In this attack, an adversary tricks a victim into reinstalling an already-in-use key. This is achieved by manipulating and replying cryptographic handshake message. When the victim reinstall the key, associated parameters such as the incremental transmit packet number and receive packet number are reset to their initial values. What is this attack called? Option 1 : Evil Twin Option 2 : KRACK Option 3 : Wardriving Option 4 : Chop chop attack 1. Evil Twin
Attacker Rony installed a rogue access point within the organization’s perimeter and attempted to intrude into its internal network. Johnson, a security auditor, identified some unusual traffic in the internal network that is aimed at cracking the authentication mechanism. He immediately turned off the targeted network and tested for any weak and outdated security mechanism that are open to attack. What is type of vulnerability assessment performed by johnson in the above scenario? Option 1
A DDOS attack is performed at layer 7 to take down web infrastructure. Partial HTTP requests are sent to the web infrastructure or applications. Upon receiving a partial request, the target servers opens multiple connections and keeps waiting for the requests to complete. Which attack is being described here? Option 1 : Slowloris attack Option 2 : Session splicing Option 3 : Phlashing Option 4 : Desynchronization 1. Slowloris attack Developed by Robert “RSnake” Hansen,
John, a professional hacker, decided to use DNS to perform data exfilteration on a target network. In this process, he embedded malicious data into the DNS protocol packets that even DNSSEC cannot detect. Using this technique, John successfully injected malware to bypass a firewall and maintained communication with the victim machine and C&C server. What is the technique employed by John to bypass the firewall? Option 1 : DNS tunneling method Option 2 : DNS
John is investing web-application firewall logs and observers that someone is attempting to inject the following : char buff[10]; buff[10] = ‘a’; What type of attack is this ? Option 1 : Buffer overflow Option 2 : CSRF Option 3 : SQL injection Option 4 : XSS 1. Buffer overflow Buffer overflow this attack is an anomaly that happens when software writing data to a buffer overflows the buffer’s capacity, leading to adjacent memory locations
Richard, an attacker, targets an MNC. In this process, he uses a footprinting technique to gather as much information as possible. Using this technique, he gathers domain information such as the target domain name, contact details of its owner, expiry date, and creation date. With this information, he creates a map of the organization’s network and misleads domain owners with social engineering to obtain internal details of its network. What type of footprinting techniques is
Jane, an ethical hacker, is testing a target organization’s web server and website to identify security loopholes. In this process, she copied the entire website and its content on a local drive to view the profile of the site’s directory structure, file structure, external links, images, web pages, and so on. This information helps Jane map the website’s directories and gain valuable information. What is the attack technique employed by Jane in the above scenario?
Infecting a system with malware and using phishing to gain credentials to a system or web application are examples of which phase of the ethical hacking methodology? Option 1 : Scanning Option 2 : Gaining access Option 3 : Maintaining access Option 4 : Reconnaissance 1. Scanning The Scanning phase is another essential step, which is important , and it refers to the package of techniques and procedures wont to identify hosts, ports, and various
Scenario : Joe turns on his computer to access personal online banking When he enters the URL www.bank.com, the website is displayed, but it prompts him to re-enter his credentials as if he has never visited the site before. when he examines the website URL closer, he finds that the site is not secure and the web address appears different. What type of attack he is experiencing? Option 1 : Dos attack Option 2 :
This wireless security protocol allows 192-bit minimum-strength security protocols and cryptographic tools to protect sensitive data, such as GCMP-256, HMAC-SHA284, and ECDSA using a 384-bit elliptic curve. Which is the wireless security protocol? Option 1 : WPA3-Personal Option 2 : WPA3-Enterprise Option 3 : WPA2-Enterprise Option 4 : WPA2-Personal 1. WPA3-Personal WPA3-Personal brings better protections to individual users by providing more robust password-based authentication, even when users choose passwords that come short of typical complexity
