software

whitelisting

Security administrator John Smith has noticed abnormal amounts of traffic coming from local computers at night. Upon reviewing, he finds that user data have been exfiltered by an attacker. AV tools are unable to find any malicious software, and the IDS/IPS has not reported on any non-whitelisted programs. What type of malware did the attacker use to bypass the company ‘s application whitelisting?

Leave a Comment / CEHv11 / By

Security administrator John Smith has noticed abnormal amounts of traffic coming from local computers at night. Upon reviewing, he finds that user data have been exfiltered by an attacker. AV tools are unable to find any malicious software, and the IDS/IPS has not reported on any non – whitelisting programs. What type of malware did the attacker use to bypass the company ‘s application whitelisting? Option 1 : Phishing malware Option 2 : File-less malware …

Security administrator John Smith has noticed abnormal amounts of traffic coming from local computers at night. Upon reviewing, he finds that user data have been exfiltered by an attacker. AV tools are unable to find any malicious software, and the IDS/IPS has not reported on any non-whitelisted programs. What type of malware did the attacker use to bypass the company ‘s application whitelisting? Read More »

web service

Gillbert, a web developer, uses a centralized web API to reduce complexity and increase the integrity of updating and changing data. For this purpose, he uses a web service that uses HTTP methods such as PUT, POST, GET, and DELETE and can improve the overall performance, visibility, scalability, reliability, and portability of an application. What is the type of web-service API mentioned in the above scenario?

Leave a Comment / CEHv11 / By

Gillbert, a web developer, uses a centralized web API to reduce complexity and increase the integrity of updating and changing data. For this purpose, he uses a web service that uses HTTP methods such as PUT, POST, GET, and DELETE and can improve the overall performance, visibility, scalability, reliability, and portability of an application. What is the type of web-service API mentioned in the above scenario? Option 1 : SOAP API Option 2 : RESET …

Gillbert, a web developer, uses a centralized web API to reduce complexity and increase the integrity of updating and changing data. For this purpose, he uses a web service that uses HTTP methods such as PUT, POST, GET, and DELETE and can improve the overall performance, visibility, scalability, reliability, and portability of an application. What is the type of web-service API mentioned in the above scenario? Read More »

cloud

There are multiple cloud deployment options depending on how isolated a customer’s resources are from those of other customers. Shared environment share the costs and allow each customer to enjoy lower operations expenses. One solution is for a customer to join with a group of users or organizations to share a cloud environment. What is this cloud deployment option called?

Leave a Comment / CEHv11 / By

There are multiple cloud deployment options depending on how isolated a customer’s resources are from those of other customers. Shared environment share the costs and allow each customer to enjoy lower operations expenses. One solution is for a customer to join with a group of users or organizations to share a cloud environment. What is this cloud deployment option called? Option 1 : Private Option 2 : Community Option 3 : Public Option 4 : …

There are multiple cloud deployment options depending on how isolated a customer’s resources are from those of other customers. Shared environment share the costs and allow each customer to enjoy lower operations expenses. One solution is for a customer to join with a group of users or organizations to share a cloud environment. What is this cloud deployment option called? Read More »

vendors

A post-breach forensic investigation revealed that a known vulnerability in Apache Struts was to blame for the Equifax data breach that affected 143 million customers. A fix was available from the software vendors for several months prior to the intrusion. This is likely a failure in which of the following security processes?

Leave a Comment / CEHv11 / By

A post-breach forensic investigation revealed that a known vulnerability in Apache Struts was to blame for the Equifax data breach that affected 143 million customers. A fix was available from the software vendors for several months prior to the intrusion. This is likely a failure in which of the following security processes? Option 1 : Vendors risk management Option 2 : Patch management Option 3 : Secure development lifecycle Option 4 : Security awareness training …

A post-breach forensic investigation revealed that a known vulnerability in Apache Struts was to blame for the Equifax data breach that affected 143 million customers. A fix was available from the software vendors for several months prior to the intrusion. This is likely a failure in which of the following security processes? Read More »

SSLv2

Samuel a security administrator, is accessing the configuration of a web server. He noticed that the server permits SSLv2 connections, and the same private key certificate is used on a different server that allows SSLv2 connections. This vulnerability makes the web server vulnerable to attack as the SSLv2 server can leak key information. Which of the following attack can be performed by exploiting the above vulnerability?

1 Comment / CEHv11 / By

Samuel a security administrator, is accessing the configuration of a web server. He noticed that the server permits SSLv2 connections, and the same private key certificate is used on a different server that allows SSLv2 connections. This vulnerability makes the web server vulnerable to attack as the SSLv2 server can leak key information. Which of the following attack can be performed by exploiting the above vulnerability? Option 1 : Padding oracle attack Option 2 : …

Samuel a security administrator, is accessing the configuration of a web server. He noticed that the server permits SSLv2 connections, and the same private key certificate is used on a different server that allows SSLv2 connections. This vulnerability makes the web server vulnerable to attack as the SSLv2 server can leak key information. Which of the following attack can be performed by exploiting the above vulnerability? Read More »

tool

Heather’s company has decided to use a new customer relationship management tool. After performing the appropriate research, they decided to purchase a subscription to a cloud-hosted solution. The only administrative task that Heather will need to perform is the management of user accounts. The provider will take care of the hardware, operating system, and software administration including patching and monitoring. Which of the following is this type of solution?

