A hacker is an intelligent individual with excellent computer skills and the ability to explore a
computer’s software and hardware without the owner’s permission. Their intention can
either be to simply gain knowledge or to illegally make changes.
Which of the following class of hacker refers to an individual who works both offensively
and defensively at various times?
A.
White Hat
B.
Suicide Hacker
C.
Gray Hat
D.
Black Hat
Gray Hat
These hackers have limited or no training and know how to use only basic techniques or
tools.
What kind of hackers are we talking about?
A.
Black-Hat Hackers A
B.
Script Kiddies
C.
White-Hat Hackers
D.
Gray-Hat Hacker
White-Hat Hackers
Which of the following steps for risk assessment methodology refers to vulnerability identification?
A.
Determines if any flaws exist in systems, policies, or procedures
B.
Assigns values to risk probabilities; Impact values.
C.
Determines risk probability that vulnerability will be exploited (High. Medium, Low)
D.
Identifies sources of harm to an IT system. (Natural, Human. Environmental)
Determines risk probability that vulnerability will be exploited (High. Medium, Low)
Boney, a professional hacker, targets an organization for financial benefits. He performs an
attack by sending his session ID using an MITM attack technique. Boney first obtains a
valid session ID by logging into a service and later feeds the same session 10 to the target
employee. The session ID links the target employee to Boneys account page without
disclosing any information to the victim. When the target employee clicks on the link, all the
sensitive payment details entered in a form are linked to Boneys account. What is the
attack performed by Boney in the above scenario?
A.
Session donation attack
B.
Session fixation attack
C.
Forbidden attack
D.
CRIME attack
Session donation attack
What is the purpose of a demilitarized zone on a network?
A.
To scan all traffic coming through the DMZ to the internal network
B.
To only provide direct access to the nodes within the DMZ and protect the network behind it
C.
To provide a place to put the honeypot
D.
To contain the network devices you wish to protect
To only provide direct access to the nodes within the DMZ and protect the network behind it
Based on the following extract from the log of a compromised machine, what is the hacker really trying to steal?
A.
har.txt
B.
SAM file
C.
wwwroot
D.
Repair file
SAM file
Which of the following is the BEST way to defend against network sniffing?
A.
Using encryption protocols to secure network communications
B.
Register all machines MAC Address in a Centralized Database
C.
Use Static IP Address
D.
Restrict Physical Access to Server Rooms hosting Critical Servers
Using encryption protocols to secure network communications
During an Xmas scan what indicates a port is closed?
A.
No return response
B.
RST
C.
ACK
D.
SYN
RST
A regional bank hires your company to perform a security assessment on their network
after a recent data breach. The attacker was able to steal financial data from the bank by
compromising only a single server. Based on this information, what should be one of your
key recommendations to the bank?
A.
Place a front-end web server in a demilitarized zone that only handles external web traffic
B.
Require all employees to change their anti-virus program with a new one
C.
Move the financial data to another server on the same IP subnet
D.
Issue new certificates to the web servers from the root certificate authority
Place a front-end web server in a demilitarized zone that only handles external web traffic
An attacker has installed a RAT on a host. The attacker wants to ensure that when a user attempts to go to "www.MyPersonalBank.com", the user is directed to a phishing site. Which file does the attacker need to modify?
A.
Boot.ini
B.
Sudoers
C.
Networks
D.
Hosts
Hosts
Which mode of IPSec should you use to assure security and confidentiality of data within the same LAN?
A.
ESP transport mode
B.
ESP confidential
C.
AH permiscuous
D.
AH Tunnel mode
ESP transport mode
Steve, an attacker, created a fake profile on a social media website and sent a request to
Stella. Stella was enthralled by Steve's profile picture and the description given for his
profile, and she initiated a conversation with him soon after accepting the request. After a
few days. Sieve started asking about her company details and eventually gathered all the
essential information regarding her company. What is the social engineering technique
Steve employed in the above scenario?
A.
Diversion theft
B.
Baiting
C.
Honey trap
D.
Piggybacking
Piggybacking
| Page 9 out of 44 Pages |
| Previous |