Pre-Winter Special Sale - Limited Time 60% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: 575363r9

Welcome To DumpsPedia

312-50v12 Sample Questions Answers

Questions 4

Which command can be used to show the current TCP/IP connections?

Options:

A.

Netsh

B.

Netstat

C.

Net use connection

D.

Net use

Buy Now
Questions 5

What is the main security service a cryptographic hash provides?

Options:

A.

Integrity and ease of computation

B.

Message authentication and collision resistance

C.

Integrity and collision resistance

D.

Integrity and computational in-feasibility

Buy Now
Questions 6

_________ is a tool that can hide processes from the process list, can hide files, registry entries, and intercept keystrokes.

Options:

A.

Trojan

B.

RootKit

C.

DoS tool

D.

Scanner

E.

Backdoor

Buy Now
Questions 7

Larry, a security professional in an organization, has noticed some abnormalities In the user accounts on a web server. To thwart evolving attacks, he decided to harden the security of the web server by adopting a countermeasures to secure the accounts on the web server.

Which of the following countermeasures must Larry implement to secure the user accounts on the web server?

Options:

A.

Enable unused default user accounts created during the installation of an OS

B.

Enable all non-interactive accounts that should exist but do not require interactive login

C.

Limit the administrator or toot-level access to the minimum number of users

D.

Retain all unused modules and application extensions

Buy Now
Questions 8

How is the public key distributed in an orderly, controlled fashion so that the users can be sure of the sender’s identity?

Options:

A.

Hash value

B.

Private key

C.

Digital signature

D.

Digital certificate

Buy Now
Questions 9

You are attempting to crack LM Manager hashed from Windows 2000 SAM file. You will be using LM Brute force hacking tool for decryption. What encryption algorithm will you be decrypting?

Options:

A.

MD4

B.

DES

C.

SHA

D.

SSL

Buy Now
Questions 10

While examining audit logs, you discover that people are able to telnet into the SMTP server on port 25. You would like to block this, though you do not see any evidence of an attack or other wrong doing. However, you are concerned about affecting the normal functionality of the email server. From the following options choose how best you can achieve this objective?

Options:

A.

Block port 25 at the firewall.

B.

Shut off the SMTP service on the server.

C.

Force all connections to use a username and password.

D.

Switch from Windows Exchange to UNIX Sendmail.

E.

None of the above.

Buy Now
Questions 11

Clark is a professional hacker. He created and configured multiple domains pointing to the same host to switch quickly between the domains and avoid detection.

Identify the behavior of the adversary In the above scenario.

Options:

A.

use of command-line interface

B.

Data staging

C.

Unspecified proxy activities

D.

Use of DNS tunneling

Buy Now
Questions 12

You are trying to break into a highly classified top-secret mainframe computer with highest security system in place at Merclyn Barley Bank located in Los Angeles.

You know that conventional hacking doesn't work in this case, because organizations such as banks are generally tight and secure when it comes to protecting their systems.

In other words, you are trying to penetrate an otherwise impenetrable system.

How would you proceed?

Options:

A.

Look for "zero-day" exploits at various underground hacker websites in Russia and China and buy the necessary exploits from these hackers and target the bank's network

B.

Try to hang around the local pubs or restaurants near the bank, get talking to a poorly-paid or disgruntled employee, and offer them money if they'll abuse their access privileges by providing you with sensitive information

C.

Launch DDOS attacks against Merclyn Barley Bank's routers and firewall systems using 100, 000 or more "zombies" and "bots"

D.

Try to conduct Man-in-the-Middle (MiTM) attack and divert the network traffic going to the Merclyn Barley Bank's Webserver to that of your machine using DNS Cache Poisoning techniques

Buy Now
Questions 13

Emily, an extrovert obsessed with social media, posts a large amount of private information, photographs, and location tags of recently visited places. Realizing this. James, a professional hacker, targets Emily and her acquaintances, conducts a location search to detect their geolocation by using an automated tool, and gathers information to perform other sophisticated attacks. What is the tool employed by James in the above scenario?

Options:

A.

ophcrack

B.

Hootsuite

C.

VisualRoute

D.

HULK

Buy Now
Questions 14

In Trojan terminology, what is a covert channel?

Options:

A.

A channel that transfers information within a computer system or network in a way that violates the security policy

B.

A legitimate communication path within a computer system or network for transfer of data

C.

It is a kernel operation that hides boot processes and services to mask detection

D.

It is Reverse tunneling technique that uses HTTPS protocol instead of HTTP protocol to establish connections

Buy Now
Questions 15

Gavin owns a white-hat firm and is performing a website security audit for one of his clients. He begins by running a scan which looks for common misconfigurations and outdated software versions. Which of the following tools is he most likely using?

Options:

A.

Nikto

B.

Nmap

C.

Metasploit

D.

Armitage

Buy Now
Questions 16

When a normal TCP connection starts, a destination host receives a SYN (synchronize/start) packet from a source host and sends back a SYN/ACK (synchronize acknowledge). The destination host must then hear an ACK (acknowledge) of the SYN/ACK before the connection is established. This is referred to as the "TCP three-way handshake." While waiting for the ACK to the SYN ACK, a connection queue of finite size on the destination host keeps track of connections waiting to be completed. This queue typically empties quickly since the ACK is expected to arrive a few milliseconds after the SYN ACK.

How would an attacker exploit this design by launching TCP SYN attack?

Options:

A.

Attacker generates TCP SYN packets with random destination addresses towards a victim host

B.

Attacker floods TCP SYN packets with random source addresses towards a victim host

C.

Attacker generates TCP ACK packets with random source addresses towards a victim host

D.

Attacker generates TCP RST packets with random source addresses towards a victim host

Buy Now
Questions 17

Bob is going to perform an active session hijack against Brownies Inc. He has found a target that allows session oriented connections (Telnet) and performs the sequence prediction on the target operating system. He manages to find an active session due to the high level of traffic on the network. What is Bob supposed to do next?

Options:

A.

Take over the session

B.

Reverse sequence prediction

C.

Guess the sequence numbers

D.

Take one of the parties offline

Buy Now
Questions 18

Why should the security analyst disable/remove unnecessary ISAPI filters?

Options:

A.

To defend against social engineering attacks

B.

To defend against webserver attacks

C.

To defend against jailbreaking

D.

To defend against wireless attacks

Buy Now
Questions 19

What is the proper response for a NULL scan if the port is closed?

Options:

A.

SYN

B.

ACK

C.

FIN

D.

PSH

E.

RST

F.

No response

Buy Now
Questions 20

The company ABC recently contracts a new accountant. The accountant will be working with the financial statements. Those financial statements need to be approved by the CFO and then they will be sent to the accountant but the CFO is worried because he wants to be sure that the information sent to the accountant was not modified once he approved it. Which of the following options can be useful to ensure the integrity of the data?

Options:

A.

The CFO can use a hash algorithm in the document once he approved the financial statements

B.

The CFO can use an excel file with a password

C.

The financial statements can be sent twice, one by email and the other delivered in USB and the accountant can compare both to be sure is the same document

D.

The document can be sent to the accountant using an exclusive USB for that document

Buy Now
Questions 21

Annie, a cloud security engineer, uses the Docker architecture to employ a client/server model in the application she is working on. She utilizes a component that can process API requests and handle various Docker objects, such as containers, volumes. Images, and networks. What is the component of the Docker architecture used by Annie in the above scenario?

Options:

A.

Docker client

B.

Docker objects

C.

Docker daemon

D.

Docker registries

Buy Now
Questions 22

Bob, a network administrator at BigUniversity, realized that some students are connecting their notebooks in the wired network to have Internet access. In the university campus, there are many Ethernet ports available for professors and authorized visitors but not for students.

He identified this when the IDS alerted for malware activities in the network. What should Bob do to avoid this problem?

Options:

A.

Disable unused ports in the switches

B.

Separate students in a different VLAN

C.

Use the 802.1x protocol

D.

Ask students to use the wireless network

Buy Now
Questions 23

Steve, a scientist who works in a governmental security agency, developed a technological solution to identify people based on walking patterns and implemented this approach to a physical control access.

A camera captures people walking and identifies the individuals using Steve’s approach.

After that, people must approximate their RFID badges. Both the identifications are required to open the door. In this case, we can say:

Options:

A.

Although the approach has two phases, it actually implements just one authentication factor

B.

The solution implements the two authentication factors: physical object and physical characteristic

C.

The solution will have a high level of false positives

D.

Biological motion cannot be used to identify people

Buy Now
Questions 24

An Intrusion Detection System (IDS) has alerted the network administrator to a possibly malicious sequence of packets sent to a Web server in the network’s external DMZ. The packet traffic was captured by the IDS and saved to a PCAP file. What type of network tool can be used to determine if these packets are genuinely malicious or simply a false positive?

