Whois footprinting
Robert, a professional hacker, is attempting to execute a fault injection attack on a target IoT device.
In this process, he injects faults into the power supply that can be used for remote execution, also
causing the skipping of key instructions. He also injects faults into the clock network used for
delivering a synchronized signal across the chip.
Which of the following types of fault injection attack is performed by Robert in the above scenario?
D
Explanation:
These types of attacks occur when faults or glitches are INJECTED into the Power supply that can be
used for remote execution.
Which of the following Metasploit post-exploitation modules can be used to escalate privileges on
Windows systems?
A
Which rootkit is characterized by its function of adding code and/or replacing some of the operating-
system kernel code to obscure a backdoor on a system?
C
Jacob works as a system administrator in an organization. He wants to extract the source code of a
mobile application and disassemble the application to analyze its design flaws. Using this technique,
he wants to fix any bugs in the application, discover underlying vulnerabilities, and improve defense
strategies against attacks.
What is the technique used by Jacob in the above scenario to improve the security of the mobile
application?
A
Which of the following Bluetooth hacking techniques does an attacker use to send messages to users
without the recipients consent, similar to email spamming?
C
Sophia is a shopping enthusiast who spends significant time searching for trendy outfits online. Clark,
an attacker, noticed her activities several times and sent a fake email containing a deceptive page
link to her social media page displaying all-new and trendy outfits. In excitement, Sophia clicked on
the malicious link and logged in to that page using her valid credentials. Which of the following tools
is employed by Clark to create the spoofed email?
C
An attacker identified that a user and an access point are both compatible with WPA2 and WPA3
encryption. The attacker installed a rogue access point with only WPA2 compatibility in the vicinity
and forced the victim to go through the WPA2 four-way handshake to get connected. After the
connection was established, the attacker used automated tools to crack WPA2-encrypted messages.
What is the attack performed in the above scenario?
B
This type of injection attack does not show any error message. It is difficult to exploit as it returns
information when the application is given SQL payloads that elicit a true or false response from the
server. By observing the response, an attacker can extract sensitive information. What type of attack
is this?
D
You are using a public Wi-Fi network inside a coffee shop. Before surfing the web, you use your VPN
to prevent intruders from sniffing your traffic. If you did not have a VPN, how would you identify
whether someone is performing an ARP spoofing attack on your laptop?
A
An attacker utilizes a Wi-Fi Pineapple to run an access point with a legitimate-looking SSID for a
nearby business in order to capture the wireless password. What kind of attack is this?
B
Richard, an attacker, targets an MNC In this process, he uses a footprinting technique to gather as
much information as possible. Using this technique, he gathers domain information such as the
target domain name, contact details of its owner, expiry date, and creation date. With this
information, he creates a map of the organization's network and misleads domain owners with social
engineering to obtain internal details of its network. What type of footprinting technique is
employed by Richard?
B
Whois footprinting
George, an employee of an organization, is attempting to access restricted websites from an official
computer. For this purpose, he used an anonymizer that masked his real IP address and ensured
complete and continuous anonymity for all his online activities. Which of the following anonymizers
helps George hide his activities?
A.
https://www.baidu.com
B.
https://www.guardster.com
C.
https://www.wolframalpha.com
D.
https://karmadecay.com
B
Lewis, a professional hacker, targeted the loT cameras and devices used by a target venture-capital
firm. He used an information-gathering tool to collect information about the loT devices connected
to a network, open ports and services, and the attack surface are
a. Using this tool, he also generated statistical reports on broad usage patterns and trends. This tool
helped Lewis continually monitor every reachable server and device on the Internet, further allowing
him to exploit these devices in the network. Which of the following tools was employed by Lewis in
the above scenario?
A
Explanation:
Censys scans help the scientific community accurately study the Internet. The data is sometimes
used to detect security problems and to inform operators of vulnerable systems so that they can
fixed
Your organization has signed an agreement with a web hosting provider that requires you to take full
responsibility of the maintenance of the cloud-based resources. Which of the following models
covers this?
C
Which of the following types of SQL injection attacks extends the results returned by the original
query, enabling attackers to run two or more statements if they have the same structure as the
original one?
D