Exam Questions 312-50V12: Certified Ethical Hacker Exam (Cehv12)

Welcome to download the Newest 2passeasy 312-50v12 dumps
https://www.2passeasy.com/dumps/312-50v12/ (503 New Questions)
Exam Questions 312-50v12

Certified Ethical Hacker Exam (CEHv12)
https://www.2passeasy.com/dumps/312-50v12/
Passing Certification Exams Made Easy visit - https://www.2PassEasy.com

NEW QUESTION 1
- (Exam Topic 3)
You want to do an ICMP scan on a remote computer using hping2. What is the proper syntax?
A. hping2 host.domain.com
B. hping2 --set-ICMP host.domain.com
C. hping2 -i host.domain.com
D. hping2 -1 host.domain.com
Answer: D
Explanation:
http://www.carnal0wnage.com/papers/LSO-Hping2-Basics.pdf
Most ping programs use ICMP echo requests and wait for echo replies to come back to test connectivity. Hping2 allows us to do the same testing using any IP
packet, including ICMP, UDP, and TCP. This can be helpful since nowadays most firewalls or routers block ICMP. Hping2, by default, will use TCP, but, if you still
want to send an ICMP scan, you can. We send ICMP scans using the -1 (one) mode. Basically the syntax will be hping2 -1 IPADDRESS
[root@localhost hping2-rc3]# hping2 -1 192.168.0.100
HPING 192.168.0.100 (eth0 192.168.0.100): icmp mode set, 28 headers + 0 data bytes
len=46 ip=192.168.0.100 ttl=128 id=27118 icmp_seq=0 rtt=14.9 ms
— 192.168.0.100 hping statistic —
5 packets tramitted, 5 packets received, 0% packet loss
round-trip min/avg/max = 0.5/3.7/14.9 ms
[root@localhost hping2-rc3]#
NEW QUESTION 2
- (Exam Topic 3)
Which among the following is the best example of the third step (delivery) in the cyber kill chain?
A. An intruder sends a malicious attachment via email to a target.

B. An intruder creates malware to be used as a malicious attachment to an email.
C. An intruder's malware is triggered when a target opens a malicious email attachment.
D. An intruder's malware is installed on a target's machine.
Answer: A
NEW QUESTION 3
- (Exam Topic 3)
Which type of malware spreads from one system to another or from one network to another and causes similar types of damage as viruses do to the infected
system?
A. Rootkit
B. Trojan
C. Worm
D. Adware
Answer: C
NEW QUESTION 4
- (Exam Topic 3)
Based on the below log, which of the following sentences are true?
Mar 1, 2016, 7:33:28 AM 10.240.250.23 - 54373 10.249.253.15 - 22 tcp_ip
A. Application is FTP and 10.240.250.23 is the client and 10.249.253.15 is the server.
B. Application is SSH and 10.240.250.23 is the server and 10.249.253.15 is the client.
C. SSH communications are encrypted; it’s impossible to know who is the client or the server.
D. Application is SSH and 10.240.250.23 is the client and 10.249.253.15 is the server.
Answer: D
Explanation:
Mar 1, 2016, 7:33:28 AM 10.240.250.23 - 54373 10.249.253.15 - 22 tcp_ip
Let's just disassemble this entry.
Mar 1, 2016, 7:33:28 AM - time of the request 10.240.250.23 - 54373 - client's IP and port 10.249.253.15 - server IP
- 22 - SSH port
NEW QUESTION 5
- (Exam Topic 3)
A post-breach forensic investigation revealed that a known vulnerability in Apache Struts was to blame for the Equifax data breach that affected 143 million
customers. A fix was available from the software vendor for several months prior 10 the Intrusion. This Is likely a failure in which of the following security

processes?
A. vendor risk management

B. Security awareness training
C. Secure deployment lifecycle
D. Patch management
Answer: D
Explanation:
Patch management is that the method that helps acquire, test and install multiple patches (code changes) on existing applications and software tools on a pc,
enabling systems to remain updated on existing patches and determining that patches are the suitable ones. Managing patches so becomes simple and simple.
Patch Management is usually done by software system firms as a part of their internal efforts to mend problems with the various versions of software system
programs and also to assist analyze existing software system programs and discover any potential lack of security features or different upgrades.
Software patches help fix those problems that exist and are detected solely once the software’s initial unharness. Patches mostly concern security while there are
some patches that concern the particular practicality of programs as well.
NEW QUESTION 6
- (Exam Topic 3)
Alex, a cloud security engineer working in Eyecloud Inc. is tasked with isolating applications from the underlying infrastructure and stimulating communication via
well-defined channels. For this purpose, he used an open-source technology that helped him in developing, packaging, and running applications; further, the
technology provides PaaS through OS-level visualization, delivers containerized software packages, and promotes fast software delivery. What is the cloud
technology employed by Alex in the above scenario?
A. Virtual machine
B. Serverless computing
C. Docker
D. Zero trust network
Answer: C
NEW QUESTION 7
- (Exam Topic 3)
An organization decided to harden its security against web-application and web-server attacks. John, a security personnel in the organization, employed a security
scanner to automate web-application security testing and to guard the organization's web infrastructure against web-application threats. Using that tool, he also
wants to detect XSS, directory transversal problems, fault injection, SQL injection, attempts to execute commands, and several other attacks. Which of the
following security scanners will help John perform the above task?
A. AlienVault®OSSIM™
B. Syhunt Hybrid
C. Saleae Logic Analyzer
D. Cisco ASA
Answer: B
NEW QUESTION 8
- (Exam Topic 3)
Ben purchased a new smartphone and received some updates on it through the OTA method. He received two messages: one with a PIN from the network
operator and another asking him to enter the PIN received from the operator. As soon as he entered the PIN, the smartphone started functioning in an abnormal
manner. What is the type of attack performed on Ben in the above scenario?
A. Advanced SMS phishing

B. Bypass SSL pinning
C. Phishing
D. Tap 'n ghost attack
Answer: A
NEW QUESTION 9
- (Exam Topic 3)
Joel, a professional hacker, targeted a company and identified the types of websites frequently visited by its employees. Using this information, he searched for
possible loopholes in these websites and injected a malicious script that can redirect users from the web page and download malware onto a victim's machine.
Joel waits for the victim to access the infected web application so as to compromise the victim's machine. Which of the following techniques is used by Joel in the
above scenario?
A. DNS rebinding attack

B. Clickjacking attack
C. MarioNet attack
D. Watering hole attack
Answer: B
Explanation:
https://en.wikipedia.org/wiki/Clickjacking
Clickjacking is an attack that tricks a user into clicking a webpage element which is invisible or disguised as another element. This can cause users to unwittingly
download malware, visit malicious web pages, provide credentials or sensitive information, transfer money, or purchase products online.
Typically, clickjacking is performed by displaying an invisible page or HTML element, inside an iframe, on top of the page the user sees. The user believes they are
clicking the visible page but in fact they are clicking an invisible element in the additional page transposed on top of it.

NEW QUESTION 10
- (Exam Topic 3)
Sam, a web developer, was instructed to incorporate a hybrid encryption software program into a web application to secure email messages. Sam used an
encryption software, which is a free implementation of the OpenPGP standard that uses both symmetric-key cryptography and asymmetric-key cryptography for
improved speed and secure key exchange. What is the encryption software employed by Sam for securing the email messages?
A. PGP
B. S/MIME
C. SMTP
D. GPG
Answer: A
NEW QUESTION 10
- (Exam Topic 3)
You have compromised a server and successfully gained a root access. You want to pivot and pass traffic undetected over the network and evade any possible
Intrusion Detection System. What is the best approach?
A. Use Alternate Data Streams to hide the outgoing packets from this server.
B. Use HTTP so that all traffic can be routed vis a browser, thus evading the internal Intrusion Detection Systems.
C. Install Cryptcat and encrypt outgoing packets from this server.
D. Install and use Telnet to encrypt all outgoing traffic from this server.
Answer: C
Explanation:
https://linuxsecurityblog.com/2018/12/23/create-a-backdoor-with-cryptcat/
Cryptcat enables us to communicate between two systems and encrypts the communication between them with twofish, one of many excellent encryption
algorithms from Bruce Schneier et al. Twofish’s encryption is on par with AES encryption, making it nearly bulletproof. In this way, the IDS can’t detect the
malicious behavior taking place even when its traveling across normal HTTP ports like 80 and 443.
NEW QUESTION 15
- (Exam Topic 3)
A DDOS attack is performed at layer 7 to take down web infrastructure. Partial HTTP requests are sent to the web infrastructure or applications. Upon receiving a
partial request, the target servers opens multiple connections and keeps waiting for the requests to complete.
Which attack is being described here?
A. Desynchronization
B. Slowloris attack
C. Session splicing
D. Phlashing
Answer: B
Explanation:
Developed by Robert “RSnake” Hansen, Slowloris is DDoS attack software that permits one computer to require down an internet server. Due the straightforward
yet elegant nature of this attack, it requires minimal bandwidth to implement and affects the target server’s web server only, with almost no side effects on other
services and ports.Slowloris has proven highly-effective against many popular sorts of web server software, including Apache 1.x and 2.x.Over the years, Slowloris
has been credited with variety of high-profile server takedowns. Notably, it had been used extensively by Iranian ‘hackivists’ following the 2009 Iranian
presidential election to attack Iranian government internet sites .Slowloris works by opening multiple connections to the targeted web server and keeping them
open as long as possible. It does this by continuously sending partial HTTP requests, none of which are ever completed. The attacked servers open more and
connections open, expecting each of the attack requests to be completed.Periodically, the Slowloris sends subsequent HTTP headers for every request, but never
actually completes the request. Ultimately, the targeted server’s maximum concurrent connection pool is filled, and extra (legitimate) connection attempts are
denied.By sending partial, as against malformed, packets, Slowloris can easily elapse traditional Intrusion Detection systems.Named after a kind of slow-moving
Asian primate, Slowloris really does win the race by moving slowly and steadily. A Slowloris attack must await sockets to be released by legitimate requests before
consuming them one by one.For a high-volume internet site , this will take a while . the method are often further slowed if legitimate sessions are reinitiated. But
within the end, if the attack is unmitigated, Slowloris—like the tortoise—wins the race.If undetected or unmitigated, Slowloris attacks also can last for long periods of
your time . When attacked sockets outing , Slowloris simply reinitiates the connections, continuing to reach the online server until mitigated.Designed for stealth
also as efficacy, Slowloris are often modified to send different host headers within the event that a virtual host is targeted, and logs are stored separately for every
virtual host.More importantly, within the course of an attack, Slowloris are often set to suppress log file creation. this suggests the attack can catch unmonitored
servers off-guard, with none red flags appearing in log file entries.Methods of mitigationImperva’s security services are enabled by reverse proxy technology, used
for inspection of all incoming requests on their thanks to the clients’ servers.Imperva’s secured proxy won’t forward any partial connection requests—rendering all
Slowloris DDoS attack attempts completely and utterly useless.
NEW QUESTION 20
- (Exam Topic 3)
John, a professional hacker, performs a network attack on a renowned organization and gains unauthorized access to the target network. He remains in the
network without being detected for a long time and obtains sensitive information without sabotaging the organization. Which of the following attack techniques is
used by John?
A. Advanced persistent theft

B. threat Diversion theft
C. Spear-phishing sites
D. insider threat
Answer: A
Explanation:
An advanced persistent threat (APT) may be a broad term wont to describe AN attack campaign within which an intruder, or team of intruders, establishes a
bootleg, long presence on a network so as to mine sensitive knowledge.