Options:

A.

Protocol analyzer

B.

Network sniffer

C.

Intrusion Prevention System (IPS)

D.

Vulnerability scanner

Buy Now
Questions 25

Which DNS resource record can indicate how long any "DNS poisoning" could last?

Options:

A.

MX

B.

SOA

C.

NS

D.

TIMEOUT

Buy Now
Questions 26

Which of the following is assured by the use of a hash?

Options:

A.

Authentication

B.

Confidentiality

C.

Availability

D.

Integrity

Buy Now
Questions 27

One of your team members has asked you to analyze the following SOA record.

What is the TTL? Rutgers.edu.SOA NS1.Rutgers.edu ipad.college.edu (200302028 3600 3600 604800 2400.)

Options:

A.

200303028

B.

3600

C.

604800

D.

2400

E.

60

F.

4800

Buy Now
Questions 28

Which definition among those given below best describes a covert channel?

Options:

A.

A server program using a port that is not well known.

B.

Making use of a protocol in a way it is not intended to be used.

C.

It is the multiplexing taking place on a communication link.

D.

It is one of the weak channels used by WEP which makes it insecure

Buy Now
Questions 29

Tess King is using the nslookup command to craft queries to list all DNS information (such as Name Servers, host names, MX records, CNAME records, glue records (delegation for child Domains), zone serial number, TimeToLive (TTL) records, etc) for a Domain.

What do you think Tess King is trying to accomplish? Select the best answer.

Options:

A.

A zone harvesting

B.

A zone transfer

C.

A zone update

D.

A zone estimate

Buy Now
Questions 30

Study the snort rule given below:

From the options below, choose the exploit against which this rule applies.

Options:

A.

WebDav

B.

SQL Slammer

C.

MS Blaster

D.

MyDoom

Buy Now
Questions 31

Which method of password cracking takes the most time and effort?

Options:

A.

Dictionary attack

B.

Shoulder surfing

C.

Rainbow tables

D.

Brute force

Buy Now
Questions 32

Which of the following program infects the system boot sector and the executable files at the same time?

Options:

A.

Polymorphic virus

B.

Stealth virus

C.

Multipartite Virus

D.

Macro virus

Buy Now
Questions 33

“........is an attack type for a rogue Wi-Fi access point that appears to be a legitimate one offered on the premises, but actually has been set up to eavesdrop on wireless communications. It is the wireless version of the phishing scam. An attacker fools wireless users into connecting a laptop or mobile phone to a tainted hot-spot by posing as a legitimate provider. This type of attack may be used to steal the passwords of

unsuspecting users by either snooping the communication link or by phishing, which involves setting up a fraudulent web site and luring people there.”

Fill in the blank with appropriate choice.

Options:

A.

Evil Twin Attack

B.

Sinkhole Attack

C.

Collision Attack

D.

Signal Jamming Attack

Buy Now
Questions 34

Bob, a system administrator at TPNQM SA, concluded one day that a DMZ is not needed if he properly configures the firewall to allow access just to servers/ports, which can have direct internet access, and block the access to workstations.

Bob also concluded that DMZ makes sense just when a stateful firewall is available, which is not the case of TPNQM SA.

In this context, what can you say?

Options:

A.

Bob can be right since DMZ does not make sense when combined with stateless firewalls

B.

Bob is partially right. He does not need to separate networks if he can create rules by destination IPs, one by one

C.

Bob is totally wrong. DMZ is always relevant when the company has internet servers and workstations

D.

Bob is partially right. DMZ does not make sense when a stateless firewall is available

Buy Now
Questions 35

Bob received this text message on his mobile phone: “Hello, this is Scott Smelby from the Yahoo Bank. Kindly contact me for a vital transaction on: scottsmelby@yahoo.com”. Which statement below is true?

Options:

A.

This is a scam as everybody can get a @yahoo address, not the Yahoo customer service employees.

B.

This is a scam because Bob does not know Scott.

C.

Bob should write to scottmelby@yahoo.com to verify the identity of Scott.

D.

This is probably a legitimate message as it comes from a respectable organization.

Buy Now
Questions 36

A hacker is an intelligent individual with excellent computer skills and the ability to explore a computer’s software and hardware without the owner’s permission. Their intention can either be to simply gain knowledge or to illegally make changes.

Which of the following class of hacker refers to an individual who works both offensively and defensively at various times?

Options:

A.

White Hat

B.

Suicide Hacker

C.

Gray Hat

D.

Black Hat

Buy Now
Questions 37

A technician is resolving an issue where a computer is unable to connect to the Internet using a wireless access point. The computer is able to transfer files locally to other machines, but cannot successfully reach the Internet. When the technician examines the IP address and default gateway they are both on the 192.168.1.0/24. Which of the following has occurred?

Options:

A.

The computer is not using a private IP address.

B.

The gateway is not routing to a public IP address.

C.

The gateway and the computer are not on the same network.

D.

The computer is using an invalid IP address.

Buy Now
Questions 38

Peter is surfing the internet looking for information about DX Company. Which hacking process is Peter doing?

Options:

A.

Scanning

B.

Footprinting

C.

Enumeration

D.

System Hacking

Buy Now
Questions 39

Eric has discovered a fantastic package of tools named Dsniff on the Internet. He has learnt to use these tools in his lab and is now ready for real world exploitation. He was able to effectively intercept communications between the two entities and establish credentials with both sides of the connections. The two remote ends of the communication never notice that Eric is relaying the information between the two. What would you call this attack?

Options:

A.

Interceptor

B.

Man-in-the-middle

C.

ARP Proxy

D.

Poisoning Attack

Buy Now
Questions 40

The Heartbleed bug was discovered in 2014 and is widely referred to under MITRE’s Common Vulnerabilities and Exposures (CVE) as CVE-2014-0160. This bug affects the OpenSSL implementation of the Transport Layer Security (TLS) protocols defined in RFC6520.

What type of key does this bug leave exposed to the Internet making exploitation of any compromised system very easy?

Options:

A.

Public

B.

Private

C.

Shared

D.

Root

Buy Now
Questions 41

Your company performs penetration tests and security assessments for small and medium-sized business in the local area. During a routine security assessment, you discover information that suggests your client is involved with human trafficking.

What should you do?

Options:

A.

Confront the client in a respectful manner and ask her about the data.

B.

Copy the data to removable media and keep it in case you need it.

C.

Ignore the data and continue the assessment until completed as agreed.

D.

Immediately stop work and contact the proper legal authorities.

Buy Now
Questions 42

Email is transmitted across the Internet using the Simple Mail Transport Protocol. SMTP does not encrypt email, leaving the information in the message vulnerable to being read by an unauthorized person. SMTP can upgrade a connection between two mail servers to use TLS. Email transmitted by SMTP over TLS is encrypted. What is the name of the command used by SMTP to transmit email over TLS?

Options:

A.

OPPORTUNISTICTLS

B.

UPGRADETLS

C.

FORCETLS

D.

STARTTLS

Buy Now
Questions 43

A company’s security policy states that all Web browsers must automatically delete their HTTP browser cookies upon terminating. What sort of security breach is this policy attempting to mitigate?

Options:

A.

Attempts by attackers to access the user and password information stored in the company’s SQL database.

B.

Attempts by attackers to access Web sites that trust the Web browser user by stealing the user’s authentication credentials.

C.

Attempts by attackers to access password stored on the user’s computer without the user’s knowledge.

D.

Attempts by attackers to determine the user’s Web browser usage patterns, including when sites were visited and for how long.

Buy Now
Questions 44

Which of the following viruses tries to hide from anti-virus programs by actively altering and corrupting the chosen service call interruptions when they are being run?

Options:

A.

Macro virus

B.

Stealth/Tunneling virus

C.

Cavity virus

D.

Polymorphic virus

Buy Now
Questions 45

One of your team members has asked you to analyze the following SOA record. What is the version?

Rutgers.edu.SOA NS1.Rutgers.edu ipad.college.edu (200302028 3600 3600 604800 2400.) (Choose four.)

Options:

A.

200303028

B.

3600

C.

604800

D.

2400

E.

60

F.

4800

Buy Now
Questions 46

You are tasked to perform a penetration test. While you are performing information gathering, you find an employee list in Google. You find the receptionist’s email, and you send her an email changing the source email to her boss’s email (boss@company). In this email, you ask for a pdf with information. She reads your email and sends back a pdf with links. You exchange the pdf links with your malicious links (these links contain malware) and send back the modified pdf, saying that the links don’t work. She reads your email, opens the links, and her machine gets infected. You now have access to the company network. What testing method did you use?

Options:

A.

Social engineering

B.

Piggybacking

C.

Tailgating

D.

