protocol

web service

Gillbert, a web developer, uses a centralized web API to reduce complexity and increase the integrity of updating and changing data. For this purpose, he uses a web service that uses HTTP methods such as PUT, POST, GET, and DELETE and can improve the overall performance, visibility, scalability, reliability, and portability of an application. What is the type of web-service API mentioned in the above scenario?

Gillbert, a web developer, uses a centralized web API to reduce complexity and increase the integrity of updating and changing data. For this purpose, he uses a web service that uses HTTP methods such as PUT, POST, GET, and DELETE and can improve the overall performance, visibility, scalability, reliability, and portability of an application. What is the type of web-service API mentioned in the above scenario? Option 1 : SOAP API Option 2 : RESET …

Gillbert, a web developer, uses a centralized web API to reduce complexity and increase the integrity of updating and changing data. For this purpose, he uses a web service that uses HTTP methods such as PUT, POST, GET, and DELETE and can improve the overall performance, visibility, scalability, reliability, and portability of an application. What is the type of web-service API mentioned in the above scenario? Read More »

web-server

In order to tailor your during a web-application scan, you decide to determine which web-server version is hosting the application. On using the sV flag with Nmap, you obtain the following response: 80/tcp open http-proxy Apache Server 7.1.6 What information-gathering technique does this best describe?

In order to tailor your during a web-application scan, you decide to determine which web-server version is hosting the application. On using the sV flag with Nmap, you obtain the following response: 80/tcp open http-proxy Apache Server 7.1.6 What information-gathering technique does this best describe? Option 1 : Banner grabbing Option 2 : Brute forcing Option 3 : WHOIS lookup Option 4 : Dictionary attack 1. Banner grabbing Banner grabbing is a technique wont to …

In order to tailor your during a web-application scan, you decide to determine which web-server version is hosting the application. On using the sV flag with Nmap, you obtain the following response: 80/tcp open http-proxy Apache Server 7.1.6 What information-gathering technique does this best describe? Read More »

SQL

Ethical hacker Jane Smith is attempting to perform an SQL injection attack. She wants to test the response time of a true or false response and wants to use a second command to determine whether the database will return true or false results for user IDs. Which two SQL injection types would give her the results she is looking for?

Ethical hacker Jane Smith is attempting to perform an SQL injection attack. She wants to  test the response time of a true or false response and wants to use a second command to determine whether the database will return true or false results for user IDs. Which two SQL injection types would give her the results she is looking for? Option 1 : Time-based and boolean-based Option 2: Out of band and boolean-based Option 3 …

Ethical hacker Jane Smith is attempting to perform an SQL injection attack. She wants to test the response time of a true or false response and wants to use a second command to determine whether the database will return true or false results for user IDs. Which two SQL injection types would give her the results she is looking for? Read More »

web

Susan, a software developer, wants her web API to update other applications with the latest information. For this purpose, she a user-defined HTTP callback or push APIs that are raised based on trigger events; when invoked, this feature supplies data to other applications so that users can instantly receive real-time information. Which of the following techniques is employed by Susan?

Susan, a software developer, wants her web API to update other applications with the latest information. For this purpose, she a user-defined HTTP callback or push APIs that are raised based on trigger events; when invoked, this feature supplies data to other applications so that users can instantly receive real-time information. Which of the following techniques is employed by Susan? Option 1 : RESET API Option 2 : SOAP API Option 3 : Web shells …

Susan, a software developer, wants her web API to update other applications with the latest information. For this purpose, she a user-defined HTTP callback or push APIs that are raised based on trigger events; when invoked, this feature supplies data to other applications so that users can instantly receive real-time information. Which of the following techniques is employed by Susan? Read More »

LDAP

John, a professional hacker, targeted an organization that uses LDAP for accessing distributed directory services. He used an automated tool to anonymously query the LDAP service for sensitive information such as username, addresses, departmental details, and server names to launch further attacks on the target organization. What is tool employed by John to gather information from the LDAP services?

John, a professional hacker, targeted an organization that uses LDAP for accessing distributed directory services. He used an automated tool to anonymously query the LDAP service for sensitive information such as username, addresses, departmental details, and server names to launch further attacks on the target organization. What is tool employed by John to gather information from the LDAP services? Option 1 : Zabasearch Option 2 : EarthExplorer Option 3 : Jxplorer Option 4 : ike-scan …

John, a professional hacker, targeted an organization that uses LDAP for accessing distributed directory services. He used an automated tool to anonymously query the LDAP service for sensitive information such as username, addresses, departmental details, and server names to launch further attacks on the target organization. What is tool employed by John to gather information from the LDAP services? Read More »

running

During the enumeration phase, Lawrence performs banner grabbing to obtain information such as OS details and versions of services running. The service that he enumerated runs directly on TCP port 445. Which of the following services is enumerated by Lawrence in this scenario?