The targets of those assaults, that square measure terribly fastidiously chosen and researched, usually embrace massive enterprises or governmental networks.
the implications of such intrusions square measure huge, and include:
Intellectual property thieving (e.g., trade secrets or patents)
Compromised sensitive info (e.g., worker and user personal data)
The sabotaging of essential structure infrastructures (e.g., information deletion)
Total website takeovers
Executing an APT assault needs additional resources than a regular internet application attack. The perpetrators square measure typically groups of intimate
cybercriminals having substantial resource. Some APT attacks square measure government-funded and used as cyber warfare weapons.
APT attacks dissent from ancient internet application threats, in that:
They’re considerably additional advanced.
They’re not hit and run attacks—once a network is infiltrated, the culprit remains so as to realize the maximum amount info as potential.
They’re manually dead (not automated) against a selected mark and indiscriminately launched against an outsized pool of targets.
They typically aim to infiltrate a complete network, as opposition one specific half.
More common attacks, like remote file inclusion (RFI), SQL injection and cross-site scripting (XSS), square measure oftentimes employed by perpetrators to
ascertain a footing in a very targeted network. Next, Trojans and backdoor shells square measure typically wont to expand that foothold and make a persistent
presence inside the targeted perimeter.
NEW QUESTION 22
- (Exam Topic 3)
Cross-site request forgery involves:
A. A request sent by a malicious user from a browser to a server

B. Modification of a request by a proxy between client and server
C. A browser making a request to a server without the user’s knowledge
D. A server making a request to another server without the user’s knowledge
Answer: C
Explanation:
https://owasp.org/www-community/attacks/csrf
Cross-Site Request Forgery (CSRF) is an attack that forces an end user to execute unwanted actions on a web application in which they’re currently
authenticated. With a little help of social engineering (such as sending a link via email or chat), an attacker may trick the users of a web application into executing
actions of the attacker’s choosing. If the victim is a normal user, a successful CSRF attack can force the user to perform state changing requests like transferring
funds, changing their email address, and so forth. If the victim is an administrative account, CSRF can compromise the entire web application.
CSRF is an attack that tricks the victim into submitting a malicious request. It inherits the identity and privileges of the victim to perform an undesired function on
the victim’s behalf. For most sites, browser requests automatically include any credentials associated with the site, such as the user’s session cookie, IP address,
Windows domain credentials, and so forth. Therefore, if the user is currently authenticated to the site, the site will have no way to distinguish between the forged
request sent by the victim and a legitimate request sent by the victim.
CSRF attacks target functionality that causes a state change on the server, such as changing the victim’s email address or password, or purchasing something.
Forcing the victim to retrieve data doesn’t benefit an attacker because the attacker doesn’t receive the response, the victim does. As such, CSRF attacks target
state-changing requests.
It’s sometimes possible to store the CSRF attack on the vulnerable site itself. Such vulnerabilities are called “stored CSRF flaws”. This can be accomplished by
simply storing an IMG or IFRAME tag in a field that accepts HTML, or by a more complex cross-site scripting attack. If the attack can store a CSRF attack in the
site, the severity of the attack is amplified. In particular, the likelihood is increased because the victim is more likely to view the page containing the attack than
some random page on the Internet. The likelihood is also increased because the victim is sure to be authenticated to the site already.
NEW QUESTION 23
- (Exam Topic 3)
A hacker has successfully infected an internet-facing server which he will then use to send junk mail, take part in coordinated attacks, or host junk email content.
Which sort of trojan infects this server?
A. Botnet Trojan
B. Banking Trojans
C. Turtle Trojans
D. Ransomware Trojans
Answer: A
NEW QUESTION 26
- (Exam Topic 3)
What type of virus is most likely to remain undetected by antivirus software?
A. Cavity virus
B. Stealth virus
C. File-extension virus
D. Macro virus
Answer: B
NEW QUESTION 28
- (Exam Topic 3)
Which of the following is a passive wireless packet analyzer that works on Linux-based systems?
A. Burp Suite
B. OpenVAS
C. tshark

D. Kismet
Answer: C
NEW QUESTION 33
- (Exam Topic 3)
An attacker can employ many methods to perform social engineering against unsuspecting employees, including scareware.
What is the best example of a scareware attack?
A. A pop-up appears to a user stating, "You have won a free cruise! Click here to claim your prize!"
B. A banner appears to a user stating, "Your account has been locke
C. Click here to reset your password and unlock your account."
D. A banner appears to a user stating, "Your Amazon order has been delaye
E. Click here to find out your new delivery date."
F. A pop-up appears to a user stating, "Your computer may have been infected with spywar
G. Click here to install an anti-spyware tool to resolve this issue."
Answer: D
NEW QUESTION 36
- (Exam Topic 3)
Henry is a penetration tester who works for XYZ organization. While performing enumeration on a client organization, he queries the DNS server for a specific
cached DNS record. Further, by using this cached record, he determines the sites recently visited by the organization's user. What is the enumeration technique
used by Henry on the organization?
A. DNS zone walking

B. DNS cache snooping
C. DNS SEC zone walking
D. DNS cache poisoning
Answer: B
NEW QUESTION 39
- (Exam Topic 3)
The network in ABC company is using the network address 192.168.1.64 with mask 255.255.255.192. In the network the servers are in the addresses
192.168.1.122, 192.168.1.123 and 192.168.1.124. An attacker is trying to find those servers but he cannot see them in his scanning. The command he is using is:
nmap 192.168.1.64/28.
Why he cannot see the servers?
A. He needs to add the command ““ip address”” just before the IP address
B. He needs to change the address to 192.168.1.0 with the same mask
C. He is scanning from 192.168.1.64 to 192.168.1.78 because of the mask /28 and the servers are not in that range
D. The network must be dawn and the nmap command and IP address are ok
Answer: C
Explanation:
https://en.wikipedia.org/wiki/Subnetwork
This is a fairly simple question. You must to understand what a subnet mask is and how it works.
A subnetwork or subnet is a logical subdivision of an IP network.The practice of dividing a network into two or more networks is called subnetting.
Computers that belong to the same subnet are addressed with an identical most-significant bit-group in their IP addresses. This results in the logical division of an
IP address into two fields: the network number or routing prefix and the rest field or host identifier. The rest field is an identifier for a specific host or network
interface.
The routing prefix may be expressed in Classless Inter-Domain Routing (CIDR) notation written as the first address of a network, followed by a slash character (/),
and ending with the bit-length of the prefix. For example, 198.51.100.0/24 is the prefix of the Internet Protocol version 4 network starting at the given address,
having 24 bits allocated for the network prefix, and the remaining 8 bits reserved for host addressing. Addresses in the range 198.51.100.0 to 198.51.100.255
belong to this network. The IPv6 address specification 2001:db8::/32 is a large address block with 296 addresses, having a 32-bit routing prefix.
For IPv4, a network may also be characterized by its subnet mask or netmask, which is the bitmask that when applied by a bitwise AND operation to any IP
address in the network, yields the routing prefix. Subnet masks are also expressed in dot-decimal notation like an address. For example, 255.255.255.0 is the
subnet mask for the prefix 198.51.100.0/24.
Table Description automatically generated

NEW QUESTION 42
- (Exam Topic 3)
Thomas, a cloud security professional, is performing security assessment on cloud services to identify any loopholes. He detects a vulnerability in a bare-metal
cloud server that can enable hackers to implant malicious backdoors in its firmware. He also identified that an installed backdoor can persist even if the server is
reallocated to new clients or businesses that use it as an laaS.
What is the type of cloud attack that can be performed by exploiting the vulnerability discussed in the above scenario?
A. Man-in-the-cloud (MITC) attack

B. Cloud cryptojacking
C. Cloudborne attack
D. Metadata spoofing attack
Answer: C
NEW QUESTION 46
- (Exam Topic 3)
A "Server-Side Includes" attack refers to the exploitation of a web application by injecting scripts in HTML pages or executing arbitrary code remotely.
Which web-page file type, if it exists on the web server, is a strong indication that the server is vulnerable to this kind of attack?
A. .stm
B. .html
C. .rss
D. .cms
Answer: A
NEW QUESTION 48
- (Exam Topic 3)
Clark, a professional hacker, attempted to perform a Btlejacking attack using an automated tool, Btlejack, and hardware tool, micro:bit. This attack allowed Clark to
hijack, read, and export sensitive information shared between connected devices. To perform this attack, Clark executed various btlejack commands. Which of the
following commands was used by Clark to hijack the connections?
A. btlejack-f 0x129f3244-j
B. btlejack -c any
C. btlejack -d /dev/ttyACM0 -d /dev/ttyACM2 -s
D. btlejack -f 0x9c68fd30 -t -m 0x1 fffffffff

Answer: D
NEW QUESTION 53
- (Exam Topic 3)
You are tasked to configure the DHCP server to lease the last 100 usable IP addresses in subnet to. 1.4.0/23. Which of the following IP addresses could be teased
as a result of the new configuration?
A. 210.1.55.200
B. 10.1.4.254
C. 10.1.5.200
D. 10.1.4.156
Answer: C
Explanation:
https://en.wikipedia.org/wiki/Subnetwork
As we can see, we have an IP address of 10.1.4.0 with a subnet mask of /23. According to the question, we need to determine which IP address will be included in
the range of the last 100 IP addresses.
The available addresses for hosts start with 10.1.4.1 and end with 10.1.5.254. Now you can clearly see that the last 100 addresses include the address 10.1.5.200.
NEW QUESTION 55
- (Exam Topic 3)
What would you enter if you wanted to perform a stealth scan using Nmap?
A. nmap -sM
B. nmap -sU
C. nmap -sS
D. nmap -sT
Answer: C
NEW QUESTION 56
- (Exam Topic 3)
Which of the following options represents a conceptual characteristic of an anomaly-based IDS over a signature-based IDS?
A. Produces less false positives

B. Can identify unknown attacks
C. Requires vendor updates for a new threat
D. Cannot deal with encrypted network traffic
Answer: B
Explanation:
An anomaly-based intrusion detection system is an intrusion detection system for detecting both network and computer intrusions and misuse by monitoring
system activity and classifying it as either normal or anomalous. The classification is based on heuristics or rules, rather than patterns or signatures, and attempts
to detect any type of misuse that falls out of normal system operation. This is as opposed to signature-based systems, which can only detect attacks for which a
signature has previously been created.
In order to positively identify attack traffic, the system must be taught to recognize normal system activity. The two phases of a majority of anomaly detection
systems consist of the training phase (where a profile of normal behaviors is built) and the testing phase (where current traffic is compared with the profile created
in the training phase). Anomalies are detected in several ways, most often with artificial intelligence type techniques. Systems using artificial neural networks have
been used to great effect. Another method is to define what normal usage of the system comprises using a strict mathematical model, and flag any deviation from
this as an attack. This is known as strict anomaly detection.[3] Other techniques used to detect anomalies include data mining methods, grammar-based methods,
and the Artificial Immune System.
Network-based anomalous intrusion detection systems often provide a second line of defense to detect anomalous traffic at the physical and network layers after it
has passed through a firewall or other security appliance on the border of a network. Host-based anomalous intrusion detection systems are one of the last layers
of defense and reside on computer endpoints. They allow for fine-tuned, granular protection of endpoints at the application level.
Anomaly-based Intrusion Detection at both the network and host levels have a few shortcomings; namely a high false-positive rate and the ability to be fooled by a
correctly delivered attack. Attempts have been made to address these issues through techniques used by PAYL and MCPAD.
NEW QUESTION 61
- (Exam Topic 3)
Mary, a penetration tester, has found password hashes in a client system she managed to breach. She needs to use these passwords to continue with the test, but
she does not have time to find the passwords that correspond to these hashes. Which type of attack can she implement in order to continue?
A. LLMNR/NBT-NS poisoning
B. Internal monologue attack
C. Pass the ticket
D. Pass the hash
Answer: D
NEW QUESTION 63
- (Exam Topic 3)
The security administrator of ABC needs to permit Internet traffic in the host 10.0.0.2 and UDP traffic in the host 10.1.1.3. He also needs to permit all FTP traffic to
the rest of the network and deny all other traffic. After he applied his ACL configuration in the router, nobody can access the ftp, and the permitted hosts cannot
access the Internet. According to the next configuration, what is happening in the network?
access-list 102 deny tcp any any
access-list 104 permit udp host 10.0.0.3 any

access-list 110 permit tcp host 10.0.0.2 eq www any

access-list 108 permit tcp any eq ftp any
A. The ACL 104 needs to be first because is UDP

B. The first ACL is denying all TCP traffic and the other ACLs are being ignored by the router
C. The ACL for FTP must be before the ACL 110
D. The ACL 110 needs to be changed to port 80
Answer: B
Explanation:
https://www.cisco.com/c/en/us/support/docs/ip/access-lists/26448-ACLsamples.html
Since the first line prohibits any TCP traffic (access-list 102 deny tcp any any), the lines below will simply be ignored by the router. Below you will find the example
from CISCO documentation.
This figure shows that FTP (TCP, port 21) and FTP data (port 20) traffic sourced from NetB destined to NetA is denied, while all other IP traffic is permitted.
Diagram Description automatically generated
FTP uses port 21 and port 20. TCP traffic destined to port 21 and port 20 is denied and everything else is explicitly permitted.
access-list 102 deny tcp any any eq ftp
access-list 102 deny tcp any any eq ftp-data
access-list 102 permit ip any any
NEW QUESTION 66
- (Exam Topic 3)
While performing an Nmap scan against a host, Paola determines the existence of a firewall. In an attempt to determine whether the firewall is stateful or stateless,
which of the following options would be best to use?
A. -sA
B. -sX
C. -sT
D. -sF
Answer: A
NEW QUESTION 68
- (Exam Topic 3)
You are a security officer of a company. You had an alert from IDS that indicates that one PC on your Intranet is connected to a blacklisted IP address (C2 Server)
on the Internet. The IP address was blacklisted just before the alert. You are starting an investigation to roughly analyze the severity of the situation. Which of the
following is appropriate to analyze?
A. IDS log
B. Event logs on domain controller
C. Internet Firewall/Proxy log.
D. Event logs on the PC
Answer: C
NEW QUESTION 72
- (Exam Topic 3)
George, an employee of an organization, is attempting to access restricted websites from an official computer. For this purpose, he used an anonymizer that
masked his real IP address and ensured complete and continuous anonymity for all his online activities. Which of the following anonymizers helps George hide his
activities?
A. https://www.baidu.com
B. https://www.guardster.com
C. https://www.wolframalpha.com
D. https://karmadecay.com
Answer: B
NEW QUESTION 74
- (Exam Topic 3)
______ is a type of phishing that targets high-profile executives such as CEOs, CFOs, politicians, and celebrities who have access to confidential and highly
valuable information.
A. Spear phishing
B. Whaling
C. Vishing

D. Phishing
Answer: B
NEW QUESTION 77
- (Exam Topic 3)
To hide the file on a Linux system, you have to start the filename with a specific character. What is the character?
A. Exclamation mark (!)

