Switches maintain a CAM Table that maps individual MAC addresses on the network to physical ports on the switch.
In MAC flooding attack, a switch is fed with many Ethernet frames, each containing
different source MAC addresses, by the attacker. Switches have a limited memory for
mapping various MAC addresses to physical ports. What happens when the CAM table
becomes full?
A.
Switch then acts as hub by broadcasting packets to all machines on the network
B.
The CAM overflow table will cause the switch to crash causing Denial of Service
C.
The switch replaces outgoing frame switch factory default MAC address of
FF:FF:FF:FF:FF:FF
D.
Every packet is dropped and the switch sends out SNMP alerts to the IDS port
Switch then acts as hub by broadcasting packets to all machines on the network
You are tasked to perform a penetration test. While you are performing information
gathering, you find an employee list in Google. You find the receptionist’s email, and you
send her an email changing the source email to her boss’s email (boss@company). In this
email, you ask for a pdf with information. She reads your email and sends back a pdf with
links. You exchange the pdf links with your malicious links (these links contain malware)
and send back the modified pdf, saying that the links don’t work. She reads your email,
opens the links, and her machine gets infected. You now have access to the company
network. What testing method did you use?
A.
Social engineering
B.
Piggybacking
C.
Tailgating
D.
Eavesdropping
Social engineering
Study the following log extract and identify the attack 
A.
Hexcode Attack
B.
Cross Site Scripting
C.
Multiple Domain Traversal Attack
D.
Unicode Directory Traversal Attack
Unicode Directory Traversal Attack
One of your team members has asked you to analyze the following SOA record.
What is the TTL? Rutgers.edu.SOA NS1.Rutgers.edu ipad.college.edu (200302028 3600 3600 604800 2400.)
A.
200303028
B.
3600
C.
604800
D.
2400
E.
60
F.
4800
2400
Techno Security Inc. recently hired John as a penetration tester. He was tasked with
identifying open ports in the target network and determining whether the ports are online
and any firewall rule sets are encountered. John decided to perform a TCP SYN ping scan
on the target network. Which of the following Nmap commands must John use to perform
the TCP SVN ping scan?
A.
nmap -sn -pp < target ip address >
B.
nmap -sn -PO < target IP address >
C.
Anmap -sn -PS < target IP address >
D.
nmap -sn -PA < target IP address >
Anmap -sn -PS < target IP address >
In the context of password security, a simple dictionary attack involves loading a dictionary
file (a text file full of dictionary words) into a cracking application such as L0phtCrack or
John the Ripper, and running it against user accounts located by the application. The largerthe word and word fragment selection, the more effective the dictionary attack is. The brute
force method is the most inclusive, although slow. It usually tries every possible letter and
number combination in its automated exploration. If you would use both brute force and
dictionary methods combined together to have variation of words, what would you call such
an attack?
A.
Full Blown
B.
Thorough
C.
Hybrid
D.
BruteDics
Hybrid
Which of the following programming languages is most susceptible to buffer overflow
attacks, due to its lack of a built-in bounds checking mechanism?
Code:
#include <string.h> int main(){char buffer[8];
strcpy(buffer, ““11111111111111111111111111111””);} Output: Segmentation fault
A.
C#
B.
Python
C.
Java
D.
C++
C++
Heather’s company has decided to use a new customer relationship management tool.
After performing the appropriate research, they decided to purchase a subscription to a
cloud-hosted solution. The only administrative task that Heather will need to perform is the
management of user accounts. The provider will take care of the hardware, operating
system, and software administration including patching and monitoring. Which of the
following is this type of solution?
A.
SaaS
B.
IaaS
C.
CaaS
D.
PasS
SaaS
Software as a service (SaaS) allows users to attach to and use cloud-based apps over the
web. Common examples ar email, calendaring and workplace tool (such as Microsoft
workplace 365).
SaaS provides a whole software solution that you get on a pay-as-you-go basis from a
cloud service provider. You rent the use of an app for your organisation and your users
connect with it over the web, typically with an internet browser. All of the underlying
infrastructure, middleware, app software system and app knowledge ar located within the
service provider’s knowledge center. The service provider manages the hardware and
software system and with the appropriate service agreement, can make sure the availability
and also the security of the app and your data as well. SaaS allows your organisation to
induce quickly up and running with an app at token upfront cost.
Common SaaS scenariosThis tool having used a web-based email service like Outlook,
Hotmail or Yahoo! Mail, then you have got already used a form of SaaS. With these
services, you log into your account over the web, typically from an internet browser. the email
software system is found on the service provider’s network and your messages ar hold
on there moreover. you can access your email and hold on messages from an internet
browser on any laptop or Internet-connected device.
The previous examples are free services for personal use. For organisational use, you can
rent productivity apps, like email, collaboration and calendaring; and sophisticated business
applications like client relationship management (CRM), enterprise resource coming up
with (ERP) and document management. You buy the use of those apps by subscription or
per the level of use.
Advantages of SaaSGain access to stylish applications. to supply SaaS apps to users, you
don’t ought to purchase, install, update or maintain any hardware, middleware or software
system. SaaS makes even sophisticated enterprise applications, like ERP and CRM,
affordable for organisations that lack the resources to shop for, deploy and manage the
specified infrastructure and software system themselves.
Pay just for what you utilize. you furthermore may economize because the SaaS service
automatically scales up and down per the level of usage.
Use free shopper software system. Users will run most SaaS apps directly from their web
browser without needing to transfer and install any software system, though some apps
need plugins. this suggests that you simply don’t ought to purchase and install special
software system for your users.
Mobilise your hands simply. SaaS makes it simple to “mobilise” your hands as a result of
users will access SaaS apps and knowledge from any Internet-connected laptop or mobile
device. You don’t ought to worry concerning developing apps to run on differing types of
computers and devices as a result of the service supplier has already done therefore.
additionally, you don’t ought to bring special experience aboard to manage the safety
problems inherent in mobile computing. A fastidiously chosen service supplier can make
sure the security of your knowledge, no matter the sort of device intense it.
Access app knowledge from anyplace. With knowledge hold on within the cloud, users will
access their info from any Internet-connected laptop or mobile device. And once app
knowledge is hold on within the cloud, no knowledge is lost if a user’s laptop or device fails.
This TCP flag instructs the sending system to transmit all buffered data immediately.
A.
SYN
B.
RST
C.
PSH
D.
URG
E.
FIN
PSH
What hacking attack is challenge/response authentication used to prevent?
A.
Replay attacks
B.
Scanning attacks
C.
Session hijacking attacks
D.
Password cracking attacks
Replay attacks
Which of the following is the best countermeasure to encrypting ransomwares?
A.
Use multiple antivirus softwares
B.
Pay a ransom
C.
Keep some generation of off-line backup
D.
Analyze the ransomware to get decryption key of encrypted data
Keep some generation of off-line backup
Eve is spending her day scanning the library computers. She notices that Alice is using a
computer whose port 445 is active and listening. Eve uses the ENUM tool to enumerate
Alice machine. From the command prompt, she types the following command.
What is Eve trying to do?
A.
Eve is trying to connect as a user with Administrator privileges
B.
Eve is trying to enumerate all users with Administrative privileges
C.
Eve is trying to carry out a password crack for user Administrator
D.
Eve is trying to escalate privilege of the null user to that of Administrator
Eve is trying to carry out a password crack for user Administrator
| Page 1 out of 44 Pages |