Which DNS resource record can indicate how long any "DNS poisoning" could last?
A.
MX
B.
SOA
C.
NS
D.
TIMEOUT
SOA
The network administrator at Spears Technology, Inc has configured the default gateway
Cisco router's access-list as below:
You are hired to conduct security testing on their network.
You successfully brute-force the SNMP community string using a SNMP crack tool.
The access-list configured at the router prevents you from establishing a successful
connection.
You want to retrieve the Cisco configuration from the router. How would you proceed?
A.
Use the Cisco's TFTP default password to connect and download the configuration file
B.
Run a network sniffer and capture the returned traffic with the configuration file from the router
C.
Run Generic Routing Encapsulation (GRE) tunneling protocol from your computer to the router masking your IP address
D.
Send a customized SNMP set request with a spoofed source IP address in the range - 192.168.1.0
Run a network sniffer and capture the returned traffic with the configuration file from the router
Send a customized SNMP set request with a spoofed source IP address in the range - 192.168.1.0
Which of the following DoS tools is used to attack target web applications by starvation of available sessions on the web server?
The tool keeps sessions at halt using never-ending POST transmissions and sending an
arbitrarily large content-length header value.
A.
My Doom
B.
Astacheldraht
C.
R-U-Dead-Yet?(RUDY)
D.
LOIC
R-U-Dead-Yet?(RUDY)
John, a professional hacker, targeted an organization that uses LDAP for accessing
distributed directory services. He used an automated tool to anonymously query the IDAP
service for sensitive information such as usernames. addresses, departmental details, and
server names to launch further attacks on the target organization.
What is the tool employed by John to gather information from the IDAP service?
A.
jxplorer
B.
Zabasearch
C.
EarthExplorer
D.
Ike-scan
jxplorer
Explanation: JXplorer could be a cross platform LDAP browser and editor. it’s a standards
compliant general purpose LDAP client which will be used to search, scan and edit any
commonplace LDAP directory, or any directory service with an LDAP or DSML interface.
It is extremely flexible and can be extended and custom in a very number of the way.
JXplorer is written in java, and also the source code and source code build system ar
obtainable via svn or as a packaged build for users who wish to experiment or any develop
the program.
JX is is available in 2 versions; the free open source version under an OSI Apache two
style licence, or within the JXWorkBench Enterprise bundle with inbuilt reporting,
administrative and security tools.
JX has been through a number of different versions since its creation in 1999; the foremost
recent stable release is version 3.3.1, the August 2013 release.
JXplorer could be a absolutely useful LDAP consumer with advanced security integration
and support for the harder and obscure elements of the LDAP protocol. it’s been tested on
Windows, Solaris, linux and OSX, packages are obtainable for HPUX, AIX, BSD and it
should run on any java supporting OS
Study the snort rule given below and interpret the rule. alert tcp any any -> 192.168.1.0/24 111 (content:"|00 01 86 a5|"; msG. "mountd access";)
A.
An alert is generated when a TCP packet is generated from any IP on the 192.168.1.0 subnet and destined to any IP on port 111
B.
An alert is generated when any packet other than a TCP packet is seen on the network and destined for the 192.168.1.0 subnet
C.
An alert is generated when a TCP packet is originated from port 111 of any IP address to the 192.168.1.0 subnet
D.
An alert is generated when a TCP packet originating from any IP address is seen on the network and destined for any IP address on the 192.168.1.0 subnet on port 111
An alert is generated when a TCP packet originating from any IP address is seen on the network and destined for any IP address on the 192.168.1.0 subnet on port 111
Which of the following statements is FALSE with respect to Intrusion Detection Systems?
A.
Intrusion Detection Systems can be configured to distinguish specific content in network packets
B.
Intrusion Detection Systems can easily distinguish a malicious payload in an encrypted traffic
C.
Intrusion Detection Systems require constant update of the signature library
D.
Intrusion Detection Systems can examine the contents of the data n context of the network protocol
Intrusion Detection Systems can easily distinguish a malicious payload in an encrypted traffic
Ethical hacker jane Smith is attempting to perform an SQL injection attach. She wants to
test the response time of a true or false response and wants to use a second command to
determine whether the database will return true or false results for user IDs. which two SQL
Injection types would give her the results she is looking for?
A.
Out of band and boolean-based
B.
Time-based and union-based
C.
union-based and error-based
D.
Time-based and boolean-based
Out of band and boolean-based
what are common files on a web server that can be misconfigured and provide useful
Information for a hacker such as verbose error messages?