Eavesdropping

Buy Now
Questions 47

env x=’(){ :;};echo exploit’ bash –c ‘cat/etc/passwd’

What is the Shellshock bash vulnerability attempting to do on a vulnerable Linux host?

Options:

A.

Removes the passwd file

B.

Changes all passwords in passwd

C.

Add new user to the passwd file

D.

Display passwd content to prompt

Buy Now
Questions 48

Joseph was the Web site administrator for the Mason Insurance in New York, who's main Web site was located at www.masonins.com. Joseph uses his laptop computer regularly to administer the Web site. One night, Joseph received an urgent phone call from his friend, Smith. According to Smith, the main Mason Insurance web site had been vandalized! All of its normal content was removed and replaced with an attacker 's message ''Hacker Message: You are dead! Freaks!” From his office, which was directly connected to Mason Insurance's internal network, Joseph surfed to the Web site using his laptop. In his browser, the Web site looked completely intact.

No changes were apparent. Joseph called a friend of his at his home to help troubleshoot the problem. The Web site appeared defaced when his friend visited using his DSL connection. So, while Smith and his friend could see the defaced page, Joseph saw the intact Mason Insurance web site. To help make sense of this problem, Joseph decided to access the Web site using hisdial-up ISP. He disconnected his laptop from the corporate internal network and used his modem to dial up the same ISP used by Smith. After his modem connected, he quickly typed www.masonins.com in his browser to reveal the following web page:

After seeing the defaced Web site, he disconnected his dial-up line, reconnected to the internal network, and used Secure Shell (SSH) to log in directly to the Web server. He ran Tripwire against the entire Web site, and determined that every system file and all the Web content on the server were intact. How did the attacker accomplish this hack?

Options:

A.

ARP spoofing

B.

SQL injection

C.

DNS poisoning

D.

Routing table injection

Buy Now
Questions 49

Your company was hired by a small healthcare provider to perform a technical assessment on the network.

What is the best approach for discovering vulnerabilities on a Windows-based computer?

Options:

A.

Use the built-in Windows Update tool

B.

Use a scan tool like Nessus

C.

Check MITRE.org for the latest list of CVE findings

D.

Create a disk image of a clean Windows installation

Buy Now
Questions 50

You are the Network Admin, and you get a complaint that some of the websites are no longer accessible. You try to ping the servers and find them to be reachable. Then you type the IP address and then you try on the browser, and find it to be accessible. But they are not accessible when you try using the URL.

What may be the problem?

Options:

A.

Traffic is Blocked on UDP Port 53

B.

Traffic is Blocked on TCP Port 80

C.

Traffic is Blocked on TCP Port 54

D.

Traffic is Blocked on UDP Port 80

Buy Now
Questions 51

Bob is acknowledged as a hacker of repute and is popular among visitors of "underground" sites.

Bob is willing to share his knowledge with those who are willing to learn, and many have expressed their interest in learning from him. However, this knowledge has a risk associated with it, as it can be used for malevolent attacks as well.

In this context, what would be the most effective method to bridge the knowledge gap between the "black" hats or crackers and the "white" hats or computer security professionals? (Choose the test answer.)

Options:

A.

Educate everyone with books, articles and training on risk analysis, vulnerabilities and safeguards.

B.

Hire more computer security monitoring personnel to monitor computer systems and networks.

C.

Make obtaining either a computer security certification or accreditation easier to achieve so more individuals feel that they are a part of something larger than life.

D.

Train more National Guard and reservist in the art of computer security to help out in times of emergency or crises.

Buy Now
Questions 52

Which regulation defines security and privacy controls for Federal information systems and organizations?

Options:

A.

HIPAA

B.

EU Safe Harbor

C.

PCI-DSS

D.

NIST-800-53

Buy Now
Questions 53

is a set of extensions to DNS that provide the origin authentication of DNS data to DNS clients (resolvers) so as to reduce the threat of DNS poisoning, spoofing, and similar types of attacks.

Options:

A.

DNSSEC

B.

Resource records

C.

Resource transfer

D.

Zone transfer

Buy Now
Questions 54

Which of the following is the BEST way to defend against network sniffing?

Options:

A.

Using encryption protocols to secure network communications

B.

Register all machines MAC Address in a Centralized Database

C.

Use Static IP Address

D.

Restrict Physical Access to Server Rooms hosting Critical Servers

Buy Now
Questions 55

These hackers have limited or no training and know how to use only basic techniques or tools.

What kind of hackers are we talking about?

Options:

A.

Black-Hat Hackers A

B.

Script Kiddies

C.

White-Hat Hackers

D.

Gray-Hat Hacker

Buy Now
Questions 56

The “Gray-box testing” methodology enforces what kind of restriction?

Options:

A.

Only the external operation of a system is accessible to the tester.

B.

The internal operation of a system in only partly accessible to the tester.

C.

Only the internal operation of a system is known to the tester.

D.

The internal operation of a system is completely known to the tester.

Buy Now
Questions 57

During a recent security assessment, you discover the organization has one Domain Name Server (DNS) in a Demilitarized Zone (DMZ) and a second DNS server on the internal network.

What is this type of DNS configuration commonly called?

Options:

A.

DynDNS

B.

DNS Scheme

C.

DNSSEC

D.

Split DNS

Buy Now
Questions 58

Nedved is an IT Security Manager of a bank in his country. One day. he found out that there is a security breach to his company's email server based on analysis of a suspicious connection from the email server to an unknown IP Address.

What is the first thing that Nedved needs to do before contacting the incident response team?

Options:

A.

Leave it as it Is and contact the incident response te3m right away

B.

Block the connection to the suspicious IP Address from the firewall

C.

Disconnect the email server from the network

D.

Migrate the connection to the backup email server

Buy Now
Questions 59

Vlady works in a fishing company where the majority of the employees have very little understanding of IT let alone IT Security. Several information security issues that Vlady often found includes, employees sharing password, writing his/her password on a post it note and stick it to his/her desk, leaving the computer unlocked, didn’t log out from emails or other social media accounts, and etc.

After discussing with his boss, Vlady decided to make some changes to improve the security environment in his company. The first thing that Vlady wanted to do is to make the employees understand the importance of keeping confidential information, such as password, a secret and they should not share it with other persons.

Which of the following steps should be the first thing that Vlady should do to make the employees in his company understand to importance of keeping confidential information a secret?

Options:

A.

Warning to those who write password on a post it note and put it on his/her desk

B.

Developing a strict information security policy

C.

Information security awareness training

D.

Conducting a one to one discussion with the other employees about the importance of information security

Buy Now
Questions 60

You have successfully logged on a Linux system. You want to now cover your trade Your login attempt may be logged on several files located in /var/log. Which file does NOT belongs to the list:

Options:

A.

user.log

B.

auth.fesg

C.

wtmp

D.

btmp

Buy Now
Questions 61

Which of the following DoS tools is used to attack target web applications by starvation of available sessions on the web server?

The tool keeps sessions at halt using never-ending POST transmissions and sending an arbitrarily large content-length header value.

Options:

A.

My Doom

B.

Astacheldraht

C.

R-U-Dead-Yet?(RUDY)

D.

LOIC

Buy Now
Questions 62

An experienced cyber attacker has created a fake Linkedin profile, successfully impersonating a high-ranking official from a well-established company, to execute a social engineering attack. The attacker then connected with other employees within the organization, receiving invitations to exclusive corporate events and gaining

access to proprietary project details shared within the network. What advanced social engineering technique has the attacker primarily used to exploit the system and what is the most likely immediate threat to the organization?

Options:

A.

Pretexting and Network Vulnerability

B.

Spear Phishing and Spam

C.

Whaling and Targeted Attacks

D.

Baiting and Involuntary Data Leakage

Buy Now
Questions 63

Your organization has signed an agreement with a web hosting provider that requires you to take full responsibility of the maintenance of the cloud-based resources. Which of the following models covers this?

Options:

A.

Platform as a service

B.

Software as a service

C.

Functions as a

D.

service Infrastructure as a service

Buy Now
Questions 64

A security analyst is investigating a potential network-level session hijacking incident. During the investigation, the analyst finds that the attacker has been using a technique in which they injected an authentic-looking reset packet using a spoofed source IP address and a guessed acknowledgment number. As a result, the victim's connection was reset. Which of the following hijacking techniques has the attacker most likely used?

Options:

A.

TCP/IP hijacking

B.

UDP hijacking

C.

RST hijacking

D.

Blind hijacking

Buy Now
Questions 65

An attacker with access to the inside network of a small company launches a successful STP manipulation attack. What will he do next?

Options:

A.

He will create a SPAN entry on the spoofed root bridge and redirect traffic to his computer.

B.

He will activate OSPF on the spoofed root bridge.

C.

He will repeat this action so that it escalates to a DoS attack.

D.

