POST-TEST DAY 3

John is a pen tester working with an information security consultant based in Paris. As part of a penetration testing assignment, he was asked to perform wireless penetration testing for a large MNC. John knows that the company provides free Wi-Fi access to its employees on the company premises. He sets up a rogue wireless access point with the same SSID as that of the company’s Wi-Fi network just outside the company premises. He sets up this rogue access point using the tools that he has and hopes that the employees might connect to it. What type of wireless confidentiality attack is John trying to do?

Which of the following Encryption technique is used in WPA?

Which of the following is not a mobile platform risk?

James, an attacker, attempted to gain illegitimate access to a user’s bank account. To achieve his goal, James tricked mobile phone sellers into providing PII of the target user and exploited the instant message service on the user’s device, which helped him reset the password and access the victim’s account.

Identify the type of attack performed by James in the above scenario.

Which of the following layers in the IoT architecture has security issues such as validation of the inputted string, AuthN, AuthZ, no automatic security updates, and default passwords?

Which of the following Nmap commands is used by an attacker to identify the IPv6 capabilities of a target IoT device?

In which of the following levels of the Purdue model can the analysis and alteration of the physical process be performed?