Techno Security Inc. recently hired John as a penetration tester. He was tasked with identifying open ports in the target network and determining whether the ports are online and any firewall rule sets are encountered. John decided to perform a TCP SYN ping scan on the target network. Which of the following Nmap commands must John use to perform the TCP SYN ping scan?

A. nmap -sn -pp < target ip address >

B. nmap -sn -PO < target IP address >

C. nmap -sn -PS < target IP address >

D. nmap -sn -PA < target IP address >

what is the port to block first in case you are suspicious that an loT device has been compromised?

A. 22

B. 443

C. 48101

D. 80

Elliot is in the process of exploiting a web application that uses SQL as a back-end database. He’s determined that the application is vulnerable to SQL injection, and has introduced conditional timing delays into injected queries to determine whether they are successful. What type of SQL injection is Elliot most likely performing?

A. Error-based SQL injection

B. Blind SQL injection

C. Union-based SQL injection

D. NoSQL injection

Alice needs to send a confidential document to her coworker. Bryan. Their company has public key infrastructure set up. Therefore. Alice both encrypts the message and digitally signs it. Alice uses_______to encrypt the message, and Bryan uses__________to confirm the digital signature.

A. Bryan’s public key; Bryan’s public key

B. Alice’s public key; Alice’s public key

C. Bryan’s private key; Alice’s public key

D. Bryan’s public key; Alice’s public key

During the process of encryption and decryption, what keys are shared?

A. Private keys

B. User passwords

C. Public keys

D. Public and private keys

Ricardo has discovered the username for an application in his targets environment. As he has a limited amount of time, he decides to attempt to use a list of common passwords he found on the Internet. He compiles them into a list and then feeds that list as an argument into his password-cracking application, what type of attack is Ricardo performing?

A. Known plaintext

B. Password spraying

C. Brute force

D. Dictionary

This kind of password cracking method uses word lists in combination with numbers and special characters:

A. Hybrid

B. Linear

C. Symmetric

D. Brute Force

Harry. a professional hacker, targets the IT infrastructure of an organization. After preparing for the attack, he attempts to enter the target network using techniques such as sending spear-phishing emails and exploiting vulnerabilities on publicly available servers. Using these techniques, he successfully deployed malware on the target system to establish an outbound connection. What is the APT lifecycle phase that Harry is currently executing?

A. Preparation

B. Cleanup

C. Persistence

D. initial intrusion

There have been concerns in your network that the wireless network component is not sufficiently secure. You perform a vulnerability scan of the wireless network and find that it is using an old encryption protocol that was designed to mimic wired encryption, what encryption protocol is being used?

A. WEP

B. RADIUS

C. WPA

D. WPA3

Which of the following steps for risk assessment methodology refers to vulnerability identification?

A. Determines if any flaws exist in systems, policies, or procedures

B. Assigns values to risk probabilities; Impact values.

C. Determines risk probability that vulnerability will be exploited (High. Medium, Low)

D. Identifies sources of harm to an IT system. (Natural, Human. Environmental)

How is the public key distributed in an orderly, controlled fashion so that the users can be sure of the sender’s identity?

A. Hash value

B. Private key

C. Digital signature

D. Digital certificate

Why containers are less secure that virtual machines?

A. Host OS on containers has a larger surface attack.

B. Containers may full fill disk space of the host.

C. A compromise container may cause a CPU starvation of the host.

D. Containers are attached to the same virtual network.