- Email support@dumps4free.com
Topic 1: Exam Pool A
You are tasked to perform a penetration test. While you are performing information
gathering, you find an employee list in Google. You find the receptionist’s email, and you
send her an email changing the source email to her boss’s email (boss@company). In this
email, you ask for a pdf with information. She reads your email and sends back a pdf with
links. You exchange the pdf links with your malicious links (these links contain malware)
and send back the modified pdf, saying that the links don’t work. She reads your email,
opens the links, and her machine gets infected. You now have access to the company
network. What testing method did you use?
A.
Social engineering
B.
Piggybacking
C.
Tailgating
D.
Eavesdropping
Social engineering
Explanation:
Social engineering is the term used for a broad range of malicious activities accomplished
through human interactions. It uses psychological manipulation to trick users into making
security mistakes or giving away sensitive information.
Social engineering attacks typically involve some form of psychological manipulation,
fooling otherwise unsuspecting users or employees into handing over confidential or
sensitive data. Commonly, social engineering involves email or other communication that
invokes urgency, fear, or similar emotions in the victim, leading the victim to promptly
reveal sensitive information, click a malicious link, or open a malicious file. Because social
engineering involves a human element, preventing these attacks can be tricky for
enterprises.
What two conditions must a digital signature meet?
A.
Has to be the same number of characters as a physical signature and must be unique.
B.
Has to be unforgeable, and has to be authentic.
C.
Must be unique and have special characters
D.
Has to be legible and neat
Has to be unforgeable, and has to be authentic.
The company ABC recently contracts a new accountant. The accountant will be working
with the financial statements. Those financial statements need to be approved by the CFO
and then they will be sent to the accountant but the CFO is worried because he wants to be
sure that the information sent to the accountant was not modified once he approved it.
Which of the following options can be useful to ensure the integrity of the data?
A.
The CFO can use a hash algorithm in the document once he approved the financial
statements
B.
The CFO can use an excel file with a password
C.
The financial statements can be sent twice, one by email and the other delivered in USB
and the accountant can compare both to be sure is the same document
D.
The document can be sent to the accountant using an exclusive USB for that document
The CFO can use a hash algorithm in the document once he approved the financial
statements
You need to deploy a new web-based software package for your organization. The
package requires three separate servers and needs to be available on the Internet. What is
the recommended architecture in terms of server placement?
A.
All three servers need to be placed internally
B.
A web server facing the Internet, an application server on the internal network, a
database server on the internal network
C.
A web server and the database server facing the Internet, an application server on the
internal network
D.
All three servers need to face the Internet so that they can communicate between
themselves
A web server facing the Internet, an application server on the internal network, a
database server on the internal network
CompanyXYZ has asked you to assess the security of their perimeter email gateway. From
your office in New York, you craft a specially formatted email message and send it across
the Internet to an employee of CompanyXYZ. The employee of CompanyXYZ is aware of
your test. Your email message looks like this:
From: jim_miller@companyxyz.com
To: michelle_saunders@companyxyz.com Subject: Test message
Date: 4/3/2017 14:37
The employee of CompanyXYZ receives your email message.
This proves that CompanyXYZ’s email gateway doesn’t prevent what?
A.
Email Masquerading
B.
Email Harvesting
C.
Email Phishing
D.
Email Spoofing
Email Spoofing
Explanation:
Email spoofing is the fabrication of an email header in the hopes of duping the recipient into
thinking the email originated from someone or somewhere other than the intended source.
Because core email protocols do not have a built-in method of authentication, it is common
for spam and phishing emails to use said spoofing to trick the recipient into trusting the
origin of the message.
The ultimate goal of email spoofing is to get recipients to open, and possibly even respond
to, a solicitation. Although the spoofed messages are usually just a nuisance requiring little
action besides removal, the more malicious varieties can cause significant problems and
sometimes pose a real security threat.
| Page 19 out of 114 Pages |
| Previous |