Weekend Special - 70% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: spcl70

312-50v11 PDF

$33

$109.99

3 Months Free Update

  • Printable Format
  • Value of Money
  • 100% Pass Assurance
  • Verified Answers
  • Researched by Industry Experts
  • Based on Real Exams Scenarios
  • 100% Real Questions

312-50v11 PDF + Testing Engine

$52.8

$175.99

3 Months Free Update

  • Exam Name: Certified Ethical Hacker Exam (CEH v11)
  • Last Update: Dec 8, 2024
  • Questions and Answers: 528
  • Free Real Questions Demo
  • Recommended by Industry Experts
  • Best Economical Package
  • Immediate Access

312-50v11 Engine

$39.6

$131.99

3 Months Free Update

  • Best Testing Engine
  • One Click installation
  • Recommended by Teachers
  • Easy to use
  • 3 Modes of Learning
  • State of Art Technology
  • 100% Real Questions included

312-50v11 Practice Exam Questions with Answers Certified Ethical Hacker Exam (CEH v11) Certification

Question # 6

A pen tester is configuring a Windows laptop for a test. In setting up Wireshark, what river and library

are required to allow the NIC to work in promiscuous mode?

A.

Libpcap

B.

Awinpcap

C.

Winprom

D.

Winpcap

Full Access
Question # 7

jane invites her friends Alice and John over for a LAN party. Alice and John access Jane's wireless network without a password. However. Jane has a long, complex password on her router. What attack has likely occurred?

A.

Wireless sniffing

B.

Piggybacking

C.

Evil twin

D.

Wardriving

Full Access
Question # 8

You are tasked to perform a penetration test. While you are performing information gathering, you find an employee list in Google. You find the receptionist’s email, and you send her an email changing the source email to her boss’s email (boss@company). In this email, you ask for a pdf with information. She reads your email and sends back a pdf with links. You exchange the pdf links with your malicious links (these links contain malware) and send back the modified pdf, saying that the links don’t work. She reads your email, opens the links, and her machine gets infected. You now have access to the company network. What testing method did you use?

A.

Social engineering

B.

Piggybacking

C.

Tailgating

D.

Eavesdropping

Full Access
Question # 9

An attacker can employ many methods to perform social engineering against unsuspecting employees, including scareware.

What is the best example of a scareware attack?

A.

A pop-up appears to a user stating, "You have won a free cruise! Click here to claim your prize!"

B.

A banner appears to a user stating, "Your account has been locked. Click here to reset your password and unlock your account."

C.

A banner appears to a user stating, "Your Amazon order has been delayed. Click here to find out your new delivery date."

D.

A pop-up appears to a user stating, "Your computer may have been infected with spyware. Click here to install an anti-spyware tool to resolve this issue."

Full Access
Question # 10

Tremp is an IT Security Manager, and he is planning to deploy an IDS in his small company. He is looking for an IDS with the following characteristics: - Verifies success or failure of an attack - Monitors system activities Detects attacks that a network-based IDS fails to detect - Near real-time detection and response - Does not require additional hardware - Lower entry cost Which type of IDS is best suited for Tremp's requirements?

A.

Gateway-based IDS

B.

Network-based IDS

C.

Host-based IDS

D.

Open source-based

Full Access
Question # 11

Which Nmap option would you use if you were not concerned about being detected and wanted to perform a very fast scan?

A.

-T5

B.

-O

C.

-T0

D.

-A

Full Access
Question # 12

Suppose that you test an application for the SQL injection vulnerability. You know that the backend database

is based on Microsoft SQL Server. In the login/password form, you enter the following credentials:

Username: attack' or 1=1 -

Password: 123456

Based on the above credentials, which of the following SQL commands are you expecting to be executed by the server, if there is indeed an SQL injection vulnerability?

A.

select * from Users where UserName = ‘attack’ ’ or 1=1 -- and UserPassword = ‘123456’

B.

select * from Users where UserName = ‘attack’ or 1=1 -- and UserPassword = ‘123456’

C.

select * from Users where UserName = ‘attack or 1=1 -- and UserPassword = ‘123456’

D.

select * from Users where UserName = ‘attack’ or 1=1 --’ and UserPassword = ‘123456’

Full Access
Question # 13

Study the following log extract and identify the attack.

312-50v11 question answer

A.

Hexcode Attack

B.

Cross Site Scripting

C.

Multiple Domain Traversal Attack

D.

Unicode Directory Traversal Attack

Full Access
Question # 14

Sam is a penetration tester hired by Inception Tech, a security organization. He was asked to perform port scanning on a target host in the network. While performing the given task, Sam sends FIN/ACK probes and determines that an RST packet is sent in response by the target host, indicating that the port is closed.

What is the port scanning technique used by Sam to discover open ports?

A.

Xmas scan

B.

IDLE/IPID header scan

C.

TCP Maimon scan

D.

ACK flag probe scan

Full Access
Question # 15

Joel, a professional hacker, targeted a company and identified the types of websites frequently visited by its employees. Using this information, he searched for possible loopholes in these websites and injected a malicious script that can redirect users from the web page and download malware onto a victim's machine. Joel waits for the victim to access the infected web application so as to compromise the victim's machine. Which of the following techniques is used by Joel in the above scenario?

A.

DNS rebinding attack

B.

Clickjacking attack

C.

MarioNet attack

D.

Watering hole attack

Full Access
Question # 16

What is the following command used for?

net use \targetipc$ "" /u:""

A.

Grabbing the etc/passwd file

B.

Grabbing the SAM

C.

Connecting to a Linux computer through Samba.

D.

This command is used to connect as a null session

E.

Enumeration of Cisco routers

Full Access
Question # 17

Louis, a professional hacker, had used specialized tools or search engines to encrypt all his browsing activity and navigate anonymously to obtain sensitive/hidden information about official government or federal databases. After gathering the Information, he successfully performed an attack on the target government organization without being traced. Which of the following techniques is described in the above scenario?

A.

Dark web footprinting

B.

VoIP footpnnting

C.

VPN footprinting

D.

website footprinting

Full Access
Question # 18

What is correct about digital signatures?

A.

A digital signature cannot be moved from one signed document to another because it is the hash of the original document encrypted with the private key of the signing party.

B.

Digital signatures may be used in different documents of the same type.

C.

A digital signature cannot be moved from one signed document to another because it is a plain hash of the document content.

D.

Digital signatures are issued once for each user and can be used everywhere until they expire.

Full Access
Question # 19

What tool can crack Windows SMB passwords simply by listening to network traffic?

A.

This is not possible

B.

Netbus

C.

NTFSDOS

D.

L0phtcrack

Full Access
Question # 20

Henry Is a cyber security specialist hired by BlackEye - Cyber security solutions. He was tasked with discovering the operating system (OS) of a host. He used the Unkornscan tool to discover the OS of the target system. As a result, he obtained a TTL value, which Indicates that the target system is running a Windows OS. Identify the TTL value Henry obtained, which indicates that the target OS is Windows.

A.

64

B.

128

C.

255

D.

138

Full Access
Question # 21

Which of the following is a passive wireless packet analyzer that works on Linux-based systems?

A.

Burp Suite

B.

OpenVAS

C.

tshark

D.

Kismet

Full Access
Question # 22

What port number is used by LDAP protocol?

A.

110

B.

389

C.

464

D.

445

Full Access
Question # 23

Scenario1:

1.Victim opens the attacker's web site.

2.Attacker sets up a web site which contains interesting and attractive content like 'Do you want to make

$1000 in a day?'.

