312-50 Exam Dumps | Initiating an attack against targeted businesses and organizations, threat actors compromise a carefully

<< Prev Question Next Question >>

Question 36/270

Initiating an attack against targeted businesses and organizations, threat actors compromise a carefully selected website by inserting an exploit resulting in malware infection. The attackers run exploits on well- known and trusted sites likely to be visited by their targeted victims. Aside from carefully choosing sites to compromise, these attacks are known to incorporate zero-day exploits that target unpatched vulnerabilities. Thus, the targeted entities are left with little or no defense against these exploits.
What type of attack is outlined in the scenario?

A. Watering Hole Attack

B. Heartbleed Attack

C. Shellshock Attack

D. Spear Phising Attack

Question List (270q): Question 1: Which of the following tools are used for enumeration? (Choo...; Question 2: You have compromised a server and successfully gained a root...; Question 3: An attacker is using nmap to do a ping sweep and a port scan...; Question 4: Jack was attempting to fingerprint all machines in the netwo...; Question 5: Employees in a company are no longer able to access Internet...; Question 6: Rebecca commonly sees an error on her Windows system that st...; Question 7: You just set up a security system in your network. In what k...; Question 8: Which tool would be used to collect wireless packet data?...; Question 9: What is the main advantage that a network-based IDS/IPS syst...; Question 10: Which of the following items of a computer system will an an...; Question 11: You are manually conducting Idle Scanning using Hping2. Duri...; Question 12: First thing you do every office day is to check your email i...; Question 13: To reduce the attack surface of a system, administrators sho...; Question 14: Port scanning can be used as part of a technical assessment ...; Question 15: What is not a PCI compliance recommendation?...; Question 16: The intrusion detection system at a software development com...; Question 17: What is correct about digital signatures?...; Question 18: An attacker uses a communication channel within an operating...; Question 19: What is the best defense against privilege escalation vulner...; Question 20: A Certificate Authority (CA) generates a key pair that will ...; Question 21: A recent security audit revealed that there were indeed seve...; Question 22: If a tester is attempting to ping a target that exists but r...; Question 23: Which of the following is an extremely common IDS evasion te...; Question 24: What is the primary drawback to using advanced encryption st...; Question 25: Under the "Post-attack Phase and Activities", it is the resp...; Question 26: Which type of cryptography does SSL, IKE and PGP belongs to?...; Question 27: What tool should you use when you need to analyze extracted ...; Question 28: Bob received this text message on his mobile phone: ""Hello,...; Question 29: By using a smart card and pin, you are using a two-factor au...; Question 30: Look at the following output. What did the hacker accomplish...; Question 31: In cryptanalysis and computer security, 'pass the hash' is a...; Question 32: In order to prevent particular ports and applications from g...; Question 33: A penetration test was done at a company. After the test, a ...; Question 34: What are two things that are possible when scanning UDP port...; Question 35: A medium-sized healthcare IT business decides to implement a...; Question 36: Initiating an attack against targeted businesses and organiz...; Question 37: Which of the following conditions must be given to allow a t...; Question 38: Which of the following is used to indicate a single-line com...; Question 39: An IT security engineer notices that the company's web serve...; Question 40: Which of the following BEST describes the mechanism of a Boo...; Question 41: What mechanism in Windows prevents a user from accidentally ...; Question 42: Todd has been asked by the security officer to purchase a co...; Question 43: You have the SOA presented below in your Zone. Your secondar...; Question 44: An attacker attaches a rogue router in a network. He wants t...; Question 45: Which of the following settings enables Nessus to detect whe...; Question 46: Which of the following is an example of two factor authentic...; Question 47: Which of the following programming languages is most vulnera...; Question 48: What is the main difference between a "Normal" SQL Injection...; Question 49: What is the best description of SQL Injection?...; Question 50: An ethical hacker for a large security research firm perform...; Question 51: Which type of scan is used on the eye to measure the layer o...; Question 52: How can a rootkit bypass Windows 7 operating system's kernel...; Question 53: What is a successful method for protecting a router from pot...; Question 54: Which of the following parameters enables NMAP's operating s...; Question 55: What is the outcome of the comm"nc -l -p 2222 | nc 10.1.0.43...; Question 56: The use of alert thresholding in an IDS can reduce the volum...; Question 57: How does an operating system protect the passwords used for ...; Question 58: Bob learned that his username and password for a popular gam...; Question 59: Which of the following is a component of a risk assessment?...; Question 60: The precaution of prohibiting employees from bringing