malware

whitelisting

Security administrator John Smith has noticed abnormal amounts of traffic coming from local computers at night. Upon reviewing, he finds that user data have been exfiltered by an attacker. AV tools are unable to find any malicious software, and the IDS/IPS has not reported on any non-whitelisted programs. What type of malware did the attacker use to bypass the company ‘s application whitelisting?

Leave a Comment / CEHv11 / By

Security administrator John Smith has noticed abnormal amounts of traffic coming from local computers at night. Upon reviewing, he finds that user data have been exfiltered by an attacker. AV tools are unable to find any malicious software, and the IDS/IPS has not reported on any non – whitelisting programs. What type of malware did the attacker use to bypass the company ‘s application whitelisting? Option 1 : Phishing malware Option 2 : File-less malware …

Security administrator John Smith has noticed abnormal amounts of traffic coming from local computers at night. Upon reviewing, he finds that user data have been exfiltered by an attacker. AV tools are unable to find any malicious software, and the IDS/IPS has not reported on any non-whitelisted programs. What type of malware did the attacker use to bypass the company ‘s application whitelisting? Read More »

domains

Clark is a professional hacker. He created and configured multiple domains pointing to the same host to switch quickly between the domains and avoid detection. Identify the behavior of the adversary in the above scenario.

Leave a Comment / CEHv11 / By

Clark is a professional hacker. He created and configured multiple domains pointing to the same host to switch quickly between the domains and avoid detection. Identify the behavior of the adversary in the above scenario. Option 1 : Use of DNS tunneling Option 2 : Unspecified proxy activities Option 3 : Use of command-line interface Option 4 : Data staging 1. Use of DNS tunneling DNS tunneling enables these cyber criminals to insert malware or …

Clark is a professional hacker. He created and configured multiple domains pointing to the same host to switch quickly between the domains and avoid detection. Identify the behavior of the adversary in the above scenario. Read More »

Wilson, a professional hacker, targets an organization for financial benefits and plans to compromise its systems by sending malicious emails. For this purpose, he uses a tool to track the emails of the target and extracts information such as sender identities, mail servers, sender IP addresses, and sender locations from different public sources. He also checks if an email address was leaked using the haveibeenpwned.com API. Which of the following tools is used by Wilson in the above scenario?

Leave a Comment / CEHv11 / By

Wilson, a professional hacker, targets an organization for financial benefits and plans to compromise its systems by sending malicious email. For this purpose, he uses a tool to track the email of the target and extracts information such as sender identities, email servers, sender IP addresses, and sender locations from different public sources. He also checks if an email address was leaked using the haveibeenpwned.com API. Which of the following tools is used by Wilson …

Wilson, a professional hacker, targets an organization for financial benefits and plans to compromise its systems by sending malicious emails. For this purpose, he uses a tool to track the emails of the target and extracts information such as sender identities, mail servers, sender IP addresses, and sender locations from different public sources. He also checks if an email address was leaked using the haveibeenpwned.com API. Which of the following tools is used by Wilson in the above scenario? Read More »

APT

Harry, a professional hacker, targeted the IT infrastructure of an organization. After preparing for the attack, he attempts to enter the target network using techniques such as sending spear-phishing emails and exploiting vulnerabilities on publicly available servers. Using these techniques, he successfully deployed malware on the target system to establish an outbound connection. What is the APT lifecycle phase that Harry is currently executing?

Leave a Comment / CEHv11 / By

Harry, a professional hacker, targeted the IT infrastructure of an organization. After preparing for the attack, he attempts to enter the target network using techniques such as sending spear-phishing emails and exploiting vulnerabilities on publicly available servers. Using these techniques, he successfully deployed malware on the target system to establish an outbound connection. What is the APT lifecycle phase that Harry is currently executing? Option 1 : Preparation Option 2 : Cleanup Option 3 : …

Harry, a professional hacker, targeted the IT infrastructure of an organization. After preparing for the attack, he attempts to enter the target network using techniques such as sending spear-phishing emails and exploiting vulnerabilities on publicly available servers. Using these techniques, he successfully deployed malware on the target system to establish an outbound connection. What is the APT lifecycle phase that Harry is currently executing? Read More »

public-facing system

Nicolas just found a vulnerability on a public-facing system that is considered a zero-day vulnerability. He sent an email to the owner of the public system describing the problem and how the owner can protect themselves from that vulnerability. He also sent an email to Microsoft informing them of the problem that their systems are exposed to. What type of hacker is Nicolas?

