Richard, an attacker, targets an MNC In this process, he uses a footprinting technique to gather as
much information as possible. Using this technique, he gathers domain information such as the
target domain name, contact details of its owner, expiry date, and creation date. With this
information, he creates a map of the organization's network and misleads domain owners with social
engineering to obtain internal details of its network. What type of footprinting technique is
employed by Richard?
B
George, an employee of an organization, is attempting to access restricted websites from an official
computer. For this purpose, he used an anonymizer that masked his real IP address and ensured
complete and continuous anonymity for all his online activities. Which of the following anonymizers
helps George hide his activities?
A.
https://www.baidu.com
B.
https://www.guardster.com
C.
https://www.wolframalpha.com
D.
https://karmadecay.com
B
Lewis, a professional hacker, targeted the loT cameras and devices used by a target venture-capital
firm. He used an information-gathering tool to collect information about the loT devices connected
to a network, open ports and services, and the attack surface are
a. Using this tool, he also generated statistical reports on broad usage patterns and trends. This tool
helped Lewis continually monitor every reachable server and device on the Internet, further allowing
him to exploit these devices in the network. Which of the following tools was employed by Lewis in
the above scenario?
A
Explanation:
Censys scans help the scientific community accurately study the Internet. The data is sometimes
used to detect security problems and to inform operators of vulnerable systems so that they can
fixed
Your organization has signed an agreement with a web hosting provider that requires you to take full
responsibility of the maintenance of the cloud-based resources. Which of the following models
covers this?
C
Which of the following types of SQL injection attacks extends the results returned by the original
query, enabling attackers to run two or more statements if they have the same structure as the
original one?
D
What is the following command used for?
sqlmap.py-u ,,
http://10.10.1.20/?p=1&forumaction=search
" -dbs
A
Which type of attack attempts to overflow the content-addressable memory (CAM) table in an
Ethernet switch?
C
CyberTech Inc. recently experienced SQL injection attacks on its official website. The company
appointed Bob, a security professional, to build and incorporate defensive strategies against such
attacks. Bob adopted a practice whereby only a list of entities such as the data type, range, size, and
value, which have been approved for secured access, is accepted. What is the defensive technique
employed by Bob in the above scenario?
C
Alex, a cloud security engineer working in Eyecloud Inc. is tasked with isolating applications from the
underlying infrastructure and stimulating communication via well-defined channels. For this
purpose, he used an open-source technology that helped him in developing, packaging, and running
applications; further, the technology provides PaaS through OS-level visualization, delivers
containerized software packages, and promotes fast software delivery. What is the cloud technology
employed by Alex in the above scenario?
C
Upon establishing his new startup, Tom hired a cloud service provider (CSP) but was dissatisfied with
their service and wanted to move to another CSP.
What part of the contract might prevent him from doing so?
B
Jude, a pen tester working in Keiltech Ltd., performs sophisticated security testing on his company's
network infrastructure to identify security loopholes. In this process, he started to circumvent the
network protection tools and firewalls used in the company. He employed a technique that can
create forged TCP sessions by carrying out multiple SYN, ACK, and RST or FIN packets. Further, this
process allowed Jude to execute DDoS attacks that can exhaust the network resources. What is the
attack technique used by Jude for finding loopholes in the above scenario?
C
Which among the following is the best example of the hacking concept called "clearing tracks"?
D
Sam, a web developer, was instructed to incorporate a hybrid encryption software program into a
web application to secure email messages. Sam used an encryption software, which is a free
implementation of the OpenPGP standard that uses both symmetric-key cryptography and
asymmetric-key cryptography for improved speed and secure key exchange. What is the encryption
software employed by Sam for securing the email messages?
A
In an attempt to damage the reputation of a competitor organization, Hailey, a professional hacker,
gathers a list of employee and client email addresses and other related information by using various
search engines, social networking sites, and web spidering tools. In this process, she also uses an
automated tool to gather a list of words from the target website to further perform a brute-force
attack on the previously gathered email addresses.
What is the tool used by Hailey for gathering a list of words from the target website?
B
Jack, a disgruntled ex-employee of Incalsol Ltd., decided to inject fileless malware into Incalsol's
systems. To deliver the malware, he used the current employees' email IDs to send fraudulent emails
embedded with malicious links that seem to be legitimate. When a victim employee clicks on the
link, they are directed to a fraudulent website that automatically loads Flash and triggers the exploit.
What is the technique used byjack to launch the fileless malware on the target systems?
B