B. Underscore (_)
C. Tilde H
D. Period (.)
Answer: D
NEW QUESTION 78
- (Exam Topic 3)
You have compromised a server on a network and successfully opened a shell. You aimed to identify all operating systems running on the network. However, as
you attempt to fingerprint all machines in the network using the nmap syntax below, it is not going through.
invictus@victim_server.~$ nmap -T4 -O 10.10.0.0/24 TCP/IP fingerprinting (for OS scan) xxxxxxx xxxxxx
xc. QUITTING!
What seems to be wrong?
A. The nmap syntax is wrong.

B. This is a common behavior for a corrupted nmap application.
C. The outgoing TCP/IP fingerprinting is blocked by the host firewall.
D. OS Scan requires root privileges.
Answer: D
NEW QUESTION 82
- (Exam Topic 3)
What would be the purpose of running "wget 192.168.0.15 -q -S" against a web server?
A. Performing content enumeration on the web server to discover hidden folders

B. Using wget to perform banner grabbing on the webserver
C. Flooding the web server with requests to perform a DoS attack
D. Downloading all the contents of the web page locally for further examination
Answer: B
Explanation:
-q, --quiet quiet (no output)
-S, --server-response print server response
NEW QUESTION 86
- (Exam Topic 3)
The network users are complaining because their system are slowing down. Further, every time they attempt to go a website, they receive a series of pop-ups with
advertisements. What types of malware have the system been infected with?
A. Virus
B. Spyware
C. Trojan
D. Adware
Answer: D
Explanation:
Adware, or advertising supported computer code, is computer code that displays unwanted advertisements on your pc. Adware programs can tend to serve you
pop-up ads, will modification your browser’s homepage, add spyware and simply bombard your device with advertisements. Adware may be a additional summary
name for doubtless unwanted programs. It’s roughly a virulent disease and it’s going to not be as clearly malicious as a great deal of different problematic code
floating around on the net. create no mistake concerning it, though, that adware has to return off of no matter machine it’s on. Not solely will adware be extremely
annoying whenever you utilize your machine, it might additionally cause semipermanent problems for your device.
Adware a network users the browser to gather your internet browsing history so as to ’target’ advertisements that appear tailored to your interests. At their most
innocuous, adware infections square measure simply annoying. as an example, adware barrages you with pop-up ads that may create your net expertise markedly
slower and additional labor intensive.
NEW QUESTION 87
- (Exam Topic 3)
Which of the following statements is TRUE?
A. Packet Sniffers operate on the Layer 1 of the OSI model.

B. Packet Sniffers operate on Layer 2 of the OSI model.
C. Packet Sniffers operate on both Layer 2 & Layer 3 of the OSI model.
D. Packet Sniffers operate on Layer 3 of the OSI model.
Answer: B

NEW QUESTION 92
- (Exam Topic 3)
Gregory, a professional penetration tester working at Sys Security Ltd., is tasked with performing a security test of web applications used in the company. For this
purpose, Gregory uses a tool to test for any security loopholes by hijacking a session between a client and server. This tool has a feature of intercepting proxy that
can be used to inspect and modify the traffic between the browser and target application. This tool can also perform customized attacks and can be used to test
the randomness of session tokens. Which of the following tools is used by Gregory in the above scenario?
A. Nmap
B. Burp Suite
C. CxSAST
D. Wireshark
Answer: B
NEW QUESTION 96
- (Exam Topic 3)
Jude, a pen tester, examined a network from a hacker's perspective to identify exploits and vulnerabilities accessible to the outside world by using devices such as
firewalls, routers, and servers. In this process, he also estimated the threat of network security attacks and determined the level of security of the corporate
network.
What is the type of vulnerability assessment that Jude performed on the organization?
A. External assessment
B. Passive assessment
C. Host-based assessment
D. Application assessment
Answer: A
NEW QUESTION 101

- (Exam Topic 3)
Robert, a professional hacker, is attempting to execute a fault injection attack on a target IoT device. In this process, he injects faults into the power supply that can
be used for remote execution, also causing the skipping of key instructions. He also injects faults into the clock network used for delivering a synchronized signal
across the chip.
Which of the following types of fault injection attack is performed by Robert in the above scenario?
A. Frequency/voltage tampering
B. Optical, electromagnetic fault injection (EMFI)
C. Temperature attack
D. Power/clock/reset glitching
Answer: D
Explanation:
These types of attacks occur when faults or glitches are INJECTED into the Power supply that can be used for remote execution.
NEW QUESTION 105

- (Exam Topic 3)
A penetration tester is performing the footprinting process and is reviewing publicly available information about an organization by using the Google search engine.
Which of the following advanced operators would allow the pen tester to restrict the search to the organization’s web domain?
A. [allinurl:]
B. [location:]
C. [site:]
D. [link:]
Answer: C
Explanation:
Google hacking or Google dorking https://en.wikipedia.org/wiki/Google_hacking
It is a hacker technique that uses Google Search and other Google applications to find security holes in the
configuration and computer code that websites are using. Google dorking could also be used for OSINT.
Search syntax https://en.wikipedia.org/wiki/Google_Search
Google’s search engine has its own built-in query language. The following list of queries can be run to find a list of files, find information about your competition,
track people, get information about SEO backlinks, build email lists, and of course, discover web vulnerabilities.
- [site:] - Search within a specific website
NEW QUESTION 109

- (Exam Topic 3)
Which tool can be used to silently copy files from USB devices?
A. USB Grabber
B. USB Snoopy
C. USB Sniffer
D. Use Dumper
Answer: D
NEW QUESTION 110

- (Exam Topic 3)
Dayn, an attacker, wanted to detect if any honeypots are installed in a target network. For this purpose, he used a time-based TCP fingerprinting method to
validate the response to a normal computer and the response of a honeypot to a manual SYN request. Which of the following techniques is employed by Dayn to
detect honeypots?
A. Detecting honeypots running on VMware

B. Detecting the presence of Honeyd honeypots
C. Detecting the presence of Snort_inline honeypots
D. Detecting the presence of Sebek-based honeypots
Answer: C
NEW QUESTION 112

- (Exam Topic 3)
On performing a risk assessment, you need to determine the potential impacts when some of the critical business processes of the company interrupt its service.
What is the name of the process by which you can determine those critical businesses?
A. Emergency Plan Response (EPR)

B. Business Impact Analysis (BIA)
C. Risk Mitigation
D. Disaster Recovery Planning (DRP)
Answer: B
NEW QUESTION 115

- (Exam Topic 3)
#!/usr/bin/python import socket buffer=[““A””] counter=50 while len(buffer)<=100: buffer.append (““A””*counter)
counter=counter+50 commands= [““HELP””,““STATS .””,““RTIME .””,““LTIME. ””,““SRUN .”’,““TRUN
.””,““GMON
.””,““GDOG .””,““KSTET .”,““GTER .””,““HTER .””, ““LTER .”,““KSTAN .””] for command in
commands: for
buffstring in buffer: print ““Exploiting”” +command +““:””+str(len(buffstring)) s=socket.socket(socket.AF_INET,
socket.SOCK_STREAM) s.connect((‘127.0.0.1’, 9999)) s.recv(50) s.send(command+buffstring) s.close() What is the code written for?
A. Denial-of-service (DOS)
B. Buffer Overflow
C. Bruteforce
D. Encryption
Answer: B
NEW QUESTION 119

- (Exam Topic 3)
When conducting a penetration test, it is crucial to use all means to get all available information about the target network. One of the ways to do that is by sniffing
the network. Which of the following cannot be
performed by the passive network sniffing?
A. Identifying operating systems, services, protocols and devices

B. Modifying and replaying captured network traffic
C. Collecting unencrypted information about usernames and passwords
D. Capturing a network traffic for further analysis
Answer: B
NEW QUESTION 120

- (Exam Topic 3)
What type of a vulnerability/attack is it when the malicious person forces the user’s browser to send an authenticated request to a server?
A. Session hijacking
B. Server side request forgery
C. Cross-site request forgery
D. Cross-site scripting
Answer: C
NEW QUESTION 125

- (Exam Topic 3)
An organization has automated the operation of critical infrastructure from a remote location. For this purpose, all the industrial control systems are connected to
the Internet. To empower the manufacturing process, ensure the reliability of industrial networks, and reduce downtime and service disruption, the organization
deckled to install an OT security tool that further protects against security incidents such as cyber espionage, zero-day attacks, and malware. Which of the
following tools must the organization employ to protect its critical infrastructure?
A. Robotium
B. BalenaCloud
C. Flowmon
D. IntentFuzzer
Answer: C

Explanation:
Source: https://www.flowmon.com
Flowmon empowers manufacturers and utility companies to ensure the reliability of their industrial networks confidently to avoid downtime and disruption of service
continuity. This can be achieved by continuous monitoring and anomaly detection so that malfunctioning devices or security incidents, such as cyber espionage,
zero-days, or malware, can be reported and remedied as quickly as possible.
NEW QUESTION 127

- (Exam Topic 3)
Which of the following is considered an exploit framework and has the ability to perform automated attacks on services, ports, applications and unpatched security
flaws in a computer system?
A. Wireshark
B. Maltego
C. Metasploit
D. Nessus
Answer: C
Explanation:
https://en.wikipedia.org/wiki/Metasploit_Project
The Metasploit Project is a computer security project that provides information about security vulnerabilities and aids in penetration testing and IDS signature
development. It is owned by Boston, Massachusetts-based security company Rapid7.
Its best-known sub-project is the open-source Metasploit Framework, a tool for developing and executing exploit code against a remote target machine. Other
important sub-projects include the Opcode Database, shellcode archive and related research.
The Metasploit Project includes anti-forensic and evasion tools, some of which are built into the Metasploit Framework. Metasploit is pre-installed in the Kali Linux
operating system.
The basic steps for exploiting a system using the Framework include.
* 1. Optionally checking whether the intended target system is vulnerable to an exploit.
* 2. Choosing and configuring an exploit (code that enters a target system by taking advantage of one of its bugs; about 900 different exploits for Windows,
Unix/Linux and macOS systems are included).
* 3. Choosing and configuring a payload (code that will be executed on the target system upon successful entry; for instance, a remote shell or a VNC server).
Metasploit often recommends a payload that should work.
* 4. Choosing the encoding technique so that hexadecimal opcodes known as "bad characters" are removed from the payload, these characters will cause the
exploit to fail.
* 5. Executing the exploit.
This modular approach – allowing the combination of any exploit with any payload – is the major advantage of the Framework. It facilitates the tasks of attackers,
exploit writers and payload writers.
NEW QUESTION 128

- (Exam Topic 3)
Calvin, a software developer, uses a feature that helps him auto-generate the content of a web page without manual involvement and is integrated with SSI
directives. This leads to a vulnerability in the developed web application as this feature accepts remote user inputs and uses them on the page. Hackers can
exploit this feature and pass malicious SSI directives as input values to perform malicious activities such as modifying and erasing server files. What is the type of
injection attack Calvin's web application is susceptible to?
A. Server-side template injection

B. Server-side JS injection
C. CRLF injection
D. Server-side includes injection
Answer: D
NEW QUESTION 129

- (Exam Topic 3)
Mary found a high vulnerability during a vulnerability scan and notified her server team. After analysis, they sent her proof that a fix to that issue had already been
applied. The vulnerability that Marry found is called what?
A. False-negative
B. False-positive
C. Brute force attack
D. Backdoor
Answer: B
Explanation:
https://www.infocyte.com/blog/2019/02/16/cybersecurity-101-what-you-need-to-know-about-false-positives-an
False positives are mislabeled security alerts, indicating there is a threat when in actuality, there isn’t. These false/non-malicious alerts (SIEM events) increase
noise for already over-worked security teams and can include software bugs, poorly written software, or unrecognized network traffic.
False negatives are uncaught cyber threats — overlooked by security tooling because they’re dormant, highly sophisticated (i.e. file-less or capable of lateral
movement) or the security infrastructure in place lacks the technological ability to detect these attacks.
NEW QUESTION 132

