Which of the following is the least-likely physical characteristic to be used in biometric control that supports a large company?
Height and Weight
Voice
Fingerprints
Iris patterns
SHOW ANSWERWhich component of IPsec performs protocol-level functions that are required to encrypt and decrypt the packets?
Internet Key Exchange (IKE)
Oakley
IPsec Policy Agent
IPsec driver
SHOW ANSWERYour company was hired by a small healthcare provider to perform a technical assessment on the network. What is the best approach for discovering vulnerabilities on a Windows-based computer?
Use a scan tool like Nessus
Use the built-in Windows Update tool
Check MITRE.org for the latest list of CVE findings
Create a disk image of a clean Windows installation
SHOW ANSWERWhich mode of IPSec should you use to assure security and confidentiality of data within the same LAN?
ESP transport mode
AH permiscuous
ESP confidential
AH Tunnel mode
SHOW ANSWERWhich of the following tools performs comprehensive tests against web servers, including dangerous files and CGIs?
Nikto
Snort
John the Ripper
Dsniff
SHOW ANSWERIn the context of password security, a simple dictionary attack involves loading a dictionary file (a text file full of dictionary words) into a cracking application such as L0phtCrack or John the Ripper, and running it against user accounts located by the application. The larger the word and word fragment selection, the more effective the dictionary attack is. The brute force method is the most inclusive, although slow. It usually tries every possible letter and number combination in its automated exploration. If you would use both brute force and dictionary methods combined together to have variation of words, what would you call such an attack?
Full Blown
Thorough
Hybrid
BruteDics
SHOW ANSWERA company is using Windows Server 2003 for its Active Directory (AD). What is the most efficient way to crack the passwords for the AD users?
Perform a dictionary attack.
Perform a brute force attack.
Perform an attack with a rainbow table.
Perform a hybrid attack.
SHOW ANSWERInitiating an attack against targeted businesses and organizations, threat actors compromise a carefully selected website by inserting an exploit resulting in malware infection. The attackers run exploits on well-known and trusted sites likely to be visited by their targeted victims. Aside from carefully choosing sites to compromise, these attacks are known to incorporate zero-day exploits that target unpatched vulnerabilities. Thus, the targeted entities are left with little or no defense against these exploits. What type of attack is outlined in the scenario?
Watering Hole Attack
Heartbleed Attack
Shellshock Attack
Spear Phising Attack
SHOW ANSWERNedved is an IT Security Manager of a bank in his country. One day. he found out that there is a security breach to his company's email server based on analysis of a suspicious connection from the email server to an unknown IP Address. What is the first thing that Nedved needs to do before contacting the incident response team?
Leave it as it Is and contact the incident response te3m right away
Block the connection to the suspicious IP Address from the firewall
Disconnect the email server from the network
Migrate the connection to the backup email server
SHOW ANSWERWhat tool can crack Windows SMB passwords simply by listening to network traffic?
This is not possible
Netbus
NTFSDOS
L0phtcrack
SHOW ANSWERWhat is the difference between the AES and RSA algorithms?
Both are asymmetric algorithms, but RSA uses 1024-bit keys.
RSA is asymmetric, which is used to create a public/private key pair; AES is symmetric, which is used to encrypt data.
Both are symmetric algorithms, but AES uses 256-bit keys.
AES is asymmetric, which is used to create a public/private key pair; RSA is symmetric, which is used to encrypt data.
SHOW ANSWERWhat port number is used by LDAP protocol?
110
389
464
445
SHOW ANSWERWhich of the following types of jailbreaking allows user-level access but does not allow iboot-level access?
Bootrom Exploit
iBoot Exploit
Sandbox Exploit
Userland Exploit
SHOW ANSWERJack was attempting to fingerprint all machines in the network using the following Nmap syntax: invictus@victim_server:~$ nmap -T4 -0 10.10.0.0/24 TCP/IP fingerprinting (for OS scan) xxxxxxx xxxxxx xxxxxxxxx. QUITTING! Obviously, it is not going through. What is the issue here?
OS Scan requires root privileges
The nmap syntax is wrong.
The outgoing TCP/IP fingerprinting is blocked by the host firewall
This is a common behavior for a corrupted nmap application
SHOW ANSWER