Log monitoring tools performing behavioral analysis have alerted several suspicious logins on a
Linux server occurring during non-business hours. After further examination of all login activities,
it is noticed that none of the logins have occurred during typical work hours. A Linux administrator
who is investigating this problem realizes the system time on the Linux server is wrong by more
than twelve hours. What protocol used on Linux servers to synchronize the time has stopped
working?
A. PPP
B. NTP
C. Time Keeper
D. OSPP
Answer: (SHOW ANSWER)
NEW QUESTION: 102
Nathan is testing some of his network devices. Nathan is using Macof to try and flood the ARP
cache of these switches.
If these switches' ARP cache is successfully flooded, what will be the result?
A. The switches will drop into hub mode if the ARP cache is successfully flooded.
B. The switches will route all traffic to the broadcast address created collisions.
C. Depending on the switch manufacturer, the device will either delete every entry in its ARP
cache or reroute packets to the nearest switch.
D. If the ARP cache is flooded, the switches will drop into pix mode making it less susceptible to
attacks.
Answer: (SHOW ANSWER)
NEW QUESTION: 103
Todd has been asked by the security officer to purchase a counter-based authentication system.
Which of the following best describes this type of system?
A. A biometric system that bases authentication decisions on physical attributes.
B. An authentication system that uses passphrases that are converted into virtual passwords.
C. An authentication system that creates one-time passwords that are encrypted with secret keys.
D. A biometric system that bases authentication decisions on behavioral attributes.
Answer: C (LEAVE A REPLY)
NEW QUESTION: 104
What is the following command used for?
net use \targetipc$ "" /u:""
A. Connecting to a Linux computer through Samba.
B. This command is used to connect as a null session
C. Grabbing the etc/passwd file
D. Grabbing the SAM
E. Enumeration of Cisco routers
Answer: (SHOW ANSWER)
NEW QUESTION: 105
John, a professional hacker, decided to use DNS to perform data exfiltration on a target network,
in this process, he embedded malicious data into the DNS protocol packets that even DNSSEC
cannot detect. Using this technique. John successfully injected malware to bypass a firewall and
maintained communication with the victim machine and C&C server. What is the technique
employed by John to bypass the firewall?
A. DNS cache snooping
B. DNSSEC zone walking
C. DNS tunneling method
D. DNS enumeration
Answer: (SHOW ANSWER)
DNS tunneling may be a method wont to send data over the DNS protocol, a protocol which has
never been intended for data transfer. due to that, people tend to overlook it and it's become a
well-liked but effective tool in many attacks. Most popular use case for DNS tunneling is obtaining
free internet through bypassing captive portals at airports, hotels, or if you are feeling patient the
not-so-cheap on the wing Wi-Fi. On those shared internet hotspots HTTP traffic is blocked until a
username/password is provided, however DNS traffic is usually still allowed within the
background: we will encode our HTTP traffic over DNS and void, we've internet access. This
sounds fun but reality is, browsing anything on DNS tunneling is slow. Like, back to 1998 slow.
Another more dangerous use of DNS tunneling would be bypassing network security devices
(Firewalls, DLP appliances...) to line up an immediate and unmonitored communications channel
on an organisation's network. Possibilities here are endless: Data exfiltration, fixing another
penetration testing tool... you name it. To make it even more worrying, there's an outsized amount
of easy to use DNS tunneling tools out there. There's even a minimum of one VPN over DNS
protocol provider (warning: the planning of the web site is hideous, making me doubt on the
legitimacy of it). As a pentester all this is often great, as a network admin not such a lot .
How does it work:
For those that ignoramus about DNS protocol but still made it here, i feel you deserve a really
brief explanation on what DNS does: DNS is sort of a phonebook for the web , it translates URLs
(human-friendly language, the person's name), into an IP address (machine-friendly language,
the phone number). That helps us remember many websites, same as we will remember many
people's names. For those that know what DNS is i might suggest looking here for a fast refresh
on DNS protocol, but briefly what you would like to understand is: * A Record: Maps a website
name to an IP address. example.com ? 12.34.52.67 * NS Record (a.k.a. Nameserver record):
Maps a website name to an inventory of DNS servers, just in case our website is hosted in
multiple servers. example.com ? server1.example.com, server2.example.com Who is involved in
DNS tunneling? * Client. Will launch DNS requests with data in them to a website . * One Domain
that we will configure. So DNS servers will redirect its requests to an outlined server of our own. *
Server. this is often the defined nameserver which can ultimately receive the DNS requests. The
6 Steps in DNS tunneling (simplified): 1. The client encodes data during a DNS request. The way
it does this is often by prepending a bit of knowledge within the domain of the request. for
instance : mypieceofdata.server1.example.com 2. The DNS request goes bent a DNS server. 3.
The DNS server finds out the A register of your domain with the IP address of your server. 4. The
request for mypieceofdata.server1.example.com is forwarded to the server. 5. The server
processes regardless of the mypieceofdata was alleged to do. Let's assume it had been an HTTP
request. 6. The server replies back over DNS and woop woop, we've got signal.
