Attacker Lauren has gained the credentials of an organization's internal server system, and she was often logging in during irregular times to monitor the network activities. The organization was skeptical about the login times and appointed security professional Robert to determine the issue. Robert analyzed the compromised device to find incident details such as the type of attack, its severity, target, impact, method of propagation, and vulnerabilities exploited. What is the incident handling and response (IH&R) phase, in which Robert has determined these issues?

Incident recording and assignment

You are a cybersecurity specialist at CloudTech Inc., a company providing cloud-based services. You are managing a project for a client who wants to migrate their sensitive data to a public cloud service. To comply with regulatory requirements, the client insists on maintaining full control over the encryption keys even when the data is at rest on the cloud. Which of the following practices should you implement to meet this requirement?

Encrypt data client-side before uploading to the cloud and retain control of the encryption keys.

Use the cloud service provider's encryption services but store keys on-premises.

Rely on Secure Sockets Layer (SSL) encryption for data at rest.

Use the cloud service provider's default encryption and key management services.

In an advanced persistent threat scenario, an adversary follows a detailed set of procedures in the cyber kill chain. During one such instance, the adversary has successfully gained access to a corporate network and now attempts to obfuscate malicious traffic within legitimate network traffic. Which of the following actions would most likely be part of the adversary's current procedures?

Initiating DNS tunneling to communicate with the command-and-control server.

Employing data staging techniques to collect and aggregate sensitive data.

Establishing a command-and-control server to communicate with compromised systems.

Conducting internal reconnaissance using PowerShell scripts.

As a part of an ethical hacking exercise, an attacker is probing a target network that is suspected to employ various honeypot systems for security. The attacker needs to detect and bypass these honeypots without alerting the target. The attacker decides to utilize a suite of techniques. Which of the following techniques would NOT assist in detecting a honeypot?

Implementing a brute force attack to verify system vulnerability

Probing system services and observing the three-way handshake

Using honeypot detection tools like Send-Safe Honeypot Hunter

Analyzing the MAC address to detect instances running on VMware

A skilled ethical hacker was assigned to perform a thorough OS discovery on a potential target. They decided to adopt an advanced fingerprinting technique and sent a TCP packet to an open TCP port with specific flags enabled. Upon receiving the reply, they noticed the flags were SYN and ECN-Echo. Which test did the ethical hacker conduct and why was this specific approach adopted?

Test 1: The test was conducted because SYN and ECN-Echo flags enabled to allow the hacker to probe the nature of the response and subsequently determine the OS fingerprint

Test 3: The test was executed to observe the response of the target system when a packet with URG, PSH, SYN, and FIN flags was sent, thereby identifying the OS

Test 2: This test was chosen because a TCP packet with no flags enabled is known as a NULL packet and this would allow the hacker to assess the OS of the target

Test 6: The hacker selected this test because a TCP packet with the ACK flag enabled sent to a closed TCP port would yield more information about the OS

In an intricate web application architecture using an Oracle database, you, as a security analyst, have identified a potential SQL Injection attack surface. The database consists of 'x' tables, each with 'y' columns. Each table contains 'z' records. An attacker, well-versed in SQLi techniques, crafts 'u' SQL payloads, each attempting to extract maximum data from the database. The payloads include 'UNION SELECT' statements and 'DBMS_XSLPROCESSOR.READ2CLOB' to read sensitive files. The attacker aims to maximize the total data extracted 'E=xyz*u'. Assuming 'x=4', 'y=2', and varying 'z' and 'u', which situation is likely to result in the highest extracted data volume?

z=600, u=2: The attacker devises 2 SQL payloads, each aimed at tables holding 600 records, affecting all columns across all tables.

z=550, u=2: Here, the attacker formulates 2 SQL payloads and directs them towards tables containing 550 records, impacting all columns and tables.

z=500, u=3: The attacker creates 3 SQL payloads and targets tables with 500 records each, exploiting all columns and tables.

z=400, u=4: The attacker constructs 4 SQL payloads, each focusing on tables with 400 records, influencing all columns of all tables.

Your company has been receiving regular alerts from its IDS about potential intrusions. On further investigation, you notice that these alerts have been false positives triggered by certain goodware files. In response, you are planning to enhance the IDS with YARA rules, reducing these false positives while improving the detection of real threats. Based on the scenario and the principles of YARA and IDS, which of the following strategies would best serve your purpose?

