backdoors all over the network to take down the company once he has left. Yancey does not care if his actions land him in jail for 30 or more years, he just wants the company to pay for what they are doing to him.

What would Yancey be considered?

226. The network team has well-established procedures to follow for creating new rules on the firewall. This includes having approval from a manager prior to implementing any new rules. While reviewing the firewall configuration, you notice a recently implemented rule but cannot locate manager approval for it.

What would be a good step to have in the procedures for a situation like this?

227. infecting a system with malware and using phishing to gain credentials to a system or web application are examples of which phase of the ethical hacking methodology?

228. An attacker with access to the inside network of a small company launches a successful STP manipulation attack.

What will he do next?

229. You have the SOA presented below in your Zone.

Your secondary servers have not been able to contact your primary server to synchronize information.

How long will the secondary servers attempt to contact the primary server before it considers that zone is dead and stops responding to queries?

collegae.edu.SOA, cikkye.edu ipad.college.edu. (200302028 3600 3600 604800 3600)

230. A company’s security policy states that all Web browsers must automatically delete their HTTP browser cookies upon terminating.

What sort of security breach is this policy attempting to mitigate?

231. What did the following commands determine?

232. An unauthorized individual enters a building following an employee through the employee entrance after the lunch rush.

What type of breach has the individual just performed?

233. You are programming a buffer overflow exploit and you want to create a NOP sled of 200 bytes in the program exploit.c





What is the hexadecimal value of NOP instruction?

234. As a Certified Ethical Hacker, you were contracted by a private firm to conduct an external security assessment through penetration testing.

What document describes the specifics of the testing, the associated violations, and essentially protects both the organization’s interest and your liabilities as a tester?

235. Samuel a security administrator, is assessing the configuration of a web server. He noticed that the server permits SSlv2 connections, and the same private key certificate is used on a different server that allows SSLv2 connections. This vulnerability makes the web server vulnerable to attacks as the SSLv2 server can leak key information.

Which of the following attacks can be performed by exploiting the above vulnerability?

236. The tools which receive event logs from servers, network equipment, and applications, and perform analysis and correlation on those logs, and can generate alarms for security relevant issues, are known as what?

237. Your company performs penetration tests and security assessments for small and medium-sized business in the local area. During a routine security assessment, you discover information that suggests your client is involved with human trafficking.

What should you do?

238. Steven connected his iPhone to a public computer that had been infected by Clark, an attacker. After establishing the connection with the public computer, Steven enabled iTunes WI-FI sync on the computer so that the device could continue communication with that computer even after being physically disconnected. Now, Clark gains access to Steven’s iPhone through the infected computer and is able to monitor and read all of Steven’s activity on the iPhone, even after the device is out of the communication zone.

Which of the following attacks is performed by Clark in above scenario?

239. Null sessions are un-authenticated connections (not using a username or password.) to an NT or 2000 system.

Which TCP and UDP ports must you filter to check null sessions on your network?

240. When purchasing a biometric system, one of the considerations that should be reviewed is the processing speed.

Which of the following best describes what it is meant by processing?

241. A company’s Web development team has become aware of a certain type of security vulnerability in their Web software. To mitigate the possibility of this vulnerability being exploited, the team wants to modify the software requirements to disallow users from entering HTML as input into their Web application.

What kind of Web application vulnerability likely exists in their software?

242. Although FTP traffic is not encrypted by default, which layer 3 protocol would allow for end-to-end encryption of the connection?

243. You are a penetration tester tasked with testing the wireless network of your client Brakeme SA. You are attempting to break into the wireless network with the SSID "Brakeme-lnternal."

You realize that this network uses WPA3 encryption, which of the following vulnerabilities is the promising to exploit?

244. Suppose that you test an application for the SQL injection vulnerability. You know that the backend database is based on Microsoft SQL Server.

In the login/password form, you enter the following credentials:

Username: attack' or 1=1 -

Password: 123456

Based on the above credentials, which of the following SQL commands are you expecting to be executed by the server, if there is indeed an SQL injection vulnerability?

245. Password cracking programs reverse the hashing process to recover passwords. (True/False.)

246. You are a penetration tester and are about to perform a scan on a specific server. The agreement that you signed with the client contains the following specific condition for the scan: “The attacker must scan every port on the server several times using a set of spoofed sources IP addresses. ” Suppose that you are using Nmap to perform this scan.

What flag will you use to satisfy this requirement?

247. An attacker is trying to redirect the traffic of a small office. That office is using their own mail server, DNS server and NTP server because of the importance of their job. The attacker gain access to the DNS server and redirect the direction www.google.com to his own IP address. Now when the employees of the office want to go to Google they are being redirected to the attacker machine.

What is the name of this kind of attack?

248. If you want to only scan fewer ports than the default scan using Nmap tool, which option would you use?

249. Why containers are less secure that virtual machines?

250. Bob is going to perform an active session hijack against Brownies Inc. He has found a target that allows session oriented connections (Telnet) and performs the sequence prediction on the target operating system. He manages to find an active session due to the high level of traffic on the network.

What is Bob supposed to do next?

251. The network administrator at Spears Technology, Inc has configured the default gateway

Cisco router's access-list as below:

You are hired to conduct security testing on their network.

You successfully brute-force the SNMP community string using a SNMP crack tool.

The access-list configured at the router prevents you from establishing a successful connection.

You want to retrieve the Cisco configuration from the router.

How would you proceed?

252. Don, a student, came across a gaming app in a third-party app store and Installed it. Subsequently, all the legitimate apps in his smartphone were replaced by deceptive applications that appeared legitimate. He also received many advertisements on his smartphone after Installing the app.

What is the attack performed on Don in the above scenario?

253. An organization is performing a vulnerability assessment tor mitigating threats. James, a pen tester, scanned the organization by building an inventory of the protocols found on the organization's machines to detect which ports are attached to services such as an email server, a web server or a database server. After identifying the services, he selected the vulnerabilities on each machine and started executing only the relevant tests.

What is the type of vulnerability assessment solution that James employed in the above scenario?

254. Widespread fraud ac Enron. WorldCom, and Tyco led to the creation of a law that was designed to improve the accuracy and accountability of corporate disclosures. It covers accounting firms and third parties that provide financial services to some organizations and came into effect in 2002.

This law is known by what acronym?

255. You start performing a penetration test against a specific website and have decided to start from grabbing all the links from the main page.

What Is the best Linux pipe to achieve your milestone?

256. Consider the following Nmap output:





what command-line parameter could you use to determine the type and version number of the web server?

257. which of the following protocols can be used to secure an LDAP service against anonymous queries?

258. If executives are found liable for not properly protecting their company’s assets and information systems, what type of law would apply in this situation?

259. What is the minimum number of network connections in a multi homed firewall?

260. This kind of password cracking method uses word lists in combination with numbers and special characters:

261. A zone file consists of which of the following Resource Records (RRs)?

262. You are working as a Security Analyst in a company XYZ that owns the whole subnet range of 23.0.0.0/8 and 192.168.0.0/8.

While monitoring the data, you find a high number of outbound connections. You see that IP’s owned by XYZ (Internal) and private IP’s are communicating to a Single Public IP. Therefore, the Internal IP’s are sending data to the Public IP.

After further analysis, you find out that this Public IP is a blacklisted IP, and the internal communicating devices are compromised.

What kind of attack does the above scenario depict?

263. What hacking attack is challenge/response authentication used to prevent?