- (Exam Topic 3)
Attacker Rony installed a rogue access point within an organization's perimeter and attempted to intrude into its internal network. Johnson, a security auditor,
identified some unusual traffic in the internal network that is aimed at cracking the authentication mechanism. He immediately turned off the targeted network and
tested for any weak and outdated security mechanisms that are open to attack. What is the type of vulnerability assessment performed by johnson in the above
scenario?
A. Host-based assessment

B. Wireless network assessment

C. Application assessment
D. Distributed assessment
Answer: B
Explanation:
Wireless network assessment determines the vulnerabilities in an organization’s wireless networks. In the past, wireless networks used weak and defective data
encryption mechanisms. Now, wireless network standards have evolved, but many networks still use weak and outdated security mechanisms and are open to
attack. Wireless network assessments try to attack wireless authentication mechanisms and gain unauthorized access. This type of assessment tests wireless
networks and identifies rogue networks that may exist within an organization’s perimeter. These assessments audit client-specified sites with a wireless network.
They sniff wireless network traffic and try to crack encryption keys. Auditors test other network access if they gain access to the wireless network.
NEW QUESTION 137

- (Exam Topic 3)
Tony is a penetration tester tasked with performing a penetration test. After gaining initial access to a target system, he finds a list of hashed passwords.
Which of the following tools would not be useful for cracking the hashed passwords?
A. John the Ripper

B. Hashcat
C. netcat
D. THC-Hydra
Answer: A
NEW QUESTION 139

- (Exam Topic 3)
Firewalls are the software or hardware systems that are able to control and monitor the traffic coming in and out the target network based on pre-defined set of
rules. Which of the following types of firewalls can protect against SQL injection attacks?
A. Data-driven firewall
B. Packet firewall
C. Web application firewall
D. Stateful firewall
Answer: C
Explanation:
https://en.wikipedia.org/wiki/Web_application_firewall
A web application firewall (WAF) is a specific form of application firewall that filters, monitors, and blocks HTTP traffic to and from a web service. By inspecting
HTTP traffic, it can prevent attacks exploiting a web application's known vulnerabilities, such as SQL injection, cross-site scripting (XSS), file inclusion, and
improper system configuration.
NEW QUESTION 141

- (Exam Topic 3)
When you are testing a web application, it is very useful to employ a proxy tool to save every request and response. You can manually test every request and
analyze the response to find vulnerabilities. You can test parameter and headers manually to get more precise results than if using web vulnerability scanners.
What proxy tool will help you find web vulnerabilities?
A. Maskgen
B. Dimitry
C. Burpsuite
D. Proxychains
Answer: C
NEW QUESTION 144

- (Exam Topic 3)
Bill has been hired as a penetration tester and cyber security auditor for a major credit card company. Which information security standard is most applicable to his
role?
A. FISMA
B. HITECH
C. PCI-DSS
D. Sarbanes-OxleyAct
Answer: C
NEW QUESTION 148

- (Exam Topic 3)
Morris, an attacker, wanted to check whether the target AP is in a locked state. He attempted using different utilities to identify WPS-enabled APs in the target
wireless network. Ultimately, he succeeded with one special command-line utility. Which of the following command-line utilities allowed Morris to discover the
WPS-enabled APs?
A. wash
B. ntptrace
C. macof
D. net View

Answer: A
NEW QUESTION 151

- (Exam Topic 3)
Geena, a cloud architect, uses a master component in the Kubernetes cluster architecture that scans newly generated pods and allocates a node to them. This
component can also assign nodes based on factors such as the overall resource requirement, data locality, software/hardware/policy restrictions, and internal
workload interventions.
Which of the following master components is explained in the above scenario?
A. Kube-controller-manager
B. Kube-scheduler
C. Kube-apiserver
D. Etcd cluster
Answer: B
NEW QUESTION 154

- (Exam Topic 3)
What is the least important information when you analyze a public IP address in a security alert?
A. DNS
B. Whois
C. Geolocation
D. ARP
Answer: D
NEW QUESTION 155

- (Exam Topic 3)
Which of the following provides a security professional with most information about the system’s security posture?
A. Phishing, spamming, sending trojans

B. Social engineering, company site browsing tailgating
C. Wardriving, warchalking, social engineering
D. Port scanning, banner grabbing service identification
Answer: D
NEW QUESTION 157

- (Exam Topic 3)
Becky has been hired by a client from Dubai to perform a penetration test against one of their remote offices. Working from her location in Columbus, Ohio, Becky
runs her usual reconnaissance scans to obtain basic information about their network. When analyzing the results of her Whois search, Becky notices that the IP
was allocated to a location in Le Havre, France. Which regional Internet registry should Becky go to for detailed information?
A. ARIN
B. APNIC
C. RIPE
D. LACNIC
Answer: C
Explanation:
Regional Internet Registries (RIRs):
ARIN (American Registry for Internet Numbers) AFRINIC (African Network Information Center) APNIC (Asia Pacific Network Information Center)
RIPE (Réseaux IP Européens Network Coordination Centre)
LACNIC (Latin American and Caribbean Network Information Center)
NEW QUESTION 160

- (Exam Topic 3)
You are a penetration tester and are about to perform a scan on a specific server. The agreement that you signed with the client contains the following specific
condition for the scan: “The attacker must scan every port on the server several times using a set of spoofed sources IP addresses. ” Suppose that you are using
Nmap to perform this scan. What flag will you use to satisfy this requirement?
A. The -A flag
B. The -g flag
C. The -f flag
D. The -D flag
Answer: D
Explanation:
flags –source-port and -g are equivalent and instruct nmap to send packets through a selected port. this option is used to try to cheat firewalls whitelisting traffic
from specific ports. the following example can scan the target from the port twenty to ports eighty, 22, 21,23 and 25 sending fragmented packets to LinuxHint.
NEW QUESTION 161

- (Exam Topic 3)

A computer science student needs to fill some information into a secured Adobe PDF job application that was received from a prospective employer. Instead of
requesting a new document that allowed the forms to be completed, the student decides to write a script that pulls passwords from a list of commonly used
passwords to try against the secured PDF until the correct password is found or the list is exhausted.
Which cryptography attack is the student attempting?
A. Man-in-the-middle attack
B. Brute-force attack
C. Dictionary attack
D. Session hijacking
Answer: C
NEW QUESTION 164

- (Exam Topic 3)
A Security Engineer at a medium-sized accounting firm has been tasked with discovering how much information can be obtained from the firm’s public facing web
servers. The engineer decides to start by using netcat to port 80.
The engineer receives this output: HTTP/1.1 200 OK
Server: Microsoft-IIS/6
Expires: Tue, 17 Jan 2011 01:41:33 GMT
Date: Mon, 16 Jan 2011 01:41:33 GMT
Content-Type: text/html Accept-Ranges: bytes
Last Modified: Wed, 28 Dec 2010 15:32:21 GMT ETag:“b0aac0542e25c31:89d”
Content-Length: 7369
Which of the following is an example of what the engineer performed?
A. Banner grabbing
B. SQL injection
C. Whois database query
D. Cross-site scripting
Answer: A
NEW QUESTION 167

- (Exam Topic 3)
Which type of attack attempts to overflow the content-addressable memory (CAM) table in an Ethernet switch?
A. Evil twin attack

B. DNS cache flooding
C. MAC flooding
D. DDoS attack
Answer: C
NEW QUESTION 172

- (Exam Topic 3)
Which iOS jailbreaking technique patches the kernel during the device boot so that it becomes jailbroken after each successive reboot?
A. Tethered jailbreaking
B. Semi-tethered jailbreaking
C. Untethered jailbreaking
D. Semi-Untethered jailbreaking
Answer: C
Explanation:
An untethered jailbreak is one that allows a telephone to finish a boot cycle when being pwned with none interruption to jailbreak-oriented practicality.
Untethered jailbreaks area unit the foremost sought-after of all, however they’re additionally the foremost difficult to attain due to the powerful exploits and organic
process talent they need. associate unbound jailbreak is sent over a physical USB cable association to a laptop or directly on the device itself by approach of
associate application-based exploit, like a web site in campaign.
Upon running associate unbound jailbreak, you’ll be able to flip your pwned telephone off and on once more while not running the jailbreak tool once more. all of
your jailbreak tweaks and apps would then continue in operation with none user intervention necessary.
It’s been an extended time since IOS has gotten the unbound jailbreak treatment. the foremost recent example was the computer-based Pangu break, that
supported most handsets that ran IOS nine.1. We’ve additionally witnessed associate unbound jailbreak within the kind of JailbreakMe, that allowed users to pwn
their handsets directly from the mobile campaign applications programme while not a laptop.
NEW QUESTION 177

- (Exam Topic 2)
Larry, a security professional in an organization, has noticed some abnormalities In the user accounts on a web server. To thwart evolving attacks, he decided to
harden the security of the web server by adopting a countermeasures to secure the accounts on the web server.
Which of the following countermeasures must Larry implement to secure the user accounts on the web server?
A. Enable unused default user accounts created during the installation of an OS

B. Enable all non-interactive accounts that should exist but do not require interactive login
C. Limit the administrator or toot-level access to the minimum number of users
D. Retain all unused modules and application extensions
Answer: C

NEW QUESTION 180

- (Exam Topic 2)
What piece of hardware on a computer's motherboard generates encryption keys and only releases a part of the key so that decrypting a disk on a new piece of
hardware is not possible?
A. CPU
B. GPU
C. UEFI
D. TPM
Answer: D
Explanation:
The TPM is a chip that'psart of youcromputer's motherboard
— if you bought an off-the-shelf PC, it's soldered onto the motherboard. If you built your own computer, you can buy one as an add-on module if your motherboard
supports it. ThTe PM generates encryption keys, keeping part of the key to itself
NEW QUESTION 184

- (Exam Topic 2)
Ethical backer jane Doe is attempting to crack the password of the head of the it department of ABC company. She Is utilizing a rainbow table and notices upon
entering a password that extra characters are added to the password after submitting. What countermeasure is the company using to protect against rainbow
tables?
A. Password key hashing

B. Password salting
C. Password hashing
D. Account lockout
Answer: B
Explanation:
Passwords are usually delineated as “hashed and salted”. salting is simply the addition of a unique, random string of characters renowned solely to the site to
every parole before it’s hashed, typically this “salt” is placed in front of each password.
The salt value needs to be hold on by the site, which means typically sites use the same salt for each parole. This makes it less effective than if individual salts are
used.
The use of unique salts means that common passwords shared by multiple users – like “123456” or “password” – aren’t revealed revealed when one such
hashed password is known – because despite the passwords being the same the immediately and hashed values are not.
Large salts also protect against certain methods of attack on hashes, including rainbow tables or logs of hashed passwords previously broken.
Both hashing and salting may be repeated more than once to increase the issue in breaking the security.
NEW QUESTION 189

- (Exam Topic 2)
Andrew is an Ethical Hacker who was assigned the task of discovering all the active devices hidden by a restrictive firewall in the IPv4 range in a given target
network.
Which of the following host discovery techniques must he use to perform the given task?
A. UDP scan
B. TCP Maimon scan
C. arp ping scan
D. ACK flag probe scan
Answer: C
Explanation:
One of the most common Nmap usage scenarios is scanning an Ethernet LAN. Most LANs, especially those that use the private address range granted by RFC
1918, do not always use the overwhelming majority of IP addresses. When Nmap attempts to send a raw IP packet, such as an ICMP echo request, the OS must
determine a destination hardware (ARP) address, such as the target IP, so that the Ethernet frame can be properly addressed. .. This is required to issue a series
of ARP requests. This is best illustrated by an example where a ping scan is attempted against an Area Ethernet host. The –send-ip option tells Nmap to send IP-
level packets (rather than raw Ethernet), even on area networks. The Wireshark output of the three ARP requests and their timing have been pasted into the
session.
Raw IP ping scan example for offline targetsThis example took quite a couple of seconds to finish because the (Linux) OS sent three ARP requests at 1 second
intervals before abandoning the host. Waiting for a few seconds is excessive, as long as the ARP response usually arrives within a few milliseconds. Reducing this
timeout period is not a priority for OS vendors, as the overwhelming majority of packets are sent to the host that actually exists. Nmap, on the other hand, needs to
send packets to 16 million IP s given a target like 10.0.0.0/8. Many targets are pinged in parallel, but waiting 2 seconds each is very delayed.
There is another problem with raw IP ping scans on the LAN. If the destination host turns out to be unresponsive, as in the previous example, the source host
usually adds an incomplete entry for that destination IP to the kernel ARP table. ARP tablespaces are finite and some operating systems become unresponsive
when full. If Nmap is used in rawIP mode (–send-ip), Nmap may have to wait a few minutes for the ARP cache entry to expire before continuing host discovery.
ARP scans solve both problems by giving Nmap the highest priority. Nmap issues raw ARP requests and handles retransmissions and timeout periods in its sole
discretion. The system ARP cache is bypassed. The example shows the difference. This ARP scan takes just over a tenth of the time it takes for an equivalent IP.
Example b ARP ping scan of offline target
In example b, neither the -PR option nor the -send-eth option has any effect. This is often because ARP has a default scan type on the Area Ethernet network
when scanning Ethernet hosts that Nmap discovers. This includes traditional wired Ethernet as 802.11 wireless networks. As mentioned above, ARP scanning is
not only more efficient, but also more accurate. Hosts frequently block IP-based ping packets, but usually cannot block ARP requests or responses and
communicate over the network.Nmap uses ARP instead of all targets on equivalent targets, even if different ping types (such as -PE and -PS) are specified. LAN..
If you do not need to attempt an ARP scan at all, specify –send-ip as shown in Example a “Raw IP Ping Scan for Offline Targets”.
If you give Nmap control to send raw Ethernet frames, Nmap can also adjust the source MAC address. If you have the only PowerBook in your security conference
room and a large ARP scan is initiated from an