Writing YARA rules specifically to identify the goodware files triggering false positives

Implementing YARA rules that focus solely on known malware signatures

Creating YARA rules to examine only the private database for intrusions

Incorporating YARA rules to detect patterns in all files regardless of their nature

Jake, a network security specialist, is trying to prevent network-level session hijacking attacks in his company. While studying different types of such attacks, he learns about a technique where an attacker inserts their machine into the communication between a client and a server, making it seem like the packets are flowing through the original path. This technique is primarily used to reroute the packets. Which of the following types of network-level session hijacking attacks is Jake studying?

Man-in-the-middle Attack Using Forged ICMP and ARP Spoofing

Given the complexities of an organization's network infrastructure, a threat actor has exploited an unidentified vulnerability, leading to a major data breach. As a Certified Ethical Hacker (CEH), you are tasked with enhancing the organization's security stance. To ensure a comprehensive security defense, you recommend a certain security strategy. Which of the following best represents the strategy you would likely suggest and why?

Adopt a Continual/Adaptive Security Strategy involving ongoing prediction, prevention, detection, and response actions to ensure comprehensive computer network defense.

Develop an in-depth Risk Management process, involving identification, assessment, treatment, tracking, and review of risks to control the potential effects on the organization.

Establish a Defense-in-Depth strategy, incorporating multiple layers of security measures to increase the complexity and decrease the likelihood of a successful attack.

Implement an Information Assurance (IA) policy focusing on ensuring the integrity, availability, confidentiality, and authenticity of information systems.

As a cybersecurity professional, you are responsible for securing a high-traffic web application that uses MySQL as its backend database. Recently, there has been a surge of unauthorized login attempts, and you suspect that a seasoned black-hat hacker is behind them. This hacker has shown proficiency in SQL Injection and appears to be using the 'UNION' SQL keyword to trick the login process into returning additional data. However, your application's security measures include filtering special characters in user inputs, a method usually effective against such attacks. In this challenging environment, if the hacker still intends to exploit this SQL Injection vulnerability, which strategy is he most likely to employ?

The hacker switches tactics and resorts to a 'time-based blind' SQL Injection attack, which would force the application to delay its response, thereby revealing information based on the duration of the delay.

The hacker tries to manipulate the 'UNION' keyword in such a way that it triggers a database error, potentially revealing valuable information about the database's structure.

The hacker attempts to bypass the special character filter by encoding his malicious input, which could potentially enable him to successfully inject damaging SQL queries.

The hacker alters his approach and injects a 'DROP TABLE' statement, a move that could potentially lead to the loss of vital data stored in the application's database.

You're the security manager for a tech company that uses a database to store sensitive customer data. You have implemented countermeasures against SQL injection attacks. Recently, you noticed some suspicious activities and suspect an attacker is using SQL injection techniques. The attacker is believed to use different forms of payloads in his SQL queries. In the case of a successful SQL injection attack, which of the following payloads would have the most significant impact?

' OR 'a'='a; DROP TABLE members; --: This payload combines the manipulation of the WHERE clause with a destructive action, causing data loss

UNION SELECT NULL, NULL, NULL -- : This payload manipulates the UNION SQL operator, enabling the attacker to retrieve data from different database tables

' OR username LIKE '%': This payload uses the LIKE operator to search for a specific pattern in a column

' OR '1'='1': This payload manipulates the WHERE clause of an SQL statement, allowing the attacker to view unauthorized data

A malicious user has acquired a Ticket Granting Service from the domain controller using a valid user's Ticket Granting Ticket in a Kerberoasting attack. He exfiltrated the TGS tickets from memory for offline cracking. But the attacker was stopped before he could complete his attack. The system administrator needs to investigate and remediate the potential breach. What should be the immediate step the system administrator takes?

Invalidate the TGS the attacker acquired

Perform a system reboot to clear the memory

Delete the compromised user's account

Change the NTLM password hash used to encrypt the ST

You are a cybersecurity consultant for a healthcare organization that utilizes Internet of Medical Things (IoMT) devices, such as connected insulin pumps and heart rate monitors, to provide improved patient care. Recently, the organization has been targeted by ransomware attacks. While the IT infrastructure was unaffected due to robust security measures, they are worried that the IoMT devices could be potential entry points for future attacks. What would be your main recommendation to protect these devices from such threats?

Use network segmentation to isolate IoMT devices from the main network.

Disable all wireless connectivity on IoMT devices.

Regularly change the IP addresses of all IoMT devices.

Implement multi-factor authentication for all IoMT devices.

You are a cybersecurity consultant for a global organization. The organization has adopted a Bring Your Own Device (BYOD) policy, but they have recently experienced a phishing incident where an employee's device was compromised. In the investigation, you discovered that the phishing attack occurred through a third-party email app that the employee had installed. Given the need to balance security and user autonomy under the BYOD policy, how should the organization mitigate the risk of such incidents? Moreover, consider a measure that would prevent similar attacks without overly restricting the use of personal devices.