He will repeat the same attack against all L2 switches of the network.

Buy Now
Questions 66

Which of the following is a low-tech way of gaining unauthorized access to systems?

Options:

A.

Social Engineering

B.

Eavesdropping

C.

Scanning

D.

Sniffing

Buy Now
Questions 67

You need a tool that can do network intrusion prevention and intrusion detection, function as a network sniffer, and record network activity, what tool would you most likely select?

Options:

A.

Nmap

B.

Cain & Abel

C.

Nessus

D.

Snort

Buy Now
Questions 68

The configuration allows a wired or wireless network interface controller to pass all traffic it receives to the Central Processing Unit (CPU), rather than passing only the frames that the controller is intended to receive. Which of the following is being described?

Options:

A.

Multi-cast mode

B.

Promiscuous mode

C.

WEM

D.

Port forwarding

Buy Now
Questions 69

A penetration tester is conducting an assessment of a web application for a financial institution. The application uses form-based authentication and does not implement account lockout policies after multiple failed login attempts. Interestingly, the application displays detailed error messages that disclose whether the username or password entered is incorrect. The tester also notices that the application uses HTTP headers to prevent clickjacking attacks but does not implement Content Security Policy (CSP). With these observations, which of the following attack methods would likely be the most effective for the penetration tester to exploit these vulnerabilities and attempt unauthorized access?

Options:

A.

The tester could execute a Brute Force attack, leveraging the lack of account lockout policy and the verbose error messages to guess the correct credentials

B.

The tester could exploit a potential SQL Injection vulnerability to manipulate the application's database

C.

The tester could launch a Cross-Site Scripting (XSS) attack to steal authenticated session cookies, potentially bypassing the clickjacking protection

D.

The tester could execute a Man-in-the-Middle (MitM) attack to intercept and modify the HTTP headers for a Clickjacking attack

Buy Now
Questions 70

Which of the following tools is used to detect wireless LANs using the 802.11a/b/g/n WLAN standards on a linux platform?

Options:

A.

Kismet

B.

Abel

C.

Netstumbler

D.

Nessus

Buy Now
Questions 71

Sam is a penetration tester hired by Inception Tech, a security organization. He was asked to perform port scanning on a target host in the network. While performing the given task, Sam sends FIN/ACK probes and determines that an RST packet is sent in response by the target host, indicating that the port is closed.

What is the port scanning technique used by Sam to discover open ports?

Options:

A.

Xmas scan

B.

IDLE/IPID header scan

C.

TCP Maimon scan

D.

ACK flag probe scan

Buy Now
Questions 72

A network administrator discovers several unknown files in the root directory of his Linux FTP server. One of the files is a tarball, two are shell script files, and the third is a binary file is named "nc." The FTP server's access logs show that the anonymous user account logged in to the server, uploaded the files, and extracted the contents of the tarball and ran the script using a function provided by the FTP server's software. The “ps” command shows that the “nc” file is running as process, and the netstat command shows the “nc” process is listening on a network port.

What kind of vulnerability must be present to make this remote attack possible?

Options:

A.

File system permissions

B.

Privilege escalation

C.

Directory traversal

D.

Brute force login

Buy Now
Questions 73

What is the role of test automation in security testing?

Options:

A.

It is an option but it tends to be very expensive.

B.

It should be used exclusively. Manual testing is outdated because of low speed and possible test setup inconsistencies.

C.

Test automation is not usable in security due to the complexity of the tests.

D.

It can accelerate benchmark tests and repeat them with a consistent test setup. But it cannot replace manual testing completely.

Buy Now
Questions 74

You have the SOA presented below in your Zone.

Your secondary servers have not been able to contact your primary server to synchronize information. How long will the secondary servers attempt to contact the primary server before it considers that zone is dead and stops responding to queries?

collegae.edu.SOA, cikkye.edu ipad.college.edu. (200302028 3600 3600 604800 3600)

Options:

A.

One day

B.

One hour

C.

One week

D.

One month

Buy Now
Questions 75

What tool can crack Windows SMB passwords simply by listening to network traffic?

Options:

A.

This is not possible

B.

Netbus

C.

NTFSDOS

D.

L0phtcrack

Buy Now
Questions 76

If a token and 4-digit personal identification number (PIN) are used to access a computer system and the token performs off-line checking for the correct PIN, what type of attack is possible?

Options:

A.

Birthday

B.

Brute force

C.

Man-in-the-middle

D.

Smurf

Buy Now
Questions 77

Session splicing is an IDS evasion technique in which an attacker delivers data in multiple, small sized packets to the target computer, making it very difficult for an IDS to detect the attack signatures. Which tool can be used to perform session splicing attacks?

Options:

A.

tcpsplice

B.

Burp

C.

Hydra

D.

Whisker

Buy Now
Questions 78

As a securing consultant, what are some of the things you would recommend to a company to ensure DNS security?

Options:

A.

Use the same machines for DNS and other applications

B.

Harden DNS servers

C.

Use split-horizon operation for DNS servers

D.

Restrict Zone transfers

E.

Have subnet diversity between DNS servers

Buy Now
Questions 79

A certified ethical hacker is conducting a Whois footprinting activity on a specific domain. The individual is leveraging various tools such as Batch IP Converter and Whols Analyzer Pro to retrieve vital details but is unable to gather complete Whois information from the registrar for a particular set of data. As the hacker, what might be the probable data model being utilized by the domain's registrar for storing and looking up

Who is information?

Options:

A.

Thick Whois model with a malfunctioning server

B.

Thick Whois model working correctly

C.

Thin Whois model with a malfunctioning server

D.

Thin Whois model working correctly

Buy Now
Questions 80

Which of the following is a passive wireless packet analyzer that works on Linux-based systems?

Options:

A.

Burp Suite

B.

OpenVAS

C.

tshark

D.

Kismet

Buy Now
Questions 81

Gilbert, a web developer, uses a centralized web API to reduce complexity and increase the Integrity of updating and changing data. For this purpose, he uses a web service that uses HTTP methods such as PUT. POST. GET. and DELETE and can improve the overall performance, visibility, scalability, reliability, and portability of an application. What is the type of web-service API mentioned in the above scenario?

Options:

A.

JSON-RPC

B.

SOAP API

C.

RESTful API

D.

REST API

Buy Now
Questions 82

While testing a web application in development, you notice that the web server does not properly ignore the “dot dot slash” (../) character string and instead returns the file listing of a folder structure of the server.

What kind of attack is possible in this scenario?

Options:

A.

Cross-site scripting

B.

Denial of service

C.

SQL injection

D.

Directory traversal

Buy Now
Questions 83

Why is a penetration test considered to be more thorough than vulnerability scan?

Options:

A.

Vulnerability scans only do host discovery and port scanning by default.

B.

A penetration test actively exploits vulnerabilities in the targeted infrastructure, while a vulnerability scan does not typically involve active exploitation.

C.

It is not – a penetration test is often performed by an automated tool, while a vulnerability scan requires active engagement.

D.

The tools used by penetration testers tend to have much more comprehensive vulnerability databases.

Buy Now
Questions 84

Which is the first step followed by Vulnerability Scanners for scanning a network?

Options:

A.

OS Detection

B.

Firewall detection

C.

TCP/UDP Port scanning

D.

Checking if the remote host is alive

Buy Now
Questions 85

What is one of the advantages of using both symmetric and asymmetric cryptography in SSL/TLS?

Options:

A.

Supporting both types of algorithms allows less-powerful devices such as mobile phones to use symmetric encryption instead.

B.

Symmetric algorithms such as AES provide a failsafe when asymmetric methods fail.

C.

Symmetric encryption allows the server to security transmit the session keys out-of-band.

D.

Asymmetric cryptography is computationally expensive in comparison. However, it is well-suited to securely negotiate keys for use with symmetric cryptography.

Buy Now
Questions 86

Identify the UDP port that Network Time Protocol (NTP) uses as its primary means of communication?

Options:

A.

113

B.

69

C.

123

D.

161

Buy Now
Questions 87

Why would you consider sending an email to an address that you know does not exist within the company you are performing a Penetration Test for?

Options:

A.

To determine who is the holder of the root account

B.

To perform a DoS

C.

To create needless SPAM

D.

To illicit a response back that will reveal information about email servers and how they treat undeliverable mail

E.

To test for virus protection

Buy Now
Questions 88

Todd has been asked by the security officer to purchase a counter-based authentication system. Which of the following best describes this type of system?

Options:

A.

A biometric system that bases authentication decisions on behavioral attributes.

B.

A biometric system that bases authentication decisions on physical attributes.

C.

An authentication system that creates one-time passwords that are encrypted with secret keys.

D.

An authentication system that uses passphrases that are converted into virtual passwords.

Buy Now
Questions 89

Which of the following tools can be used to perform a zone transfer?

