- All Exams Instant Download
What will he do next?
An attacker with access to the inside network of a small company launches a successful STP manipulation attack. What will he do next?A . He will create a SPAN entry on the spoofed root bridge and redirect traffic to his computer. B. He will activate OSPF on the spoofed root...
In the field of cryptanalysis, what is meant by a “rubber-hose” attack?
In the field of cryptanalysis, what is meant by a “rubber-hose” attack?A . Forcing the targeted keystream through a hardware-accelerated device such as an ASIC. B. A backdoor placed into a cryptographic algorithm by its creator. C. Extraction of cryptographic secrets through coercion or torture. D. Attempting to decrypt ciphertext...
What is the best Nmap command you will use?
You have successfully comprised a server having an IP address of 10.10.0.5. You would like to enumerate all machines in the same network quickly. What is the best Nmap command you will use?A . nmap -T4 -q 10.10.0.0/24 B. nmap -T4 -F 10.10.0.0/24 C. nmap -T4 -r 10.10.1.0/24 D. nmap...
What is the most likely cause?
An incident investigator asks to receive a copy of the event logs from all firewalls, proxy servers, and Intrusion Detection Systems (IDS) on the network of an organization that has experienced a possible breach of security. When the investigator attempts to correlate the information in all of the logs, the...
Why should the security analyst disable/remove unnecessary ISAPI filters?
Why should the security analyst disable/remove unnecessary ISAPI filters?A . To defend against social engineering attacks B. To defend against webserver attacks C. To defend against jailbreaking D. To defend against wireless attacksView AnswerAnswer: B
Which is the first step followed by Vulnerability Scanners for scanning a network?
Which is the first step followed by Vulnerability Scanners for scanning a network?A . OS Detection B. Firewall detection C. TCP/UDP Port scanning D. Checking if the remote host is aliveView AnswerAnswer: D Explanation: Vulnerability scanning solutions perform vulnerability penetration tests on the organizational network in three steps:
What do you think Tess King is trying to accomplish?
Tess King is using the nslookup command to craft queries to list all DNS information (such as Name Servers, host names, MX records, CNAME records, glue records (delegation for child Domains), zone serial number, TimeToLive (TTL) records, etc) for a Domain. What do you think Tess King is trying to...
What is not a PCI compliance recommendation?
What is not a PCI compliance recommendation?A . Use a firewall between the public network and the payment card data. B. Use encryption to protect all transmission of card holder data over any public network. C. Rotate employees handling credit card transactions on a yearly basis to different departments. D....
What is not a PCI compliance recommendation?
What is not a PCI compliance recommendation?A . Use a firewall between the public network and the payment card data. B. Use encryption to protect all transmission of card holder data over any public network. C. Rotate employees handling credit card transactions on a yearly basis to different departments. D....
What type of key does this bug leave exposed to the Internet making exploitation of any compromised system very easy?
The Heartbleed bug was discovered in 2014 and is widely referred to under MITRE’s Common Vulnerabilities and Exposures (CVE) as CVE-2014-0160. This bug affects the OpenSSL implementation of the Transport Layer Security (TLS) protocols defined in RFC6520. What type of key does this bug leave exposed to the Internet making...