Apple-registered MAC address, your head may turn to you. Use the –spoof-mac option to spoof the MAC
address as described in the MAC Address Spoofing section.
NEW QUESTION 192

- (Exam Topic 2)
This form of encryption algorithm is asymmetric key block cipher that is characterized by a 128-bit block size, and its key size can be up to 256 bits. Which among
the following is this encryption algorithm?
A. Twofish encryption algorithm

B. HMAC encryption algorithm
C. IDEA
D. Blowfish encryption algorithm
Answer: A
Explanation:
Twofish is an encryption algorithm designed by Bruce Schneier. It’s a symmetric key block cipher with a block size of 128 bits, with keys up to 256 bits. it’s
associated with AES (Advanced Encryption Standard) and an earlier block cipher called Blowfish. Twofish was actually a finalist to become the industry standard
for encryption, but was ultimately beaten out by the present AES.Twofish has some distinctive features that set it aside from most other cryptographic protocols.
For one, it uses pre-computed, key-dependent S-boxes. An S- box (substitution-box) may be a basic component of any symmetric key algorithm which performs
substitution. within the context of Twofish’s block cipher, the S-box works to obscure the connection of the key to the ciphertext. Twofish uses a pre-computed, key-
dependent S-box which suggests that the S-box is already provided, but depends on the cipher key to decrypt the knowledge .
How Secure is Twofish?Twofish is seen as a really secure option as far as encryption protocols go. one among the explanation that it wasn’t selected because the
advanced encryption standard is thanks to its slower speed. Any encryption standard that uses a 128-bit or higher key, is theoretically safe from brute force
attacks. Twofish is during this category.Because Twofish uses “pre-computed key-dependent S-boxes”, it are often susceptible to side channel attacks. this is
often thanks to the tables being pre-computed. However, making these tables key-dependent helps mitigate that risk. There are a couple of attacks on Twofish, but
consistent with its creator, Bruce Schneier, it didn’t constitute a real cryptanalysis. These attacks didn’t constitue a practical break within the cipher.
Products That Use TwofishGnuPG: GnuPG may be a complete and free implementation of the OpenPGP standard as defined by RFC4880 (also referred to as
PGP). GnuPG allows you to encrypt and sign your data and communications; it features a flexible key management system, along side access modules for all
types of public key directories.KeePass: KeePass may be a password management tool that generates passwords with top-notch security. It’s a free, open
source, lightweight and easy-to-use password manager with many extensions and plugins.Password Safe: Password Safe uses one master password to stay all of
your passwords protected, almost like the functionality of most of the password managers on this list. It allows you to store all of your passwords during a single
password database, or multiple databases for various purposes. Creating a database is straightforward , just create the database, set your master password.PGP
(Pretty Good Privacy): PGP is employed mostly for email encryption, it encrypts the content of the e-mail . However, Pretty Good Privacy doesn’t encrypt the topic
and sender of the e-mail , so make certain to never put sensitive information
in these fields when using PGP.TrueCrypt: TrueCrypt may be a software program that encrypts and protects files on your devices. With TrueCrypt the encryption is
transparent to the user and is completed locally at the user’s computer. this suggests you’ll store a TrueCrypt file on a server and TrueCrypt will encrypt that file
before it’s sent over the network.
NEW QUESTION 193

- (Exam Topic 2)
jane invites her friends Alice and John over for a LAN party. Alice and John access Jane's wireless network without a password. However. Jane has a long,
complex password on her router. What attack has likely occurred?
A. Wireless sniffing
B. Piggybacking
C. Evil twin
D. Wardriving
Answer: C
Explanation:
An evil twin may be a fraudulent Wi-Fi access point that appears to be legitimate but is about up to pay attention to wireless communications.[1] The evil twin is
that the wireless LAN equivalent of the phishing scam.This type of attack could also be wont to steal the passwords of unsuspecting users, either by monitoring
their connections or by phishing, which involves fixing a fraudulent internet site and luring people there.The attacker snoops on Internet traffic employing a bogus
wireless access point. Unwitting web users could also be invited to log into the attacker’s server, prompting them to enter sensitive information like usernames and
passwords. Often, users are unaware they need been duped until well after the incident has occurred.When users log into unsecured (non-HTTPS) bank or e-mail
accounts, the attacker intercepts the transaction, since it’s sent through their equipment. The attacker is additionally ready to hook up with other networks related
to the users’ credentials.Fake access points are found out by configuring a wireless card to act as an access point (known as HostAP). they’re hard to trace since
they will be shut off instantly. The counterfeit access point could also be given an equivalent SSID and BSSID as a close-by Wi-Fi network. The evil twin are often
configured to pass Internet traffic through to the legitimate access point while monitoring the victim’s connection, or it can simply say the system is temporarily
unavailable after obtaining a username and password.
NEW QUESTION 196

- (Exam Topic 2)
in the Common Vulnerability Scoring System (CVSS) v3.1 severity ratings, what range does medium vulnerability fall in?
A. 3.0-6.9
B. 40-6.0
C. 4.0-6.9
D. 3.9-6.9
Answer: C
Explanation:

NEW QUESTION 197

- (Exam Topic 2)
What type of analysis is performed when an attacker has partial knowledge of inner-workings of the application?
A. Black-box
B. Announced
C. White-box
D. Grey-box
Answer: D
NEW QUESTION 202

- (Exam Topic 2)
You went to great lengths to install all the necessary technologies to prevent hacking attacks, such as expensive firewalls, antivirus software, anti-spam systems
and intrusion detection/prevention tools in your company's network. You have configured the most secure policies and tightened every device on your
network. You are confident that hackers will never be able to gain access to your network with complex security system in place.
Your peer, Peter Smith who works at the same department disagrees with you.
He says even the best network security technologies cannot prevent hackers gaining access to the network because of presence of "weakest link" in the security
chain.
What is Peter Smith talking about?
A. Untrained staff or ignorant computer users who inadvertently become the weakest link in your security chain
B. "zero-day" exploits are the weakest link in the security chain since the IDS will not be able to detect these attacks
C. "Polymorphic viruses" are the weakest link in the security chain since the Anti-Virus scanners will not be able to detect these attacks
D. Continuous Spam e-mails cannot be blocked by your security system since spammers use different techniques to bypass the filters in your gateway
Answer: A
NEW QUESTION 207

- (Exam Topic 2)
Steve, an attacker, created a fake profile on a social media website and sent a request to Stella. Stella was enthralled by Steve's profile picture and the description
given for his profile, and she initiated a conversation with him soon after accepting the request. After a few days. Sieve started asking about her company details
and eventually gathered all the essential information regarding her company. What is the social engineering technique Steve employed in the above scenario?
A. Diversion theft
B. Baiting
C. Honey trap
D. Piggybacking
Answer: C
Explanation:
The honey trap is a technique where an attacker targets a person online by pretending to be an attractive person and then begins a fake online relationship to
obtain confidential information about the target company. In this technique, the victim is an insider who possesses critical information about the target organization.
Baiting is a technique in which attackers offer end users something alluring in exchange for important information such as login details and other sensitive data.
This technique relies on the curiosity and greed of the end-users. Attackers perform this technique by leaving a physical device such as a USB flash drive
containing malicious files in locations where people can easily find them, such as parking lots, elevators, and bathrooms. This physical device is labeled with a
legitimate company's logo, thereby tricking end-users into trusting it and opening it on their systems. Once the victim connects and opens the device, a malicious
file downloads. It infects the system and allows the attacker to take control.
For example, an attacker leaves some bait in the form of a USB drive in the elevator with the label "Employee Salary Information 2019" and a legitimate company's
logo. Out of curiosity and greed, the victim picks up the device and opens it up on their system, which downloads the
bait. Once the bait is downloaded, a piece of malicious software installs on the victim's system, giving the attacker access.
NEW QUESTION 209

- (Exam Topic 2)
Robin, a professional hacker, targeted an organization's network to sniff all the traffic. During this process. Robin plugged in a rogue switch to an unused port in the
LAN with a priority lower than any other switch in
the network so that he could make it a root bridge that will later allow him to sniff all the traffic in the network.
What is the attack performed by Robin in the above scenario?
A. ARP spoofing attack

B. VLAN hopping attack

C. DNS poisoning attack
D. STP attack
Answer: D
Explanation:
STP prevents bridging loops in a redundant switched network environment. By avoiding loops, you can ensure that broadcast traffic does not become a traffic
storm.
STP is a hierarchical tree-like topology with a “root” switch at the top. A switch is elected as root based on the lowest configured priority of any switch (0 through
65,535). When a switch boots up, it begins a process of identifying other switches and determining the root bridge. After a root bridge is elected, the topology is
established from its perspective of the connectivity. The switches determine the path to the root bridge, and all redundant paths are blocked. STP sends
configuration and topology change notifications and acknowledgments (TCN/TCA) using bridge protocol data units (BPDU).
An STP attack involves an attacker spoofing the root bridge in the topology. The attacker broadcasts out an STP configuration/topology change BPDU in an
attempt to force an STP recalculation. The BPDU sent out announces that the attacker’s system has a lower bridge priority. The attacker can then see a variety of
frames forwarded from other switches to it. STP recalculation may also cause a denial-of-service (DoS) condition on the network by causing an interruption of 30 to
45 seconds each time the root bridge changes. An attacker using STP network topology changes to force its host to be elected as the root bridge.
switch
NEW QUESTION 211

- (Exam Topic 2)
Taylor, a security professional, uses a tool to monitor her company's website, analyze the website's traffic, and track the geographical location of the users visiting
the company's website. Which of the following tools did Taylor employ in the above scenario?
A. WebSite Watcher
B. web-Stat
C. Webroot
D. WAFW00F
Answer: B
Explanation:
Increase your web site’s performance and grow! Add Web-Stat to your site (it’s free!) and watch individuals act together with your pages in real time.
Learn how individuals realize your web site. Get details concerning every visitor’s path through your web site and track pages that flip browsers into consumers.
One-click install. observe locations, in operation systems, browsers and screen sizes and obtain alerts for new guests and conversions
NEW QUESTION 215

- (Exam Topic 2)
Gilbert, a web developer, uses a centralized web API to reduce complexity and increase the Integrity of updating and changing data. For this purpose, he uses a
web service that uses HTTP methods such as PUT. POST. GET. and DELETE and can improve the overall performance, visibility, scalability, reliability, and
portability of an application. What is the type of web-service API mentioned in the above scenario?
A. JSON-RPC
B. SOAP API
C. RESTful API
D. REST API
Answer: C
Explanation:
*REST is not a specification, tool, or framework, but instead is an architectural style for web services that serves as a communication medium between various
systems on the web. *RESTful APIs, which are also known as RESTful services, are designed using REST principles and HTTP communication protocols RESTful
is a collection of resources that use HTTP methods such as PUT, POST, GET, and DELETE
RESTful API: RESTful API is a RESTful service that is designed using REST principles and HTTP communication protocols. RESTful is a collection of resources
that use HTTP methods such as PUT, POST, GET, and DELETE. RESTful API is also designed to make applications independent to improve the overall
performance, visibility, scalability, reliability, and portability of an application. APIs with the following features can be referred to as to RESTful APIs: o Stateless:
The client end stores the state of the session; the server is restricted to save data during the request processing o Cacheable: The client should save responses
(representations) in the cache. This feature can enhance API performance pg. 1920 CEHv11 manual.
https://cloud.google.com/files/apigee/apigee-web-api-design-the-missing-link-ebook.pdf
The HTTP methods GET, POST, PUT or PATCH, and DELETE can be used with these templates to read, create, update, and delete description resources for
dogs and their owners. This API style has become popular for many reasons. It is straightforward and intuitive, and learning this pattern is similar to learning a
programming language API. APIs like this one are commonly called RESTful APIs, although they do not display all of the characteristics that define REST (more
on REST later).
NEW QUESTION 219