3.Victim clicks to the interesting and attractive content URL.

4.Attacker creates a transparent 'iframe' in front of the URL which victim attempts to click, so victim thinks that he/she clicks to the 'Do you want to make $1000 in a day?' URL but actually he/she clicks to the content or URL that exists in the transparent 'iframe' which is setup by the attacker.

What is the name of the attack which is mentioned in the scenario?

A.

Session Fixation

B.

HTML Injection

C.

HTTP Parameter Pollution

D.

Clickjacking Attack

Full Access
Question # 24

You are a security officer of a company. You had an alert from IDS that indicates that one PC on your Intranet is connected to a blacklisted IP address (C2 Server) on the Internet. The IP address was blacklisted just before the alert. You are starting an investigation to roughly analyze the severity of the situation. Which of the following is appropriate to analyze?

A.

IDS log

B.

Event logs on domain controller

C.

Internet Firewall/Proxy log.

D.

Event logs on the PC

Full Access
Question # 25

Sam is working as a system administrator In an organization. He captured the principal characteristics of a vulnerability and produced a numerical score to reflect Its severity using CVSS v3.0 to property assess and prioritize the organization's vulnerability management processes. The base score that Sam obtained after performing cvss rating was 4.0. What is the CVSS severity level of the vulnerability discovered by Sam in the above scenario?

A.

Medium

B.

Low

C.

Critical

D.

High

Full Access
Question # 26

Gerard, a disgruntled ex-employee of Sunglass IT Solutions, targets this organization to perform sophisticated attacks and bring down its reputation in the market. To launch the attacks process, he performed DNS footprinting to gather information about ONS servers and to identify the hosts connected in the target network. He used an automated tool that can retrieve information about DNS zone data including DNS domain names, computer names. IP addresses. DNS records, and network Who is records. He further exploited this information to launch other sophisticated attacks. What is the tool employed by Gerard in the above scenario?

A.

Knative

B.

zANTI

C.

Towelroot

D.

Bluto

Full Access
Question # 27

jane, an ethical hacker. Is testing a target organization's web server and website to identity security loopholes. In this process, she copied the entire website and its content on a local drive to view the complete profile of the site's directory structure, file structure, external links, images, web pages, and so on. This information helps jane map the website's directories and gain valuable information. What is the attack technique employed by Jane in the above scenario?

A.

website mirroring

B.

Session hijacking

C.

Web cache poisoning

D.

Website defacement

Full Access
Question # 28

Alex, a cloud security engineer working in Eyecloud Inc. is tasked with isolating applications from the underlying infrastructure and stimulating communication via well-defined channels. For this purpose, he used an open-source technology that helped him in developing, packaging, and running applications; further, the technology provides PaaS through OS-level visualization, delivers containerized software packages, and promotes fast software delivery. What is the cloud technology employed by Alex in the above scenario?

A.

Virtual machine

B.

Serverless computing

C.

Docker

D.

Zero trust network

Full Access
Question # 29

Which system consists of a publicly available set of databases that contain domain name registration contact information?

A.

WHOIS

B.

CAPTCHA

C.

IANA

D.

IETF

Full Access
Question # 30

You have gained physical access to a Windows 2008 R2 server which has an accessible disc drive. When you attempt to boot the server and log in, you are unable to guess the password. In your toolkit, you have an Ubuntu 9.10 Linux LiveCD. Which Linux-based tool can change any user’s password or activate disabled Windows accounts?

A.

John the Ripper

B.

SET

C.

CHNTPW

D.

Cain & Abel

Full Access
Question # 31

You are analysing traffic on the network with Wireshark. You want to routinely run a cron job which will run the capture against a specific set of IPs - 192.168.8.0/24. What command you would use?

A.

wireshark --fetch ''192.168.8*''

B.

wireshark --capture --local masked 192.168.8.0 ---range 24

C.

tshark -net 192.255.255.255 mask 192.168.8.0

D.

sudo tshark -f''net 192 .68.8.0/24''

Full Access
Question # 32

A newly joined employee. Janet, has been allocated an existing system used by a previous employee. Before issuing the system to Janet, it was assessed by Martin, the administrator. Martin found that there were possibilities of compromise through user directories, registries, and other system parameters. He also Identified vulnerabilities such as native configuration tables, incorrect registry or file permissions, and software configuration errors. What is the type of vulnerability assessment performed by Martin?

A.

Credentialed assessment

B.

Database assessment

C.

Host-based assessment

D.

Distributed assessment

Full Access
Question # 33

How can rainbow tables be defeated?

A.

Use of non-dictionary words

B.

All uppercase character passwords

C.

Password salting

D.

Lockout accounts under brute force password cracking attempts

Full Access
Question # 34

which of the following Bluetooth hacking techniques refers to the theft of information from a wireless device through Bluetooth?

A.

Bluesmacking

B.

Bluebugging

C.

Bluejacking

D.

Bluesnarfing

Full Access
Question # 35

Judy created a forum, one day. she discovers that a user is posting strange images without writing comments.

She immediately calls a security expert, who discovers that the following code is hidden behind those images:

<script>

document.writef); </script>

What issue occurred for the users who clicked on the image?

A.

The code inject a new cookie to the browser.

B.

The code redirects the user to another site.

C.

The code is a virus that is attempting to gather the users username and password.

D.

This php file silently executes the code and grabs the users session cookie and session ID.

Full Access
Question # 36

MX record priority increases as the number increases. (True/False.)

A.

True

B.

False

Full Access
Question # 37

Steve, an attacker, created a fake profile on a social media website and sent a request to Stella. Stella was enthralled by Steve's profile picture and the description given for his profile, and she initiated a conversation with him soon after accepting the request. After a few days. Sieve started asking about her company details and eventually gathered all the essential information regarding her company. What is the social engineering technique Steve employed in the above scenario?

A.

Diversion theft

B.

Baiting

C.

Honey trap

D.

Piggybacking

Full Access
Question # 38

Study the snort rule given below and interpret the rule. alert tcp any any --> 192.168.1.0/24 111

(content:"|00 01 86 a5|"; msG. "mountd access";)

A.

An alert is generated when a TCP packet is generated from any IP on the 192.168.1.0 subnet and destined to any IP on port 111

B.

An alert is generated when any packet other than a TCP packet is seen on the network and destined for the 192.168.1.0 subnet

C.

An alert is generated when a TCP packet is originated from port 111 of any IP address to the 192.168.1.0 subnet

D.

An alert is generated when a TCP packet originating from any IP address is seen on the network and destined for any IP address on the 192.168.1.0 subnet on port 111

Full Access
Question # 39

Bob is acknowledged as a hacker of repute and is popular among visitors of "underground" sites.

Bob is willing to share his knowledge with those who are willing to learn, and many have expressed their interest in learning from him. However, this knowledge has a risk associated with it, as it can be used for malevolent attacks as well.

In this context, what would be the most effective method to bridge the knowledge gap between the "black" hats or crackers and the "white" hats or computer security professionals? (Choose the test answer.)

A.

Educate everyone with books, articles and training on risk analysis, vulnerabilities and safeguards.

B.

Hire more computer security monitoring personnel to monitor computer systems and networks.

C.

Make obtaining either a computer security certification or accreditation easier to achieve so more individuals feel that they are a part of something larger than life.

D.

Train more National Guard and reservist in the art of computer security to help out in times of emergency or crises.

Full Access
Question # 40

What is the minimum number of network connections in a multihomed firewall?

A.

3

B.

5

C.

4

D.