Leave a Comment / CEHv11 / By

Nicolas just found a vulnerability on a public-facing system that is considered a zero-day vulnerability. He sent an email to the owner of the public system describing the problem and how the owner can protect themselves from that vulnerability. He also sent an email to Microsoft informing them of the problem that their systems are exposed to. What type of hacker is Nicolas? Option 1 : Gray hat Option 2 : White hat Option 3 …

Nicolas just found a vulnerability on a public-facing system that is considered a zero-day vulnerability. He sent an email to the owner of the public system describing the problem and how the owner can protect themselves from that vulnerability. He also sent an email to Microsoft informing them of the problem that their systems are exposed to. What type of hacker is Nicolas? Read More »

MSP

Alice, a professional hacker, targeted an organization’s cloud services. She infiltrated the target’s MSP provider by sending spear-phising emails and distributed custom-made malware to compromise user account and gain remote access to the cloud service. Further, she accessed the target customer profiles with her MSP accounr, compressed the customer data, and stored them in the MSP. Then, she used this information to launch further attack on the target organization. Which of the following cloud attacks did Alice perform in the above scenario?

Leave a Comment / CEHv11 / By

Alice, a professional hacker, targeted an organization’s cloud services. She infiltrated the target’s MSP provider by sending spear-phising emails and distributed custom-made malware to compromise user account and gain remote access to the cloud service. Further, she accessed the target customer profiles with her MSP account, compressed the customer data, and stored them in the MSP. Then, she used this information to launch further attack on the target organization. Which of the following cloud attacks …

Alice, a professional hacker, targeted an organization’s cloud services. She infiltrated the target’s MSP provider by sending spear-phising emails and distributed custom-made malware to compromise user account and gain remote access to the cloud service. Further, she accessed the target customer profiles with her MSP accounr, compressed the customer data, and stored them in the MSP. Then, she used this information to launch further attack on the target organization. Which of the following cloud attacks did Alice perform in the above scenario? Read More »

installed

Don, a student, came across a gaming app in a third-party app store and installed it. Subsequently, all the legitimate apps in his Smartphone were replaced by deceptive applications that appeared legitimate. He also received many advertisement on his Smartphone after installing the app. What is the attack performed on Don in the above scenario?

Leave a Comment / CEHv11 / By

Don, a student, came across a gaming app in a third-party app store and installed it. Subsequently, all the legitimate apps in his Smartphone were replaced by deceptive applications that appeared legitimate. He also received many advertisement on his Smartphone after installing the app. What is the attack performed on Don in the above scenario? Option 1 : Clickjacking Option 2 : SMS phishing attack Option 3 : Agent Smith attack Option 4 : SIM …

Don, a student, came across a gaming app in a third-party app store and installed it. Subsequently, all the legitimate apps in his Smartphone were replaced by deceptive applications that appeared legitimate. He also received many advertisement on his Smartphone after installing the app. What is the attack performed on Don in the above scenario? Read More »

phase

Infecting a system with malware and using phishing to gain credentials to a system or web application are examples of which phase of the ethical hacking methodology?

Leave a Comment / CEHv11 / By

Infecting a system with malware and using phishing to gain credentials to a system or web application are examples of which phase of the ethical hacking methodology? Option 1 : Scanning Option 2 : Gaining access Option 3 : Maintaining access Option 4 : Reconnaissance 1. Scanning The Scanning phase is another essential step, which is important , and it refers to the package of techniques and procedures wont to identify hosts, ports, and various …

Infecting a system with malware and using phishing to gain credentials to a system or web application are examples of which phase of the ethical hacking methodology? Read More »

hackers

Which of the following information security controls creates an appealing isolated environment for hackers to prevent them from compromising critical targets while simultaneously gathering information about the hacker?

3 Comments / CEHv11 / By

Which of the following information security controls creates an appealing isolated environment for hackers to prevent them from compromising critical targets while simultaneously gathering information about the hacker? Option 1 : Honeypot Option 2 : Botnet Option 3 : Intrusion detection system Option 4 : Firewall 1. Honeypot A honeypot may be a trap that an IT pro lays for a malicious hacker, hoping that they will interact with it during a way that gives …

Which of the following information security controls creates an appealing isolated environment for hackers to prevent them from compromising critical targets while simultaneously gathering information about the hacker? Read More »

Attacker

Attacker Steve targeted an organization’s with the aim of redirecting the company’s web traffic to another malicious website. To achieve this goal, Steve performed DNS cache poisoning by exploiting vulnerabilities in the DNS server software and modified the original IP address of the target website to that of a fake website. What is the technique employed by Steve to gather information for identity theft?

Leave a Comment / CEHv11 / By

Attacker Steve targeted an organization’s with the aim of redirecting the company’s web traffic to another malicious website. To achieve this goal, Steve performed DNS cache poisoning by exploiting vulnerabilities in the DNS server software and modified the original IP address of the target website to that of a fake website. What is the technique employed by Steve to gather information for identity theft? Option 1 : Pretexting Option 2 : Wardriving Option 3 : …

Attacker Steve targeted an organization’s with the aim of redirecting the company’s web traffic to another malicious website. To achieve this goal, Steve performed DNS cache poisoning by exploiting vulnerabilities in the DNS server software and modified the original IP address of the target website to that of a fake website. What is the technique employed by Steve to gather information for identity theft? Read More »