Options:

A.

NSLookup

B.

Finger

C.

Dig

D.

Sam Spade

E.

Host

F.

Netcat

G.

Neotrace

Buy Now
Questions 90

What term describes the amount of risk that remains after the vulnerabilities are classified and the countermeasures have been deployed?

Options:

A.

Residual risk

B.

Impact risk

C.

Deferred risk

D.

Inherent risk

Buy Now
Questions 91

Sam, a web developer, was instructed to incorporate a hybrid encryption software program into a web application to secure email messages. Sam used an encryption software, which is a free implementation of the OpenPGP standard that uses both symmetric-key cryptography and asymmetric-key cryptography for improved speed and secure key exchange. What is the encryption software employed by Sam for securing the email messages?

Options:

A.

PGP

B.

S/MIME

C.

SMTP

D.

GPG

Buy Now
Questions 92

Insecure direct object reference is a type of vulnerability where the application does not verify if the user is authorized to access the internal object via its name or key. Suppose a malicious user Rob tries to get access to the account of a benign user Ned.

Which of the following requests best illustrates an attempt to exploit an insecure direct object reference vulnerability?

Options:

A.

“GET /restricted/goldtransfer?to=Rob&from=1 or 1=1’ HTTP/1.1Host: westbank.com”

B.

“GET /restricted/\r\n\%00account%00Ned%00access HTTP/1.1 Host: westbank.com”

C.

“GET /restricted/accounts/?name=Ned HTTP/1.1 Host westbank.com”

D.

“GET /restricted/ HTTP/1.1 Host: westbank.com

Buy Now
Questions 93

Which of the following web vulnerabilities would an attacker be attempting to exploit if they delivered the following input?

] >

Options:

A.

XXE

B.

SQLi

C.

IDOR

D.

XXS

Buy Now
Questions 94

Your company, SecureTech Inc., is planning to transmit some sensitive data over an unsecured communication channel. As a cyber security expert, you decide to use symmetric key encryption to protect the data. However,

you must also ensure the secure exchange of the symmetric key. Which of the following protocols would you recommend to the team to achieve this?

Options:

A.

Implementing SSL certificates on your company's web servers.

B.

Applying the Diffie-Hellman protocol to exchange the symmetric key.

C.

Switching all data transmission to the HTTPS protocol.

D.

Utilizing SSH for secure remote logins to the servers.

Buy Now
Questions 95

You are analysing traffic on the network with Wireshark. You want to routinely run a cron job which will run the capture against a specific set of IPs - 192.168.8.0/24. What command you would use?

Options:

A.

wireshark --fetch ''192.168.8*''

B.

wireshark --capture --local masked 192.168.8.0 ---range 24

C.

tshark -net 192.255.255.255 mask 192.168.8.0

D.

sudo tshark -f''net 192 .68.8.0/24''

Buy Now
Questions 96

Security administrator John Smith has noticed abnormal amounts of traffic coming from local computers at night. Upon reviewing, he finds that user data have been exfilltrated by an attacker. AV tools are unable to find any malicious software, and the IDS/IPS has not reported on any non-whitelisted programs, what type of malware did the attacker use to bypass the company's application whitelisting?

Options:

A.

Phishing malware

B.

Zero-day malware

C.

File-less malware

D.

Logic bomb malware

Buy Now
Questions 97

John, a security analyst working for an organization, found a critical vulnerability on the organization's LAN that allows him to view financial and personal information about the rest of the employees. Before reporting the vulnerability, he examines the information shown by the vulnerability for two days without disclosing any information to third parties or other internal employees. He does so out of curiosity about the other employees and may take advantage of this information later. What would John be considered as?

Options:

A.

Cybercriminal

B.

Black hat

C.

White hat

D.

Gray hat

Buy Now
Questions 98

What type of a vulnerability/attack is it when the malicious person forces the user’s browser to send an authenticated request to a server?

Options:

A.

Session hijacking

B.

Server side request forgery

C.

Cross-site request forgery

D.

Cross-site scripting

Buy Now
Questions 99

Upon establishing his new startup, Tom hired a cloud service provider (CSP) but was dissatisfied with their service and wanted to move to another CSP.

What part of the contract might prevent him from doing so?

Options:

A.

Virtualization

B.

Lock-in

C.

Lock-down

D.

Lock-up

Buy Now
Questions 100

In an attempt to damage the reputation of a competitor organization, Hailey, a professional hacker, gathers a list of employee and client email addresses and other related information by using various search engines, social networking sites, and web spidering tools. In this process, she also uses an automated tool to gather a list of words from the target website to further perform a brute-force attack on the previously gathered email addresses.

What is the tool used by Hailey for gathering a list of words from the target website?

Options:

A.

Shadowsocks

B.

CeWL

C.

Psiphon

D.

Orbot

Buy Now
Questions 101

Which among the following is the best example of the hacking concept called "clearing tracks"?

Options:

A.

After a system is breached, a hacker creates a backdoor to allow re-entry into a system.

B.

During a cyberattack, a hacker injects a rootkit into a server.

C.

An attacker gains access to a server through an exploitable vulnerability.

D.

During a cyberattack, a hacker corrupts the event logs on all machines.

Buy Now
Questions 102

Josh has finished scanning a network and has discovered multiple vulnerable services. He knows that several of these usually have protections against external sources but are frequently susceptible to internal users. He decides to draft an email, spoof the sender as the internal IT team, and attach a malicious file disguised as a financial spreadsheet. Before Josh sends the email, he decides to investigate other methods of getting the file onto the system. For this particular attempt, what was the last stage of the cyber kill chain that Josh performed?

Options:

A.

Exploitation

B.

Weaponization

C.

Delivery

D.

Reconnaissance

Buy Now
Questions 103

You have been authorized to perform a penetration test against a website. You want to use Google dorks to footprint the site but only want results that show file extensions. What Google dork operator would you use?

Options:

A.

filetype

B.

ext

C.

inurl

D.

site

Buy Now
Questions 104

When you are testing a web application, it is very useful to employ a proxy tool to save every request and response. You can manually test every request and analyze the response to find vulnerabilities. You can test parameter and headers manually to get more precise results than if using web vulnerability scanners.

What proxy tool will help you find web vulnerabilities?

Options:

A.

Maskgen

B.

Dimitry

C.

Burpsuite

D.

Proxychains

Buy Now
Questions 105

Joel, a professional hacker, targeted a company and identified the types of websites frequently visited by its employees. Using this information, he searched for possible loopholes in these websites and injected a malicious script that can redirect users from the web page and download malware onto a victim's machine. Joel waits for the victim to access the infected web application so as to compromise the victim's machine. Which of the following techniques is used by Joel in the above scenario?

Options:

A.

DNS rebinding attack

B.

Clickjacking attack

C.

MarioNet attack

D.

Watering hole attack

Buy Now
Questions 106

Mary found a high vulnerability during a vulnerability scan and notified her server team. After analysis, they sent her proof that a fix to that issue had already been applied. The vulnerability that Marry found is called what?

Options:

A.

False-negative

B.

False-positive

C.

Brute force attack

D.

Backdoor

Buy Now
Questions 107

You want to do an ICMP scan on a remote computer using hping2. What is the proper syntax?

Options:

A.

hping2 host.domain.com

B.

hping2 --set-ICMP host.domain.com

C.

hping2 -i host.domain.com

D.

hping2 -1 host.domain.com

Buy Now
Questions 108

During a red team engagement, an ethical hacker is tasked with testing the security measures of an organization's wireless network. The hacker needs to select an appropriate tool to carry out a session hijacking attack. Which of the following tools should the hacker use to effectively perform session hijacking and subsequent security analysis, given that the target wireless network has the Wi-Fi Protected Access-preshared key (WPA-PSK) security protocol in place?

Options:

A.

FaceNiff

B.

Hetty

C.

Droidsheep

D.

bettercap

Buy Now
Questions 109

The network users are complaining because their system are slowing down. Further, every time they attempt to go a website, they receive a series of pop-ups with advertisements. What types of malware have the system been infected with?

Options:

A.

Virus

B.

Spyware

C.

Trojan

D.

Adware

Buy Now
Questions 110

Jude, a pen tester working in Keiltech Ltd., performs sophisticated security testing on his company's network infrastructure to identify security loopholes. In this process, he started to circumvent the network protection tools and firewalls used in the company. He employed a technique that can create forged TCP sessions by carrying out multiple SYN, ACK, and RST or FIN packets. Further, this process allowed Jude to execute DDoS attacks that can exhaust the network resources. What is the attack technique used by Jude for finding loopholes in the above scenario?

Options:

A.

UDP flood attack

B.

Ping-of-death attack

C.

Spoofed session flood attack

D.