- (Exam Topic 2)
An attacker redirects the victim to malicious websites by sending them a malicious link by email. The link appears authentic but redirects the victim to a malicious
web page, which allows the attacker to steal the victim's data. What type of attack is this?
A. Phishing

B. Vlishing
C. Spoofing
D. DDoS
Answer: A
Explanation:
https://en.wikipedia.org/wiki/Phishing
Phishing is a type of social engineering attack often used to steal user data, including login credentials and credit card numbers. It occurs when an attacker,
masquerading as a trusted entity, dupes a victim into opening an email, instant message, or text message. The recipient is then tricked into clicking a malicious
link, which can lead to the installation of malware, the freezing of the system as part of a ransomware attack, or the revealing of sensitive information.
An attack can have devastating results. For individuals, this includes unauthorized purchases, the stealing of funds, or identify theft.
Moreover, phishing is often used to gain a foothold in corporate or governmental networks as a part of a larger attack, such as an advanced persistent threat (APT)
event. In this latter scenario, employees are compromised in order to bypass security perimeters, distribute malware inside a closed environment, or gain
privileged access to secured data.
An organization succumbing to such an attack typically sustains severe financial losses in addition to declining market share, reputation, and consumer trust.
Depending on the scope, a phishing attempt might escalate into a security incident from which a business will have a difficult time recovering.
NEW QUESTION 220

- (Exam Topic 2)
George is a security professional working for iTech Solutions. He was tasked with securely transferring sensitive data of the organization between industrial
systems. In this process, he used a short-range communication protocol based on the IEEE 203.15.4 standard. This protocol is used in devices that transfer data
infrequently at a low rate in a restricted area, within a range of 10-100 m. What is the short-range wireless communication technology George employed in the
above scenario?
A. MQTT
B. LPWAN
C. Zigbee
D. NB-IoT
Answer: C
Explanation:
Zigbee could be a wireless technology developed as associate open international normal to deal with the unique desires of affordable, low-power wireless IoT
networks. The Zigbee normal operates on the IEEE 802.15.4 physical radio specification and operates in unauthorised bands as well as a pair of.4 GHz, 900 MHz
and 868 MHz.
The 802.15.4 specification upon that the Zigbee stack operates gained confirmation by the Institute of Electrical and physical science Engineers (IEEE) in 2003.
The specification could be a packet-based radio protocol supposed for affordable, battery-operated devices. The protocol permits devices to speak in an
exceedingly kind of network topologies and may have battery life lasting many years.
The Zigbee three.0 Protocol
The Zigbee protocol has been created and ratified by member corporations of the Zigbee Alliance.Over three hundred leading semiconductor makers, technology
corporations, OEMs and repair corporations comprise the Zigbee Alliance membership. The Zigbee protocol was designed to supply associate easy-to-use
wireless information answer characterised by secure, reliable wireless network architectures.
THE ZIGBEE ADVANTAGE
The Zigbee 3.0 protocol is intended to speak information through rip-roaring RF environments that area unit common in business and industrial applications.
Version 3.0 builds on the prevailing Zigbee normal however unifies the market-specific application profiles to permit all devices to be wirelessly connected within
the same network, no matter their market designation and performance. what is more, a Zigbee 3.0 certification theme ensures the ability of product from
completely different makers. Connecting Zigbee three.0 networks to the information science domain unveil observance and management from devices like
smartphones and tablets on a local area network or WAN, as well as the web, and brings verity net of Things to fruition.
Zigbee protocol options include:
Support for multiple network topologies like point-to-point, point-to-multipoint and mesh networks
Low duty cycle – provides long battery life
Low latency
Direct Sequence unfold Spectrum (DSSS)
Up to 65,000 nodes per network
128-bit AES encryption for secure information connections
Collision avoidance, retries and acknowledgements
This is another short-range communication protocol based on the IEEE 203.15.4 standard. Zig-Bee is used in devices that transfer data infrequently at a low rate in
a restricted area and within a range of 10–100 m.
NEW QUESTION 224

- (Exam Topic 2)
You are a penetration tester working to test the user awareness of the employees of the client xyz. You harvested two employees' emails from some public
sources and are creating a client-side backdoor to send it to the employees via email. Which stage of the cyber kill chain are you at?
A. Reconnaissance
B. Command and control
C. Weaponization
D. Exploitation
Answer: C
Explanation:
Weaponization
The adversary analyzes the data collected in the previous stage to identify the vulnerabilities and techniques that can exploit and gain unauthorized access to the
target organization. Based on the vulnerabilities identified during analysis, the adversary selects or creates a tailored deliverable malicious payload (remote-access
malware weapon) using an exploit and a backdoor to send it to the victim. An adversary may target specific network devices, operating systems, endpoint devices,
or even

individuals within the organization to carry out their attack. For example, the adversary
may send a phishing email to an employee of the target organization, which may include a malicious attachment such as a virus or worm that, when downloaded,
installs a backdoor on the system that allows remote access to the adversary. The following are the activities of the adversary: o Identifying appropriate malware
payload based on the analysis o Creating a new malware payload or selecting, reusing, modifying the available malware payloads based on the identified
vulnerability
o Creating a phishing email campaign o Leveraging exploit kits and botnets
https://en.wikipedia.org/wiki/Kill_chain
The Cyber Kill Chain consists of 7 steps: Reconnaissance, weaponization, delivery, exploitation, installation, command and control, and finally, actions on
objectives. Below you can find detailed information on each.
* 1. Reconnaissance:
In this step, the attacker/intruder chooses their target. Then they conduct in-depth research
on this target to identify its vulnerabilities that can be exploited.
* 2. Weaponization:
In this step, the intruder creates a malware weapon like a virus, worm, or such to exploit
the target's vulnerabilities. Depending on the target and the purpose of the attacker, this malware can exploit new, undetected vulnerabilities (also known as the
zero-day exploits) or focus on a combination of different vulnerabilities.
* 3. Delivery:
This step involves transmitting the weapon to the target. The intruder/attacker can employ
different USB drives, e-mail attachments, and websites for this purpose.
* 4. Exploitation:
In this step, the malware starts the action. The program code of the malware is triggered to
exploit the target’s vulnerability/vulnerabilities.
* 5. Installation:
In this step, the malware installs an access point for the intruder/attacker. This access point is
also known as the backdoor.
* 6. Command and Control:
The malware gives the intruder/attacker access to the network/system.
* 7. Actions on Objective:
Once the attacker/intruder gains persistent access, they finally take action to fulfill
their purposes, such as encryption for ransom, data exfiltration, or even data destruction.
NEW QUESTION 228

- (Exam Topic 2)
Johnson, an attacker, performed online research for the contact details of reputed cybersecurity firms. He found the contact number of sibertech.org and dialed the
number, claiming himself to represent a technical support team from a vendor. He warned that a specific server is about to be compromised and requested
sibertech.org to follow the provided instructions. Consequently, he prompted the victim to execute unusual commands and install malicious files, which were then
used to collect and pass critical Information to Johnson's machine. What is the social engineering technique Steve employed in the above scenario?
A. Quid pro quo

B. Diversion theft
C. Elicitation
D. Phishing
Answer: A
Explanation:
https://www.eccouncil.org/what-is-social-engineering/
This Social Engineering scam involves an exchange of information that can benefit both the victim and the trickster. Scammers would make the prey believe that a
fair exchange will be present between both sides, but in reality, only the fraudster stands to benefit, leaving the victim hanging on to nothing. An example of a Quid
Pro Quo is a scammer pretending to be an IT support technician. The con artist asks for the login credentials of the company’s computer saying that the company
is going to receive technical support in return. Once the victim has provided the credentials, the scammer now has control over the company’s computer and may
possibly load malware or steal personal information that can be a motive to commit identity theft.
"A quid pro quo attack (aka something for something” attack) is a variant of baiting. Instead of baiting a target with the promise of a good, a quid pro quo attack
promises a service or a benefit based on the execution of a specific action."
https://resources.infosecinstitute.com/topic/common-social-engineering-attacks/#:~:text=A%20quid%20pro%20
NEW QUESTION 230

- (Exam Topic 2)
A friend of yours tells you that he downloaded and executed a file that was sent to him by a coworker. Since the file did nothing when executed, he asks you for
help because he suspects that he may have installed a trojan on his computer.
what tests would you perform to determine whether his computer Is Infected?
A. Use ExifTool and check for malicious content.

B. You do not check; rather, you immediately restore a previous snapshot of the operating system.
C. Upload the file to VirusTotal.
D. Use netstat and check for outgoing connections to strange IP addresses or domains.
Answer: D
NEW QUESTION 231

- (Exam Topic 2)
John, a professional hacker, targeted an organization that uses LDAP for accessing distributed directory services. He used an automated tool to anonymously
query the IDAP service for sensitive information such as usernames. addresses, departmental details, and server names to launch further attacks on the target
organization.
What is the tool employed by John to gather information from the IDAP service?
A. jxplorer
B. Zabasearch
C. EarthExplorer
D. Ike-scan

Answer: A
Explanation:
JXplorer could be a cross platform LDAP browser and editor. it’s a standards compliant general purpose LDAP client which will be used to search, scan and edit
any commonplace LDAP directory, or any directory service with an LDAP or DSML interface.
It is extremely flexible and can be extended and custom in a very number of the way. JXplorer is written in java, and also the source code and source code build
system ar obtainable via svn or as a packaged build for users who wish to experiment or any develop the program.
JX is is available in 2 versions; the free open source version under an OSI Apache two style licence, or within the JXWorkBench Enterprise bundle with inbuilt
reporting, administrative and security tools.
JX has been through a number of different versions since its creation in 1999; the foremost recent stable release is version 3.3.1, the August 2013 release.
JXplorer could be a absolutely useful LDAP consumer with advanced security integration and support for the harder and obscure elements of the LDAP protocol.
it’s been tested on Windows, Solaris, linux and OSX, packages are obtainable for HPUX, AIX, BSD and it should run on any java supporting OS.
NEW QUESTION 236

- (Exam Topic 2)
Which file is a rich target to discover the structure of a website during web-server footprinting?
A. Document root
B. Robots.txt
C. domain.txt
D. index.html
Answer: B
NEW QUESTION 240

- (Exam Topic 2)
While testing a web application in development, you notice that the web server does not properly ignore the “dot dot slash” (../) character string and instead
returns the file listing of a folder structure of the server.
What kind of attack is possible in this scenario?
A. Cross-site scripting
B. Denial of service
C. SQL injection
D. Directory traversal
Answer: D
Explanation:
Appropriately controlling admittance to web content is significant for running a safe web worker. Index crossing or Path Traversal is a HTTP assault which permits
aggressors to get to limited catalogs and execute orders outside of the web worker’s root registry.
Web workers give two primary degrees of security instruments
Access Control Lists (ACLs)
Root index
An Access Control List is utilized in the approval cycle. It is a rundown which the web worker’s manager uses to show which clients or gatherings can get to,
change or execute specific records on the worker, just as other access rights.
The root registry is a particular index on the worker record framework in which the clients are kept. Clients can’t get to anything over this root.
For instance: the default root registry of IIS on Windows is C:\Inetpub\wwwroot and with this arrangement, a client doesn’t approach C:\Windows yet approaches
C:\Inetpub\wwwroot\news and some other indexes and documents under the root catalog (given that the client is confirmed by means of the ACLs).
The root index keeps clients from getting to any documents on the worker, for example, C:\WINDOWS/system32/win.ini on Windows stages and the/and so
on/passwd record on Linux/UNIX stages.
This weakness can exist either in the web worker programming itself or in the web application code.
To play out a registry crossing assault, all an assailant requires is an internet browser and some information on where to aimlessly discover any default documents
and registries on the framework.
What an assailant can do if your site is defenselessWith a framework defenseless against index crossing, an aggressor can utilize this weakness to venture out of
the root catalog and access different pieces of the record framework. This may enable the assailant to see confined documents, which could give the aggressor
more data needed to additional trade off the framework.
Contingent upon how the site access is set up, the aggressor will execute orders by mimicking himself as the client which is related with “the site”. Along these
lines everything relies upon what the site client has been offered admittance to in the framework.
Illustration of a Directory Traversal assault by means of web application codeIn web applications with dynamic pages, input is generally gotten from programs
through GET or POST solicitation techniques. Here is an illustration of a HTTP GET demand URL
GET
http://test.webarticles.com/show.asp?view=oldarchive.html HTTP/1.1 Host: test.webarticles.com
With this URL, the browser requests the dynamic page show.asp from the server and with it also sends the parameter view with the value of oldarchive.html. When
this request is executed on the web
server, show.asp retrieves the file oldarchive.html from the server’s file system, renders it and then sends back to the browser which displays it to the user. The
attacker would assume that show.asp can retrieve files from the file system and sends the following custom URL.
GET
http://test.webarticles.com/show.asp?view=../../../../../Windows/system.ini HTTP/1.1 Host: test.webarticles.com
This will cause the dynamic page to retrieve the file system.ini from the file system and display it to the user The expression ../ instructs the system to go one
directory up which is commonly used as an operating system directive. The attacker has to guess how many directories he has to go up to find the Windows folder
on the system, but this is easily done by trial and error.
Example of a Directory Traversal attack via web serverApart from vulnerabilities in the code, even the web server itself can be open to directory traversal attacks.
The problem can either be incorporated into the web server software or inside some sample script files left available on the server.
The vulnerability has been fixed in the latest versions of web server software, but there are web servers online which are still using older versions of IIS and
Apache which might be open to directory traversal attacks. Even though you might be using a web server software version that has fixed this vulnerability, you
might still have some sensitive default script directories exposed which are well known to hackers.
For example, a URL request which makes use of the scripts directory of IIS to traverse directories and execute a command can be
GET
http://server.com/scripts/..%5c../Windows/System32/cmd.exe?/c+dir+c:\ HTTP/1.1 Host: server.com
The request would return to the user a list of all files in the C:\ directory by executing the cmd.exe comm shell file and run the command dir c:\ in the shell. The