person...; Question 61: What is the proper response for a NULL scan if the port is o...; Question 62: Which vital role does the U.S. Computer Security Incident Re...; Question 63: A certified ethical hacker (CEH) completed a penetration tes...; Question 64: Which type of Nmap scan is the most reliable, but also the m...; 1 commentQuestion 65: A certified ethical hacker (CEH) is approached by a friend w...; Question 66: An attacker with access to the inside network of a small com...; Question 67: What is the broadcast address for the subnet 190.86.168.0/22...; Question 68: Which of the following is a primary service of the U.S. Comp...; Question 69: Which of the following Nmap commands would be used to perfor...; Question 70: It is a short-range wireless communication technology intend...; Question 71: A regional bank hires your company to perform a security ass...; Question 72: Which tool is used to automate SQL injections and exploit a ...; Question 73: An attacker sniffs encrypted traffic from the network and is...; Question 74: While reviewing the result of scanning run against a target ...; Question 75: Which of the following is the BEST way to defend against net...; Question 76: Which of the following open source tools would be the best c...; Question 77: A server has been infected by a certain type of Trojan. The ...; Question 78: Which of the following is a strong post designed to stop a c...; Question 79: You are using NMAP to resolve domain names into IP addresses...; Question 80: An attacker changes the profile information of a particular ...; Question 81: Tess King is using the nslookup command to craft queries to ...; Question 82: A company is using Windows Server 2003 for its Active Direct...; Question 83: Which of the following is a restriction being enforced in "w...; Question 84: Supposed you are the Chief Network Engineer of a certain Tel...; Question 85: Which of the following guidelines or standards is associated...; Question 86: A security analyst in an insurance company is assigned to te...; Question 87: Which of the following network attacks takes advantage of we...; Question 88: How can a policy help improve an employee's security awarene...; Question 89: Which of the following is a wireless network detector that i...; Question 90: A zone file consists of which of the following Resource Reco...; Question 91: Which of the following is a common Service Oriented Architec...; Question 92: A pentester is using Metasploit to exploit an FTP server and...; Question 93: Which of the following can take an arbitrary length of input...; Question 94: Which of the following identifies the three modes in which S...; Question 95: You have successfully comprised a server having an IP addres...; Question 96: Which type of security document is written with specific ste...; Question 97: A distributed port scan operates by:...; Question 98: Which of the following tools will scan a network to perform ...; Question 99: While performing ping scans into a target network you get a ...; Question 100: Which initial procedure should an ethical hacker perform aft...; Question 101: A specific site received 91 ICMP_ECHO packets within 90 minu...; Question 102: Pentest results indicate that voice over IP traffic is trave...; Question 103: Firewalk has just completed the second phase (the scanning p...; Question 104: When setting up a wireless network, an administrator enters ...; Question 105: While testing the company's web applications, a tester attem...; Question 106: A hacker, who posed as a heating and air conditioning specia...; Question 107: > NMAP -sn 192.168.11.200-215 The NMAP command above perf...; Question 108: Websites and web portals that provide web services commonly ...; Question 109: (Note: the student is being tested on concepts learnt during...; Question 110: During a penetration test, a tester finds a target that is r...; Question 111: How do employers protect assets with security policies perta...; Question 112: Which command lets a tester enumerate alive systems in a cla...; Question 113: A security policy will be more accepted by employees if it i...; Question 114: The network administrator contacts you and tells you that sh...; Question 115: Advanced encryption standard is an algorithm used for which ...; Question 116: Your company was hired by a small healthcare provider to per...; Question 117: When does the Payment Card Industry Data Security Standard (...; Question 118: On a Linux device, which of the following commands will star...; Question 119: You've just discovered a server that is currently active wit...; Question 120: Joseph was the Web site administrator for the Mason Insuranc...; Question 121: It is an entity or event with the potential to adversely imp...; Question 122: Which of the following descriptions is true about a static N...; Question 123: Emil uses nmap to scan two hosts using this command. nmap -s...; Question 124: Which mode of IPSec should you use to assure security and co...; Question 125: It is a kind of malware (malicious software) that criminals ...; Question 126: A computer technician is using a new version of a word proce...; Question 127: What are the three types of compliance that the Open Source ...; 3 commentQuestion 128: A hacker was able to sniff packets on a company's wireless n...; Question 129: Nation-state threat actors often discover vulnerabilities an...; Question 130: Scenario: 1. Victim opens the attacker's web site. 