server

NetBIOS

Allen, a professional pen tester, was hired by XpertTech solution to perform an attack simulation aon the organization’s network resources. To perform the attack, he look advantage of the NetBIOS API and targeted the NetBIOS service. By enumerating NetBIOS, he found that port 139 was open and could see the resources that could be accessed or viewed on a remote system. He came across many NetBIOS codes during enumeration. Identify the NetBIOS code used for obtaining the messenger service running for the logged-in user?

Allen, a professional pen tester, was hired by XpertTech solution to perform an attack simulation on the organization’s network resources. To perform the attack, he look advantage of the NetBIOS API and targeted the NetBIOS service. By enumerating NetBIOS, he found that port 139 was open and could see the resources that could be accessed or viewed on a remote system. He came across many NetBIOS codes during enumeration. Identify the NetBIOS code used for …

Allen, a professional pen tester, was hired by XpertTech solution to perform an attack simulation aon the organization’s network resources. To perform the attack, he look advantage of the NetBIOS API and targeted the NetBIOS service. By enumerating NetBIOS, he found that port 139 was open and could see the resources that could be accessed or viewed on a remote system. He came across many NetBIOS codes during enumeration. Identify the NetBIOS code used for obtaining the messenger service running for the logged-in user? Read More »

application

While testing a web application in development, you notice that the web server does not properly ignore the “dot dot slash” (../) character string and instead returns the file listing of a folder structure of the server. What kind of attack is possible in this scenario?

While testing a web application in development, you notice that the web server does not properly ignore the “dot dot slash” (../) character string and instead returns the file listing of a folder structure of the server. What kind of attack is possible in this scenario? Option 1 : Denial of service Option 2 : Cross-site scripting Option 3 : SQL injection Option 4 : Directory traversal   1. Denial of service The Denial of …

While testing a web application in development, you notice that the web server does not properly ignore the “dot dot slash” (../) character string and instead returns the file listing of a folder structure of the server. What kind of attack is possible in this scenario? Read More »

social media

Emily, an extrovert obsessed with social media, posts a large amount of private information, photographs, and location tags of recently visited places. Realizing this, James, a professional hacker, targets Emily and acquaintances, conducts a location search to detect their geolocation by using an automated tool, and gathers information to perform other sophisticated attacks. What is tool employed by James in the above scenario?

Emily, an extrovert obsessed with social media, posts a large amount of private information, photographs, and  location tags of recently visited places. Realizing this, James, a professional hacker,  targets Emily and acquaintances, conducts a location search to detect their geolocation by using an automated tool, and gathers information to perform other sophisticated attacks. What is tool employed by James in the above scenario? Option 1 : Ophcrack Option 2 : HootSuite Option 3 : HULK …

Emily, an extrovert obsessed with social media, posts a large amount of private information, photographs, and location tags of recently visited places. Realizing this, James, a professional hacker, targets Emily and acquaintances, conducts a location search to detect their geolocation by using an automated tool, and gathers information to perform other sophisticated attacks. What is tool employed by James in the above scenario? Read More »

web server

What are common files on a web server that can be misconfigured and provide useful information for a hacker such as verbose error messages?

What are common files on a web server that can be misconfigured and provide useful information for a hacker such as verbose error messages? Option 1 : idq.dll Option 2 : administration.config Option 3 : httpd.conf Option 4 : php.ini 1. idq.dll idq.dll may be a library employed by ISAPI for indexing. idq.dll may be a system process that’s needed for your PC to figure properly. It shouldn’t be removed. The idq.dll is an executable …

What are common files on a web server that can be misconfigured and provide useful information for a hacker such as verbose error messages? Read More »

MSP

Alice, a professional hacker, targeted an organization’s cloud services. She infiltrated the target’s MSP provider by sending spear-phising emails and distributed custom-made malware to compromise user account and gain remote access to the cloud service. Further, she accessed the target customer profiles with her MSP accounr, compressed the customer data, and stored them in the MSP. Then, she used this information to launch further attack on the target organization. Which of the following cloud attacks did Alice perform in the above scenario?

Alice, a professional hacker, targeted an organization’s cloud services. She infiltrated the target’s MSP provider by sending spear-phising emails and distributed custom-made malware to compromise user account and gain remote access to the cloud service. Further, she accessed the target customer profiles with her MSP account, compressed the customer data, and stored them in the MSP. Then, she used this information to launch further attack on the target organization. Which of the following cloud attacks …

Alice, a professional hacker, targeted an organization’s cloud services. She infiltrated the target’s MSP provider by sending spear-phising emails and distributed custom-made malware to compromise user account and gain remote access to the cloud service. Further, she accessed the target customer profiles with her MSP accounr, compressed the customer data, and stored them in the MSP. Then, she used this information to launch further attack on the target organization. Which of the following cloud attacks did Alice perform in the above scenario? Read More »

DDOS attack

A DDOS attack is performed at layer 7 to take down web infrastructure. Partial HTTP requests are sent to the web infrastructure or applications. Upon receiving a partial request, the target servers opens multiple connections and keeps waiting for the requests to complete. Which attack is being described here?