2

Full Access
Question # 41

Larry, a security professional in an organization, has noticed some abnormalities In the user accounts on a web server. To thwart evolving attacks, he decided to harden the security of the web server by adopting a countermeasures to secure the accounts on the web server.

Which of the following countermeasures must Larry implement to secure the user accounts on the web server?

A.

Enable unused default user accounts created during the installation of an OS

B.

Enable all non-interactive accounts that should exist but do not require interactive login

C.

Limit the administrator or toot-level access to the minimum number of users

D.

Retain all unused modules and application extensions

Full Access
Question # 42

if you send a TCP ACK segment to a known closed port on a firewall but it does not respond with an RST. what do you know about the firewall you are scanning?

A.

There is no firewall in place.

B.

This event does not tell you encrypting about the firewall.

C.

It is a stateful firewall

D.

It Is a non-stateful firewall.

Full Access
Question # 43

You are tasked to configure the DHCP server to lease the last 100 usable IP addresses in subnet to. 1.4.0/23. Which of the following IP addresses could be teased as a result of the new configuration?

A.

210.1.55.200

B.

10.1.4.254

C.

10.1.5.200

D.

10.1.4.156

Full Access
Question # 44

What is the most common method to exploit the “Bash Bug” or “Shellshock” vulnerability?

A.

SYN Flood

B.

SSH

C.

Through Web servers utilizing CGI (Common Gateway Interface) to send a malformed environment variable to a vulnerable Web server

D.

Manipulate format strings in text fields

Full Access
Question # 45

You want to analyze packets on your wireless network. Which program would you use?

A.

Wireshark with Airpcap

B.

Airsnort with Airpcap

C.

Wireshark with Winpcap

D.

Ethereal with Winpcap

Full Access
Question # 46

Susan has attached to her company's network. She has managed to synchronize her boss's sessions with that of the file server. She then intercepted his traffic destined for the server, changed it the way she wanted to and then placed it on the server in his home directory.

What kind of attack is Susan carrying on?

A.

A sniffing attack

B.

A spoofing attack

C.

A man in the middle attack

D.

A denial of service attack

Full Access
Question # 47

A Security Engineer at a medium-sized accounting firm has been tasked with discovering how much information can be obtained from the firm’s public facing web servers. The engineer decides to start by using netcat to port 80.

The engineer receives this output:

HTTP/1.1 200 OK

Server: Microsoft-IIS/6

Expires: Tue, 17 Jan 2011 01:41:33 GMT

Date: Mon, 16 Jan 2011 01:41:33 GMT

Content-Type: text/html

Accept-Ranges: bytes

Last Modified: Wed, 28 Dec 2010 15:32:21 GMT

ETag:“b0aac0542e25c31:89d”

Content-Length: 7369

Which of the following is an example of what the engineer performed?

A.

Banner grabbing

B.

SQL injection

C.

Whois database query

D.

Cross-site scripting

Full Access
Question # 48

An attacker runs netcat tool to transfer a secret file between two hosts.

312-50v11 question answer

He is worried about information being sniffed on the network.

How would the attacker use netcat to encrypt the information before transmitting onto the wire?

A.

Machine A: netcat -l -p -s password 1234 < testfileMachine B: netcat 1234

B.

Machine A: netcat -l -e magickey -p 1234 < testfileMachine B: netcat 1234

C.

Machine A: netcat -l -p 1234 < testfile -pw passwordMachine B: netcat 1234 -pw password

D.

Use cryptcat instead of netcat

Full Access
Question # 49

Which among the following is the best example of the third step (delivery) in the cyber kill chain?

A.

An intruder sends a malicious attachment via email to a target.

B.

An intruder creates malware to be used as a malicious attachment to an email.

C.

An intruder's malware is triggered when a target opens a malicious email attachment.

D.

An intruder's malware is installed on a target's machine.

Full Access
Question # 50

Scenario: Joe turns on his home computer to access personal online banking. When he enters the URL www.bank.com. the website is displayed, but it prompts him to re-enter his credentials as if he has never visited the site before. When he examines the website URL closer, he finds that the site is not secure and the web address appears different. What type of attack he is experiencing?.

A.

Dos attack

B.

DHCP spoofing

C.

ARP cache poisoning

D.

DNS hijacking

Full Access
Question # 51

The security team of Debry Inc. decided to upgrade Wi-Fi security to thwart attacks such as dictionary attacks and key recovery attacks. For this purpose, the security team started implementing cutting-edge technology that uses a modern key establishment protocol called the simultaneous authentication of equals (SAE), also known as dragonfly key exchange, which replaces the PSK concept. What is the Wi-Fi encryption technology implemented by Debry Inc.?

A.

WEP

B.

WPA

C.

WPA2

D.

WPA3

Full Access
Question # 52

Which of the following tactics uses malicious code to redirect users' web traffic?

A.

Spimming

B.

Pharming

C.

Phishing

D.

Spear-phishing

Full Access
Question # 53

Leverox Solutions hired Arnold, a security professional, for the threat intelligence process. Arnold collected information about specific threats against the organization. From this information, he retrieved contextual information about security events and incidents that helped him disclose potential risks and gain insight into attacker methodologies. He collected the information from sources such as humans, social media, and chat rooms as well as from events that resulted in cyberattacks. In this process, he also prepared a report that includes identified malicious activities, recommended courses of action, and warnings for emerging attacks. What is the type of threat intelligence collected by Arnold in the above scenario?

A.

Strategic threat intelligence

B.

Tactical threat intelligence

C.

Operational threat intelligence

D.

Technical threat intelligence

Full Access
Question # 54

Which of the following tools can be used for passive OS fingerprinting?

A.

nmap

B.

tcpdump

C.

tracert

D.

ping

Full Access
Question # 55

Which of the following programs is usually targeted at Microsoft Office products?

A.

Polymorphic virus

B.

Multipart virus

C.

Macro virus

D.

Stealth virus

Full Access
Question # 56

You need to deploy a new web-based software package for your organization. The package requires three separate servers and needs to be available on the Internet. What is the recommended architecture in terms of server placement?

A.

All three servers need to be placed internally

B.

A web server facing the Internet, an application server on the internal network, a database server on the internal network

C.

A web server and the database server facing the Internet, an application server on the internal network

D.

All three servers need to face the Internet so that they can communicate between themselves

Full Access
Question # 57

Which rootkit is characterized by its function of adding code and/or replacing some of the operating-system kernel code to obscure a backdoor on a system?

A.

User-mode rootkit

B.

Library-level rootkit

C.

Kernel-level rootkit

D.

Hypervisor-level rootkit

Full Access
Question # 58

What is the purpose of a demilitarized zone on a network?

A.

To scan all traffic coming through the DMZ to the internal network

B.

To only provide direct access to the nodes within the DMZ and protect the network behind it

C.

To provide a place to put the honeypot

D.

To contain the network devices you wish to protect

Full Access
Question # 59

You have successfully logged on a Linux system. You want to now cover your trade Your login attempt may be logged on several files located in /var/log. Which file does NOT belongs to the list:

A.

user.log

B.

auth.fesg

C.

wtmp

D.

btmp

Full Access
Question # 60

A penetration tester is performing the footprinting process and is reviewing publicly available information about an organization by using the Google search engine.

Which of the following advanced operators would allow the pen tester to restrict the search to the organization’s web domain?

A.

[allinurl:]

B.

[location:]

C.

[site:]

D.

[link:]

Full Access
Question # 61

Which Nmap switch helps evade IDS or firewalls?

A.

-n/-R

B.

-0N/-0X/-0G

C.

-T

D.