Implement a mobile device management solution that restricts the installation of non-approved applications.

Provide employees with corporate-owned devices for work-related tasks.

Require all employee devices to use a company-provided VPN for internet access.

Conduct regular cybersecurity awareness training, focusing on phishing attacks.

XYZ company recently discovered a potential vulnerability on their network, originating from misconfigurations. It was found that some of their host servers had enabled debugging functions and unknown users were granted administrative permissions. As a Certified Ethical Hacker, what would be the most potent risk associated with this misconfiguration?

Unauthorized users may perform privilege escalation using unnecessarily created accounts

An attacker may be able to inject a malicious DLL into the current running process

Weak encryption might be allowing man-in-the-middle attacks, leading to data tampering

An attacker may carry out a Denial-of-Service assault draining the resources of the server in the process

An organization suspects a persistent threat from a cybercriminal. They hire an ethical hacker, John, to evaluate their system security. John identifies several vulnerabilities and advises the organization on preventive measures. However, the organization has limited resources and opts to fix only the most severe vulnerability. Subsequently, a data breach occurs exploiting a different vulnerability. Which of the following statements best describes this scenario?

Both the organization and John share responsibility because they did not adequately manage the vulnerabilities.

The organization is at fault because it did not fix all identified vulnerabilities.

John is at fault because he did not emphasize the necessity of patching all vulnerabilities.

The organization is not at fault because they used their resources as per their understanding.

An ethical hacker is attempting to crack NTLM hashed passwords from a Windows SAM file using a rainbow table attack. He has dumped the on-disk contents of the SAM file successfully and noticed that all LM hashes are blank. Given this scenario, which of the following would be the most likely reason for the blank LM hashes?

The Windows system is Vista or a later version, where LM hashes are disabled by default.

The SAM file has been encrypted using the SYSKEY function.

The passwords exceeded 14 characters in length and therefore, the LM hashes were set to a "dummy" value.

The Windows system is using the Kerberos authentication protocol as the default method.

A Certified Ethical Hacker (CEH) is given the task to perform an LDAP enumeration on a target system. The system is secured and accepts connections only on secure LDAP. The CEH uses Python for the enumeration process. After successfully installing LDAP and establishing a connection with the target, he attempts to fetch details like the domain name and naming context but is unable to receive the expected response. Considering the circumstances, which of the following is the most plausible reason for this situation?

The secure LDAP connection was not properly initialized due to a lack of 'use_ssl = True' in the server object creation.

The system failed to establish a connection due to an incorrect port number.

The enumeration process was blocked by the target system's intrusion detection system.

The Python version installed on the CEH's machine is incompatible with the ldap3 library.

You are a cybersecurity consultant for a major airport that offers free Wi-Fi to travelers. The management is concerned about the possibility of "Evil Twin" attacks, where a malicious actor sets up a rogue access point that mimics the legitimate one. They are looking for a solution that would not significantly impact the user experience or require travelers to install additional software. What is the most effective security measure you could recommend that fits these constraints, considering the airport's unique operational environment?

Display a captive portal page that warns users about the possibility of Evil Twin attacks

Regularly change the SSID of the airport's Wi-Fi network

Use MAC address filtering on the airport's Wi-Fi network

Implement WPA3 encryption for the airport's Wi-Fi network

As a Certified Ethical Hacker, you are conducting a footprinting and reconnaissance operation against a target organization. You discover a range of IP addresses associated with the target using the SecurityTrails tool. Now, you need to perform a reverse DNS lookup on these IP addresses to find the associated domain names, as well as determine the nameservers and mail exchange (MX) records. Which of the following DNSRecon commands would be most effective for this purpose?

dnsrecon -r 162.241.216.0/24 -d example.com -t brt

dnsrecon -r 192.168.1.0/24 -n nsl.example.com -t axfr

dnsrecon -r 10.0.0.0/24 -n nsl.example.com -t zonewalk

dnsrecon -r 162.241.216.0/24 -n nsl.example.com -t std

You are an ethical hacker tasked with conducting an enumeration of a company's network. Given a Windows system with NetBIOS enabled, port 139 open, and file and printer sharing active, you are about to run some nbtstat commands to enumerate NetBIOS names. The company uses IPv6 for its network. Which of the following actions should you take next?

