Why containers are less secure that virtual machines?
Host OS on containers has a larger surface attack.
Containers may full fill disk space of the host.
A compromise container may cause a CPU starvation of the host.
Containers are attached to the same virtual network.
SHOW ANSWERTo maintain compliance with regulatory requirements, a security audit of the systems on a network must be performed to determine their compliance with security policies. Which one of the following tools would most likely be used in such an audit?
Vulnerability scanner
Protocol analyzer
Port scanner
Intrusion Detection System
SHOW ANSWERYou have retrieved the raw hash values from a Windows 2000 Domain Controller. Using social engineering, you come to know that they are enforcing strong passwords. You understand that all users are required to use passwords that are at least 8 characters in length. All passwords must also use 3 of the 4 following categories: lower case letters, capital letters, numbers and special characters. With your existing knowledge of users, likely user account names and the possibility that they will choose the easiest passwords possible, what would be the fastest type of password cracking attack you can run against these hash values and still get results?
Online Attack
Dictionary Attack
Brute Force Attack
Hybrid Attack
SHOW ANSWERWhen you are collecting information to perform a data analysis, Google commands are very useful to find sensitive information and files. These files may contain information about passwords, system functions, or documentation. What command will help you to search files using Google as a search engine?
site: target.com filetype:xls username password email
inurl: target.com filename:xls username password email
domain: target.com archive:xls username password email
site: target.com file:xls username password email
SHOW ANSWERWhich Metasploit Framework tool can help penetration tester for evading Anti-virus Systems?
msfpayload
msfcli
msfencode
msfd
SHOW ANSWERSandra has been actively scanning the client network on which she is doing a vulnerability assessment test. While conducting a port scan she notices open ports in the range of 135 to 139. What protocol is most likely to be listening on those ports?
Finger
FTP
Samba
SMB
SHOW ANSWERAt a Windows Server command prompt, which command could be used to list the running services?
Sc query type= running
Sc query \\servername
Sc query
Sc config
SHOW ANSWERThe fundamental difference between symmetric and asymmetric key cryptographic systems is that symmetric key cryptography uses which of the following?
Multiple keys for non-repudiation of bulk data
Different keys on both ends of the transport medium
Bulk encryption for data transmission over fiber
The same key on each end of the transmission medium
SHOW ANSWERWhat mechanism in Windows prevents a user from accidentally executing a potentially malicious batch (.bat) or PowerShell (.ps1) script?
User Access Control (UAC)
Data Execution Prevention (DEP)
Address Space Layout Randomization (ASLR)
Windows firewall
SHOW ANSWERKnowing the nature of backup tapes, which of the following is the MOST RECOMMENDED way of storing backup tapes?
In a cool dry environment
Inside the data center for faster retrieval in a fireproof safe
In a climate controlled facility offsite
On a different floor in the same building
SHOW ANSWERWhich of the following tools would MOST LIKELY be used to perform security audit on various of forms of network systems?
Intrusion Detection System
Vulnerability scanner
Port scanner
Protocol analyzer
SHOW ANSWERA consultant has been hired by the V.P. of a large financial organization to assess the company's security posture. During the security testing, the consultant comes across child pornography on the V.P.'s computer. What is the consultant's obligation to the financial organization?
Say nothing and continue with the security testing.
Stop work immediately and contact the authorities.
Delete the pornography, say nothing, and continue security testing.
Bring the discovery to the financial organization's human resource department.
SHOW ANSWERTess King is using the nslookup command to craft queries to list all DNS information (such as Name Servers, host names, MX records, CNAME records, glue records (delegation for child Domains), zone serial number, TimeToLive (TTL) records, etc) for a Domain. What do you think Tess King is trying to accomplish? Select the best answer.
A zone harvesting
A zone transfer
A zone update
A zone estimate
SHOW ANSWERWhich of the following is a protocol specifically designed for transporting event messages?
SYSLOG
SMS
SNMP
ICMP
SHOW ANSWER