During the enumeration phase, Lawrence performs banner grabbing to obtain information such as OS details and versions of services running. The service that he enumerated runs directly on TCP port 445. Which of the following services is enumerated by Lawrence in this scenario? Option 1 : Telnet Option 2 : Network File System (NFS) Option 3 : Server Message Block (SMB) Option 4 : Remote procedure call (RPC) 1. Telnet Telnet is an organization convention …

During the enumeration phase, Lawrence performs banner grabbing to obtain information such as OS details and versions of services running. The service that he enumerated runs directly on TCP port 445. Which of the following services is enumerated by Lawrence in this scenario? Read More »

IDS

Kevin, a professional hacker, wants to penetrate CyberTech Inc.’s network. He employed a technique, using which he encoded packets with Unicode characters. The company’s IDS cannot recognize the packet, but the target web server can decode them. What is the technique used by Kevin to evade the IDS system?

Kevin, a professional hacker, wants to penetrate CyberTech Inc.’s network. He employed a technique, using which he encoded packets with Unicode characters. The company’s IDS cannot recognize the packet, but the target web server can decode them. What is the technique used by Kevin to evade the IDS system? Option 1 : Desynchronization Option 2 : Obfuscating Option 3 : Session splicing Option 4 : Urgency flag 1. Desynchronization The number of security breaches is …

Kevin, a professional hacker, wants to penetrate CyberTech Inc.’s network. He employed a technique, using which he encoded packets with Unicode characters. The company’s IDS cannot recognize the packet, but the target web server can decode them. What is the technique used by Kevin to evade the IDS system? Read More »

penetration tester

You are a penetration tester tasked with testing the wireless network of your client Brakeme SA. You are attempting to break into the wireless network with the SSID “Brakeme-Internal.” You realize that this network uses WPA3 encryption. Which of the following vulnerabilities is the promising to exploit?

You are a penetration tester tasked with testing the wireless network of your client Brakeme SA. You are attempting to break into the wireless network with the SSID “Brakeme-Internal.” You realize that this network uses WPA3 encryption. Which of the following vulnerabilities is the promising to exploit? Option 1 : AP misconfiguration Option 2 : Key reinstallation attack Option 3 : Dragonblood Option 4 : Cross-site request forgery 1. AP misconfiguration The Misconfigured APs are …

You are a penetration tester tasked with testing the wireless network of your client Brakeme SA. You are attempting to break into the wireless network with the SSID “Brakeme-Internal.” You realize that this network uses WPA3 encryption. Which of the following vulnerabilities is the promising to exploit? Read More »

ports

Robin, an attacker, is attempting to bypass the firewalls of an organization through the DNS tunneling method in order to exfiltrate data. He is using the NSTX tool for bypassing the firewall. On which of the following ports should Robin run the NSTX tool?

Robin, an attacker, is attempting to bypass the firewalls of an organization through the DNS tunneling method in order to exfiltrate data. He is using the NSTX tool for bypassing the firewall. On which of the following ports should Robin run the NSTX tool? Option 1 : Port 53 Option 2 : Port 80 Option 3 : Port 50 Option 4 : Port 23 1. Port 53 DNS uses Ports 53 which is almost always …

Robin, an attacker, is attempting to bypass the firewalls of an organization through the DNS tunneling method in order to exfiltrate data. He is using the NSTX tool for bypassing the firewall. On which of the following ports should Robin run the NSTX tool? Read More »

security protocol

This wireless security protocol allows 192-bit minimum-strength security protocols and cryptographic tools to protect sensitive data, such as GCMP-256, HMAC-SHA284, and ECDSA using a 384-bit elliptic curve. Which is the wireless security protocol?

This wireless security protocol allows 192-bit minimum-strength security protocols and cryptographic tools to protect sensitive data, such as GCMP-256, HMAC-SHA284, and ECDSA using a 384-bit elliptic curve. Which is the wireless security protocol? Option 1 : WPA3-Personal Option 2 : WPA3-Enterprise Option 3 : WPA2-Enterprise Option 4 : WPA2-Personal 1. WPA3-Personal WPA3-Personal brings better protections to individual users by providing more robust password-based authentication, even when users choose passwords that come short of typical complexity …

This wireless security protocol allows 192-bit minimum-strength security protocols and cryptographic tools to protect sensitive data, such as GCMP-256, HMAC-SHA284, and ECDSA using a 384-bit elliptic curve. Which is the wireless security protocol? Read More »