NEW QUESTION: 106
The configuration allows a wired or wireless network interface controller to pass all traffic it
receives to the Central Processing Unit (CPU), rather than passing only the frames that the
controller is intended to receive. Which of the following is being described?
A. Multi-cast mode
B. Promiscuous mode
C. Port forwarding
D. WEM
Answer: (SHOW ANSWER)
Valid 312-50v11 Dumps shared by PassTestKing.com for Helping Passing 312-50v11 Exam!
PassTestKing.com now offer the newest 312-50v11 exam dumps, the PassTestKing.com
312-50v11 exam questions have been updated and answers have been corrected get the
newest PassTestKing.com 312-50v11 dumps with Test Engine here:
https://www.passtestking.com/ECCouncil/312-50v11-practice-exam-dumps.html (525 Q&As
Dumps, 35%OFF Special Discount Code: freecram)
NEW QUESTION: 107
Which of these is capable of searching for and locating rogue access points?
A. HIDS
B. WISS
C. NIDS
D. WIPS
Answer: (SHOW ANSWER)
NEW QUESTION: 108
Wilson, a professional hacker, targets an organization for financial benefit and plans to
compromise its systems by sending malicious emails. For this purpose, he uses a tool to track the
emails of the target and extracts information such as sender identities, mall servers, sender IP
addresses, and sender locations from different public sources. He also checks if an email address
was leaked using the haveibeenpwned.com API. Which of the following tools is used by Wilson in
the above scenario?
A. Factiva
B. Netcraft
C. infoga
D. Zoominfo
Answer: (SHOW ANSWER)
Infoga may be a tool gathering email accounts informations (ip,hostname,country,...) from
completely different public supply (search engines, pgp key servers and shodan) and check if
email was leaked using haveibeenpwned.com API. is a really simple tool, however very effective
for the first stages of a penetration test or just to know the visibility of your company within the
net.
NEW QUESTION: 109
Internet Protocol Security IPsec is actually a suite pf protocols. Each protocol within the suite
provides different functionality. Collective IPsec does everything except.
A. Protect the payload and the headers
B. Work at the Data Link Layer
C. Encrypt
D. Authenticate
Answer: (SHOW ANSWER)
NEW QUESTION: 110
A. Wireshark with Airpcap
B. Ethereal with Winpcap
C. Airsnort with Airpcap
D. Wireshark with Winpcap
Answer: A (LEAVE A REPLY)
NEW QUESTION: 111
A newly joined employee. Janet, has been allocated an existing system used by a previous
employee. Before issuing the system to Janet, it was assessed by Martin, the administrator.
Martin found that there were possibilities of compromise through user directories, registries, and
other system parameters. He also Identified vulnerabilities such as native configuration tables,
incorrect registry or file permissions, and software configuration errors. What is the type of
vulnerability assessment performed by Martin?
A. Credentialed assessment
B. Database assessment
C. Host-based assessment
D. Distributed assessment
Answer: (SHOW ANSWER)
The host-based vulnerability assessment (VA) resolution arose from the auditors' got to
periodically review systems. Arising before the net becoming common, these tools typically take
an "administrator's eye" read of the setting by evaluating all of the knowledge that an
administrator has at his or her disposal.
Uses
Host VA tools verify system configuration, user directories, file systems, registry settings, and all
forms of other info on a number to gain information about it. Then, it evaluates the chance of
compromise. it should also live compliance to a predefined company policy so as to satisfy an
annual audit. With administrator access, the scans area unit less possible to disrupt traditional
operations since the computer code has the access it has to see into the complete configuration
of the system.
What it Measures Host
VA tools will examine the native configuration tables and registries to spot not solely apparent
vulnerabilities, however additionally "dormant" vulnerabilities - those weak or misconfigured
systems and settings which will be exploited when an initial entry into the setting. Host VA
solutions will assess the safety settings of a user account table; the access management lists
related to sensitive files or data; and specific levels of trust applied to other systems. The host VA
resolution will a lot of accurately verify the extent of the danger by determinant however way any
specific exploit could also be ready to get.
NEW QUESTION: 112
Some clients of TPNQM SA were redirected to a malicious site when they tried to access the
TPNQM main site. Bob, a system administrator at TPNQM SA, found that they were victims of
DNS Cache Poisoning. What should Bob recommend to deal with such a threat?
A. Client awareness
B. The use of double-factor authentication
C. The use of DNSSEC
D. The use of security agents in clients' computers
Answer: (SHOW ANSWER)
NEW QUESTION: 113
Which of the following is a command line packet analyzer similar to GUI-based Wireshark?
A. jack the ripper
B. tcpdump
C. nessus
D. ethereal
Answer: (SHOW ANSWER)
NEW QUESTION: 114
Bob is acknowledged as a hacker of repute and is popular among visitors of "underground" sites.