Peer-to-peer attack

Buy Now
Questions 111

Dorian Is sending a digitally signed email to Polly, with which key is Dorian signing this message and how is Poly validating It?

Options:

A.

Dorian is signing the message with his public key. and Poly will verify that the message came from Dorian by using Dorian's private key.

B.

Dorian Is signing the message with Polys public key. and Poly will verify that the message came from Dorian by using Dorian's public key.

C.

Dorian is signing the message with his private key. and Poly will verify that the message came from Dorian by using Dorian's public key.

D.

Dorian is signing the message with Polys private key. and Poly will verify mat the message came from Dorian by using Dorian's public key.

Buy Now
Questions 112

In the process of implementing a network vulnerability assessment strategy for a tech company, the security

analyst is confronted with the following scenarios:

1) A legacy application is discovered on the network, which no longer receives updates from the vendor.

2) Several systems in the network are found running outdated versions of web browsers prone to distributed

attacks.

3) The network firewall has been configured using default settings and passwords.

4) Certain TCP/IP protocols used in the organization are inherently insecure.

The security analyst decides to use vulnerability scanning software. Which of the following limitations of vulnerability assessment should the analyst be most cautious about in this context?

Options:

A.

Vulnerability scanning software is limited in its ability to perform live tests on web applications to detect errors or unexpected behavior

B.

Vulnerability scanning software cannot define the impact of an identified vulnerability on different business operations

C.

Vulnerability scanning software is limited in its ability to detect vulnerabilities at a given point in time

D.

Vulnerability scanning software is not immune to software engineering flaws that might lead to serious vulnerabilities being missed

Buy Now
Questions 113

While performing an Nmap scan against a host, Paola determines the existence of a firewall. In an attempt to determine whether the firewall is stateful or stateless, which of the following options would be best to use?

Options:

A.

-sA

B.

-sX

C.

-sT

D.

-sF

Buy Now
Questions 114

Based on the below log, which of the following sentences are true?

Mar 1, 2016, 7:33:28 AM 10.240.250.23 - 54373 10.249.253.15 - 22 tcp_ip

Options:

A.

Application is FTP and 10.240.250.23 is the client and 10.249.253.15 is the server.

B.

Application is SSH and 10.240.250.23 is the server and 10.249.253.15 is the client.

C.

SSH communications are encrypted; it’s impossible to know who is the client or the server.

D.

Application is SSH and 10.240.250.23 is the client and 10.249.253.15 is the server.

Buy Now
Questions 115

Which of the following tactics uses malicious code to redirect users' web traffic?

Options:

A.

Spimming

B.

Pharming

C.

Phishing

D.

Spear-phishing

Buy Now
Questions 116

To create a botnet. the attacker can use several techniques to scan vulnerable machines. The attacker first collects Information about a large number of vulnerable machines to create a list. Subsequently, they infect the machines. The list Is divided by assigning half of the list to the newly compromised machines. The scanning process runs simultaneously. This technique ensures the spreading and installation of malicious code in little time.

Which technique is discussed here?

Options:

A.

Hit-list-scanning technique

B.

Topological scanning technique

C.

Subnet scanning technique

D.

Permutation scanning technique

Buy Now
Questions 117

When considering how an attacker may exploit a web server, what is web server footprinting?

Options:

A.

When an attacker implements a vulnerability scanner to identify weaknesses

B.

When an attacker creates a complete profile of the site's external links and file structures

C.

When an attacker gathers system-level data, including account details and server names

D.

When an attacker uses a brute-force attack to crack a web-server password

Buy Now
Questions 118

You have been hired as an intern at a start-up company. Your first task is to help set up a basic web server for the company’s new website. The team leader has asked you to make sure the server is secure from common - threats. Based on your knowledge from studying for the CEH exam, which of the following actions should be

your priority to secure the web server?

Options:

A.

Installing a web application firewall

B.

limiting the number of concurrent connections to the server

C.

Encrypting the company’s website with SSL/TLS

D.

Regularly updating and patching the server software

Buy Now
Questions 119

A well-resourced attacker intends to launch a highly disruptive DDoS attack against a major online retailer. The attacker aims to exhaust all the network resources while keeping their identity concealed. Their method should be resistant to simple defensive measures such as IP-based blocking. Based on these objectives, which of the following attack strategies would be most effective?

Options:

A.

The attacker should instigate a protocol-based SYN flood attack, consuming connection state tables on the retailer's servers

B.

The attacker should execute a simple ICMP flood attack from a single IP, exploiting the retailer's ICMP processing

C.

The attacker should leverage a botnet to launch a Pulse Wave attack, sending high-volume traffic pulses at regular intervals

D.

The attacker should initiate a volumetric flood attack using a single compromised machine to overwhelm the retailer's network bandwidth

Buy Now
Questions 120

You are tasked to configure the DHCP server to lease the last 100 usable IP addresses in subnet to. 1.4.0/23. Which of the following IP addresses could be teased as a result of the new configuration?

Options:

A.

210.1.55.200

B.

10.1.4.254

C.

10.1.5.200

D.

10.1.4.156

Buy Now
Questions 121

You are logged in as a local admin on a Windows 7 system and you need to launch the Computer Management Console from command line.

Which command would you use?

Options:

A.

c:\compmgmt.msc

B.

c:\services.msc

C.

c:\ncpa.cp

D.

c:\gpedit

Buy Now
Questions 122

Bob, your senior colleague, has sent you a mail regarding a deal with one of the clients. You are requested to accept the offer and you oblige. After 2 days, Bab denies that he had ever sent a mail. What do you want to ““know”” to prove yourself that it was Bob who had send a mail?

Options:

A.

Non-Repudiation

B.

Integrity

C.

Authentication

D.

Confidentiality

Buy Now
Questions 123

A penetration tester is performing the footprinting process and is reviewing publicly available information about an organization by using the Google search engine.

Which of the following advanced operators would allow the pen tester to restrict the search to the organization’s web domain?

Options:

A.

[allinurl:]

B.

[location:]

C.

[site:]

D.

[link:]

Buy Now
Questions 124

Which Nmap switch helps evade IDS or firewalls?

Options:

A.

-n/-R

B.

-0N/-0X/-0G

C.

-T

D.

-D

Buy Now
Questions 125

You have compromised a server and successfully gained a root access. You want to pivot and pass traffic undetected over the network and evade any possible Intrusion Detection System. What is the best approach?

Options:

A.

Use Alternate Data Streams to hide the outgoing packets from this server.

B.

Use HTTP so that all traffic can be routed vis a browser, thus evading the internal Intrusion Detection Systems.

C.

Install Cryptcat and encrypt outgoing packets from this server.

D.

Install and use Telnet to encrypt all outgoing traffic from this server.

Buy Now
Questions 126

Roma is a member of a security team. She was tasked with protecting the internal network of an organization from imminent threats. To accomplish this task, Roma fed threat intelligence into the security devices in a digital format to block and identify inbound and outbound malicious traffic entering the organization's network.

Which type of threat intelligence is used by Roma to secure the internal network?

Options:

A.

Technical threat intelligence

B.

Operational threat intelligence

C.

Tactical threat intelligence

D.

Strategic threat intelligence

Buy Now
Questions 127

Miley, a professional hacker, decided to attack a target organization's network. To perform the attack, she used a tool to send fake ARP messages over the target network to link her MAC address with the target system's IP address. By performing this, Miley received messages directed to the victim's MAC address and further used the tool to intercept, steal, modify, and block sensitive communication to the target system. What is the tool employed by Miley to perform the above attack?

Options:

A.

Gobbler

B.

KDerpNSpoof

C.

BetterCAP

D.

Wireshark

Buy Now
Questions 128

George, an employee of an organization, is attempting to access restricted websites from an official computer. For this purpose, he used an anonymizer that masked his real IP address and ensured complete and continuous anonymity for all his online activities. Which of the following anonymizers helps George hide his activities?

Buy Now
Questions 129

Harris is attempting to identify the OS running on his target machine. He inspected the initial TTL in the IP header and the related TCP window size and obtained the following results:

TTL: 64 Window Size: 5840

What is the OS running on the target machine?

Options:

A.

Solaris OS

B.

Windows OS

C.

Mac OS

D.

Linux OS

Buy Now
Questions 130

Kevin, an encryption specialist, implemented a technique that enhances the security of keys used for encryption and authentication. Using this technique, Kevin input an initial key to an algorithm that generated an enhanced key that is resistant to brute-force attacks. What is the technique employed by Kevin to improve the security of encryption keys?

Options:

A.

Key derivation function

B.

Key reinstallation

C.

A Public key infrastructure

D.

Key stretching

Buy Now
Questions 131

If executives are found liable for not properly protecting their company’s assets and information systems, what type of law would apply in this situation?

Options:

A.

Criminal

B.

International

C.

Common

D.