2. Attack...; Question 131: Which of the following tools would be the best choice for ac...; Question 132: When security and confidentiality of data within the same LA...; Question 133: The security administrator of ABC needs to permit Internet t...; Question 134: What is a NULL scan?; Question 135: After gaining access to the password hashes used to protect ...; Question 136: Which of the following is a passive wireless packet analyzer...; Question 137: Smart cards use which protocol to transfer the certificate i...; Question 138: Which of the following ensures that updates to policies, pro...; Question 139: Let's imagine three companies (A, B and C), all competing in...; Question 140: Which cipher encrypts the plain text digit (bit or byte) one...; Question 141: When purchasing a biometric system, one of the consideration...; Question 142: Which method can provide a better return on IT security inve...; Question 143: During a wireless penetration test, a tester detects an acce...; Question 144: Which of the following business challenges could be solved b...; Question 145: Which protocol and port number might be needed in order to s...; Question 146: A security engineer is attempting to map a company's interna...; Question 147: The establishment of a TCP connection involves a negotiation...; Question 148: Name two software tools used for OS guessing? (Choose two.)...; Question 149: Neil notices that a single address is generating traffic fro...; Question 150: Which tool can be used to silently copy files from USB devic...; Question 151: Diffie-Hellman (DH) groups determine the strength of the key...; Question 152: In an internal security audit, the white hat hacker gains co...; Question 153: The fundamental difference between symmetric and asymmetric ...; Question 154: Which of the following does proper basic configuration of sn...; Question 155: Which specific element of security testing is being assured ...; Question 156: Which Metasploit Framework tool can help penetration tester ...; Question 157: Which of the following algorithms provides better protection...; Question 158: This phase will increase the odds of success in later phases...; Question 159: An incident investigator asks to receive a copy of the event...; Question 160: Sandra is the security administrator of XYZ.com. One day she...; Question 161: A large mobile telephony and data network operator has a dat...; Question 162: A company has hired a security administrator to maintain and...; Question 163: What is the name of the international standard that establis...; Question 164: International Organization for Standardization (ISO) standar...; Question 165: You want to do an ICMP scan on a remote computer using hping...; Question 166: You are logged in as a local admin on a Windows 7 system and...; Question 167: An organization hires a tester to do a wireless penetration ...; Question 168: Which United States legislation mandates that the Chief Exec...; Question 169: Which of the following Nmap commands will produce the follow...; Question 170: Which of the following items is unique to the N-tier archite...; Question 171: Fingerprinting VPN firewalls is possible with which of the f...; Question 172: From the two screenshots below, which of the following is oc...; Question 173: What is the most secure way to mitigate the theft of corpora...; Question 174: What technique is used to perform a Connection Stream Parame...; Question 175: Which DNS resource record can indicate how long any "DNS poi...; Question 176: Which of the following is optimized for confidential communi...; Question 177: The network in ABC company is using the network address 192....; Question 178: Which of the following is assured by the use of a hash?...; Question 179: Which solution can be used to emulate computer services, suc...; Question 180: Which of the following viruses tries to hide from anti-virus...; Question 181: A consultant has been hired by the V.P. of a large financial...; Question 182: As a Certified Ethical Hacker, you were contracted by a priv...; Question 183: Which of the following is a command line packet analyzer sim...; Question 184: A hacker has successfully infected an internet-facing server...; Question 185: What does a type 3 code 13 represent? (Choose two.)...; Question 186: A tester has been hired to do a web application security tes...; Question 187: What is the main disadvantage of the scripting languages as ...; Question 188: An attacker has been successfully modifying the purchase pri...; Question 189: A botnet can be managed through which of the following?...; Question 190: Internet Protocol Security IPSec is actually a suite of prot...; Question 191: How is sniffing broadly categorized?...; Question 192: Which of the following programming languages is most suscept...; Question 193: Jimmy is standing outside a secure entrance to a facility. H...; Question 194: The configuration allows a wired or wireless network interfa...; Question 195: A security consultant is trying to bid on a large contract t...; Question 196: Under what conditions does a secondary name server request a...; Question 197: XOR is a common cryptographic tool. 10110001 XOR 00111010 is...; Question 198: In order to have an anonymous Internet surf, which of the fo...; Question 199: You have successfully compromised a machine on the network a...; Question 200: While you were gathering information as part of security ass...; Question 201: One way to