Bob is willing to share his knowledge with those who are willing to learn, and many have
expressed their interest in learning from him. However, this knowledge has a risk associated with
it, as it can be used for malevolent attacks as well.
In this context, what would be the most effective method to bridge the knowledge gap between
the "black" hats or crackers and the "white" hats or computer security professionals? (Choose the
test answer.)
A. Educate everyone with books, articles and training on risk analysis, vulnerabilities and
safeguards.
B. Make obtaining either a computer security certification or accreditation easier to achieve so
more individuals feel that they are a part of something larger than life.
C. Train more National Guard and reservist in the art of computer security to help out in times of
emergency or crises.
D. Hire more computer security monitoring personnel to monitor computer systems and networks.
Answer: (SHOW ANSWER)
NEW QUESTION: 115
Which of the following is considered an exploit framework and has the ability to perform
automated attacks on services, ports, applications and unpatched security flaws in a computer
system?
A. Wireshark
B. Metasploit
C. Nessus
D. Maltego
Answer: (SHOW ANSWER)
NEW QUESTION: 116
Which of the following DoS tools is used to attack target web applications by starvation of
available sessions on the web server?
The tool keeps sessions at halt using never-ending POST transmissions and sending an
arbitrarily large content-length header value.
A. LOIC
B. R-U-Dead-Yet?(RUDY)
C. Astacheldraht
D. My Doom
Answer: (SHOW ANSWER)
NEW QUESTION: 117
Bob is going to perform an active session hijack against Brownies Inc. He has found a target that
allows session oriented connections (Telnet) and performs the sequence prediction on the target
operating system. He manages to find an active session due to the high level of traffic on the
network. What is Bob supposed to do next?
A. Reverse sequence prediction
B. Take over the session
C. Guess the sequence numbers
D. Take one of the parties offline
Answer: C (LEAVE A REPLY)
NEW QUESTION: 118
To determine if a software program properly handles a wide range of invalid input, a form of
automated testing can be used to randomly generate invalid input in an attempt to crash the
program.
What term is commonly used when referring to this type of testing?
A. Bounding
B. Randomizing
C. Mutating
D. Fuzzing
Answer: (SHOW ANSWER)
NEW QUESTION: 119
What is the least important information when you analyze a public IP address in a security alert?
A. Geolocation
B. ARP
C. Whois
D. DNS
Answer: B (LEAVE A REPLY)
NEW QUESTION: 120
A. Reconnaissance
B. Maintaining access
C. Scanning
D. Gaining access
Answer: (SHOW ANSWER)
This phase having the hacker uses different techniques and tools to realize maximum data from
the system. they're - * Password cracking - Methods like Bruteforce, dictionary attack, rule-based
attack, rainbow table are used. Bruteforce is trying all combinations of the password. Dictionary
attack is trying an inventory of meaningful words until the password matches. Rainbow table
takes the hash value of the password and compares with pre-computed hash values until a match
is discovered. * Password attacks - Passive attacks like wire sniffing, replay attack. Active online
attack like Trojans, keyloggers, hash injection, phishing. Offline attacks like pre-computed hash,
distributed network and rainbow. Non electronic attack like shoulder surfing, social engineering
and dumpster diving.
NEW QUESTION: 121
Which command can be used to show the current TCP/IP connections?
A. Net use
B. Net use connection
C. Netstat
D. Netsh
Answer: (SHOW ANSWER)
Valid 312-50v11 Dumps shared by PassTestKing.com for Helping Passing 312-50v11 Exam!
PassTestKing.com now offer the newest 312-50v11 exam dumps, the PassTestKing.com
312-50v11 exam questions have been updated and answers have been corrected get the
newest PassTestKing.com 312-50v11 dumps with Test Engine here:
https://www.passtestking.com/ECCouncil/312-50v11-practice-exam-dumps.html (525 Q&As
Dumps, 35%OFF Special Discount Code: freecram)
NEW QUESTION: 122
Which of the following steps for risk assessment methodology refers to vulnerability identification?
A. Determines if any flaws exist in systems, policies, or procedures
B. Identifies sources of harm to an IT system. (Natural, Human. Environmental)
C. Determines risk probability that vulnerability will be exploited (High. Medium, Low)
D. Assigns values to risk probabilities; Impact values.
Answer: (SHOW ANSWER)
NEW QUESTION: 123
Which of the following is the best countermeasure to encrypting ransomwares?
A. Use multiple antivirus softwares
B. Pay a ransom
C. Analyze the ransomware to get decryption key of encrypted data
D. Keep some generation of off-line backup
Answer: (SHOW ANSWER)
NEW QUESTION: 124
Which of the following provides a security professional with most information about the system's
security posture?
A. Phishing, spamming, sending trojans
B. Social engineering, company site browsing tailgating
C. Wardriving, warchalking, social engineering
D. Port scanning, banner grabbing service identification
Answer: (SHOW ANSWER)
NEW QUESTION: 125
Bob is doing a password assessment for one of his clients. Bob suspects that security policies are
not in place. He also suspects that weak passwords are probably the norm throughout the
company he is evaluating. Bob is familiar with password weaknesses and key loggers.
