- All Exams Instant Download
Running a vulnerability scanner on a hybrid network segment that includes general IT servers and industrial control systems:
Running a vulnerability scanner on a hybrid network segment that includes general IT servers and industrial control systems:A . will reveal vulnerabilities in the Modbus protocol. B. may cause unintended failures in control systems. C. may reduce the true positive rate of findings. D. will create a denial-of-service condition on...
Which of the following BEST describes what happened?
A penetration tester was conducting a penetration test and discovered the network traffic was no longer reaching the client’s IP address. The tester later discovered the SOC had used sinkholing on the penetration tester’s IP address. Which of the following BEST describes what happened?A . The penetration tester was testing...
Which of the following would allow the security professional to easily and programmatically manipulate the TCP header length and checksum using arbitrary numbers and to observe how the proprietary service responds?
A security professional wants to test an IoT device by sending an invalid packet to a proprietary service listening on TCP port 3011. Which of the following would allow the security professional to easily and programmatically manipulate the TCP header length and checksum using arbitrary numbers and to observe how...
In Python socket programming, SOCK_DGRAM type is:
In Python socket programming, SOCK_DGRAM type is:A . reliable. B. matrixed. C. connectionless. D. slower.View AnswerAnswer: C Explanation: Connectionless due to the Datagram portion mentioned so that would mean its using UDP.
Which of the following commands would be the BEST option when stealth is not a concern and the task is time sensitive?
A security analyst needs to perform a scan for SMB port 445 over a/16 network. Which of the following commands would be the BEST option when stealth is not a concern and the task is time sensitive?A . Nmap -s 445 -Pn -T5 172.21.0.0/16 B. Nmap -p 445 -n -T4...
You are a security analyst tasked with hardening a web server
HOTSPOT You are a security analyst tasked with hardening a web server. You have been given a list of HTTP payloads that were flagged as malicious. INSTRUCTIONS Given the following attack signatures, determine the attack type, and then identify the associated remediation to prevent the attack in the future. If...
Which of the following is an active reconnaissance tool that would be BEST to use to accomplish this task?
A consultant just performed a SYN scan of all the open ports on a remote host and now needs to remotely identify the type of services that are running on the host. Which of the following is an active reconnaissance tool that would be BEST to use to accomplish this...
You are a security analyst tasked with hardening a web server
HOTSPOT You are a security analyst tasked with hardening a web server. You have been given a list of HTTP payloads that were flagged as malicious. INSTRUCTIONS Given the following attack signatures, determine the attack type, and then identify the associated remediation to prevent the attack in the future. If...
Which of the following should the security company have acquired BEFORE the start of the assessment?
A new security firm is onboarding its first client. The client only allowed testing over the weekend and needed the results Monday morning. However, the assessment team was not able to access the environment as expected until Monday. Which of the following should the security company have acquired BEFORE the...
Which of the following describe the GREATEST concerns about using third-party open-source libraries in application code? (Choose two.)
Which of the following describe the GREATEST concerns about using third-party open-source libraries in application code? (Choose two.)A . The libraries may be vulnerable B. The licensing of software is ambiguous C. The libraries’ code bases could be read by anyone D. The provenance of code is unknown E. The...
