- Email support@dumps4free.com
Topic 1: Exam Pool A
Which of the following tools is used to analyze the files produced by several packet-capture
programs such as tcpdump, WinDump, Wireshark, and EtherPeek?
A.
tcptrace
B.
Nessus
C.
OpenVAS
D.
tcptraceroute
tcptrace
These hackers have limited or no training and know how to use only basic techniques or
tools.
What kind of hackers are we talking about?
A.
Black-Hat Hackers A
B.
Script Kiddies
C.
White-Hat Hackers
D.
Gray-Hat Hacker
Script Kiddies
Explanation: Script Kiddies: These hackers have limited or no training and know how to use only basictechniques or tools. Even then they may not understand any or all of what they are doing.
Nicolas just found a vulnerability on a public-facing system that is considered a zero-day
vulnerability. He sent an email to the owner of the public system describing the problem
and how the owner can protect themselves from that vulnerability. He also sent an email to
Microsoft informing them of the problem that their systems are exposed to. What type of
hacker is Nicolas?
A.
Red hat
B.
white hat
C.
Black hat
D.
Gray hat
white hat
Explanation:
A white hat (or a white hat hacker) is an ethical computer hacker, or a computer security
expert, who focuses on penetration testing and in other testing methodologies that ensures
the safety of an organization’s information systems. Ethical hacking may be a term meant
to imply a broader category than simply penetration testing. Contrasted with black hat, a
malicious hacker, the name comes from Western films, where heroic and antagonistic
cowboys might traditionally wear a white and a black hat respectively. While a white hat
hacker hacks under good intentions with permission, and a black hat hacker, most
frequently unauthorized, has malicious intent, there’s a 3rd kind referred to as a gray hat
hacker who hacks with good intentions but sometimes without permission.White hat
hackers can also add teams called “sneakers and/or hacker clubs”,red teams, or tiger
teams.While penetration testing concentrates on attacking software and computer systems
from the beginning – scanning ports, examining known defects in protocols and
applications running on the system and patch installations, as an example – ethical hacking
may include other things. A full-blown ethical hack might include emailing staff to invite
password details, searching through executive’s dustbins and typically breaking and
entering, without the knowledge and consent of the targets. Only the owners, CEOs and
Board Members (stake holders) who asked for such a censoring of this magnitude are
aware. to undertake to duplicate a number of the destructive techniques a true attack might
employ, ethical hackers may arrange for cloned test systems, or organize a hack late in the
dark while systems are less critical. In most up-to-date cases these hacks perpetuate for
the long-term con (days, if not weeks, of long-term human infiltration into an organization).
Some examples include leaving USB/flash key drives with hidden auto-start software
during a public area as if someone lost the tiny drive and an unsuspecting employee found
it and took it.Some other methods of completing these include:• DoS attacks• Social engineering tactics• Reverse engineering• Network security• Disk and memory forensics•
Vulnerability research• Security scanners such as:– W3af– Nessus– Burp
suite• Frameworks such as:– Metasploit• Training PlatformsThese methods identify and
exploit known security vulnerabilities and plan to evade security to realize entry into
secured areas. they’re ready to do that by hiding software and system ‘back-doors’ which
will be used as a link to information or access that a non-ethical hacker, also referred to as
‘black-hat’ or ‘grey-hat’, might want to succeed in
Security administrator John Smith has noticed abnormal amounts of traffic coming from
local computers at night. Upon reviewing, he finds that user data have been exfilltrated by
an attacker. AV tools are unable to find any malicious software, and the IDS/IPS has not
reported on any non-whitelisted programs, what type of malware did the attacker use to
bypass the company's application whitelisting?
A.
Phishing malware
B.
Zero-day malware
C.
File-less malware
D.
Logic bomb malware
File-less malware
Which command can be used to show the current TCP/IP connections?
A.
Netsh
B.
Netstat
C.
Net use connection
D.
Net use
Netsh
| Page 29 out of 114 Pages |
| Previous |