Which of the following options best represents the means that Bob can adopt to retrieve
passwords from his clients hosts and servers?
A. Software only, they are the most effective.
B. Hardware, Software, and Sniffing.
C. Passwords are always best obtained using Hardware key loggers.
D. Hardware and Software Keyloggers.
Answer: (SHOW ANSWER)
NEW QUESTION: 126
You are logged in as a local admin on a Windows 7 system and you need to launch the Computer
Management Console from command line.
Which command would you use?
A. c:\compmgmt.msc
B. c:\services.msc
C. c:\ncpa.cp
D. c:\gpedit
Answer: (SHOW ANSWER)
To start the Computer Management Console from command line just type
compmgmt.msc /computer:computername in your run box or at the command line and it should
automatically open the Computer Management console.
References: http://www.waynezim.com/tag/compmgmtmsc/
NEW QUESTION: 127
Which type of sniffing technique is generally referred as MiTM attack?
A. Mac Flooding
B. DHCP Sniffing
C. ARP Poisoning
D. Password Sniffing
Answer: (SHOW ANSWER)
NEW QUESTION: 128
Insecure direct object reference is a type of vulnerability where the application does not verify if
the user is authorized to access the internal object via its name or key. Suppose a malicious user
Rob tries to get access to the account of a benign user Ned.
Which of the following requests best illustrates an attempt to exploit an insecure direct object
reference vulnerability?
A. "GET /restricted/goldtransfer?to=Rob&from=1 or 1=1' HTTP/1.1Host: westbank.com"
B. "GET /restricted/ HTTP/1.1 Host: westbank.com
C. "GET /restricted/accounts/?name=Ned HTTP/1.1 Host westbank.com"
D. "GET /restricted/\r\n\%00account%00Ned%00access HTTP/1.1 Host: westbank.com"
Answer: (SHOW ANSWER)
NEW QUESTION: 129
As a securing consultant, what are some of the things you would recommend to a company to
ensure DNS security?
A. Harden DNS servers
B. Use split-horizon operation for DNS servers
C. Use the same machines for DNS and other applications
D. Have subnet diversity between DNS servers
E. Restrict Zone transfers
Answer: (SHOW ANSWER)
NEW QUESTION: 130
A. Bluejacking
B. Bluedriving
C. Bluesmacking
D. Bluesnarfing
Answer: (SHOW ANSWER)
NEW QUESTION: 131
Bill is a network administrator. He wants to eliminate unencrypted traffic inside his company's
network. He decides to setup a SPAN port and capture all traffic to the datacenter. He
immediately discovers unencrypted traffic in port UDP 161. what protocol is this port using and
how can he secure that traffic?
A. it is not necessary to perform any actions, as SNMP is not carrying important information.
B. SNMP and he should change it to SNMP V3
C. RPC and the best practice is to disable RPC completely
D. SNMP and he should change it to SNMP v2, which is encrypted
Answer: (SHOW ANSWER)
We have various articles already in our documentation for setting up SNMPv2 trap handling in
Opsview, but SNMPv3 traps are a whole new ballgame. They can be quite confusing and
complicated to set up the first time you go through the process, but when you understand what is
going on, everything should make more sense.
SNMP has gone through several revisions to improve performance and security (version 1, 2c
and 3). By default, it is a UDP port based protocol where communication is based on a 'fire and
forget' methodology in which network packets are sent to another device, but there is no check for
receipt of that packet (versus TCP port when a network packet must be acknowledged by the
other end of the communication link).
There are two modes of operation with SNMP - get requests (or polling) where one device
requests information from an SNMP enabled device on a regular basis (normally using UDP port
161), and traps where the SNMP enabled device sends a message to another device when an
event occurs (normally using UDP port 162). The latter includes instances such as someone
logging on, the device powering up or down, or a wide variety of other problems that would need
this type of investigation.
This blog covers SNMPv3 traps, as polling and version 2c traps are covered elsewhere in our
documentation.
SNMP traps
Since SNMP is primarily a UDP port based system, traps may be 'lost' when sending between
devices; the sending device does not wait to see if the receiver got the trap. This means if the
configuration on the sending device is wrong (using the wrong receiver IP address or port) or the
receiver isn't listening for traps or rejecting them out of hand due to misconfiguration, the sender
will never know.
The SNMP v2c specification introduced the idea of splitting traps into two types; the original 'hope
it gets there' trap and the newer 'INFORM' traps. Upon receipt of an INFORM, the receiver must
send an acknowledgement back. If the sender doesn't get the acknowledgement back, then it
knows there is an existing problem and can log it for sysadmins to find when they interrogate the
device.
NEW QUESTION: 132
What hacking attack is challenge/response authentication used to prevent?