Civil

Buy Now
Questions 132

A cybersecurity analyst in an organization is using the Common Vulnerability Scoring System to assess and prioritize identified vulnerabilities in their IT infrastructure. They encountered a vulnerability with a base metric score of 7, a temporal metric score of 8, and an environmental metric score of 5. Which statement best describes this scenario?

Options:

A.

The vulnerability has a medium severity with a high likelihood of exploitability over time and a considerable impact in their specific environment

B.

The vulnerability has a medium severity with a diminishing likelihood of exploitability over time, but a significant impact in their specific environment

C.

The vulnerability has an overall high severity with a diminishing likelihood of exploitability over time, but it is less impactful in their specific environment

D.

The vulnerability has an overall high severity, the likelihood of exploitability is increasing over time, and it has a medium impact in their specific environment

Buy Now
Questions 133

The security administrator of ABC needs to permit Internet traffic in the host 10.0.0.2 and UDP traffic in the host

10.0.0.3. He also needs to permit all FTP traffic to the rest of the network and deny all other traffic. After he

applied his ACL configuration in the router, nobody can access the ftp, and the permitted hosts cannot access

the Internet. According to the next configuration, what is happening in the network?

access-list 102 deny tcp any any

access-list 104 permit udp host 10.0.0.3 any

access-list 110 permit tcp host 10.0.0.2 eq www any

access-list 108 permit tcp any eq ftp any

Options:

A.

The ACL 104 needs to be first because is UDP

B.

The first ACL is denying all TCP traffic and the other ACLs are being ignored by the router

C.

The ACL for FTP must be before the ACL 110

D.

The ACL 110 needs to be changed to port 80

Buy Now
Questions 134

A large corporate network is being subjected to repeated sniffing attacks. To increase security, the company’s IT department decides to implement a combination of several security measures. They permanently add theMAC address of the gateway to the ARP cache, switch to using IPv6 instead of IPv4, implement the use of encrypted sessions such as SSH instead of Telnet, and use Secure File Transfer Protocol instead of FTP.

However, they are still faced with the threat of sniffing. Considering the countermeasures, what should be their next step to enhance network security?

Options:

A.

Use HTTP instead of HTTPS for protecting usernames and passwords

B.

Implement network scanning and monitoring tools

C.

Enable network identification broadcasts

D.

Retrieve MAC addresses from the OS

Buy Now
Questions 135

A computer science student needs to fill some information into a secured Adobe PDF job application that was received from a prospective employer. Instead of requesting a new document that allowed the forms to be completed, the student decides to write a script that pulls passwords from a list of commonly used passwords to try against the secured PDF until the correct password is found or the list is exhausted.

Which cryptography attack is the student attempting?

Options:

A.

Man-in-the-middle attack

B.

Brute-force attack

C.

Dictionary attack

D.

Session hijacking

Buy Now
Questions 136

Websites and web portals that provide web services commonly use the Simple Object Access Protocol (SOAP).

Which of the following is an incorrect definition or characteristics of the protocol?

Options:

A.

Exchanges data between web services

B.

Only compatible with the application protocol HTTP

C.

Provides a structured model for messaging

D.

Based on XML

Buy Now
Questions 137

BitLocker encryption has been implemented for all the Windows-based computers in an organization. You are concerned that someone might lose their cryptographic key. Therefore, a mechanism was implemented to recover the keys from Active Directory. What is this mechanism called in cryptography?

Options:

A.

Key archival

B.

Key escrow.

C.

Certificate rollover

D.

Key renewal

Buy Now
Questions 138

in this attack, an adversary tricks a victim into reinstalling an already-in-use key. This is achieved by manipulating and replaying cryptographic handshake messages. When the victim reinstall the key, associated parameters such as the incremental transmit packet number and receive packet number are reset to their initial values. What is this attack called?

Options:

A.

Chop chop attack

B.

KRACK

C.

Evil twin

D.

Wardriving

Buy Now
Questions 139

Which tool can be used to silently copy files from USB devices?

Options:

A.

USB Grabber

B.

USB Snoopy

C.

USB Sniffer

D.

Use Dumper

Buy Now
Questions 140

Which of the following antennas is commonly used in communications for a frequency band of 10 MHz to VHF and UHF?

Options:

A.

Yagi antenna

B.

Dipole antenna

C.

Parabolic grid antenna

D.

Omnidirectional antenna

Buy Now
Questions 141

As a cybersecurity consultant for SafePath Corp, you have been tasked with implementing a system for secure email communication. The key requirement is to ensure both confidentiality and non-repudiation. While considering various encryption methods, you are inclined towards using a combination of symmetric and asymmetric cryptography. However, you are unsure which cryptographic technique would best serve the purpose. Which of the following options would you choose to meet these requirements?

Options:

A.

Use symmetric encryption with the AES algorithm.

B.

Use the Diffie-Hellman protocol for key exchange and encryption.

C.

Apply asymmetric encryption with RSA and use the public key for encryption.

D.

Apply asymmetric encryption with RSA and use the private key for signing.

Buy Now
Questions 142

Mary, a penetration tester, has found password hashes in a client system she managed to breach. She needs to use these passwords to continue with the test, but she does not have time to find the passwords that correspond to these hashes. Which type of attack can she implement in order to continue?

Options:

A.

LLMNR/NBT-NS poisoning

B.

Internal monologue attack

C.

Pass the ticket

D.

Pass the hash

Buy Now
Questions 143

What is the common name for a vulnerability disclosure program opened by companies In platforms such as HackerOne?

Options:

A.

Vulnerability hunting program

B.

Bug bounty program

C.

White-hat hacking program

D.

Ethical hacking program

Buy Now
Questions 144

what firewall evasion scanning technique make use of a zombie system that has low network activity as well as its fragment identification numbers?

Options:

A.

Decoy scanning

B.

Packet fragmentation scanning

C.

Spoof source address scanning

D.

Idle scanning

Buy Now
Questions 145

In the context of Windows Security, what is a 'null' user?

Options:

A.

A user that has no skills

B.

An account that has been suspended by the admin

C.

A pseudo account that has no username and password

D.

A pseudo account that was created for security administration purpose

Buy Now
Questions 146

When discussing passwords, what is considered a brute force attack?

Options:

A.

You attempt every single possibility until you exhaust all possible combinations or discover the password

B.

You threaten to use the rubber hose on someone unless they reveal their password

C.

You load a dictionary of words into your cracking program

D.

You create hashes of a large number of words and compare it with the encrypted passwords

E.

You wait until the password expires

Buy Now
Questions 147

In the field of cryptanalysis, what is meant by a “rubber-hose" attack?

Options:

A.

Attempting to decrypt cipher text by making logical assumptions about the contents of the original plain text.

B.

Extraction of cryptographic secrets through coercion or torture.

C.

Forcing the targeted key stream through a hardware-accelerated device such as an ASIC.

D.

A backdoor placed into a cryptographic algorithm by its creator.

Buy Now
Questions 148

John, a professional hacker, targeted an organization that uses LDAP for accessing distributed directory services. He used an automated tool to anonymously query the IDAP service for sensitive information such as usernames. addresses, departmental details, and server names to launch further attacks on the target organization.

What is the tool employed by John to gather information from the IDAP service?

Options:

A.

jxplorer

B.

Zabasearch

C.

EarthExplorer

D.

Ike-scan

Buy Now
Questions 149

What would be the fastest way to perform content enumeration on a given web server by using the Gobuster tool?

Options:

A.

Performing content enumeration using the bruteforce mode and 10 threads

B.

Shipping SSL certificate verification

C.

Performing content enumeration using a wordlist

D.

Performing content enumeration using the bruteforce mode and random file extensions

Buy Now
Questions 150

Henry Is a cyber security specialist hired by BlackEye - Cyber security solutions. He was tasked with discovering the operating system (OS) of a host. He used the Unkornscan tool to discover the OS of the target system. As a result, he obtained a TTL value, which Indicates that the target system is running a Windows OS. Identify the TTL value Henry obtained, which indicates that the target OS is Windows.

Options:

A.

64

B.

128

C.

255

D.

138

Buy Now
Questions 151

The tools which receive event logs from servers, network equipment, and applications, and perform analysis and correlation on those logs, and can generate alarms for security relevant issues, are known as what?

Options:

A.

network Sniffer

B.

Vulnerability Scanner

C.

Intrusion prevention Server

D.

Security incident and event Monitoring

Buy Now
Questions 152

An LDAP directory can be used to store information similar to a SQL database. LDAP uses a _____ database structure instead of SQL’s _____ structure. Because of this, LDAP has difficulty representing many-to-one relationships.

Options:

A.

Relational, Hierarchical

B.

Strict, Abstract

C.

Hierarchical, Relational

D.