A.
httpd.conf
B.
administration.config
C.
idq.dll
D.
php.ini
idq.dll
Explanation: idq.dll may be a library employed by ISAPI for indexing.idq.dll may be a
system process that’s needed for your PC to figure properly. It shouldn’t be removed.The
idq.dll is an executable file on your computer’s disk drive . This file contains machine
language . If you begin the software Microsoft Windows on your PC, the commands
contained in idq.dll are going to be executed on your PC. For this purpose, the file is loaded
into the most memory (RAM) and runs there as a Microsoft Indexing Service ISAPI
Extension process (also called a task).
Is idq.dll harmful?This process is taken into account safe. it’s unlikely to pose any harm to
your system.
Can I stop or remove idq.dll?Since idq.dll may be a system process it shouldn’t be stopped.
the method is required for your PC to figure properly. Also the corresponding software
Microsoft Windows shouldn’t be uninstalled.
Is idq.dll CPU intensive?This process is taken into account to be CPU intensive. Without
proper management, CPU intensive processes can manipulate system resources causing
speed loss. Check the Microsoft Windows settings to ascertain if you’ll close up unneeded
modules or services.
Why is idq.dll giving me errors?System process issues are mainly a results of conflicting
applications running on your PC. Consider uninstalling any applications you’re not using.
During the process of encryption and decryption, what keys are shared?
During the process of encryption and decryption, what keys are shared?
A.
Private keys
B.
User passwords
C.
Public keys
D.
Public and private keys
Public keys
Richard, an attacker, aimed to hack loT devices connected to a target network. In this
process. Richard recorded the frequency required to share information between connected
devices. After obtaining the frequency, he captured the original data when commands were
initiated by the connected devices. Once the original data were collected, he used free
tools such as URH to segregate the command sequence. Subsequently, he started
injecting the segregated command sequence on the same frequency into the loT network,
which repeats the captured signals of the devices. What Is the type of attack performed by
Richard In the above scenario?
A.
Side-channel attack
B.
Replay attack
C.
CrypTanalysis attack
D.
Reconnaissance attack
CrypTanalysis attack
Explanation: Cryptanalysis is that the science of cracking codes and secret writing
secrets. it’s accustomed violate authentication schemes, to interrupt scientific discipline
protocols, and, additional benignantly, to seek out and proper weaknesses in coding
algorithms.
It may be employed in IW applications – for instance, shaping Associate in Nursing
encrypted signal to be accepted as authentic. Competitors UN agency are ready to
discover the key can currently need to use it to their advantage, thus they’re going to need
to send phony encrypted messages to the supply so as to gain data or gain a bonus. It
might even be used to pretend to be the supply so as to send phony data to others, UN
agency currently can assume that it came from the official supply.
Ciphertext solely attacks
best-known plaintext attacks
Chosen plaintext attacks
Chosen ciphertext attacks
Man-in-the-middle attacks
aspect channel attacks
Brute force attacks
Birthday attacks
Among the kinds of attacks are:There are variety of different technical and non-technical
cryptography attacks to that systems will fall victim. cryptographical attacks may be
mounted not solely against coding algorithms, however conjointly against digital signature
algorithms, MACing algorithms and pseudo-random variety generators.
Ciphertext solely AttackA ciphertext solely attack (COA) could be a case within which solely
the encrypted message is accessible for attack, however as a result of the language is
thought a frequency analysis may be tried. during this state of affairs the aggressor doesn’t
apprehend something concerning the contents of the message, and should work from
ciphertext solely
Email is transmitted across the Internet using the Simple Mail Transport Protocol. SMTP
does not encrypt email, leaving the information in the message vulnerable to being read by
an unauthorized person. SMTP can upgrade a connection between two mail servers to use
TLS. Email transmitted by SMTP over TLS is encrypted. What is the name of the command
used by SMTP to transmit email over TLS?
A.
OPPORTUNISTICTLS
B.
UPGRADETLS
C.
FORCETLS
D.
STARTTLS
STARTTLS
You went to great lengths to install all the necessary technologies to prevent hacking
attacks, such as expensive firewalls, antivirus software, anti-spam systems and intrusion
detection/prevention tools in your company's network. You have configured the most
secure policies and tightened every device on your network. You are confident that hackers
will never be able to gain access to your network with complex security system in place.
Your peer, Peter Smith who works at the same department disagrees with you.
He says even the best network security technologies cannot prevent hackers gaining
access to the network because of presence of "weakest link" in the security chain.
What is Peter Smith talking about?
A.
A. Untrained staff or ignorant computer users who inadvertently become the weakest link inyour security chain
B.
B. "zero-day" exploits are the weakest link in the security chain since the IDS will not be able to detect these attacks
C.
"Polymorphic viruses" are the weakest link in the security chain since the Anti-Virus scanners will not be able to detect these attacks
D.
Continuous Spam e-mails cannot be blocked by your security system since spammers use different techniques to bypass the filters in your gateway
A. Untrained staff or ignorant computer users who inadvertently become the weakest link inyour security chain
| Page 20 out of 44 Pages |
| Previous |