-D

Full Access
Question # 62

An organization decided to harden its security against web-application and web-server attacks. John, a security personnel in the organization, employed a security scanner to automate web-application security testing and to guard the organization's web infrastructure against web-application threats. Using that tool, he also wants to detect XSS, directory transversal problems, fault injection, SQL injection, attempts to execute commands, and several other attacks. Which of the following security scanners will help John perform the above task?

A.

AlienVault®OSSIM™

B.

Syhunt Hybrid

C.

Saleae Logic Analyzer

D.

Cisco ASA

Full Access
Question # 63

While using your bank’s online servicing you notice the following string in the URL bar:

“http: // www. MyPersonalBank. com/ account?id=368940911028389 &Damount=10980&Camount=21”

You observe that if you modify the Damount & Camount values and submit the request, that data on the web page reflects the changes.

Which type of vulnerability is present on this site?

A.

Cookie Tampering

B.

SQL Injection

C.

Web Parameter Tampering

D.

XSS Reflection

Full Access
Question # 64

Which of the following Bluetooth hacking techniques does an attacker use to send messages to users without the recipient’s consent, similar to email spamming?

A.

Bluesmacking

B.

BlueSniffing

C.

Bluejacking

D.

Bluesnarfing

Full Access
Question # 65

Which of the following describes the characteristics of a Boot Sector Virus?

A.

Modifies directory table entries so that directory entries point to the virus code instead of the actual program.

B.

Moves the MBR to another location on the RAM and copies itself to the original location of the MBR.

C.

Moves the MBR to another location on the hard disk and copies itself to the original location of the MBR.

D.

Overwrites the original MBR and only executes the new virus code.

Full Access
Question # 66

An attacker utilizes a Wi-Fi Pineapple to run an access point with a legitimate-looking SSID for a nearby business in order to capture the wireless password. What kind of attack is this?

A.

MAC spoofing attack

B.

Evil-twin attack

C.

War driving attack

D.

Phishing attack

Full Access
Question # 67

John is an incident handler at a financial institution. His steps in a recent incident are not up to the standards of the company. John frequently forgets some steps and procedures while handling responses as they are very stressful to perform. Which of the following actions should John take to overcome this problem with the least administrative effort?

A.

Create an incident checklist.

B.

Select someone else to check the procedures.

C.

Increase his technical skills.

D.

Read the incident manual every time it occurs.

Full Access
Question # 68

These hackers have limited or no training and know how to use only basic techniques or tools.

What kind of hackers are we talking about?

A.

Black-Hat Hackers A

B.

Script Kiddies

C.

White-Hat Hackers

D.

Gray-Hat Hacker

Full Access
Question # 69

Which of the following statements is TRUE?

A.

Packet Sniffers operate on the Layer 1 of the OSI model.

B.

Packet Sniffers operate on Layer 2 of the OSI model.

C.

Packet Sniffers operate on both Layer 2 & Layer 3 of the OSI model.

D.

Packet Sniffers operate on Layer 3 of the OSI model.

Full Access
Question # 70

An LDAP directory can be used to store information similar to a SQL database. LDAP uses a _____ database structure instead of SQL’s _____ structure. Because of this, LDAP has difficulty representing many-to-one relationships.

A.

Relational, Hierarchical

B.

Strict, Abstract

C.

Hierarchical, Relational

D.

Simple, Complex

Full Access
Question # 71

Jude, a pen tester working in Keiltech Ltd., performs sophisticated security testing on his company's network infrastructure to identify security loopholes. In this process, he started to circumvent the network protection tools and firewalls used in the company. He employed a technique that can create forged TCP sessions by carrying out multiple SYN, ACK, and RST or FIN packets. Further, this process allowed Jude to execute DDoS attacks that can exhaust the network resources. What is the attack technique used by Jude for finding loopholes in the above scenario?

A.

UDP flood attack

B.

Ping-of-death attack

C.

Spoofed session flood attack

D.

Peer-to-peer attack

Full Access
Question # 72

What is the algorithm used by LM for Windows2000 SAM?

A.

MD4

B.

DES

C.

SHA

D.

SSL

Full Access
Question # 73

Bob received this text message on his mobile phone: “Hello, this is Scott Smelby from the Yahoo Bank. Kindly contact me for a vital transaction on: scottsmelby@yahoo.com”. Which statement below is true?

A.

This is a scam as everybody can get a @yahoo address, not the Yahoo customer service employees.

B.

This is a scam because Bob does not know Scott.

C.

Bob should write to scottmelby@yahoo.com to verify the identity of Scott.

D.

This is probably a legitimate message as it comes from a respectable organization.

Full Access
Question # 74

Which of the following commands checks for valid users on an SMTP server?

A.

RCPT

B.

CHK

C.

VRFY

D.

EXPN

Full Access
Question # 75

Which of the following incident handling process phases is responsible for defining rules, collaborating human workforce, creating a back-up plan, and testing the plans for an organization?

A.

Preparation phase

B.

Containment phase

C.

Identification phase

D.

Recovery phase

Full Access
Question # 76

Null sessions are un-authenticated connections (not using a username or password.) to an NT or 2000 system. Which TCP and UDP ports must you filter to check null sessions on your network?

A.

137 and 139

B.

137 and 443

C.

139 and 443

D.

139 and 445

Full Access
Question # 77

Which of the following program infects the system boot sector and the executable files at the same time?

A.

Polymorphic virus

B.

Stealth virus

C.

Multipartite Virus

D.

Macro virus

Full Access
Question # 78

An attacker decided to crack the passwords used by industrial control systems. In this process, he employed a loop strategy to recover these passwords. He used one character at a time to check whether the first character entered is correct; if so, he continued the loop for consecutive characters. If not, he terminated the loop. Furthermore, the attacker checked how much time the device took to finish one complete password authentication process, through which he deduced how many characters entered are correct.

What is the attack technique employed by the attacker to crack the passwords of the industrial control systems?

A.

Side-channel attack

B.

Denial-of-service attack

C.

HMI-based attack

D.

Buffer overflow attack

Full Access
Question # 79

What does the following command in netcat do?

nc -l -u -p55555 < /etc/passwd

A.

logs the incoming connections to /etc/passwd file

B.

loads the /etc/passwd file to the UDP port 55555

C.

grabs the /etc/passwd file when connected to UDP port 55555

D.

deletes the /etc/passwd file when connected to the UDP port 55555

Full Access
Question # 80

Which DNS resource record can indicate how long any "DNS poisoning" could last?

A.

MX

B.

SOA

C.

NS

D.

TIMEOUT

Full Access
Question # 81

You have compromised a server and successfully gained a root access. You want to pivot and pass traffic undetected over the network and evade any possible Intrusion Detection System. What is the best approach?

A.

Use Alternate Data Streams to hide the outgoing packets from this server.

B.

Use HTTP so that all traffic can be routed vis a browser, thus evading the internal Intrusion Detection Systems.

C.

Install Cryptcat and encrypt outgoing packets from this server.

D.

Install and use Telnet to encrypt all outgoing traffic from this server.

Full Access
Question # 82

Robin, a professional hacker, targeted an organization's network to sniff all the traffic. During this process.

Robin plugged in a rogue switch to an unused port in the LAN with a priority lower than any other switch in the network so that he could make it a root bridge that will later allow him to sniff all the traffic in the network.

What is the attack performed by Robin in the above scenario?

A.

ARP spoofing attack

B.

VLAN hopping attack

C.

DNS poisoning attack

D.

STP attack

Full Access
Question # 83

An attacker with access to the inside network of a small company launches a successful STP manipulation attack. What will he do next?

