Topic 1: Exam Pool A
Which of the following is not a Bluetooth attack?
A.
Bluedriving
B.
Bluesmacking
C.
Bluejacking
D.
Bluesnarfing
Bluedriving
Explanation: https://github.com/verovaleros/bluedriving
Bluedriving is a bluetooth wardriving utility. It can capture bluetooth devices, lookup their
services, get GPS information and present everything in a nice web page. It can search for
and show a lot of information about the device, the GPS address and the historic location
of devices on a map. The main motivation of this tool is to research about the targeted
surveillance of people by means of its cellular phone or car. With this tool you can capture
information about bluetooth devices and show, on a map, the points where you have seen
the same device in the past.
Email is transmitted across the Internet using the Simple Mail Transport Protocol. SMTP
does not encrypt email, leaving the information in the message vulnerable to being read by
an unauthorized person. SMTP can upgrade a connection between two mail servers to use
TLS. Email transmitted by SMTP over TLS is encrypted. What is the name of the command
used by SMTP to transmit email over TLS?
A.
OPPORTUNISTICTLS
B.
UPGRADETLS
C.
FORCETLS
D.
STARTTLS
STARTTLS
Let's imagine three companies (A, B and C), all competing in a challenging global
environment. Company A and B are working together in developing a product that will
generate a major competitive advantage for them. Company A has a secure DNS server
while company B has a DNS server vulnerable to spoofing. With a spoofing attack on the
DNS server of company B, company C gains access to outgoing e-mails from company B.
How do you prevent DNS spoofing?
A.
Install DNS logger and track vulnerable packets
B.
Disable DNS timeouts
C.
Install DNS Anti-spoofing
D.
Disable DNS Zone Transfer
Install DNS Anti-spoofing
An attacker has installed a RAT on a host. The attacker wants to ensure that when a user
attempts to go to "www.MyPersonalBank.com", the user is directed to a phishing site.
Which file does the attacker need to modify?
A.
Boot.ini
B.
Sudoers
C.
Networks
D.
Hosts
Hosts
What kind of detection techniques is being used in antivirus software that identifies
malware by collecting data from multiple protected systems and instead of analyzing files
locally it’s made on the provider’s environment?
A.
Behavioral based
B.
Heuristics based
C.
Honeypot based
D.
Cloud based
Cloud based
If a token and 4-digit personal identification number (PIN) are used to access a computer
system and the token performs off-line checking for the correct PIN, what type of attack is
possible?
A.
Birthday
B.
Brute force
C.
Man-in-the-middle
D.
Smurf
Brute force
Steve, a scientist who works in a governmental security agency, developed a technological
solution to identify people based on walking patterns and implemented this approach to a
physical control access.
A camera captures people walking and identifies the individuals using Steve’s approach.
After that, people must approximate their RFID badges. Both the identifications are
required to open the door. In this case, we can say:
A.
Although the approach has two phases, it actually implements just one authentication factor
B.
The solution implements the two authentication factors: physical object and physical
characteristic
C.
The solution will have a high level of false positives
D.
Biological motion cannot be used to identify people
The solution implements the two authentication factors: physical object and physical
characteristic
is a set of extensions to DNS that provide the origin authentication of DNS data to DNS
clients (resolvers) so as to reduce the threat of DNS poisoning, spoofing, and similar types
of attacks.
A.
DNSSEC
B.
Resource records
C.
Resource transfer
D.
Zone transfer
DNSSEC
Explanation:
The Domain Name System Security Extensions (DNSSEC) is a suite of Internet
Engineering Task Force (IETF) specifications for securing certain kinds of information
provided by DNS for use on IP networks. DNSSEC is a set of extensions to DNS provide to
DNS clients (resolvers) origin authentication of DNS data, authenticated denial of
existence, and data integrity, but not availability or confidentiality. DNSSEC is necessary
because the original DNS design did not include security but was designed to be a scalable
distributed system. DNSSEC adds security while maintaining backward compatibility.
You have the SOA presented below in your Zone.
Your secondary servers have not been able to contact your primary server to synchronize
information. How long will the secondary servers attempt to contact the primary server
before it considers that zone is dead and stops responding to queries?
collegae.edu.SOA, cikkye.edu ipad.college.edu. (200302028 3600 3600 604800 3600)
A.