A. Replay attacks
B. Scanning attacks
C. Password cracking attacks
D. Session hijacking attacks
Answer: (SHOW ANSWER)
NEW QUESTION: 133
This wireless security protocol allows 192-bit minimum-strength security protocols and
cryptographic tools to protect sensitive data, such as GCMP-2S6. MMAC-SHA384, and ECDSA
using a 384-bit elliptic curve. Which is this wireless security protocol?
A. WPA2 Personal
B. WPA3-Personal
C. WPA2-Enterprise
D. WPA3-Enterprise
Answer: (SHOW ANSWER)
Enterprise, governments, and financial institutions have greater security with WPA3-Enterprise.
WPA3-Enterprise builds upon WPA2 and ensures the consistent application of security protocol
across the network. WPA3-Enterprise also offers an optional mode using 192-bit minimumstrength
security protocols and cryptographic tools to raised protect sensitive data: *
Authenticated encryption: 256-bit Galois/Counter Mode Protocol (GCMP-256) * Key derivation
and confirmation: 384-bit Hashed Message Authentication Mode (HMAC) with Secure Hash
Algorithm (HMAC-SHA384) * Key establishment and authentication: Elliptic Curve Diffie-Hellman
(ECDH) exchange and Elliptic Curve Digital Signature Algorithm (ECDSA) employing a 384-bit
elliptic curve * Robust management frame protection: 256-bit Broadcast/Multicast Integrity
Protocol Galois Message Authentication Code (BIP-GMAC-256) The 192-bit security mode
offered by WPA3-Enterprise ensures the proper combination of cryptographic tools are used and
sets a uniform baseline of security within a WPA3 network.
NEW QUESTION: 134
what firewall evasion scanning technique make use of a zombie system that has low network
activity as well as its fragment identification numbers?
A. Decoy scanning
B. Packet fragmentation scanning
C. Spoof source address scanning
D. Idle scanning
Answer: (SHOW ANSWER)
The idle scan could be a communications protocol port scan technique that consists of causing
spoofed packets to a pc to seek out out what services square measure obtainable. this can be
accomplished by impersonating another pc whose network traffic is extremely slow or nonexistent
(that is, not transmission or receiving information). this might be associate idle pc, known as a
"zombie".
This action are often done through common code network utilities like nmap and hping. The
attack involves causing solid packets to a particular machine target in an attempt to seek out
distinct characteristics of another zombie machine. The attack is refined as a result of there's no
interaction between the offender pc and also the target: the offender interacts solely with the
"zombie" pc.
This exploit functions with 2 functions, as a port scanner and a clerk of sure informatics
relationships between machines. The target system interacts with the "zombie" pc and distinction
in behavior are often discovered mistreatment totally different|completely different "zombies" with
proof of various privileges granted by the target to different computers.
The overall intention behind the idle scan is to "check the port standing whereas remaining utterly
invisible to the targeted host." The first step in execution associate idle scan is to seek out
associate applicable zombie. It must assign informatics ID packets incrementally on a worldwide
(rather than per-host it communicates with) basis. It ought to be idle (hence the scan name), as
extraneous traffic can raise its informatics ID sequence, confusing the scan logic. The lower the
latency between the offender and also the zombie, and between the zombie and also the target,
the quicker the scan can proceed.
Note that once a port is open, IPIDs increment by a pair of. Following is that the sequence:
offender to focus on -> SYN, target to zombie ->SYN/ACK, Zombie to focus on -> RST (IPID
increment by 1) currently offender tries to probe zombie for result. offender to Zombie -
>SYN/ACK, Zombie to offender -> RST (IPID increment by 1) So, during this method IPID
increments by a pair of finally.
When associate idle scan is tried, tools (for example nmap) tests the projected zombie and
reports any issues with it. If one does not work, attempt another. Enough net hosts square
measure vulnerable that zombie candidates are not exhausting to seek out. a standard approach
is to easily execute a ping sweep of some network. selecting a network close to your supply
address, or close to the target, produces higher results. you'll be able to attempt associate idle
scan mistreatment every obtainable host from the ping sweep results till you discover one that
works. As usual, it's best to raise permission before mistreatment someone's machines for
surprising functions like idle scanning.
Simple network devices typically create nice zombies as a result of {they square measure|they're}
normally each underused (idle) and designed with straightforward network stacks that are
susceptible to informatics ID traffic detection.
While distinguishing an acceptable zombie takes some initial work, you'll be able to keep re-using
the nice ones. as an alternative, there are some analysis on utilizing unplanned public internet
services as zombie hosts to perform similar idle scans. leverage the approach a number of these
services perform departing connections upon user submissions will function some quite poor's
man idle scanning.
NEW QUESTION: 135
During a black-box pen test you attempt to pass IRC traffic over port 80/TCP from a compromised
web enabled host. The traffic gets blocked; however, outbound HTTP traffic is unimpeded. What
type of firewall is inspecting outbound traffic?