A.

He will create a SPAN entry on the spoofed root bridge and redirect traffic to his computer.

B.

He will activate OSPF on the spoofed root bridge.

C.

He will repeat this action so that it escalates to a DoS attack.

D.

He will repeat the same attack against all L2 switches of the network.

Full Access
Question # 84

What is the proper response for a NULL scan if the port is open?

A.

SYN

B.

ACK

C.

FIN

D.

PSH

E.

RST

F.

No response

Full Access
Question # 85

A friend of yours tells you that he downloaded and executed a file that was sent to him by a coworker. Since the file did nothing when executed, he asks you for help because he suspects that he may have installed a trojan on his computer.

what tests would you perform to determine whether his computer Is Infected?

A.

Use ExifTool and check for malicious content.

B.

You do not check; rather, you immediately restore a previous snapshot of the operating system.

C.

Upload the file to VirusTotal.

D.

Use netstat and check for outgoing connections to strange IP addresses or domains.

Full Access
Question # 86

You are trying to break into a highly classified top-secret mainframe computer with highest security system in place at Merclyn Barley Bank located in Los Angeles.

You know that conventional hacking doesn't work in this case, because organizations such as banks are generally tight and secure when it comes to protecting their systems.

In other words, you are trying to penetrate an otherwise impenetrable system.

How would you proceed?

A.

Look for "zero-day" exploits at various underground hacker websites in Russia and China and buy the necessary exploits from these hackers and target the bank's network

B.

Try to hang around the local pubs or restaurants near the bank, get talking to a poorly-paid or disgruntled employee, and offer them money if they'll abuse their access privileges by providing you with sensitive information

C.

Launch DDOS attacks against Merclyn Barley Bank's routers and firewall systems using 100, 000 or more "zombies" and "bots"

D.

Try to conduct Man-in-the-Middle (MiTM) attack and divert the network traffic going to the Merclyn Barley Bank's Webserver to that of your machine using DNS Cache Poisoning techniques

Full Access
Question # 87

Which of the following types of SQL injection attacks extends the results returned by the original query, enabling attackers to run two or more statements if they have the same structure as the original one?

A.

Error-based injection

B.

Boolean-based blind SQL injection

C.

Blind SQL injection

D.

Union SQL injection

Full Access
Question # 88

You have successfully comprised a server having an IP address of 10.10.0.5. You would like to enumerate all machines in the same network quickly.

What is the best Nmap command you will use? A. nmap -T4 -q 10.10.0.0/24

B. nmap -T4 -F 10.10.0.0/24 C. nmap -T4 -r 10.10.1.0/24 D. nmap -T4 -O 10.10.0.0/24

Full Access
Question # 89

Elliot is in the process of exploiting a web application that uses SQL as a back-end database. He’s determined that the application is vulnerable to SQL injection, and has introduced conditional timing delays into injected queries to determine whether they are successful. What type of SQL injection is Elliot most likely performing?

A.

Error-based SQL injection

B.

Blind SQL injection

C.

Union-based SQL injection

D.

NoSQL injection

Full Access
Question # 90

You have compromised a server on a network and successfully opened a shell. You aimed to identify all operating systems running on the network. However, as you attempt to fingerprint all machines in the network using the nmap syntax below, it is not going through.

invictus@victim_server.~$ nmap -T4 -O 10.10.0.0/24 TCP/IP fingerprinting (for OS scan) xxxxxxx xxxxxx xxxxxxxxx. QUITTING!

What seems to be wrong?

A.

The nmap syntax is wrong.

B.

This is a common behavior for a corrupted nmap application.

C.

The outgoing TCP/IP fingerprinting is blocked by the host firewall.

D.

OS Scan requires root privileges.

Full Access
Question # 91

which type of virus can change its own code and then cipher itself multiple times as it replicates?

A.

Stealth virus

B.

Tunneling virus

C.

Cavity virus

D.

Encryption virus

Full Access
Question # 92

Which Metasploit Framework tool can help penetration tester for evading Anti-virus Systems?

A.

msfpayload

B.

msfcli

C.

msfd

D.

msfencode

Full Access
Question # 93

An unauthorized individual enters a building following an employee through the employee entrance after the lunch rush. What type of breach has the individual just performed?

A.

Reverse Social Engineering

B.

Tailgating

C.

Piggybacking

D.

Announced

Full Access
Question # 94

is a set of extensions to DNS that provide the origin authentication of DNS data to DNS clients (resolvers) so as to reduce the threat of DNS poisoning, spoofing, and similar types of attacks.

A.

DNSSEC

B.

Resource records

C.

Resource transfer

D.

Zone transfer

Full Access
Question # 95

Your company performs penetration tests and security assessments for small and medium-sized business in the local area. During a routine security assessment, you discover information that suggests your client is involved with human trafficking.

What should you do?

A.

Confront the client in a respectful manner and ask her about the data.

B.

Copy the data to removable media and keep it in case you need it.

C.

Ignore the data and continue the assessment until completed as agreed.

D.

Immediately stop work and contact the proper legal authorities.

Full Access
Question # 96

Shellshock allowed an unauthorized user to gain access to a server. It affected many Internet-facing services, which OS did it not directly affect?

A.

Linux

B.

Unix

C.

OS X

D.

Windows

Full Access
Question # 97

What would you enter if you wanted to perform a stealth scan using Nmap?

A.

nmap -sM

B.

nmap -sU

C.

nmap -sS

D.

nmap -sT

Full Access
Question # 98

Which of the following is a low-tech way of gaining unauthorized access to systems?

A.

Social Engineering

B.

Eavesdropping

C.

Scanning

D.

Sniffing

Full Access
Question # 99

Steve, a scientist who works in a governmental security agency, developed a technological solution to identify people based on walking patterns and implemented this approach to a physical control access.

A camera captures people walking and identifies the individuals using Steve’s approach.

After that, people must approximate their RFID badges. Both the identifications are required to open the door. In this case, we can say:

A.

Although the approach has two phases, it actually implements just one authentication factor

B.

The solution implements the two authentication factors: physical object and physical characteristic

C.

The solution will have a high level of false positives

D.

Biological motion cannot be used to identify people

Full Access
Question # 100

You need a tool that can do network intrusion prevention and intrusion detection, function as a network sniffer, and record network activity, what tool would you most likely select?

A.

Nmap

B.

Cain & Abel

C.

Nessus

D.

Snort

Full Access
Question # 101

Peter is surfing the internet looking for information about DX Company. Which hacking process is Peter doing?

A.

Scanning

B.

Footprinting

C.

Enumeration

D.

System Hacking

Full Access
Question # 102

When purchasing a biometric system, one of the considerations that should be reviewed is the processing speed. Which of the following best describes what it is meant by processing?

A.

The amount of time and resources that are necessary to maintain a biometric system

B.

How long it takes to setup individual user accounts

C.

The amount of time it takes to be either accepted or rejected from when an individual provides identification and authentication information

D.

The amount of time it takes to convert biometric data into a template on a smart card

Full Access
Question # 103

You have retrieved the raw hash values from a Windows 2000 Domain Controller. Using social engineering, you come to know that they are enforcing strong passwords. You understand that all users are required to use passwords that are at least 8 characters in length. All passwords must also use 3 of the 4 following categories: lower case letters, capital letters, numbers and special characters. With your existing knowledge of users, likely user account names and the possibility that they will choose the easiest passwords possible, what would be the fastest type of password cracking attack you can run against these hash values and still get results?

A.