Leave a Comment / CEHv11 / By

Heather’s company has decided to use a new customer relationship  management tool. After performing the appropriate research, they decided to purchase a subscription to a cloud-hosted solution. The only administrative task that Heather will need to perform is the management of user accounts. The provider will take care of the hardware, operating system, and software administration including patching and monitoring. Which of the following is this type of solution? Option 1 : SaaS Option 2 …

Heather’s company has decided to use a new customer relationship management tool. After performing the appropriate research, they decided to purchase a subscription to a cloud-hosted solution. The only administrative task that Heather will need to perform is the management of user accounts. The provider will take care of the hardware, operating system, and software administration including patching and monitoring. Which of the following is this type of solution? Read More »

public-facing system

Nicolas just found a vulnerability on a public-facing system that is considered a zero-day vulnerability. He sent an email to the owner of the public system describing the problem and how the owner can protect themselves from that vulnerability. He also sent an email to Microsoft informing them of the problem that their systems are exposed to. What type of hacker is Nicolas?

Leave a Comment / CEHv11 / By

Nicolas just found a vulnerability on a public-facing system that is considered a zero-day vulnerability. He sent an email to the owner of the public system describing the problem and how the owner can protect themselves from that vulnerability. He also sent an email to Microsoft informing them of the problem that their systems are exposed to. What type of hacker is Nicolas? Option 1 : Gray hat Option 2 : White hat Option 3 …

Nicolas just found a vulnerability on a public-facing system that is considered a zero-day vulnerability. He sent an email to the owner of the public system describing the problem and how the owner can protect themselves from that vulnerability. He also sent an email to Microsoft informing them of the problem that their systems are exposed to. What type of hacker is Nicolas? Read More »

DDOS attack

A DDOS attack is performed at layer 7 to take down web infrastructure. Partial HTTP requests are sent to the web infrastructure or applications. Upon receiving a partial request, the target servers opens multiple connections and keeps waiting for the requests to complete. Which attack is being described here?

Leave a Comment / CEHv11 / By

A DDOS attack is performed at layer 7 to take down web infrastructure. Partial HTTP requests are sent to the web infrastructure or applications. Upon receiving a partial request, the target servers opens multiple connections and keeps waiting for the requests to complete. Which attack is being described here? Option 1 : Slowloris attack Option 2 : Session splicing Option 3 : Phlashing Option 4 : Desynchronization 1. Slowloris attack Developed by Robert “RSnake” Hansen, …

A DDOS attack is performed at layer 7 to take down web infrastructure. Partial HTTP requests are sent to the web infrastructure or applications. Upon receiving a partial request, the target servers opens multiple connections and keeps waiting for the requests to complete. Which attack is being described here? Read More »

hackers

Which of the following information security controls creates an appealing isolated environment for hackers to prevent them from compromising critical targets while simultaneously gathering information about the hacker?

3 Comments / CEHv11 / By

Which of the following information security controls creates an appealing isolated environment for hackers to prevent them from compromising critical targets while simultaneously gathering information about the hacker? Option 1 : Honeypot Option 2 : Botnet Option 3 : Intrusion detection system Option 4 : Firewall 1. Honeypot A honeypot may be a trap that an IT pro lays for a malicious hacker, hoping that they will interact with it during a way that gives …

Which of the following information security controls creates an appealing isolated environment for hackers to prevent them from compromising critical targets while simultaneously gathering information about the hacker? Read More »

Attacker

Attacker Steve targeted an organization’s with the aim of redirecting the company’s web traffic to another malicious website. To achieve this goal, Steve performed DNS cache poisoning by exploiting vulnerabilities in the DNS server software and modified the original IP address of the target website to that of a fake website. What is the technique employed by Steve to gather information for identity theft?

Leave a Comment / CEHv11 / By

Attacker Steve targeted an organization’s with the aim of redirecting the company’s web traffic to another malicious website. To achieve this goal, Steve performed DNS cache poisoning by exploiting vulnerabilities in the DNS server software and modified the original IP address of the target website to that of a fake website. What is the technique employed by Steve to gather information for identity theft? Option 1 : Pretexting Option 2 : Wardriving Option 3 : …

Attacker Steve targeted an organization’s with the aim of redirecting the company’s web traffic to another malicious website. To achieve this goal, Steve performed DNS cache poisoning by exploiting vulnerabilities in the DNS server software and modified the original IP address of the target website to that of a fake website. What is the technique employed by Steve to gather information for identity theft? Read More »