Switch to an enumeration tool that supports IPv6

Use nbtstat -a followed by the IPv6 address of the target machine

Use nbtstat -c to get the contents of the NetBIOS name cache

Utilize Nmap Scripting Engine (NSE) for NetBIOS enumeration

During a red team assessment, a CEH is given a task to perform network scanning on the target network without revealing its IP address. They are also required to find an open port and the services available on the target machine. What scanning technique should they employ, and which command in Zenmap should they use?

Use UDP Raw ICMP Port Unreachable Scanning with the command "-sU"

Use SCTP INIT Scan with the command "-sY"

Use the ACK flag probe scanning technique with the command "-sA"

Use the IDLE/IPID header scan technique with the command "-sI"

A large corporation is planning to implement preventive measures to counter a broad range of social engineering techniques. The organization has implemented a signature-based IDS, intrusion detection system, to detect known attack payloads and network flow analysis to monitor data entering and leaving the network. The organization is deliberating on the next step. Considering the information provided about various social engineering techniques, what should be the organization's next course of action?

Organize regular employee awareness training regarding social engineering techniques and preventive measures

Implement endpoint detection and response solution to oversee endpoint activities

Set up a honeypot to attract potential attackers into a controlled environment for analysis

Deploy more security personnel to physically monitor key points of access

An audacious attacker is targeting a web server you oversee. He intends to perform a Slow HTTP POST attack, by manipulating 'a' HTTP connection. Each connection sends a byte of data every 'b' second, effectively holding up the connections for an extended period. Your server is designed to manage 'm' connections per second, but any connections exceeding this number tend to overwhelm the system. Given 'a=100' and variable 'm', along with the attacker's intention of maximizing the attack duration 'D=a*b', consider the following scenarios. Which is most likely to result in the longest duration of server unavailability?

m=90, b=15: The server can manage 90 connections per second, but the attacker's 100 connections exceed this, and with each connection held up for 15 seconds, the attack duration could be significant.

m=105, b=12: The server can manage 105 connections per second, more than the attacker's 100 connections, likely maintaining operation despite a moderate hold-up time.

m=110, b=20: Despite the attacker sending 100 connections, the server can handle 110 connections per second, therefore likely staying operative, regardless of the hold-up time per connection.

m=95, b=10: Here, the server can handle 95 connections per second, but it falls short against the attacker's 100 connections, albeit the hold-up time per connection is lower.

99-199

Quiz

•

Information Technology (IT)

•

Professional Development

•

Practice Problem

•

Hard

Chiến Tạ Quang

Used 1+ times

FREE Resource

Matt's computer was infected with a keylogger.

Matt's bank-account login information was brute forced.

Access all questions and much more by creating a free account

Create resources

Host any resource

Get auto-graded reports

Continue with Google

Continue with Email

Continue with Classlink

Continue with Clever

or continue with

Microsoft

Apple

Others

Already have an account?

Similar Resources on Wayground

100 questions

Simulado - CCNA 1 - ITN

Quiz

•

Professional Development

96 questions

Elementos de Fixação

Quiz

•

Professional Development

Popular Resources on Wayground

8 questions

2 Step Word Problems

Quiz

•

KG - University

20 questions

Comparing Fractions

Quiz

•

4th Grade

15 questions

Fractions on a Number Line

Quiz

•

3rd Grade

20 questions

Equivalent Fractions

Quiz

•

3rd Grade

25 questions

Multiplication Facts

Quiz

•

5th Grade

10 questions

Latin Bases claus(clois,clos, clud, clus) and ped

Quiz

•

6th - 8th Grade

$fractions$

22 questions

fractions

Quiz

•

3rd Grade

7 questions

The Story of Books

Quiz

•

6th - 8th Grade

Discover more resources for Information Technology (IT)

10 questions

How to Email your Teacher

Quiz

•

Professional Development

20 questions

Block Buster Movies

Quiz

•

10th Grade - Professi...

15 questions

State Capitals

Quiz

•

Professional Development

99-199

101 questions

Alice needs to send a confidential document to her coworker, Bryan. Their company has public key infrastructure set up. Therefore, Alice both encrypts the message and digitally signs it. Alice uses _______ to encrypt the message, and Bryan uses _______ to confirm the digital signature.

What is the file that determines the basic configuration (specifically activities, services, broadcast receivers, etc.) in an Android application?

Which of the following Bluetooth hacking techniques refers to the theft of information from a wireless device through Bluetooth?

Access all questions and much more by creating a free account

Similar Resources on Wayground

Popular Resources on Wayground

Discover more resources for Information Technology (IT)

Alice needs to send a confidential document to her coworker, Bryan. Their company has public key infrastructure set up. Therefore, Alice both encrypts the message and digitally signs it. Alice uses _ to encrypt the message, and Bryan uses _ to confirm the digital signature.