Online Attack

B.

Dictionary Attack

C.

Brute Force Attack

D.

Hybrid Attack

Full Access
Question # 104

What is the purpose of DNS AAAA record?

A.

Authorization, Authentication and Auditing record

B.

Address prefix record

C.

Address database record

D.

IPv6 address resolution record

Full Access
Question # 105

To create a botnet. the attacker can use several techniques to scan vulnerable machines. The attacker first collects Information about a large number of vulnerable machines to create a list. Subsequently, they infect the machines. The list Is divided by assigning half of the list to the newly compromised machines. The scanning process runs simultaneously. This technique ensures the spreading and installation of malicious code in little time.

Which technique is discussed here?

A.

Hit-list-scanning technique

B.

Topological scanning technique

C.

Subnet scanning technique

D.

Permutation scanning technique

Full Access
Question # 106

Garry is a network administrator in an organization. He uses SNMP to manage networked devices from a remote location. To manage nodes in the network, he uses MIB. which contains formal descriptions of all network objects managed by SNMP. He accesses the contents of MIB by using a web browser either by entering the IP address and Lseries.mlb or by entering the DNS library name and Lseries.mlb. He is currently retrieving information from an MIB that contains object types for workstations and server services. Which of the following types of MIB is accessed by Garry in the above scenario?

A.

LNMIB2.MIB

B.

WINS.MIB

C.

DHCP.MIS

D.

MIB_II.MIB

Full Access
Question # 107

The change of a hard drive failure is once every three years. The cost to buy a new hard drive is $300. It will require 10 hours to restore the OS and software to the new hard disk. It will require a further 4 hours to restore the database from the last backup to the new hard disk. The recovery person earns $10/hour. Calculate the SLE, ARO, and ALE. Assume the EF = 1(100%). What is the closest approximate cost of this replacement and recovery operation per year?

A.

$1320

B.

$440

C.

$100

D.

$146

Full Access
Question # 108

Which of the following scanning method splits the TCP header into several packets and makes it difficult for packet filters to detect the purpose of the packet?

A.

ACK flag probe scanning

B.

ICMP Echo scanning

C.

SYN/FIN scanning using IP fragments

D.

IPID scanning

Full Access
Question # 109

Henry is a penetration tester who works for XYZ organization. While performing enumeration on a client organization, he queries the DNS server for a specific cached DNS record. Further, by using this cached record, he determines the sites recently visited by the organization's user. What is the enumeration technique used by Henry on the organization?

A.

DNS zone walking

B.

DNS cache snooping

C.

DNS SEC zone walking

D.

DNS cache poisoning

Full Access
Question # 110

Matthew, a black hat, has managed to open a meterpreter session to one of the kiosk machines in Evil Corp’s lobby. He checks his current SID, which is S-1-5-21-1223352397-1872883824-861252104-501. What needs to happen before Matthew has full administrator access?

A.

He must perform privilege escalation.

B.

He needs to disable antivirus protection.

C.

He needs to gain physical access.

D.

He already has admin privileges, as shown by the “501” at the end of the SID.

Full Access
Question # 111

What useful information is gathered during a successful Simple Mail Transfer Protocol (SMTP) enumeration?

A.

The two internal commands VRFY and EXPN provide a confirmation of valid users, email addresses, aliases, and mailing lists.

B.

Reveals the daily outgoing message limits before mailboxes are locked

C.

The internal command RCPT provides a list of ports open to message traffic.

D.

A list of all mail proxy server addresses used by the targeted host

Full Access
Question # 112

An attacker changes the profile information of a particular user (victim) on the target website. The attacker uses this string to update the victim’s profile to a text file and then submit the data to the attacker’s database.

< iframe src=““http://www.vulnweb.com/updateif.php”” style=““display:none”” > < /iframe >

What is this type of attack (that can use either HTTP GET or HTTP POST) called?

A.

Browser Hacking

B.

Cross-Site Scripting

C.

SQL Injection

D.

Cross-Site Request Forgery

Full Access
Question # 113

What is the role of test automation in security testing?

A.

It is an option but it tends to be very expensive.

B.

It should be used exclusively. Manual testing is outdated because of low speed and possible test setup inconsistencies.

C.

Test automation is not usable in security due to the complexity of the tests.

D.

It can accelerate benchmark tests and repeat them with a consistent test setup. But it cannot replace manual testing completely.

Full Access
Question # 114

What kind of detection techniques is being used in antivirus software that identifies malware by collecting data from multiple protected systems and instead of analyzing files locally it’s made on the provider’s environment?

A.

Behavioral based

B.

Heuristics based

C.

Honeypot based

D.

Cloud based

Full Access
Question # 115

Although FTP traffic is not encrypted by default, which layer 3 protocol would allow for end-to-end encryption of the connection?

A.

SFTP

B.

Ipsec

C.

SSL

D.

FTPS

Full Access
Question # 116

While performing an Nmap scan against a host, Paola determines the existence of a firewall. In an attempt to determine whether the firewall is stateful or stateless, which of the following options would be best to use?

A.

-sA

B.

-sX

C.

-sT

D.

-sF

Full Access
Question # 117

Fingerprinting an Operating System helps a cracker because:

A.

It defines exactly what software you have installed

B.

It opens a security-delayed window based on the port being scanned

C.

It doesn't depend on the patches that have been applied to fix existing security holes

D.

It informs the cracker of which vulnerabilities he may be able to exploit on your system

Full Access
Question # 118

A post-breach forensic investigation revealed that a known vulnerability in Apache Struts was to blame for the Equifax data breach that affected 143 million customers. A fix was available from the software vendor for several months prior 10 the Intrusion. This Is likely a failure in which of the following security processes?

A.

vendor risk management

B.

Security awareness training

C.

Secure deployment lifecycle

D.

Patch management

Full Access
Question # 119

What type of virus is most likely to remain undetected by antivirus software?

A.

Cavity virus

B.

Stealth virus

C.

File-extension virus

D.

Macro virus

Full Access
Question # 120

Gregory, a professional penetration tester working at Sys Security Ltd., is tasked with performing a security test of web applications used in the company. For this purpose, Gregory uses a tool to test for any security loopholes by hijacking a session between a client and server. This tool has a feature of intercepting proxy that can be used to inspect and modify the traffic between the browser and target application. This tool can also perform customized attacks and can be used to test the randomness of session tokens. Which of the following tools is used by Gregory in the above scenario?

A.

Nmap

B.

Burp Suite

C.

CxSAST

D.

Wireshark

Full Access
Question # 121

in an attempt to increase the security of your network, you Implement a solution that will help keep your wireless network undiscoverable and accessible only to those that know It. How do you accomplish this?

A.

Delete the wireless network

B.

Remove all passwords

C.

Lock all users

D.

Disable SSID broadcasting

Full Access
Question # 122

Cross-site request forgery involves:

A.

A request sent by a malicious user from a browser to a server

B.

Modification of a request by a proxy between client and server

C.

A browser making a request to a server without the user’s knowledge

D.

A server making a request to another server without the user’s knowledge

Full Access
Question # 123

When analyzing the IDS logs, the system administrator noticed an alert was logged when the external router was accessed from the administrator’s Computer to update the router configuration. What type of an alert is this?

A.

False negative

B.

True negative

C.

True positive

D.

False positive

Full Access
Question # 124

In Trojan terminology, what is a covert channel?

312-50v11 question answer

A.

A channel that transfers information within a computer system or network in a way that violates the security policy

B.

A legitimate communication path within a computer system or network for transfer of data

C.