%5c expression that is in the URL request is a we server escape code which is used to represent normal characters. In this case %5c represents the character \
Newer versions of modern web server software check for these escape codes and do not let them through. Some older versions however, do not filter out these
codes in the root directory enforcer and will let the attackers execute such commands.
NEW QUESTION 241

- (Exam Topic 2)
These hackers have limited or no training and know how to use only basic techniques or tools. What kind of hackers are we talking about?
A. Black-Hat Hackers A
B. Script Kiddies
C. White-Hat Hackers
D. Gray-Hat Hacker
Answer: B
Explanation:
Script Kiddies: These hackers have limited or no training and know how to use only basictechniques or tools. Even then they may not understand any or all of what
they are doing.
NEW QUESTION 245

- (Exam Topic 2)
You work for Acme Corporation as Sales Manager. The company has tight network security restrictions. You are trying to steal data from the company's Sales
database (Sales.xls) and transfer them to your home computer. Your company filters and monitors traffic that leaves from the internal network to the Internet. How
will you achieve this without raising suspicion?
A. Encrypt the Sales.xls using PGP and e-mail it to your personal gmail account
B. Package the Sales.xls using Trojan wrappers and telnet them back your home computer
C. You can conceal the Sales.xls database in another file like photo.jpg or other files and send it out in aninnocent looking email or file transfer using
Steganography techniques
D. Change the extension of Sales.xls to sales.txt and upload them as attachment to your hotmail account
Answer: C
NEW QUESTION 247

- (Exam Topic 2)
What is one of the advantages of using both symmetric and asymmetric cryptography in SSL/TLS?
A. Symmetric algorithms such as AES provide a failsafe when asymmetric methods fail.
B. Asymmetric cryptography is computationally expensive in compariso
C. However, it is well-suited to securely negotiate keys for use with symmetric cryptography.
D. Symmetric encryption allows the server to securely transmit the session keys out-of-band.
E. Supporting both types of algorithms allows less-powerful devices such as mobile phones to use symmetric encryption instead.
Answer: D
NEW QUESTION 251

- (Exam Topic 2)
John, a disgruntled ex-employee of an organization, contacted a professional hacker to exploit the organization. In the attack process, the professional hacker
Installed a scanner on a machine belonging to one of the vktims and scanned several machines on the same network to Identify vulnerabilities to perform further
exploitation. What is the type of vulnerability assessment tool employed by John in the above scenario?
A. Proxy scanner
B. Agent-based scanner
C. Network-based scanner
D. Cluster scanner
Answer: C
Explanation:
Network-based scanner
A network-based vulnerability scanner, in simplistic terms, is the process of identifying loopholes on a computer’s network or IT assets, which hackers and threat
actors can exploit. By implementing this process, one can successfully identify their organization’s current risk(s). This is not where the buck stops; one can also
verify the effectiveness of your system's security measures while improving internal and external defenses. Through this review, an organization is well equipped to
take an extensive inventory of all systems, including operating systems, installed software, security patches, hardware, firewalls, anti-virus software, and much
more.
Agent-based scanner
Agent-based scanners make use of software scanners on each and every device; the results of the scans are reported back to the central server. Such scanners
are well equipped to find and report out on a range of vulnerabilities.
NOTE: This option is not suitable for us, since for it to work, you need to install a special agent on each computer before you start collecting data from them.
NEW QUESTION 252

- (Exam Topic 2)
This kind of password cracking method uses word lists in combination with numbers and special characters:
A. Hybrid
B. Linear
C. Symmetric
D. Brute Force

Answer: A
NEW QUESTION 257

- (Exam Topic 2)
Password cracking programs reverse the hashing process to recover passwords. (True/False.)
A. True
B. False
Answer: B
NEW QUESTION 258

- (Exam Topic 2)
You are programming a buffer overflow exploit and you want to create a NOP sled of 200 bytes in the program exploit.c
What is the hexadecimal value of NOP instruction?
A. 0x60
B. 0x80
C. 0x70
D. 0x90
Answer: D
NEW QUESTION 263

- (Exam Topic 2)
Ralph, a professional hacker, targeted Jane, who had recently bought new systems for her company. After a few days, Ralph contacted Jane while masquerading
as a legitimate customer support executive, informing that her systems need to be serviced for proper functioning and that customer support will send a computer
technician. Jane promptly replied positively. Ralph entered Jane's company using this opportunity and gathered sensitive information by scanning terminals for
passwords, searching for important documents in desks, and rummaging bins. What is the type of attack technique Ralph used on jane?
A. Dumpster diving
B. Eavesdropping
C. Shoulder surfing
D. impersonation
Answer: D
NEW QUESTION 268

- (Exam Topic 2)
Techno Security Inc. recently hired John as a penetration tester. He was tasked with identifying open ports in the target network and determining whether the ports
are online and any firewall rule sets are encountered. John decided to perform a TCP SYN ping scan on the target network. Which of the following Nmap
commands must John use to perform the TCP SYN ping scan?
A. nmap -sn -pp < target ip address >

B. nmap -sn -PO < target IP address >
C. nmap -sn -PS < target IP address >
D. nmap -sn -PA < target IP address >
Answer: C
Explanation:
https://hub.packtpub.com/discovering-network-hosts-with-tcp-syn-and-tcp-ack-ping-scans-in-nmaptutorial/
NEW QUESTION 273

- (Exam Topic 2)
You are analysing traffic on the network with Wireshark. You want to routinely run a cron job which will run the capture against a specific set of IPs -
192.168.8.0/24. What command you would use?
A. wireshark --fetch ''192.168.8*''

B. wireshark --capture --local masked 192.168.8.0 ---range 24
C. tshark -net 192.255.255.255 mask 192.168.8.0
D. sudo tshark -f''net 192 .68.8.0/24''
Answer: D
NEW QUESTION 276

- (Exam Topic 2)
which type of virus can change its own code and then cipher itself multiple times as it replicates?
A. Stealth virus

B. Tunneling virus
C. Cavity virus
D. Encryption virus
Answer: A
Explanation:
A stealth virus may be a sort of virus malware that contains sophisticated means of avoiding detection by antivirus software. After it manages to urge into the now-
infected machine a stealth viruses hides itself by continually renaming and moving itself round the disc.Like other viruses, a stealth virus can take hold of the many
parts of one’s PC. When taking control of the PC and performing tasks, antivirus programs can detect it, but a stealth virus sees that coming and can rename then
copy itself to a special drive or area on the disc, before the antivirus software. Once moved and renamed a stealth virus will usually replace the detected ‘infected’
file with a clean file that doesn’t trigger anti-virus detection. It’s a never-ending game of cat and mouse.The intelligent architecture of this sort of virus about
guarantees it’s impossible to completely rid oneself of it once infected. One would need to completely wipe the pc and rebuild it from scratch to completely
eradicate the presence of a stealth virus. Using regularly-updated antivirus software can reduce risk, but, as we all know, antivirus software is additionally caught in
an endless cycle of finding new threats and protecting against them.
https://www.techslang.com/definition/what-is-a-stealth-virus/
NEW QUESTION 277

- (Exam Topic 1)
What two conditions must a digital signature meet?
A. Has to be the same number of characters as a physical signature and must be unique.
B. Has to be unforgeable, and has to be authentic.
C. Must be unique and have special characters.
D. Has to be legible and neat.
Answer: B
NEW QUESTION 281

- (Exam Topic 1)
An attacker with access to the inside network of a small company launches a successful STP manipulation attack. What will he do next?
A. He will create a SPAN entry on the spoofed root bridge and redirect traffic to his computer.
B. He will activate OSPF on the spoofed root bridge.
C. He will repeat this action so that it escalates to a DoS attack.
D. He will repeat the same attack against all L2 switches of the network.
Answer: A
NEW QUESTION 284

- (Exam Topic 1)
You are tasked to perform a penetration test. While you are performing information gathering, you find an employee list in Google. You find the receptionist’s
email, and you send her an email changing the source email to her boss’s email (boss@company). In this email, you ask for a pdf with information. She reads
your email and sends back a pdf with links. You exchange the pdf links with your malicious links (these links contain malware) and send back the modified pdf,
saying that the links don’t work. She reads your email, opens the links, and her machine gets infected. You now have access to the company network. What
testing method did you use?
A. Social engineering
B. Piggybacking
C. Tailgating
D. Eavesdropping
Answer: A
Explanation:
Social engineering is the term used for a broad range of malicious activities accomplished through human interactions. It uses psychological manipulation to trick
users into making security mistakes or giving away
sensitive information.
Social engineering attacks typically involve some form of psychological manipulation, fooling otherwise unsuspecting users or employees into handing over
confidential or sensitive data. Commonly, social engineering involves email or other communication that invokes urgency, fear, or similar emotions in the victim,
leading the victim to promptly reveal sensitive information, click a malicious link, or open a malicious file. Because social engineering involves a human element,
preventing these attacks can be tricky for enterprises.
NEW QUESTION 287

- (Exam Topic 1)
DHCP snooping is a great solution to prevent rogue DHCP servers on your network. Which security feature on switchers leverages the DHCP snooping database
to help prevent man-in-the-middle attacks?
A. Spanning tree
B. Dynamic ARP Inspection (DAI)
C. Port security
D. Layer 2 Attack Prevention Protocol (LAPP)
Answer: B
Explanation:
Dynamic ARP inspection (DAI) protects switching devices against Address Resolution Protocol (ARP) packet spoofing (also known as ARP poisoning or ARP
cache poisoning).
DAI inspects ARPs on the LAN and uses the information in the DHCP snooping database on the switch to validate ARP packets and to protect against ARP

spoofing. ARP requests and replies are compared against entries in the DHCP snooping database, and filtering decisions are made based on the results of those
comparisons. When an attacker tries to use a forged ARP packet to spoof an address, the switch compares the address with entries in the database. If the media
access control (MAC) address or IP address in the ARP packet does not match a valid entry in the DHCP snooping database, the packet is dropped.
NEW QUESTION 292

- (Exam Topic 1)
An incident investigator asks to receive a copy of the event logs from all firewalls, proxy servers, and Intrusion Detection Systems (IDS) on the network of an
organization that has experienced a possible breach of security. When the investigator attempts to correlate the information in all of the logs, the sequence of
many of the logged events do not match up.
What is the most likely cause?
A. The network devices are not all synchronized.

