Harry, a professional hacker, targeted the IT infrastructure of an organization. After preparing for the attack, he attempts to enter the target network using techniques such as sending spear-phishing emails and exploiting vulnerabilities on publicly available servers. Using these techniques, he successfully deployed malware on the target system to establish an outbound connection. What is the APT lifecycle phase that Harry is currently executing? Option 1 : Preparation Option 2 : Cleanup Option 3 :
By performing a penetration test, you gained access under a user account. During the test, you established a connection with your own machine via the SMB service and occasionally entered your login and password in plaintext. Which file do you have to clean to clear the password? Option 1 : .bashrc Option 2 : .bash_history Option 3 : .profile Option 4 : .XSession-log 1. .bashrc The .bashrc file may be a script file that’s executed
Bobby, an attacker, targeted a user and decided to hijack and intercept all their wireless communications . He installed a fake communication tower between two authentic endpoints to mislead the victim. The Bobby used the virtual tower to interrupt the data transmission between the user and real tower, attempting to hijack an active session. Upon receiving the user’s request. Bobby manipulated the traffic with the virtual tower and redirected the victim to a malicious website.
Nicolas just found a vulnerability on a public-facing system that is considered a zero-day vulnerability. He sent an email to the owner of the public system describing the problem and how the owner can protect themselves from that vulnerability. He also sent an email to Microsoft informing them of the problem that their systems are exposed to. What type of hacker is Nicolas? Option 1 : Gray hat Option 2 : White hat Option 3
What are common files on a web server that can be misconfigured and provide useful information for a hacker such as verbose error messages? Option 1 : idq.dll Option 2 : administration.config Option 3 : httpd.conf Option 4 : php.ini 1. idq.dll idq.dll may be a library employed by ISAPI for indexing. idq.dll may be a system process that’s needed for your PC to figure properly. It shouldn’t be removed. The idq.dll is an executable
You are a penetration tester tasked with testing the wireless network of your client Brakeme SA. You are attempting to break into the wireless network with the SSID “Brakeme-Internal.” You realize that this network uses WPA3 encryption. Which of the following vulnerabilities is the promising to exploit? Option 1 : AP misconfiguration Option 2 : Key reinstallation attack Option 3 : Dragonblood Option 4 : Cross-site request forgery 1. AP misconfiguration The Misconfigured APs are
Jane invites her friends Alice and John over for a LAN party. Alice and John access Jane’s wireless network without a password . However, Jane has a long, complex password on her router. What attack has likely occurred? Option 1 : Wireless sniffing Option 2 : Wardriving Option 3 : Piggybacking Option 4 : Evil twin 1. Wireless sniffing A wireless sniffer may be a sort of packet analyzer. A packet analyzer (also referred to
Alice, a professional hacker, targeted an organization’s cloud services. She infiltrated the target’s MSP provider by sending spear-phising emails and distributed custom-made malware to compromise user account and gain remote access to the cloud service. Further, she accessed the target customer profiles with her MSP account, compressed the customer data, and stored them in the MSP. Then, she used this information to launch further attack on the target organization. Which of the following cloud attacks
Robin, an attacker, is attempting to bypass the firewalls of an organization through the DNS tunneling method in order to exfiltrate data. He is using the NSTX tool for bypassing the firewall. On which of the following ports should Robin run the NSTX tool? Option 1 : Port 53 Option 2 : Port 80 Option 3 : Port 50 Option 4 : Port 23 1. Port 53 DNS uses Ports 53 which is almost always
Don, a student, came across a gaming app in a third-party app store and installed it. Subsequently, all the legitimate apps in his Smartphone were replaced by deceptive applications that appeared legitimate. He also received many advertisement on his Smartphone after installing the app. What is the attack performed on Don in the above scenario? Option 1 : Clickjacking Option 2 : SMS phishing attack Option 3 : Agent Smith attack Option 4 : SIM