It is a kernel operation that hides boot processes and services to mask detection

D.

It is Reverse tunneling technique that uses HTTPS protocol instead of HTTP protocol to establish connections

Full Access
Question # 125

Take a look at the following attack on a Web Server using obstructed URL:

312-50v11 question answer

How would you protect from these attacks?

A.

Configure the Web Server to deny requests involving "hex encoded" characters

B.

Create rules in IDS to alert on strange Unicode requests

C.

Use SSL authentication on Web Servers

D.

Enable Active Scripts Detection at the firewall and routers

Full Access
Question # 126

Heather’s company has decided to use a new customer relationship management tool. After performing the appropriate research, they decided to purchase a subscription to a cloud-hosted solution. The only administrative task that Heather will need to perform is the management of user accounts. The provider will take care of the hardware, operating system, and software administration including patching and monitoring. Which of the following is this type of solution?

A.

SaaS

B.

IaaS

C.

CaaS

D.

PasS

Full Access
Question # 127

Insecure direct object reference is a type of vulnerability where the application does not verify if the user is authorized to access the internal object via its name or key. Suppose a malicious user Rob tries to get access to the account of a benign user Ned.

Which of the following requests best illustrates an attempt to exploit an insecure direct object reference vulnerability?

A.

“GET /restricted/goldtransfer?to=Rob&from=1 or 1=1’ HTTP/1.1Host: westbank.com”

B.

“GET /restricted/\r\n\%00account%00Ned%00access HTTP/1.1 Host: westbank.com”

C.

“GET /restricted/accounts/?name=Ned HTTP/1.1 Host westbank.com”

D.

“GET /restricted/ HTTP/1.1 Host: westbank.com

Full Access
Question # 128

Which of the following Linux commands will resolve a domain name into IP address?

A.

>host-t a hackeddomain.com

B.

>host-t ns hackeddomain.com

C.

>host -t soa hackeddomain.com

D.

>host -t AXFR hackeddomain.com

Full Access
Question # 129

CyberTech Inc. recently experienced SQL injection attacks on its official website. The company appointed Bob, a security professional, to build and incorporate defensive strategies against such attacks. Bob adopted a practice whereby only a list of entities such as the data type, range, size, and value, which have been approved for secured access, is accepted. What is the defensive technique employed by Bob in the above scenario?

A.

Output encoding

B.

Enforce least privileges

C.

Whitelist validation

D.

Blacklist validation

Full Access
Question # 130

John, a professional hacker, targeted CyberSol Inc., an MNC. He decided to discover the loT devices connected in the target network that are using default credentials and are vulnerable to various hijacking attacks. For this purpose, he used an automated tool to scan the target network for specific types of loT devices and detect whether they are using the default, factory-set credentials. What is the tool employed by John in the above scenario?

A.

loTSeeker

B.

loT Inspector

C.

AT&T loT Platform

D.

Azure loT Central

Full Access
Question # 131

E-mail scams and mail fraud are regulated by which of the following?

A.

18 U.S.C. par. 1030 Fraud and Related activity in connection with Computers

B.

18 U.S.C. par. 1029 Fraud and Related activity in connection with Access Devices

C.

18 U.S.C. par. 1362 Communication Lines, Stations, or Systems

D.

18 U.S.C. par. 2510 Wire and Electronic Communications Interception and Interception of Oral Communication

Full Access
Question # 132

An Internet Service Provider (ISP) has a need to authenticate users connecting via analog modems, Digital Subscriber Lines (DSL), wireless data services, and Virtual Private Networks (VPN) over a Frame Relay network.

Which AAA protocol is the most likely able to handle this requirement?

A.

TACACS+

B.

DIAMETER

C.

Kerberos

D.

RADIUS

Full Access
Question # 133

Robert, a professional hacker, is attempting to execute a fault injection attack on a target IoT device. In this process, he injects faults into the power supply that can be used for remote execution, also causing the skipping of key instructions. He also injects faults into the clock network used for delivering a synchronized signal across the chip.

Which of the following types of fault injection attack is performed by Robert in the above scenario?

A.

Frequency/voltage tampering

B.

Optical, electromagnetic fault injection (EMFI)

C.

Temperature attack

D.

Power/clock/reset glitching

Full Access
Question # 134

Let's imagine three companies (A, B and C), all competing in a challenging global environment. Company A and B are working together in developing a product that will generate a major competitive advantage for them. Company A has a secure DNS server while company B has a DNS server vulnerable to spoofing. With a spoofing attack on the DNS server of company B, company C gains access to outgoing e-mails from company B. How do you prevent DNS spoofing?

A.

Install DNS logger and track vulnerable packets

B.

Disable DNS timeouts

C.

Install DNS Anti-spoofing

D.

Disable DNS Zone Transfer

Full Access
Question # 135

Firewalk has just completed the second phase (the scanning phase) and a technician receives the output shown below. What conclusions can be drawn based on these scan results?

TCP port 21 no response

TCP port 22 no response

TCP port 23 Time-to-live exceeded

A.

The lack of response from ports 21 and 22 indicate that those services are not running on the destination server

B.

The scan on port 23 was able to make a connection to the destination host prompting the firewall to respond with a TTL error

C.

The scan on port 23 passed through the filtering device. This indicates that port 23 was not blocked at the firewall

D.

The firewall itself is blocking ports 21 through 23 and a service is listening on port 23 of the target host

Full Access
Question # 136

While performing online banking using a Web browser, a user receives an email that contains a link to an interesting Web site. When the user clicks on the link, another Web browser session starts and displays a video of cats playing a piano. The next business day, the user receives what looks like an email from his bank, indicating that his bank account has been accessed from a foreign country. The email asks the user to call his bank and verify the authorization of a funds transfer that took place. What Web browser-based security vulnerability was exploited to compromise the user?

A.

Clickjacking

B.

Cross-Site Scripting

C.

Cross-Site Request Forgery

D.

Web form input validation

Full Access
Question # 137

After an audit, the auditors Inform you that there is a critical finding that you must tackle Immediately. You read the audit report, and the problem is the service running on port 389. Which service Is this and how can you tackle the problem?

A.

The service is LDAP. and you must change it to 636. which is LDPAPS.

B.

The service is NTP. and you have to change It from UDP to TCP in order to encrypt it

C.

The findings do not require immediate actions and are only suggestions.

D.

The service is SMTP, and you must change it to SMIME. which is an encrypted way to send emails.

Full Access
Question # 138

What is the file that determines the basic configuration (specifically activities, services, broadcast receivers, etc.) in an Android application?

A.

AndroidManifest.xml

B.

APK.info

C.

resources.asrc

D.

classes.dex

Full Access
Question # 139

BitLocker encryption has been implemented for all the Windows-based computers in an organization. You are concerned that someone might lose their cryptographic key. Therefore, a mechanism was implemented to recover the keys from Active Directory. What is this mechanism called in cryptography?

A.

Key archival

B.

Key escrow.

C.

Certificate rollover

D.

Key renewal

Full Access
Question # 140

In an internal security audit, the white hat hacker gains control over a user account and attempts to acquire access to another account's confidential files and information. How can he achieve this?

A.

Privilege Escalation

B.

Shoulder-Surfing

C.

Hacking Active Directory

D.

Port Scanning

Full Access
Question # 141

During the enumeration phase. Lawrence performs banner grabbing to obtain information such as OS details and versions of services running. The service that he enumerated runs directly on TCP port 445.

Which of the following services is enumerated by Lawrence in this scenario?

A.

Server Message Block (SMB)

B.

Network File System (NFS)

C.