B. Proper chain of custody was not observed while collecting the logs.
C. The attacker altered or erased events from the logs.
D. The security breach was a false positive.
Answer: A
Explanation:
Many network and system administrators don't pay enough attention to system clock accuracy and time synchronization. Computer clocks can run faster or slower
over time, batteries and power sources die, or daylight-saving time changes are forgotten. Sure, there are many more pressing security issues to deal with, but not
ensuring that the time on network devices is synchronized can cause problems. And these problems often only come to light after a security incident.
If you suspect a hacker is accessing your network, for example, you will want to analyze your log files to look for any suspicious activity. If your network's security
devices do not have synchronized times, the timestamps' inaccuracy makes it impossible to correlate log files from different sources. Not only will you have
difficulty in tracking events, but you will also find it difficult to use such evidence in court; you won't be able to illustrate a smooth progression of events as they
occurred throughout your network.
NEW QUESTION 295

- (Exam Topic 1)
CompanyXYZ has asked you to assess the security of their perimeter email gateway. From your office in New York, you craft a specially formatted email message
and send it across the Internet to an employee of CompanyXYZ. The employee of CompanyXYZ is aware of your test. Your email message looks like this:
From: jim_miller@companyxyz.com
To: michelle_saunders@companyxyz.com Subject: Test message Date: 4/3/2017 14:37
The employee of CompanyXYZ receives your email message.
This proves that CompanyXYZ’s email gateway doesn’t prevent what?
A. Email Masquerading
B. Email Harvesting
C. Email Phishing
D. Email Spoofing
Answer: D
Explanation:
Email spoofing is the fabrication of an email header in the hopes of duping the recipient into thinking the email originated from someone or somewhere other than
the intended source. Because core email protocols do not have a built-in method of authentication, it is common for spam and phishing emails to use said spoofing
to trick the recipient into trusting the origin of the message.
The ultimate goal of email spoofing is to get recipients to open, and possibly even respond to, a solicitation. Although the spoofed messages are usually just a
nuisance requiring little action besides removal, the more malicious varieties can cause significant problems and sometimes pose a real security threat.
NEW QUESTION 300

- (Exam Topic 1)
Under what conditions does a secondary name server request a zone transfer from a primary name server?
A. When a primary SOA is higher that a secondary SOA

B. When a secondary SOA is higher that a primary SOA
C. When a primary name server has had its service restarted
D. When a secondary name server has had its service restarted
E. When the TTL falls to zero
Answer: A
NEW QUESTION 304

- (Exam Topic 1)
Which address translation scheme would allow a single public IP address to always correspond to a single machine on an internal network, allowing "server
publishing"?
A. Overloading Port Address Translation

B. Dynamic Port Address Translation
C. Dynamic Network Address Translation
D. Static Network Address Translation
Answer: D
NEW QUESTION 307

- (Exam Topic 1)
Based on the following extract from the log of a compromised machine, what is the hacker really trying to steal?

A. har.txt
B. SAM file
C. wwwroot
D. Repair file
Answer: B
NEW QUESTION 311

- (Exam Topic 1)
The change of a hard drive failure is once every three years. The cost to buy a new hard drive is $300. It will require 10 hours to restore the OS and software to the
new hard disk. It will require a further 4 hours to restore the database from the last backup to the new hard disk. The recovery person earns $10/hour. Calculate
the SLE, ARO, and ALE. Assume the EF = 1(100%). What is the closest approximate cost of this replacement and recovery operation per year?
A. $1320
B. $440
C. $100
D. $146
Answer: D
Explanation:
* 1. AV (Asset value) = $300 + (14 * $10) = $440 - the cost of a hard drive plus the work of a recovery person, i.e.how much would it take to replace 1 asset? 10
hours for resorting the OS and soft + 4 hours for DB restore multiplies by hourly rate of the recovery person.
* 2. SLE (Single Loss Expectancy) = AV * EF (Exposure Factor) = $440 * 1 = $440
* 3. ARO (Annual rate of occurrence) = 1/3 (every three years, meaning the probability of occurring during 1
years is 1/3)
* 4. ALE (Annual Loss Expectancy) = SLE * ARO = 0.33 * $440 = $145.2
NEW QUESTION 316

- (Exam Topic 1)
Although FTP traffic is not encrypted by default, which layer 3 protocol would allow for end-to-end encryption of the connection?
A. SFTP
B. Ipsec
C. SSL
D. FTPS
Answer: B
Explanation:
https://en.wikipedia.org/wiki/IPsec
Internet Protocol Security (IPsec) is a secure network protocol suite that authenticates and encrypts the packets of data to provide secure encrypted
communication between two computers over an Internet Protocol network. It is used in virtual private networks (VPNs).
IPsec includes protocols for establishing mutual authentication between agents at the beginning of a session and negotiation of cryptographic keys to use during
the session. IPsec can protect data flows between a pair of hosts (host-to-host), between a pair of security gateways (network-to-network), or between a security
gateway and a host (network-to-host). IPsec uses cryptographic security services to protect communications over Internet Protocol (IP) networks. It supports
network-level peer authentication, data-origin authentication, data integrity, data confidentiality (encryption), and replay protection.
The initial IPv4 suite was developed with few security provisions. As a part of the IPv4 enhancement, IPsec is a layer 3 OSI model or internet layer end-to-end
security scheme. In contrast, while some other Internet security systems in widespread use operate above layer 3, such as Transport Layer Security (TLS) that
operates at the Transport Layer and Secure Shell (SSH) that operates at the Application layer, IPsec can automatically secure applications at the IP layer.
NEW QUESTION 320

- (Exam Topic 1)
A network admin contacts you. He is concerned that ARP spoofing or poisoning might occur on his network. What are some things he can do to prevent it? Select
the best answers.
A. Use port security on his switches.

B. Use a tool like ARPwatch to monitor for strange ARP activity.
C. Use a firewall between all LAN segments.
D. If you have a small network, use static ARP entries.
E. Use only static IP addresses on all PC's.
Answer: ABD
NEW QUESTION 325

- (Exam Topic 1)
What is the way to decide how a packet will move from an untrusted outside host to a protected inside that is behind a firewall, which permits the hacker to
determine which ports are open and if the packets can pass through the packet-filtering of the firewall?
A. Session hijacking
B. Firewalking
C. Man-in-the middle attack
D. Network sniffing
Answer: B
NEW QUESTION 328

- (Exam Topic 1)

By using a smart card and pin, you are using a two-factor authentication that satisfies
A. Something you are and something you remember

B. Something you have and something you know
C. Something you know and something you are
D. Something you have and something you are
Answer: B
Explanation:
Two-factor Authentication or 2FA is a user identity verification method, where two of the three possible authentication factors are combined to grant access to a
website or application.1) something the user knows, 2) something the user has, or 3) something the user is.
The possible factors of authentication are:
· Something the User Knows:
This is often a password, passphrase, PIN, or secret question. To satisfy this authentication challenge, the user must provide information that matches the answers
previously provided to the organization by that user, such as “Name the town in which you were born.”
· Something the User Has:
This involves entering a one-time password generated by a hardware authenticator. Users carry around an authentication device that will generate a one-time
password on command. Users then authenticate by providing this code to the organization. Today, many organizations offer software authenticators that can be
installed on the user’s mobile device.
· Something the User Is:
This third authentication factor requires the user to authenticate using biometric data. This can include fingerprint scans, facial scans, behavioral biometrics, and
more.
For example: In internet security, the most used factors of authentication are:
something the user has (e.g., a bank card) andsomething the user knows
., a PIN code). This is
two-factor authentication. Two-factor authentication is also sometimes referred to as strong authentication, Two-Step Verification, or 2FA.
The key difference between Multi-Factor Authentication (MFA) and Two-Factor Authentication (2FA) is that, as the term implies, Two-Factor Authentication utilizes
a combination of two out of three possible authentication factors. In contrast, Multi-Factor Authentication could utilize two or more of these authentication factors.
NEW QUESTION 333

- (Exam Topic 1)
While using your bank’s online servicing you notice the following string in the URL bar:
“http: // www. MyPersonalBank. com/ account?id=368940911028389&Damount=10980&Camount=21” You observe that if you modify the Damount & Camount
values and submit the request, that data on the web
page reflects the changes.
Which type of vulnerability is present on this site?
A. Cookie Tampering
B. SQL Injection
C. Web Parameter Tampering
D. XSS Reflection
Answer: C
NEW QUESTION 337

- (Exam Topic 1)
Which results will be returned with the following Google search query?
site:target.com – site:Marketing.target.com accounting
A. Results from matches on the site marketing.target.com that are in the domain target.com but do not include the word accounting.
B. Results matching all words in the query.
C. Results for matches on target.com and Marketing.target.com that include the word “accounting”
D. Results matching “accounting” in domain target.com but not on the site Marketing.target.com
Answer: D
NEW QUESTION 339

- (Exam Topic 1)
A company’s policy requires employees to perform file transfers using protocols which encrypt traffic. You suspect some employees are still performing file
transfers using unencrypted protocols because the employees do not like changes. You have positioned a network sniffer to capture traffic from the laptops used
by employees in the data ingest department. Using Wireshark to examine the captured traffic, which command can be used as display filter to find unencrypted file
transfers?
A. tcp.port = = 21
B. tcp.port = 23
C. tcp.port = = 21 | | tcp.port = =22
D. tcp.port ! = 21
Answer: A
NEW QUESTION 340

- (Exam Topic 1)
Study the following log extract and identify the attack.

A. Hexcode Attack
B. Cross Site Scripting
C. Multiple Domain Traversal Attack
D. Unicode Directory Traversal Attack
Answer: D
NEW QUESTION 345

- (Exam Topic 1)
As a securing consultant, what are some of the things you would recommend to a company to ensure DNS security?
A. Use the same machines for DNS and other applications

B. Harden DNS servers
C. Use split-horizon operation for DNS servers
D. Restrict Zone transfers
E. Have subnet diversity between DNS servers
Answer: BCDE
NEW QUESTION 346

- (Exam Topic 2)
Elliot is in the process of exploiting a web application that uses SQL as a back-end database. He’s determined that the application is vulnerable to SQL injection,
and has introduced conditional timing delays into injected queries to determine whether they are successful. What type of SQL injection is Elliot most likely
performing?
A. Error-based SQL injection

B. Blind SQL injection
C. Union-based SQL injection
D. NoSQL injection
Answer: B
NEW QUESTION 351

......

THANKS FOR TRYING THE DEMO OF OUR PRODUCT
Visit Our Site to Purchase the Full Set of Actual 312-50v12 Exam Questions With Answers.
We Also Provide Practice Exam Software That Simulates Real Exam Environment And Has Many Self-Assessment Features. Order the
312-50v12 Product From:
https://www.2passeasy.com/dumps/312-50v12/
Money Back Guarantee
312-50v12 Practice Exam Features:
* 312-50v12 Questions and Answers Updated Frequently
* 312-50v12 Practice Questions Verified by Expert Senior Certified Staff
* 312-50v12 Most Realistic Questions that Guarantee you a Pass on Your FirstTry
* 312-50v12 Practice Test Questions in Multiple Choice Formats and Updatesfor 1 Year

Powered by TCPDF (www.tcpdf.org)

Exam Questions 312-50V12: Certified Ethical Hacker Exam (Cehv12)

Uploaded by

Copyright:

Available Formats

Exam Questions 312-50V12: Certified Ethical Hacker Exam (Cehv12)

Uploaded by

Document Information

Original Title

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

Exam Questions 312-50V12: Certified Ethical Hacker Exam (Cehv12)

Uploaded by

Copyright:

Available Formats

Welcome to download the Newest 2passeasy 312-50v12 dumps

https://www.2passeasy.com/dumps/312-50v12/ (503 New Questions)

Exam Questions 312-50v12

Passing Certification Exams Made Easy visit - https://www.2PassEasy.com

A. An intruder sends a malicious attachment via email to a target.

Passing Certification Exams Made Easy visit - https://www.2PassEasy.com

A. vendor risk management

A. Advanced SMS phishing

A. DNS rebinding attack

Passing Certification Exams Made Easy visit - https://www.2PassEasy.com

A. Advanced persistent theft

Passing Certification Exams Made Easy visit - https://www.2PassEasy.com

A. A request sent by a malicious user from a browser to a server

Passing Certification Exams Made Easy visit - https://www.2PassEasy.com

A. DNS zone walking

Passing Certification Exams Made Easy visit - https://www.2PassEasy.com

A. Man-in-the-cloud (MITC) attack

Passing Certification Exams Made Easy visit - https://www.2PassEasy.com

A. Produces less false positives

Passing Certification Exams Made Easy visit - https://www.2PassEasy.com

access-list 110 permit tcp host 10.0.0.2 eq www any

A. The ACL 104 needs to be first because is UDP

Passing Certification Exams Made Easy visit - https://www.2PassEasy.com

A. Exclamation mark (!)

A. The nmap syntax is wrong.

A. Performing content enumeration on the web server to discover hidden folders

A. Packet Sniffers operate on the Layer 1 of the OSI model.

Passing Certification Exams Made Easy visit - https://www.2PassEasy.com

NEW QUESTION 101

NEW QUESTION 105

NEW QUESTION 109

NEW QUESTION 110

Passing Certification Exams Made Easy visit - https://www.2PassEasy.com

A. Detecting honeypots running on VMware

NEW QUESTION 112

A. Emergency Plan Response (EPR)

NEW QUESTION 115

NEW QUESTION 119

A. Identifying operating systems, services, protocols and devices

NEW QUESTION 120

NEW QUESTION 125

Passing Certification Exams Made Easy visit - https://www.2PassEasy.com

NEW QUESTION 127

NEW QUESTION 128

A. Server-side template injection

NEW QUESTION 129

NEW QUESTION 132

Passing Certification Exams Made Easy visit - https://www.2PassEasy.com

B. Wireless network assessment

NEW QUESTION 137

A. John the Ripper

NEW QUESTION 139

NEW QUESTION 141

NEW QUESTION 144

NEW QUESTION 148

Passing Certification Exams Made Easy visit - https://www.2PassEasy.com

NEW QUESTION 151

NEW QUESTION 154

NEW QUESTION 155