NEW QUESTION 1
Bob, your senior colleague, has sent you a mail regarding a deal with one of the clients. You are requested to accept the offer and you oblige. After 2 days. Bob denies that he had ever sent a mail. What do you want to ""know"" to prove yourself that it was Bob who had send a mail?

• A. Authentication
• B. Confidentiality
• C. Integrity
• D. Non-Repudiation

Answer: D

NEW QUESTION 2
The network users are complaining because their system are slowing down. Further, every time they attempt to go a website, they receive a series of pop-ups with advertisements. What types of malware have the system been infected with?

• A. Virus
• B. Spyware
• C. Trojan
• D. Adware

Answer: D

Explanation:
Adware, or advertising supported computer code, is computer code that displays unwanted advertisements on your pc. Adware programs can tend to serve you pop-up ads, will modification your browser’s homepage, add spyware and simply bombard your device with advertisements. Adware may be a additional summary name for doubtless unwanted programs. It’s roughly a virulent disease and it’s going to not be as clearly malicious as a great deal of different problematic code floating around on the net. create no mistake concerning it, though, that adware has to return off of no matter machine it’s on. Not solely will adware be extremely annoying whenever you utilize your machine, it might additionally cause semipermanent problems for your device.
Adware a network users the browser to gather your internet browsing history so as to ’target’ advertisements that appear tailored to your interests. At their most innocuous, adware infections square measure simply annoying. as an example, adware barrages you with pop-up ads that may create your net expertise markedly slower and additional labor intensive.

NEW QUESTION 3
John, a professional hacker, targeted CyberSol Inc., an MNC. He decided to discover the loT devices connected in the target network that are using default credentials and are vulnerable to various hijacking attacks. For this purpose, he used an automated tool to scan the target network for specific types of loT devices and detect whether they are using the default, factory-set credentials. What is the tool employed by John in the above scenario?

• A. loTSeeker
• B. loT Inspector
• C. AT&T loT Platform
• D. Azure loT Central

Answer: A

NEW QUESTION 4
An attacker, using a rogue wireless AP, performed an MITM attack and injected an HTML code to embed a malicious applet in all HTTP connections.
When users accessed any page, the applet ran and exploited many machines. Which one of the following tools the hacker probably used to inject HTML code?

• A. Wireshark
• B. Ettercap
• C. Aircrack-ng
• D. Tcpdump

Answer: B

NEW QUESTION 5
Which among the following is the best example of the third step (delivery) in the cyber kill chain?

• A. An intruder sends a malicious attachment via email to a target.
• B. An intruder creates malware to be used as a malicious attachment to an email.
• C. An intruder's malware is triggered when a target opens a malicious email attachment.
• D. An intruder's malware is installed on a target's machine.

Answer: A

NEW QUESTION 6
Due to a slowdown of normal network operations, the IT department decided to monitor internet traffic for all of the employees. From a legal standpoint, what would be troublesome to take this kind of measure?

• A. All of the employees would stop normal work activities
• B. IT department would be telling employees who the boss is
• C. Not informing the employees that they are going to be monitored could be an invasion of privacy.
• D. The network could still experience traffic slow down.

Answer: C

NEW QUESTION 7
BitLocker encryption has been implemented for all the Windows-based computers in an organization. You are concerned that someone might lose their cryptographic key. Therefore, a mechanism was implemented to recover the keys from Active Directory. What is this mechanism called in cryptography?

• A. Key archival
• B. Key escrow.
• C. Certificate rollover
• D. Key renewal

Answer: B

NEW QUESTION 8
The collection of potentially actionable, overt, and publicly available information is known as

• A. Open-source intelligence
• B. Real intelligence
• C. Social intelligence
• D. Human intelligence

Answer: A

NEW QUESTION 9
Windows LAN Manager (LM) hashes are known to be weak.
Which of the following are known weaknesses of LM? (Choose three.)

• A. Converts passwords to uppercase.
• B. Hashes are sent in clear text over the network.
• C. Makes use of only 32-bit encryption.
• D. Effective length is 7 characters.

Answer: ABD

NEW QUESTION 10
Ethical hacker jane Smith is attempting to perform an SQL injection attach. She wants to test the response time of a true or false response and wants to use a second command to determine whether the database will return true or false results for user IDs. which two SQL Injection types would give her the results she is looking for?