Simple, Complex

Buy Now
Questions 153

What is the algorithm used by LM for Windows2000 SAM?

Options:

A.

MD4

B.

DES

C.

SHA

D.

SSL

Buy Now
Questions 154

What is the purpose of DNS AAAA record?

Options:

A.

Authorization, Authentication and Auditing record

B.

Address prefix record

C.

Address database record

D.

IPv6 address resolution record

Buy Now
Questions 155

Scenario: Joe turns on his home computer to access personal online banking. When he enters the URL www.bank.com. the website is displayed, but it prompts him to re-enter his credentials as if he has never visited the site before. When he examines the website URL closer, he finds that the site is not secure and the web address appears different. What type of attack he is experiencing?.

Options:

A.

Dos attack

B.

DHCP spoofing

C.

ARP cache poisoning

D.

DNS hijacking

Buy Now
Questions 156

Gerard, a disgruntled ex-employee of Sunglass IT Solutions, targets this organization to perform sophisticated attacks and bring down its reputation in the market. To launch the attacks process, he performed DNS footprinting to gather information about ONS servers and to identify the hosts connected in the target network. He used an automated tool that can retrieve information about DNS zone data including DNS domain names, computer names. IP addresses. DNS records, and network Who is records. He further exploited this information to launch other sophisticated attacks. What is the tool employed by Gerard in the above scenario?

Options:

A.

Knative

B.

zANTI

C.

Towelroot

D.

Bluto

Buy Now
Questions 157

Jason, an attacker, targeted an organization to perform an attack on its Internet-facing web server with the intention of gaining access to backend servers, which are protected by a firewall. In this process, he used a URL https://xyz.com/feed.php?url:externaIsile.com/feed/to to obtain a remote feed and altered the URL input to the local host to view all the local resources on the target server. What is the type of attack Jason performed In the above scenario?

Options:

A.

website defacement

B.

Server-side request forgery (SSRF) attack

C.

Web server misconfiguration

D.

web cache poisoning attack

Buy Now
Questions 158

Sam, a professional hacker. targeted an organization with intention of compromising AWS IAM credentials. He attempted to lure one of the employees of the organization by initiating fake calls while posing as a legitimate employee. Moreover, he sent phishing emails to steal the AWS 1AM credentials and further compromise the employee's account. What is the technique used by Sam to compromise the AWS IAM credentials?

Options:

A.

Social engineering

B.

insider threat

C.

Password reuse

D.

Reverse engineering

Buy Now
Questions 159

SQL injection (SQLi) attacks attempt to inject SQL syntax into web requests, which may Bypass authentication and allow attackers to access and/or modify data attached to a web application.

Which of the following SQLI types leverages a database server's ability to make DNS requests to pass data to an attacker?

Options:

A.

Union-based SQLI

B.

Out-of-band SQLI

C.

ln-band SQLI

D.

Time-based blind SQLI

Buy Now
Questions 160

Which of the following are well known password-cracking programs?

Options:

A.

L0phtcrack

B.

NetCat

C.

Jack the Ripper

D.

Netbus

E.

John the Ripper

Buy Now
Questions 161

Elliot is in the process of exploiting a web application that uses SQL as a back-end database. He’s determined that the application is vulnerable to SQL injection, and has introduced conditional timing delays into injected queries to determine whether they are successful. What type of SQL injection is Elliot most likely performing?

Options:

A.

Error-based SQL injection

B.

Blind SQL injection

C.

Union-based SQL injection

D.

NoSQL injection

Buy Now
Questions 162

You receive an e-mail like the one shown below. When you click on the link contained in the mail, you are redirected to a website seeking you to download free Anti-Virus software.

Dear valued customers,

We are pleased to announce the newest version of Antivirus 2010 for Windows which will probe you with total security against the latest spyware, malware, viruses, Trojans and other online threats. Simply visit the link below and enter your antivirus code:

or you may contact us at the following address:

Media Internet Consultants, Edif. Neptuno, Planta

Baja, Ave. Ricardo J. Alfaro, Tumba Muerto, n/a Panama

How will you determine if this is Real Anti-Virus or Fake Anti-Virus website?

Options:

A.

Look at the website design, if it looks professional then it is a Real Anti-Virus website

B.

Connect to the site using SSL, if you are successful then the website is genuine

C.

Search using the URL and Anti-Virus product name into Google and lookout for suspicious warnings against this site

D.

Download and install Anti-Virus software from this suspicious looking site, your Windows 7 will prompt you and stop the installation if the downloaded file is a malware

E.

Download and install Anti-Virus software from this suspicious looking site, your Windows 7 will prompt you and stop the installation if the downloaded file is a malware

Buy Now
Questions 163

What kind of detection techniques is being used in antivirus softwares that identifies malware by collecting data from multiple protected systems and instead of analyzing files locally it's made on the premiers environment-

Options:

A.

VCloud based

B.

Honypot based

C.

Behaviour based

D.

Heuristics based

Buy Now
Questions 164

You are programming a buffer overflow exploit and you want to create a NOP sled of 200 bytes in the program exploit.c

What is the hexadecimal value of NOP instruction?

Options:

A.

0x60

B.

0x80

C.

0x70

D.

0x90

Buy Now
Questions 165

There are multiple cloud deployment options depending on how isolated a customer's resources are from those of other customers. Shared environments share the costs and allow each customer to enjoy lower operations expenses. One solution Is for a customer to Join with a group of users or organizations to share a cloud environment. What is this cloud deployment option called?

Options:

A.

Hybrid

B.

Community

C.

Public

D.

Private

Buy Now
Questions 166

In order to tailor your tests during a web-application scan, you decide to determine which web-server version is hosting the application. On using the sV flag with Nmap. you obtain the following response:

80/tcp open http-proxy Apache Server 7.1.6

what Information-gathering technique does this best describe?

Options:

A.

WhOiS lookup

B.

Banner grabbing

C.

Dictionary attack

D.

Brute forcing

Buy Now
Questions 167

David is a security professional working in an organization, and he is implementing a vulnerability management program in the organization to evaluate and control the risks and vulnerabilities in its IT infrastructure. He is currently executing the process of applying fixes on vulnerable systems to reduce the impact and severity of vulnerabilities. Which phase of the vulnerability-management life cycle is David currently in?

Options:

A.

verification

B.

Risk assessment

C.

Vulnerability scan

D.

Remediation

Buy Now
Questions 168

Nicolas just found a vulnerability on a public-facing system that is considered a zero-day vulnerability. He sent an email to the owner of the public system describing the problem and how the owner can protect themselves from that vulnerability. He also sent an email to Microsoft informing them of the problem that their systems are exposed to. What type of hacker is Nicolas?

Options:

A.

Red hat

B.

white hat

C.

Black hat

D.

Gray hat

Buy Now
Questions 169

Suppose that you test an application for the SQL injection vulnerability. You know that the backend database

is based on Microsoft SQL Server. In the login/password form, you enter the following credentials:

Username: attack' or 1=1 -

Password: 123456

Based on the above credentials, which of the following SQL commands are you expecting to be executed by the server, if there is indeed an SQL injection vulnerability?

Options:

A.

select * from Users where UserName = 'attack'' or 1=1 -- and UserPassword = '123456'

B.

select * from Users where UserName = 'attack' or 1=1 -- and UserPassword = '123456'

C.

select * from Users where UserName = 'attack or 1=1 -- and UserPassword = '123456'

D.

select * from Users where UserName = 'attack' or 1=1 --' and UserPassword = '123456'

Buy Now
Questions 170

There have been concerns in your network that the wireless network component is not sufficiently secure. You perform a vulnerability scan of the wireless network and find that it is using an old encryption protocol that was designed to mimic wired encryption, what encryption protocol is being used?

Options:

A.

WEP

B.

RADIUS

C.

WPA

D.

WPA3

Buy Now
Questions 171

Jim, a professional hacker, targeted an organization that is operating critical Industrial Infrastructure. Jim used Nmap to scan open pons and running services on systems connected to the organization's OT network. He used an Nmap command to identify Ethernet/IP devices connected to the Internet and further gathered Information such as the vendor name, product code and name, device name, and IP address. Which of the following Nmap commands helped Jim retrieve the required information?

Options:

A.

nmap -Pn -sT --scan-delay 1s --max-parallelism 1 -p < Port List > < Target IP >

B.

nmap -Pn -sU -p 44818 --script enip-info < Target IP >

C.

nmap -Pn -sT -p 46824 < Target IP >

D.

nmap -Pn -sT -p 102 --script s7-info < Target IP >

Buy Now
Exam Code: 312-50v12
Exam Name: Certified Ethical Hacker Exam (CEHv12)
Last Update: Oct 2, 2024
Questions: 572
$64  $159.99
$48  $119.99
$40  $99.99
buy now 312-50v12