A. Packet Filtering
B. Application
C. Circuit
D. Stateful
Answer: (SHOW ANSWER)
NEW QUESTION: 136
You have been authorized to perform a penetration test against a website. You want to use
Google dorks to footprint the site but only want results that show file extensions. What Google
dork operator would you use?
A. filetype
B. ext
C. inurl
D. site
Answer: (SHOW ANSWER)
Restrict results to those of a certain filetype. E.g., PDF, DOCX, TXT, PPT, etc. Note: The "ext:"
operator can also be used-the results are identical.
Example: apple filetype:pdf / apple ext:pdf
Valid 312-50v11 Dumps shared by PassTestKing.com for Helping Passing 312-50v11 Exam!
PassTestKing.com now offer the newest 312-50v11 exam dumps, the PassTestKing.com
312-50v11 exam questions have been updated and answers have been corrected get the
newest PassTestKing.com 312-50v11 dumps with Test Engine here:
https://www.passtestking.com/ECCouncil/312-50v11-practice-exam-dumps.html (525 Q&As
Dumps, 35%OFF Special Discount Code: freecram)
NEW QUESTION: 137
Ricardo has discovered the username for an application in his targets environment. As he has a
limited amount of time, he decides to attempt to use a list of common passwords he found on the
Internet. He compiles them into a list and then feeds that list as an argument into his passwordcracking
application, what type of attack is Ricardo performing?
A. Known plaintext
B. Password spraying
C. Brute force
D. Dictionary
Answer: (SHOW ANSWER)
A dictionary Attack as an attack vector utilized by the attacker to break in a very system, that is
password protected, by golf shot technically each word in a very dictionary as a variety of
password for that system. This attack vector could be a variety of Brute Force Attack.
The lexicon will contain words from an English dictionary and conjointly some leaked list of
commonly used passwords and once combined with common character substitution with
numbers, will generally be terribly effective and quick.
How is it done?
Basically, it's attempting each single word that's already ready. it's done victimization machinecontrolled
tools that strive all the possible words within the dictionary.
Some password Cracking Software:
* John the ripper
* L0phtCrack
* Aircrack-ng
NEW QUESTION: 138
There have been concerns in your network that the wireless network component is not sufficiently
secure. You perform a vulnerability scan of the wireless network and find that it is using an old
encryption protocol that was designed to mimic wired encryption, what encryption protocol is
being used?
A. WEP
B. RADIUS
C. WPA
D. WPA3
Answer: (SHOW ANSWER)
Wired Equivalent Privacy (WEP) may be a security protocol, laid out in the IEEE wireless local
area network (Wi-Fi) standard, 802.11b, that's designed to supply a wireless local area network
(WLAN) with A level of security and privacy like what's usually expected of a wired LAN. A wired
local area network (LAN) is usually protected by physical security mechanisms (controlled access
to a building, for example) that are effective for a controlled physical environment, but could also
be ineffective for WLANs because radio waves aren't necessarily bound by the walls containing
the network. WEP seeks to determine similar protection thereto offered by the wired network's
physical security measures by encrypting data transmitted over the WLAN. encoding protects the
vulnerable wireless link between clients and access points; once this measure has been taken,
other typical LAN security mechanisms like password protection, end-to-end encryption, virtual
private networks (VPNs), and authentication are often put in situ to make sure privacy. A research
group from the University of California at Berkeley recently published a report citing "major
security flaws" in WEP that left WLANs using the protocol susceptible to attacks (called wireless
equivalent privacy attacks). within the course of the group's examination of the technology, they
were ready to intercept and modify transmissions and gain access to restricted networks. The
Wireless Ethernet Compatibility Alliance (WECA) claims that WEP - which is included in many
networking products - was never intended to be the only security mechanism for a WLAN, and
that, in conjunction with traditional security practices, it's very effective.
NEW QUESTION: 139
_________ is a tool that can hide processes from the process list, can hide files, registry entries,
and intercept keystrokes.
A. Scanner
B. Trojan
C. RootKit
D. DoS tool
E. Backdoor
Answer: (SHOW ANSWER)
NEW QUESTION: 140
A. web shells
B. Webhooks
C. REST API
D. SOAP API
Answer: (SHOW ANSWER)
Webhooks are one of a few ways internet applications will communicate with one another.
It allows you to send real-time data from one application to another whenever a given event
happens.
For example, let's say you've created an application using the Foursquare API that tracks when
people check into your restaurant. You ideally wish to be able to greet customers by name and
provide a complimentary drink when they check in.
What a webhook will is notify you any time someone checks in, therefore you'd be able to run any
processes that you simply had in your application once this event is triggered.
The data is then sent over the web from the application wherever the event originally occurred, to
the receiving application that handles the data.
Here's a visual representation of what that looks like:
A webhook url is provided by the receiving application, and acts as a phone number that the other
application will call once an event happens.