Remote procedure call (RPC)

D.

Telnet

Full Access
Question # 142

Why containers are less secure that virtual machines?

A.

Host OS on containers has a larger surface attack.

B.

Containers may full fill disk space of the host.

C.

A compromise container may cause a CPU starvation of the host.

D.

Containers are attached to the same virtual network.

Full Access
Question # 143

What does a firewall check to prevent particular ports and applications from getting packets into an organization?

A.

Transport layer port numbers and application layer headers

B.

Presentation layer headers and the session layer port numbers

C.

Network layer headers and the session layer port numbers

D.

Application layer port numbers and the transport layer headers

Full Access
Question # 144

Boney, a professional hacker, targets an organization for financial benefits. He performs an attack by sending his session ID using an MITM attack technique. Boney first obtains a valid session ID by logging into a service and later feeds the same session 10 to the target employee. The session ID links the target employee to Boneys account page without disclosing any information to the victim. When the target employee clicks on the link, all the sensitive payment details entered in a form are linked to Boneys account. What is the attack performed by Boney in the above scenario?

A.

Session donation attack

B.

Session fixation attack

C.

Forbidden attack

D.

CRIME attack

Full Access
Question # 145

OpenSSL on Linux servers includes a command line tool for testing TLS. What is the name of the tool and the correct syntax to connect to a web server?

A.

openssl s_client -site www.website.com:443

B.

openssl_client -site www.website.com:443

C.

openssl s_client -connect www.website.com:443

D.

openssl_client -connect www.website.com:443

Full Access
Question # 146

Robin, an attacker, is attempting to bypass the firewalls of an organization through the DNS tunneling method in order to exfiltrate data. He is using the NSTX tool for bypassing the firewalls. On which of the following ports should Robin run the NSTX tool?

A.

Port 53

B.

Port 23

C.

Port 50

D.

Port 80

Full Access
Question # 147

To reach a bank web site, the traffic from workstations must pass through a firewall. You have been asked to review the firewall configuration to ensure that workstations in network 10.10.10.0/24 can only reach the bank web site 10.20.20.1 using https. Which of the following firewall rules meets this requirement?

A.

If (source matches 10.10.10.0/24 and destination matches 10.20.20.1 and port matches 443) then permit

B.

If (source matches 10.10.10.0/24 and destination matches 10.20.20.1 and port matches 80 or 443) then permit

C.

If (source matches 10.20.20.1 and destination matches 10.10.10.0/24 and port matches 443) then permit

D.

If (source matches 10.10.10.0 and destination matches 10.20.20.1 and port matches 443) then permit

Full Access
Question # 148

Thomas, a cloud security professional, is performing security assessment on cloud services to identify any loopholes. He detects a vulnerability in a bare-metal cloud server that can enable hackers to implant malicious backdoors in its firmware. He also identified that an installed backdoor can persist even if the server is reallocated to new clients or businesses that use it as an laaS.

What is the type of cloud attack that can be performed by exploiting the vulnerability discussed in the above scenario?

A.

Man-in-the-cloud (MITC) attack

B.

Cloud cryptojacking

C.

Cloudborne attack

D.

Metadata spoofing attack

Full Access
Question # 149

John, a professional hacker, decided to use DNS to perform data exfiltration on a target network, in this process, he embedded malicious data into the DNS protocol packets that even DNSSEC cannot detect. Using this technique. John successfully injected malware to bypass a firewall and maintained communication with the victim machine and C&C server. What is the technique employed by John to bypass the firewall?

A.

DNS cache snooping

B.

DNSSEC zone walking

C.

DNS tunneling method

D.

DNS enumeration

Full Access
Question # 150

Peter, a Network Administrator, has come to you looking for advice on a tool that would help him perform SNMP enquires over the network.

Which of these tools would do the SNMP enumeration he is looking for? Select the best answers.

A.

SNMPUtil

B.

SNScan

C.

SNMPScan

D.

Solarwinds IP Network Browser

E.

NMap

Full Access
Question # 151

Jim’s company regularly performs backups of their critical servers. But the company cannot afford to send backup tapes to an off-site vendor for long-term storage and archiving. Instead, Jim’s company keeps the backup tapes in a safe in the office. Jim’s company is audited each year, and the results from this year’s audit show a risk because backup tapes are not stored off-site. The Manager of Information Technology has a plan to take the backup tapes home with him and wants to know what two things he can do to secure the backup tapes while in transit?

A.

Encrypt the backup tapes and transport them in a lock box.

B.

Degauss the backup tapes and transport them in a lock box.

C.

Hash the backup tapes and transport them in a lock box.

D.

Encrypt the backup tapes and use a courier to transport them.

Full Access
Question # 152

A technician is resolving an issue where a computer is unable to connect to the Internet using a wireless access point. The computer is able to transfer files locally to other machines, but cannot successfully reach the Internet. When the technician examines the IP address and default gateway they are both on the 192.168.1.0/24. Which of the following has occurred?

A.

The computer is not using a private IP address.

B.

The gateway is not routing to a public IP address.

C.

The gateway and the computer are not on the same network.

D.

The computer is using an invalid IP address.

Full Access
Question # 153

While testing a web application in development, you notice that the web server does not properly ignore the “dot dot slash” (../) character string and instead returns the file listing of a folder structure of the server.

What kind of attack is possible in this scenario?

A.

Cross-site scripting

B.

Denial of service

C.

SQL injection

D.

Directory traversal

Full Access
Question # 154

A company’s policy requires employees to perform file transfers using protocols which encrypt traffic. You suspect some employees are still performing file transfers using unencrypted protocols because the employees do not like changes. You have positioned a network sniffer to capture traffic from the laptops used by employees in the data ingest department. Using Wireshark to examine the captured traffic, which command can be used as display filter to find unencrypted file transfers?

A.

tcp.port = = 21

B.

tcp.port = 23

C.

tcp.port = = 21 | | tcp.port = =22

D.

tcp.port ! = 21

Full Access
Question # 155

Daniel Is a professional hacker who Is attempting to perform an SQL injection attack on a target website. www.movlescope.com. During this process, he encountered an IDS that detects SQL Injection attempts based on predefined signatures. To evade any comparison statement, he attempted placing characters such as ‘ 'or '1'='1" In any bask injection statement such as "or 1=1." Identify the evasion technique used by Daniel in the above scenario.

A.

Null byte

B.

IP fragmentation

C.

Char encoding

D.

Variation

Full Access
Question # 156

A security analyst uses Zenmap to perform an ICMP timestamp ping scan to acquire information related to the

current time from the target host machine.

Which of the following Zenmap options must the analyst use to perform the ICMP timestamp ping scan?

A.

-PY

B.

-PU

C.

-PP

D.

-Pn

Full Access
Question # 157

An organization is performing a vulnerability assessment tor mitigating threats. James, a pen tester, scanned the organization by building an inventory of the protocols found on the organization's machines to detect which ports are attached to services such as an email server, a web server or a database server. After identifying the services, he selected the vulnerabilities on each machine and started executing only the relevant tests. What is the type of vulnerability assessment solution that James employed in the above scenario?

A.

Product-based solutions

B.

Tree-based assessment

C.

Service-based solutions

D.

inference-based assessment

Full Access
Question # 158

During a recent security assessment, you discover the organization has one Domain Name Server (DNS) in a Demilitarized Zone (DMZ) and a second DNS server on the internal network.

What is this type of DNS configuration commonly called?

A.

DynDNS

B.

DNS Scheme

C.

DNSSEC

D.

Split DNS

Full Access