defeat a multi-level security solution is to leak...; Question 202: A Network Administrator was recently promoted to Chief Secur...; Question 203: An nmap command that includes the host specification of 202....; Question 204: During a penetration test, a tester finds that the web appli...; Question 205: What is the difference between the AES and RSA algorithms?...; Question 206: What is the benefit of performing an unannounced Penetration...; Question 207: What is the correct PCAP filter to capture all TCP traffic g...; Question 208: The purpose of a __________ is to deny network access to loc...; Question 209: Which type of intrusion detection system can monitor and ale...; Question 210: You have successfully gained access to a linux server and wo...; Question 211: Which element of Public Key Infrastructure (PKI) verifies th...; Question 212: Which of the following is a vulnerability in GNU's bash shel...; Question 213: Destination unreachable administratively prohibited messages...; Question 214: In many states sending spam is illegal. Thus, the spammers h...; Question 215: Which of the following will perform an Xmas scan using NMAP?...; Question 216: Which of the following cryptography attack methods is usuall...; Question 217: Which of the following types of firewall inspects only heade...; Question 218: Due to a slow down of normal network operations, IT departme...; Question 219: Which of the following statements is TRUE?...; Question 220: Which of the following areas is considered a strength of sym...; Question 221: What is the main reason the use of a stored biometric is vul...; Question 222: Which of the following is NOT an ideal choice for biometric ...; Question 223: A developer for a company is tasked with creating a program ...; Question 224: Which of the following problems can be solved by using Wires...; Question 225: An attacker has captured a target file that is encrypted wit...; Question 226: Attempting an injection attack on a web server based on resp...; Question 227: Which of the following statements about a zone transfer is c...; Question 228: When you return to your desk after a lunch break, you notice...; Question 229: You're doing an internal security audit and you want to find...; Question 230: It is a regulation that has a set of guidelines, which shoul...; Question 231: During a penetration test, the tester conducts an ACK scan u...; Question 232: Which protocol is used for setting up secured channels betwe...; Question 233: Which Intrusion Detection System is best applicable for larg...; Question 234: It is a vulnerability in GNU's bash shell, discovered in Sep...; Question 235: Which of the following is a design pattern based on distinct...; Question 236: A pentester gains access to a Windows application server and...; Question 237: What is the correct process for the TCP three-way handshake ...; Question 238: Which of the following describes a component of Public Key I...; Question 239: A hacker is attempting to see which IP addresses are current...; Question 240: A network administrator received an administrative alert at ...; Question 241: Which of the following processes of PKI (Public Key Infrastr...; Question 242: The use of technologies like IPSec can help guarantee the fo...; Question 243: As an Ethical Hacker you are capturing traffic from your cus...; Question 244: If there is an Intrusion Detection System (IDS) in intranet,...; Question 245: What statement is true regarding LM hashes?...; Question 246: A hacker was able to easily gain access to a website. He was...; Question 247: While performing online banking using a Web browser, Kyle re...; Question 248: When using Wireshark to acquire packet capture on a network,...; Question 249: In the software security development life cycle process, thr...; Question 250: Which type of antenna is used in wireless communication?...; Question 251: Which of the following is the greatest threat posed by backu...; Question 252: WPA2 uses AES for wireless data encryption at which of the f...; Question 253: A newly discovered flaw in a software application would be c...; Question 254: A security administrator notices that the log file of the co...; Question 255: What results will the following command yield: 'NMAP -sS -O ...; Question 256: Suppose you've gained access to your client's hybrid network...; Question 257: Which of the following is an example of an asymmetric encryp...; Question 258: You have successfully gained access to your client's interna...; Question 259: When an alert rule is matched in a network-based IDS like sn...; Question 260: You have compromised a server on a network and successfully ...; Question 261: Which of the following is a client-server tool utilized to e...; Question 262: Which of the following techniques does a vulnerability scann...; Question 263: The network administrator for a company is setting up a webs...; Question 264: What network security concept requires multiple layers of se...; Question 265: What is the term coined for logging, recording and resolving...; Question 266: Which of the following is a hashing algorithm?...; Question 267: What are the three types of authentication?...; Question 268: Which of the following is the structure designed to verify a...; Question 269: What ports should be blocked on the firewall to prevent NetB...; Question 270: Which type of scan measures a person's external features thr...

Question 36/270

LEAVE A REPLY

Download PDF File