Only it's more complicated than a phone number, because data about the event is shipped to the
webhook url in either JSON or XML format. this is known as the "payload." Here's an example of
what a webhook url looks like with the payload it's carrying:
NEW QUESTION: 141
What kind of detection techniques is being used in antivirus software that identifies malware by
collecting data from multiple protected systems and instead of analyzing files locally it's made on
the provider's environment?
A. Behavioral based
B. Heuristics based
C. Honeypot based
D. Cloud based
Answer: (SHOW ANSWER)
NEW QUESTION: 142
Which ios jailbreaking technique patches the kernel during the device boot so that it becomes
jailbroken after each successive reboot?
A. Tethered jailbreaking
B. Semi-tethered jailbreaking
C. Untethered jailbreaking
D. Semi-Untethered jailbreaking
Answer: (SHOW ANSWER)
An untethered jailbreak is one that allows a telephone to finish a boot cycle when being pwned
with none interruption to jailbreak-oriented practicality.
Untethered jailbreaks area unit the foremost sought-after of all, however they're additionally the
foremost difficult to attain due to the powerful exploits and organic process talent they need.
associate unbound jailbreak is sent over a physical USB cable association to a laptop or directly
on the device itself by approach of associate application-based exploit, like a web site in
campaign.
Upon running associate unbound jailbreak, you'll be able to flip your pwned telephone off and on
once more while not running the jailbreak tool once more. all of your jailbreak tweaks and apps
would then continue in operation with none user intervention necessary.
It's been an extended time since IOS has gotten the unbound jailbreak treatment. the foremost
recent example was the computer-based Pangu break, that supported most handsets that ran
IOS nine.1. We've additionally witnessed associate unbound jailbreak within the kind of
JailbreakMe, that allowed users to pwn their handsets directly from the mobile campaign
applications programme while not a laptop.
NEW QUESTION: 143
The Payment Card Industry Data Security Standard (PCI DSS) contains six different categories of
control objectives. Each objective contains one or more requirements, which must be followed in
order to achieve compliance. Which of the following requirements would best fit under the
objective, "Implement strong access control measures"?
A. Regularly test security systems and processes.
B. Assign a unique ID to each person with computer access.
C. Use and regularly update anti-virus software on all systems commonly affected by malware.
D. Encrypt transmission of cardholder data across open, public networks.
Answer: B (LEAVE A REPLY)
NEW QUESTION: 144
Why would you consider sending an email to an address that you know does not exist within the
company you are performing a Penetration Test for?
A. To determine who is the holder of the root account
B. To perform a DoS
C. To test for virus protection
D. To create needless SPAM
E. To illicit a response back that will reveal information about email servers and how they treat
undeliverable mail
Answer: (SHOW ANSWER)
NEW QUESTION: 145
John, a professional hacker, performs a network attack on a renowned organization and gains
unauthorized access to the target network. He remains in the network without being detected for
a long time and obtains sensitive information without sabotaging the organization. Which of the
following attack techniques is used by John?
A. Advanced persistent
B. threat Diversion theft
C. Spear-phishing sites
D. insider threat
Answer: (SHOW ANSWER)
An advanced persistent threat (APT) may be a broad term wont to describe AN attack campaign
within which an intruder, or team of intruders, establishes a bootleg, long presence on a network
so as to mine sensitive knowledge.
The targets of those assaults, that square measure terribly fastidiously chosen and researched,
usually embrace massive enterprises or governmental networks. the implications of such
intrusions square measure huge, and include:
Intellectual property thieving (e.g., trade secrets or patents)
Compromised sensitive info (e.g., worker and user personal data)
The sabotaging of essential structure infrastructures (e.g., information deletion) Total website
takeovers Executing an APT assault needs additional resources than a regular internet
application attack. The perpetrators square measure typically groups of intimate cybercriminals
having substantial resource. Some APT attacks square measure government-funded and used as
cyber warfare weapons.
APT attacks dissent from ancient internet application threats, in that:
They're considerably additional advanced.
They're not hit and run attacks-once a network is infiltrated, the culprit remains so as to realize
the maximum amount info as potential.
They're manually dead (not automated) against a selected mark and indiscriminately launched
against an outsized pool of targets.
They typically aim to infiltrate a complete network, as opposition one specific half.
More common attacks, like remote file inclusion (RFI), SQL injection and cross-site scripting
(XSS), square measure oftentimes employed by perpetrators to ascertain a footing in a very
targeted network. Next, Trojans and backdoor shells square measure typically wont to expand
that foothold and make a persistent presence inside the targeted perimeter.
NEW QUESTION: 146
Which tool can be used to silently copy files from USB devices?
A. USB Sniffer
B. USB Grabber
C. USB Snoopy
D. Use Dumper
Answer: (SHOW ANSWER)
NEW QUESTION: 147
Why containers are less secure that virtual machines?
A. Containers are attached to the same virtual network.
B. A compromise container may cause a CPU starvation of the host.
C. Host OS on containers has a larger surface attack.
D. Containers may full fill disk space of the host.
Answer: (SHOW ANSWER)
NEW QUESTION: 148
A large mobile telephony and data network operator has a data center that houses network
elements. These are essentially large computers running on Linux. The perimeter of the data
center is secured with firewalls and IPS systems.