A DDOS attack is performed at layer 7 to take down web infrastructure. Partial HTTP requests are sent to the web infrastructure or applications. Upon receiving a partial request, the target servers opens multiple connections and keeps waiting for the requests to complete. Which attack is being described here? Option 1 : Slowloris attack Option 2 : Session splicing Option 3 : Phlashing Option 4 : Desynchronization 1. Slowloris attack Developed by Robert “RSnake” Hansen, …

A DDOS attack is performed at layer 7 to take down web infrastructure. Partial HTTP requests are sent to the web infrastructure or applications. Upon receiving a partial request, the target servers opens multiple connections and keeps waiting for the requests to complete. Which attack is being described here? Read More »

DNS protocol

John, a professional hacker, decided to use DNS to perform data exfilteration on a target network. In this process, he embedded malicious data into the DNS protocol packets that even DNSSEC cannot detect. Using this technique, John successfully injected malware to bypass a firewall and maintained communication with the victim machine and C&C server. What is the technique employed by John to bypass the firewall?

John, a professional hacker, decided to use DNS to perform data exfilteration on a target network. In this process, he embedded malicious data into the DNS protocol packets that even DNSSEC cannot detect. Using this technique, John successfully injected malware to bypass a firewall and maintained communication with the victim machine and C&C server. What is the technique employed by John to bypass the firewall? Option 1 : DNS tunneling method Option 2 : DNS …

John, a professional hacker, decided to use DNS to perform data exfilteration on a target network. In this process, he embedded malicious data into the DNS protocol packets that even DNSSEC cannot detect. Using this technique, John successfully injected malware to bypass a firewall and maintained communication with the victim machine and C&C server. What is the technique employed by John to bypass the firewall? Read More »

website

Jane, an ethical hacker, is testing a target organization’s web server and website to identify security loopholes. In this process, she copied the entire website and its content on a local drive to view the profile of the site’s directory structure, file structure, external links, images, web pages, and so on. This information helps Jane map the website’s directories and gain valuable information. What is the attack technique employed by Jane in the above scenario?

Jane, an ethical hacker, is testing a target organization’s web server and website to identify security loopholes. In this process, she copied the entire website and its content on a local drive to view the profile of the site’s directory structure, file structure, external links, images, web pages, and so on. This information helps Jane map the website’s directories and gain valuable information. What is the attack technique employed by Jane in the above scenario? …

Jane, an ethical hacker, is testing a target organization’s web server and website to identify security loopholes. In this process, she copied the entire website and its content on a local drive to view the profile of the site’s directory structure, file structure, external links, images, web pages, and so on. This information helps Jane map the website’s directories and gain valuable information. What is the attack technique employed by Jane in the above scenario? Read More »

There have been concerns in your network that the wireless network components is not sufficiently secure. You perform a vulnerabilities scan of the wireless network and find that it is using an old encryption protocol that was designed to mimic wired encryption. What encryption protocol is being used?

There have been concerns in your network that the wireless network components is not sufficiently secure. You perform a vulnerabilities scan of the wireless network and find that it is using an old encryption protocol that was designed to mimic wired encryption. What encryption protocol is being used? Option 1 : WPA Option 2 : WEP Option 3 : RADIUS Option 4 : WPA3 1. WPA Wi-Fi Protected Access (WPA), Wi-Fi Protected Access II (WPA2), …

There have been concerns in your network that the wireless network components is not sufficiently secure. You perform a vulnerabilities scan of the wireless network and find that it is using an old encryption protocol that was designed to mimic wired encryption. What encryption protocol is being used? Read More »

protocols

Which of the following protocols can be used to secure an LDAP service against anonymous queries?

Which of the following protocols can be used to secure an LDAP service against anonymous queries? Option 1 : WPA Option 2 : RADIUS Option 3 : NTLM Option 4 : SSO 1. WPA Wi-Fi Protected Access (WPA) could be a security standard for users of computing devices equipped with wireless web connections. WPA was developed by the Wi-Fi Alliance to produce a lot of subtle encoding and higher user authentication than Wired Equivalent Privacy …

Which of the following protocols can be used to secure an LDAP service against anonymous queries? Read More »