This kind of password cracking method uses word lists in combination with numbers and
special characters:
A.
Hybrid
B.
Linear
C.
Symmetric
D.
Brute Force
Hybrid
Steven connected his iPhone to a public computer that had been infected by Clark, an
attacker. After establishing the connection with the public computer, Steven enabled iTunes
WI-FI sync on the computer so that the device could continue communication with that
computer even after being physically disconnected. Now, Clark gains access to Steven’s
iPhone through the infected computer and is able to monitor and read all of Steven’s
activity on the iPhone, even after the device is out of the communication zone.
Which of the following attacks is performed by Clark in above scenario?
A.
IOS trustjacking
B.
lOS Jailbreaking
C.
Exploiting SS7 vulnerability
D.
Man-in-the-disk attack
IOS trustjacking
Explanation: An iPhone client’s most noticeably terrible bad dream is to have somebody
oversee his/her gadget, including the capacity to record and control all action without
waiting be in a similar room. In this blog entry, we present another weakness called
“Trustjacking”, which permits an aggressor to do precisely that.
This weakness misuses an iOS highlight called iTunes Wi-Fi sync, which permits a client to
deal with their iOS gadget without genuinely interfacing it to their PC. A solitary tap by the
iOS gadget proprietor when the two are associated with a similar organization permits an
assailant to oversee the gadget. Furthermore, we will stroll through past related
weaknesses and show the progressions that iPhone has made to alleviate them, and why
these are adequately not to forestall comparative assaults.
After interfacing an iOS gadget to another PC, the clients are being found out if they trust
the associated PC or not. Deciding to believe the PC permits it to speak with the iOS
gadget by means of the standard iTunes APIs.
This permits the PC to get to the photographs on the gadget, perform reinforcement,
introduce applications and considerably more, without requiring another affirmation from
the client and with no recognizable sign. Besides, this permits enacting the “iTunes Wi-Fi
sync” highlight, which makes it conceivable to proceed with this sort of correspondence
with the gadget even after it has been detached from the PC, as long as the PC and the
iOS gadget are associated with a similar organization. It is intriguing to take note of that
empowering “iTunes Wi-Fi sync” doesn’t need the casualty’s endorsement and can be
directed simply from the PC side.
Getting a live stream of the gadget’s screen should be possible effectively by consistently
requesting screen captures and showing or recording them distantly.
It is imperative to take note of that other than the underlying single purpose of
disappointment, approving the vindictive PC, there is no other component that forestalls
this proceeded with access. Likewise, there isn’t anything that informs the clients that by
approving the PC they permit admittance to their gadget even in the wake of detaching the
USB link.
Which utility will tell you in real time which ports are listening or in another state?
A.
Netstat
B.
TCPView
C.
Nmap
D.
Loki
TCPView
Alice, a professional hacker, targeted an organization's cloud services. She infiltrated the
targets MSP provider by sending spear-phishing emails and distributed custom-made
malware to compromise user accounts and gain remote access to the cloud service.
Further, she accessed the target customer profiles with her MSP account, compressed the
customer data, and stored them in the MSP. Then, she used this information to launch
further attacks on the target organization. Which of the following cloud attacks did Alice
perform in the above scenario?
A.
Cloud hopper attack
B.
Cloud cryptojacking
C.
Cloudborne attack
D.
Man-in-the-cloud (MITC) attack
Cloud hopper attack
Explanation: Operation Cloud Hopper was an in depth attack and theft of data in 2017
directed at MSP within the uk (U.K.), us (U.S.), Japan, Canada, Brazil, France, Switzerland,
Norway, Finland, Sweden, South Africa , India, Thailand, South Korea and Australia. The
group used MSP as intermediaries to accumulate assets and trade secrets from MSP client
engineering, MSP industrial manufacturing, retail, energy, pharmaceuticals,
telecommunications, and government agencies.Operation Cloud Hopper used over 70
variants of backdoors, malware and trojans. These were delivered through spear-phishing
emails. The attacks scheduled tasks or leveraged services/utilities to continue Microsoft
Windows systems albeit the pc system was rebooted. It installed malware and hacking
tools to access systems and steal data
What is the way to decide how a packet will move from an untrusted outside host to a
protected inside that is behind a firewall, which permits the hacker to determine which ports
are open and if the packets can pass through the packet-filtering of the firewall?
A.
Session hijacking
B.
Firewalking
C.
Man-in-the middle attack
D.
Network sniffing
Firewalking
While testing a web application in development, you notice that the web server does not
properly ignore the “dot dot slash” (../) character string and instead returns the file listing of
a folder structure of the server.
What kind of attack is possible in this scenario?
A.
Cross-site scripting
B.
Denial of service
C.
SQL injection
D.
Directory traversal
Directory traversal
Explanation:
Appropriately controlling admittance to web content is significant for running a safe web
worker. Index crossing or Path Traversal is a HTTP assault which permits aggressors to
get to limited catalogs and execute orders outside of the web worker’s root registry.
Web workers give two primary degrees of security instruments
Access Control Lists (ACLs)
Root index
An Access Control List is utilized in the approval cycle. It is a rundown which the web
worker’s manager uses to show which clients or gatherings can get to, change or execute
specific records on the worker, just as other access rights.
The root registry is a particular index on the worker record framework in which the clients
are kept. Clients can’t get to anything over this root.
For instance: the default root registry of IIS on Windows is C:\Inetpub\wwwroot and with
this arrangement, a client doesn’t approach C:\Windows yet approaches
C:\Inetpub\wwwroot\news and some other indexes and documents under the root catalog
(given that the client is confirmed by means of the ACLs).
The root index keeps clients from getting to any documents on the worker, for example,
C:\WINDOWS/system32/win.ini on Windows stages and the/and so on/passwd record on
Linux/UNIX stages.