• A. Out of band and boolean-based
• B. Time-based and union-based
• C. union-based and error-based
• D. Time-based and boolean-based

Answer: D

Explanation:
“Boolean based” we mean that it is based on Boolean values, that is, true or false / true and false. AND
Time-based SQL Injection is an inferential SQL Injection technique that relies on sending an SQL query to the database which forces the database to wait for a specified amount of time (in seconds) before responding. The response time will indicate to the attacker whether the result of the query is TRUE or FALSE.
Boolean-based (content-based) Blind SQLi
Boolean-based SQL Injection is an inferential SQL Injection technique that relies on sending an SQL query to the database which forces the application to return a different result depending on whether the query returns a TRUE or FALSE result.
Depending on the result, the content within the HTTP response will change, or remain the same. This allows an attacker to infer if the payload used returned true or false, even though no data from the database is returned. This attack is typically slow (especially on large databases) since an attacker would need to enumerate a database, character by character.
Time-based Blind SQLi
Time-based SQL Injection is an inferential SQL Injection technique that relies on sending an SQL query to the database which forces the database to wait for a specified amount of time (in seconds) before responding. The response time will indicate to the attacker whether the result of the query is TRUE or FALSE.
Depending on the result, an HTTP response will be returned with a delay, or returned immediately. This allows an attacker to infer if the payload used returned true or false, even though no data from the database is returned. This attack is typically slow (especially on large databases) since an attacker would need to enumerate a database character by character.
https://www.acunetix.com/websitesecurity/sql-injection2/

NEW QUESTION 11
While performing online banking using a Web browser, a user receives an email that contains a link to an interesting Web site. When the user clicks on the link, another Web browser session starts and displays a video of cats playing a piano. The next business day, the user receives what looks like an email from his bank, indicating that his bank account has been accessed from a foreign country. The email asks the user to call his bank and verify the authorization of a funds transfer that took place. What Web browser-based security vulnerability was exploited to compromise the user?

• A. Clickjacking
• B. Cross-Site Scripting
• C. Cross-Site Request Forgery
• D. Web form input validation

Answer: C

Explanation:
Cross Site Request Forgery (XSRF) was committed against the poor individual. Fortunately the user's bank checked with the user prior to sending the funds.
If it would be Cross Site Request Forgery than transaction shouldn't be shown from foreign country. Because CSRF sends request from current user session. It seems XSS attack where attacker stolen the cookie and made a transaction using that cookie from foreign country.

NEW QUESTION 12
Your company performs penetration tests and security assessments for small and medium-sized business in the local area. During a routine security assessment, you discover information that suggests your client is involved with human trafficking.
What should you do?

• A. Confront the client in a respectful manner and ask her about the data.
• B. Copy the data to removable media and keep it in case you need it.
• C. Ignore the data and continue the assessment until completed as agreed.
• D. Immediately stop work and contact the proper legal authorities.

Answer: D

NEW QUESTION 13
You are logged in as a local admin on a Windows 7 system and you need to launch the Computer Management Console from command line.
Which command would you use?

• A. c:\compmgmt.msc
• B. c:\services.msc
• C. c:\ncpa.cp
• D. c:\gpedit

Answer: A

Explanation:
To start the Computer Management Console from command line just type compmgmt.msc
/computer:computername in your run box or at the command line and it should automatically open the Computer Management console.
References:
http://www.waynezim.com/tag/compmgmtmsc/

NEW QUESTION 14
The security team of Debry Inc. decided to upgrade Wi-Fi security to thwart attacks such as dictionary attacks and key recovery attacks. For this purpose, the security team started implementing cutting-edge technology that uses a modern key establishment protocol called the simultaneous authentication of equals (SAE), also known as dragonfly key exchange, which replaces the PSK concept. What is the Wi-Fi encryption technology implemented by Debry Inc.?

• A. WEP
• B. WPA
• C. WPA2
• D. WPA3

Answer: C

NEW QUESTION 15
Stephen, an attacker, targeted the industrial control systems of an organization. He generated a fraudulent email with a malicious attachment and sent it to employees of the target organization. An employee who manages the sales software of the operational plant opened the fraudulent email and clicked on the malicious attachment. This resulted in the malicious attachment being downloaded and malware being injected into the sales software maintained in the victim's system. Further, the malware propagated itself to other networked systems, finally damaging the industrial automation components. What is the attack technique used by Stephen to damage the industrial systems?

• A. Spear-phishing attack
• B. SMishing attack
• C. Reconnaissance attack
• D. HMI-based attack

Answer: A

NEW QUESTION 16
......