One day
B.
One hour
C.
One week
D.
One month
One week
Your company was hired by a small healthcare provider to perform a technical assessment
on the network.
What is the best approach for discovering vulnerabilities on a Windows-based computer?
A.
Use the built-in Windows Update tool
B.
Use a scan tool like Nessus
C.
Create a disk image of a clean Windows installation
D.
Check MITRE.org for the latest list of CVE findings
Use a scan tool like Nessus
Session splicing is an IDS evasion technique in which an attacker delivers data in multiple,
small sized packets to the target computer, making it very difficult for an IDS to detect the
attack signatures. Which tool can be used to perform session splicing attacks?
A.
tcpsplice
B.
Burp
C.
Hydra
D.
Whisker
Whisker
Explanation:
«Many IDS reassemble communication streams; hence, if a packet is not received within a
reasonable period, many IDS stop reassembling and handling that stream. If the
application under attack keeps a session active for a longer time than that spent by the IDS
on reassembling it, the IDS will stop. As a result, any session after the IDS stops reassembling the sessions will be susceptible to malicious data theft by attackers. The IDS
will not log any attack attempt after a successful splicing attack. Attackers can use tools
such as Nessus for session splicing attacks.»
Did you know that the EC-Council exam shows how well you know their official book? So,
there is no "Whisker" in it. In the chapter "Evading IDS" -> "Session Splicing", the
recommended tool for performing a session-splicing attack is Nessus. Where Wisker came
from is not entirely clear, but I will assume the author of the question found it while copying
Wikipedia.
https://en.wikipedia.org/wiki/Intrusion_detection_system_evasion_techniques
One basic technique is to split the attack payload into multiple small packets so that the
IDS must reassemble the packet stream to detect the attack. A simple way of splitting
packets is by fragmenting them, but an adversary can also simply craft packets with small
payloads. The 'whisker' evasion tool calls crafting packets with small payloads 'session
splicing'.
By itself, small packets will not evade any IDS that reassembles packet streams. However,
small packets can be further modified in order to complicate reassembly and detection.
One evasion technique is to pause between sending parts of the attack, hoping that the
IDS will time out before the target computer does. A second evasion technique is to send
the packets out of order, confusing simple packet re-assemblers but not the target
computer.
NOTE: Yes, I found scraps of information about the tool that existed in 2012, but I can not
give you unverified information. According to the official tutorials, the correct answer is
Nessus, but if you know anything about Wisker, please write in the QA section. Maybe this
question will be updated soon, but I'm not sure about that.
“........is an attack type for a rogue Wi-Fi access point that appears to be a legitimate one
offered on the premises, but actually has been set up to eavesdrop on wireless
communications. It is the wireless version of the phishing scam. An attacker fools wireless
users into connecting a laptop or mobile phone to a tainted hot-spot by posing as a
legitimate provider. This type of attack may be used to steal the passwords of
unsuspecting users by either snooping the communication link or by phishing, which
involves setting up a fraudulent web site and luring people there.”
Fill in the blank with appropriate choice.
Evil Twin Attack
Explanation:
https://en.wikipedia.org/wiki/Evil_twin_(wireless_networks)
An evil twin attack is a hack attack in which a hacker sets up a fake Wi-Fi network that
looks like a legitimate access point to steal victims’ sensitive details. Most often, the victims
of such attacks are ordinary people like you and me.
The attack can be performed as a man-in-the-middle (MITM) attack. The fake Wi-Fi access
point is used to eavesdrop on users and steal their login credentials or other sensitive
information. Because the hacker owns the equipment being used, the victim will have no
idea that the hacker might be intercepting things like bank transactions.
An evil twin access point can also be used in a phishing scam. In this type of attack, victims
will connect to the evil twin and will be lured to a phishing site. It will prompt them to enter
their sensitive data, such as their login details. These, of course, will be sent straight to the
hacker. Once the hacker gets them, they might simply disconnect the victim and show that
the server is temporarily unavailable.
ADDITION: It may not seem obvious what happened. The problem is in the question
statement. The attackers were not Alice and John, who were able to connect to the network
without a password, but on the contrary, they were attacked and forced to connect to a fake
network, and not to the real network belonging to Jane.
| Page 2 out of 48 Pages |
| Previous |