This weakness can exist either in the web worker programming itself or in the web
application code.
To play out a registry crossing assault, all an assailant requires is an internet browser and
some information on where to aimlessly discover any default documents and registries on
the framework.
What an assailant can do if your site is defenselessWith a framework defenseless against
index crossing, an aggressor can utilize this weakness to venture out of the root catalog
and access different pieces of the record framework. This may enable the assailant to see
confined documents, which could give the aggressor more data needed to additional trade
off the framework.
Contingent upon how the site access is set up, the aggressor will execute orders by
mimicking himself as the client which is related with “the site”. Along these lines everything
relies upon what the site client has been offered admittance to in the framework.
Illustration of a Directory Traversal assault by means of web application codeIn web
applications with dynamic pages, input is generally gotten from programs through GET or
POST solicitation techniques. Here is an illustration of a HTTP GET demand URL
GET http://test.webarticles.com/show.asp?view=oldarchive.html HTTP/1.1
Host: test.webarticles.com
With this URL, the browser requests the dynamic page show.asp from the server and with
it also sends the parameter view with the value of oldarchive.html. When this request is
executed on the web server, show.asp retrieves the file oldarchive.html from the server’s
file system, renders it and then sends it back to the browser which displays it to the user.
The attacker would assume that show.asp can retrieve files from the file system and sends
the following custom URL.
GET http://test.webarticles.com/show.asp?view=../../../../../Windows/system.ini HTTP/1.1
Host: test.webarticles.com
This will cause the dynamic page to retrieve the file system.ini from the file system and
display it to the user. The expression ../ instructs the system to go one directory up which is
commonly used as an operating system directive. The attacker has to guess how many
directories he has to go up to find the Windows folder on the system, but this is easily done
by trial and error.
Example of a Directory Traversal attack via web serverApart from vulnerabilities in the
code, even the web server itself can be open to directory traversal attacks. The problem
can either be incorporated into the web server software or inside some sample script files
left available on the server.
The vulnerability has been fixed in the latest versions of web server software, but there are
web servers online which are still using older versions of IIS and Apache which might be
open to directory traversal attacks. Even though you might be using a web server software
version that has fixed this vulnerability, you might still have some sensitive default script
directories exposed which are well known to hackers.
For example, a URL request which makes use of the scripts directory of IIS to traverse
directories and execute a command can be
GET http://server.com/scripts/..%5c../Windows/System32/cmd.exe?/c+dir+c:\ HTTP/1.1
Host: server.com
The request would return to the user a list of all files in the C:\ directory by executing
the cmd.exe command shell file and run the command dir c:\ in the shell.
The %5c expression that is in the URL request is a web server escape code which is used
to represent normal characters. In this case %5c represents the character \.
Newer versions of modern web server software check for these escape codes and do not
let them through. Some older versions however, do not filter out these codes in the root
directory enforcer and will let the attackers execute such commands.
Due to a slowdown of normal network operations, the IT department decided to monitor internet traffic for all of the employees. From a legal standpoint, what would be troublesome to take this kind of measure?
A.
All of the employees would stop normal work activities
B.
IT department would be telling employees who the boss is
C.
Not informing the employees that they are going to be monitored could be an invasion of privacy.
D.
The network could still experience traffic slow down.
Not informing the employees that they are going to be monitored could be an invasion of privacy.
Bob received this text message on his mobile phone: “Hello, this is Scott Smelby from the
Yahoo Bank. Kindly contact me for a vital transaction on: scottsmelby@yahoo.com”. Which
statement below is true?
A.
This is a scam as everybody can get a @yahoo address, not the Yahoo customer service employees.
B.
This is a scam because Bob does not know Scott.
C.
Bob should write to scottmelby@yahoo.com to verify the identity of Scott.
D.
This is probably a legitimate message as it comes from a respectable organization.
This is a scam as everybody can get a @yahoo address, not the Yahoo customer service employees.
You are a penetration tester working to test the user awareness of the employees of the
client xyz. You harvested two employees' emails from some public sources and are
creating a client-side backdoor to send it to the employees via email. Which stage of the cyber kill chain are you at?
A.
Reconnaissance
B.
Command and control
C.
Weaponization
D.
Exploitation
Weaponization
Explanation: This stage coupling exploit with backdoor into deliverable payload
Next, attackers can re-engineer some core malware to suit their functions victimization
subtle techniques. counting on the requirements and talents of the assaulter, the malwaremight exploit antecedently unknown vulnerabilities, aka “zero-day” exploits, or some
combination of vulnerabilities, to quietly defeat a network’s defenses. By reengineering the
malware, attackers scale back the probability of detection by ancient security solutions.
This method typically involves embedding specially crafted malware into Associate in
Nursing otherwise benign or legitimate document, like a press release or contract
document, or hosting the malware on a compromised domain.
By using a smart card and pin, you are using a two-factor authentication that satisfies
A.
Something you are and something you remember
B.
Something you have and something you know
C.
Something you know and something you are
D.
Something you have and something you are
Something you have and something you know
What is the main security service a cryptographic hash provides?
A.
Integrity and ease of computation
B.
Message authentication and collision resistance
C.
Integrity and collision resistance
D.
Integrity and computational in-feasibility
Integrity and computational in-feasibility
To determine if a software program properly handles a wide range of invalid input, a form of the program.
What term is commonly used when referring to this type of testing?
A.
Randomizing
B.
Bounding
C.
Mutating
D.
Fuzzingautomated testing can be used to randomly generate invalid input in an attempt to crash
Fuzzingautomated testing can be used to randomly generate invalid input in an attempt to crash
| Page 14 out of 44 Pages | 
| Previous |