What is the best security policy concerning this setup?
A. Network elements must be hardened with user ids and strong passwords. Regular security
tests and audits should be performed.
B. There is no need for specific security measures on the network elements as long as firewalls
and IPS systems exist.
C. As long as the physical access to the network elements is restricted, there is no need for
additional measures.
D. The operator knows that attacks and down time are inevitable and should have a backup site.
Answer: (SHOW ANSWER)
NEW QUESTION: 149
What did the following commands determine?
A. These commands demonstrate that the guest account has been disabled
B. Issued alone, these commands prove nothing
C. That the true administrator is Joe
D. These commands demonstrate that the guest account has NOT been disabled
E. That the Joe account has a SID of 500
Answer: (SHOW ANSWER)
NEW QUESTION: 150
A. Chop chop attack
B. KRACK
C. Evil twin
D. Wardriving
Answer: (SHOW ANSWER)
In this attack KRACK is an acronym for Key Reinstallation Attack. KRACK may be a severe
replay attack on Wi-Fi Protected Access protocol (WPA2), which secures your Wi-Fi connection.
Hackers use KRACK to take advantage of a vulnerability in WPA2. When in close range of a
possible victim, attackers can access and skim encrypted data using KRACK.
How KRACK Works
Your Wi-Fi client uses a four-way handshake when attempting to attach to a protected network.
The handshake confirms that both the client - your smartphone, laptop, et cetera - and therefore
the access point share the right credentials, usually a password for the network. This establishes
the Pairwise passkey (PMK), which allows for encoding . Overall, this handshake procedure
allows for quick logins and connections and sets up a replacement encryption key with each
connection. this is often what keeps data secure on Wi-Fi connections, and every one protected
Wi-Fi connections use the four-way handshake for security. This protocol is that the reason users
are encouraged to use private or credential-protected Wi-Fi instead of public connections.
KRACK affects the third step of the handshake, allowing the attacker to control and replay the
WPA2 encryption key to trick it into installing a key already in use. When the key's reinstalled,
other parameters related to it - the incremental transmit packet number called the nonce and
therefore the replay counter - are set to their original values. Rather than move to the fourth step
within the four-way handshake, nonce resets still replay transmissions of the third step. This sets
up the encryption protocol for attack, and counting on how the attackers replay the third-step
transmissions, they will take down Wi-Fi security.
Why KRACK may be a Threat
Think of all the devices you employ that believe Wi-Fi. it isn't almost laptops and smartphones;
numerous smart devices now structure the web of Things (IoT). due to the vulnerability in WPA2,
everything connected to Wi-Fi is in danger of being hacked or hijacked. Attackers using KRACK
can gain access to usernames and passwords also as data stored on devices. Hackers can read
emails and consider photos of transmitted data then use that information to blackmail users or sell
it on the Dark Web. Theft of stored data requires more steps, like an HTTP content injection to
load malware into the system. Hackers could conceivably take hold of any device used thereon
Wi-Fi connection. Because the attacks require hackers to be on the brink of the target, these
internet security threats could also cause physical security threats. On the opposite hand, the
necessity to be in close proximity is that the only excellent news associated with KRACK, as
meaning a widespread attack would be extremely difficult. Victims are specifically targeted.
However, there are concerns that a experienced attacker could develop the talents to use HTTP
content injection to load malware onto websites to make a more widespread affect.
Everyone is in danger from KRACK vulnerability. Patches are available for Windows and iOS
devices, but a released patch for Android devices is currently in question (November 2017).
There are issues with the discharge , and lots of question if all versions and devices are covered.
The real problem is with routers and IoT devices. These devices aren't updated as regularly as
computer operating systems, and for several devices, security flaws got to be addressed on the
manufacturing side. New devices should address KRACK, but the devices you have already got
in your home probably aren't protected.
The best protection against KRACK is to make sure any device connected to Wi-Fi is patched
and updated with the newest firmware. that has checking together with your router's manufacturer
periodically to ascertain if patches are available.
The safest connection option may be a private VPN, especially when publicly spaces. If you
would like a VPN for private use, avoid free options, as they need their own security problems
and there'll even be issues with HTTPs. Use a paid service offered by a trusted vendor like
Kaspersky. Also, more modern networks use WPA3 for better security. Avoid using public Wi-Fi,
albeit it's password protection. That password is out there to almost anyone, which reduces the
safety level considerably. All the widespread implications of KRACK and therefore the WPA2
vulnerability aren't yet clear. what's certain is that everybody who uses Wi-Fi is in danger and
wishes to require precautions to guard their data and devices.
NEW QUESTION: 151
Which of the following represents the initial two commands that an IRC client sends to join an IRC
network?
A. USER, NICK
B. USER, PASS
C. LOGIN, NICK
D. LOGIN, USER
Answer: (SHOW ANSWER)
