Nedved is an IT Security Manager of a bank in his country. One day. he found out that
there is a security breach to his company's email server based on analysis of a suspicious
connection from the email server to an unknown IP Address.
What is the first thing that Nedved needs to do before contacting the incident response
team?

A.

Leave it as it Is and contact the incident response te3m right away

B.

Block the connection to the suspicious IP Address from the firewall

C.

Disconnect the email server from the network

D.

Migrate the connection to the backup email server

In the field of cryptanalysis, what is meant by a “rubber-hose” attack?

A.

Forcing the targeted keystream through a hardware-accelerated device such as an ASIC.

B.

A backdoor placed into a cryptographic algorithm by its creator.

C.

Extraction of cryptographic secrets through coercion or torture.

D.

Attempting to decrypt ciphertext by making logical assumptions about the contents of the original plaintext.

The network users are complaining because their system are slowing down. Further, every
time they attempt to go a website, they receive a series of pop-ups with advertisements.
What types of malware have the system been infected with?

A.

Virus

B.

Spyware

C.

Trojan

D.

Adware

Null sessions are un-authenticated connections (not using a username or password.) to an
NT or 2000 system. Which TCP and UDP ports must you filter to check null sessions on
your network?

A.

137 and 139

B.

137 and 443

C.

139 and 443

D.

139 and 445

The company ABC recently contracts a new accountant. The accountant will be working
with the financial statements. Those financial statements need to be approved by the CFO
and then they will be sent to the accountant but the CFO is worried because he wants to be
sure that the information sent to the accountant was not modified once he approved it.
Which of the following options can be useful to ensure the integrity of the data?

A.

The CFO can use a hash algorithm in the document once he approved the financial statements

B.

The CFO can use an excel file with a password

C.

The financial statements can be sent twice, one by email and the other delivered in USB and the accountant can compare both to be sure is the same document

D.

The document can be sent to the accountant using an exclusive USB for that document

Attacker Lauren has gained the credentials of an organization's internal server system, and she was often logging in during irregular times to monitor the network activities. The organization was skeptical about the login times and appointed security professional Robert to determine the issue. Robert analyzed the compromised device to find incident details such as the type of attack, its severity, target, impact, method of propagation, and
vulnerabilities exploited. What is the incident handling and response (IH&R) phase, in which Robert has determined these issues?

A.

Preparation

B.

Eradication

C.

Incident recording and assignment

D.

Incident triage

Peter is surfing the internet looking for information about DX Company. Which hacking process is Peter doing?

A.

Scanning

B.

Footprinting

C.

Enumeration

D.

System Hacking

Susan, a software developer, wants her web API to update other applications with the
latest information. For this purpose, she uses a user-defined HTTP tailback or push APIs
that are raised based on trigger events: when invoked, this feature supplies data to other
applications so that users can instantly receive real-time Information.
Which of the following techniques is employed by Susan?

A.

web shells

B.

Webhoos

C.

REST API

D.

SOAP API

When a normal TCP connection starts, a destination host receives a SYN
(synchronize/start) packet from a source host and sends back a SYN/ACK (synchronize
acknowledge). The destination host must then hear an ACK (acknowledge) of the
SYN/ACK before the connection is established. This is referred to as the "TCP three-way
handshake." While waiting for the ACK to the SYN ACK, a connection queue of finite size
on the destination host keeps track of connections waiting to be completed. This queue
typically empties quickly since the ACK is expected to arrive a few milliseconds after the
SYN ACK.
How would an attacker exploit this design by launching TCP SYN attack?

A.

Attacker generates TCP SYN packets with random destination addresses towards a victim host

B.

Attacker floods TCP SYN packets with random source addresses towards a victim host

C.

Attacker generates TCP ACK packets with random source addresses towards a victim host

D.

Attacker generates TCP RST packets with random source addresses towards a victim host

In the context of Windows Security, what is a 'null' user?

A.

A user that has no skills

B.

An account that has been suspended by the admin

C.

A pseudo account that has no username and password

D.

A pseudo account that was created for security administration purpose

Sam, a professional hacker. targeted an organization with intention of compromising AWS
IAM credentials. He attempted to lure one of the employees of the organization by initiating
fake calls while posing as a legitimate employee. Moreover, he sent phishing emails to
steal the AWS 1AM credentials and further compromise the employee's account. What is
the technique used by Sam to compromise the AWS IAM credentials?

A.

Social engineering

B.

insider threat

C.

Password reuse

D.

Reverse engineering

Attacker Rony Installed a rogue access point within an organization's perimeter and
attempted to Intrude into its internal network. Johnson, a security auditor, identified some
unusual traffic in the internal network that is aimed at cracking the authentication
mechanism. He immediately turned off the targeted network and tested for any weak and
outdated security mechanisms that are open to attack. What is the type of vulnerability
assessment performed by Johnson in the above scenario?

A.

Distributed assessment

B.

Wireless network assessment

C.

Most-based assessment

D.

Application assessment