Cmit question

[ad_1]
Question 1 (1 point)Identify the type of cloud computing, which provides virtual machines and other abstracted hardware and operating systems which may be controlled through a service APIQuestion 1 options:Software-as-a-Service (SaaS)Platform-as-a-Service (PaaS)Infrastructure-as-a-Service (IaaS)Virtual ServiceSaveQuestion 2 (1 point)Silicon Pvt Ltd is a reputed company, which is having around 1000’s employees working in their company. One day, one of the employees approached the authorized person of the organization claiming that he/she forgot their ID badge and requested the person to allow through a secure door. Whereas the authorized person believed that the person forgot the ID badge and helped the person to go through the entrance by swiping with his/her ID badge. Later on that authorized person realized that the person is a non-employee of the organization and he/she is an intruder who intentionally entered into the company From the above scenario, which of the following comes under the Human-based Social EngineerinQuestion 2 options:TailgatingPiggybackingReverse Social EngineeringNone of the aboveSaveQuestion 3 (1 point)Identify the command which is used to adjust RSSI rangeQuestion 3 options:python RFCrack.py -i -F MOD_2FSK -F 314350000python RFCrack.py -j -F 314000000python RFCrack.py -r -U “-75” -L “-5” -M MOD_2FSK -F 314350000python RFCrack.py -r -M MOD_2FSK -F 314350000SaveQuestion 4 (1 point)Which of the following service uses the port TCP/UDP 53 to enumerateQuestion 4 options:DNS Zone TransferSNMP TrapNetBIOS Name ServiceGlobal Catalog ServiceSaveQuestion 5 (1 point)Which of the following attack involves in stealing a cloud service provider’s domain nameQuestion 5 options:CybersquattingDomain SnippingDNS Poisoningd. Domain HijackingSaveQuestion 6 (1 point)The attacker uses the following attack, in order to listen to the conversation between the user and the server and captures the authentication token of the user. With this authentication token, the attacker replays the request to the server with the captured authentication token and gains unauthorized access to the serverQuestion 6 options:Session Replay attackSession Fixation attacksSession hijacking using proxy serversClient side attacksSaveQuestion 7 (1 point)Which type of DNS record helps in mapping an IP address to a hostname?Question 7 options:HINFOTXTPTRNSSaveQuestion 8 (1 point)Which of the following executing application allows an attacker to modify the registry and to change local admin passwords?Question 8 options:RemoteExecPDQ DeployDameWare Remote SupportKeyloggersSaveQuestion 9 (1 point)Identify the type of virus that adds its code to the host code without relocating the host code to insert its own code at the beginningQuestion 9 options:Intrusive VirusesTransient VirusesAdd-on VirusesShell VirusesSaveQuestion 10 (1 point)Identify the ports that are allowed by the firewall in an organizationQuestion 10 options:Port 443 and Port 69Port 80 and Port 69Port 80 and Port 110Port 80 and Port 443SaveQuestion 11 (1 point)In the SQL Injection Characters, which of the following character represents the global variable?Question 11 options:%@@variable||@variableSaveQuestion 12 (1 point)In a computer based social engineering, a person receives emails that issues warnings to the user on the new viruses, worms or Trojan that may harm the user’s system. These kind of computer based social engineering is known asQuestion 12 options:Spam EmailChain LettersHoax LettersInstant Chat MessengerSaveQuestion 13 (1 point)Sam receives an email with an attachment, he downloads the file and finds that it is infected with virus which overwrites a part of the host file with a constant content without increasing the length of the file and preserving its functionality. Which type of virus that the file was infected by?Question 13 options:Cavity VirusesShell VirusesFile Extension Viruses Cluster VirusesSaveQuestion 14 (1 point)Which of the following sequence is used by the attacker, in the Directory Traversal Attacks to access restricted directories outside of the web server root directory. Select oneQuestion 14 options:/…//…..//../SaveQuestion 15 (1 point)In the Command Injection attacks, the following type of attack is used to deface a website virtually. Select oneQuestion 15 options:HTML EmbeddingShell InjectionWebsite EmbeddingHTML injectionSaveQuestion 16 (1 point)Identify the hacking phase in which an attacker tries to gather information about the target prior to launch an attackQuestion 16 options:ScanningGaining AccessReconnaissanceClearing TracksSaveQuestion 17 (1 point)Identify the type of IDS alert that occurs when an IDS fails to react to an actual attack eventQuestion 17 options:True PositiveTrue NegativeFalse NegativeFalse PositiveSaveQuestion 18 (1 point)Which of the following tool can capture RPL related information and live packets from networks in a non-intrusive manner?Question 18 options:Foren6RFCrackHackRF OneTelnetSaveQuestion 19 (1 point)The testing that is also called black box testing, which require no knowledge of the inner design of the code is calledQuestion 19 options:Fuzzing TestFunction TestStatic TestDynamic TestSaveQuestion 20 (1 point)Which of the following Hping command used to intercept all traffic containing HTTP signature?Question 20 options:hping3 192.168.1.103 -Q -p 139 -shping3 -9 HTTP -I eth0hping3 -S 192.168.1.1 -a 192.168.1.254 -p 22 –floodhping3 -F -P -U 10.0.0.25 -p 80SaveQuestion 21 (1 point)Identify which of the following detection is used to detect the intrusion based on the fixed behavioral characteristics of the user and components in a computer systemQuestion 21 options:Anomaly Detection Protocol Anomaly DetectionIntrusion Detection SystemSignature RecognitionSaveQuestion 22 (1 point)Roy is a senior penetration tester working in a Gensolutions Inc, a US based company. The company uses the Oracle database to store all its data. It also uses Oracle DataBase Vault in order to restrict user from accessing the confidential data from their database. One day Roy was asked to find all the possible vulnerabilities of the company’s Oracle Database Vault. Roy tried different kinds of attacks to penetrate into the company’s Oracle DB Valut and succeeded. Which of the following attack helped Roy to bypass Gensolutions Oracle DB Vault? Select oneQuestion 22 options:Denial of service attackSQL InjectionSession HijackingSniffingSaveQuestion 23 (1 point)At which phase of the Session Fixation attack does the attacker obtains a legitimate session ID by establishing a connection with the target web server.Question 23 options:Entrance phaseSession set-up phaseFixation phaseFinal phaseSaveQuestion 24 (1 point)Identify the rootkit, which helps in hiding the directories, remote connections and logins.Question 24 options:Azazel ZeroAccessNecursAvatarSaveQuestion 25 (1 point)Which type of attack that search for the web server login passwords by using the alphabetical letters, symbols and number is calledQuestion 25 options:Password GuessingDictionary AttackBrute Force AttackHybrid AttackSaveQuestion 26 (1 point)In webserver password cracking techniques, The attacker tries every combination of character until the password is broken, such type of attack is known as. Select one:Question 26 options:Brute force attackDictionary attacksGuessing attackHybrid attackSaveQuestion 27 (1 point)ICMP scanning involves in checking for the live systems, which can be done by sending the following ping scan request to a host. If the host is live, then it will return a reply.Question 27 options:ICMP Echo ReplyICMP Echo PingICMP Echo RequestICMP Echo hostSaveQuestion 28 (1 point)Identify the following technique, in which the attacker use drones to detect open wireless networksQuestion 28 options:WarChalkingWarFlyingWarWalkingWarDrivingSaveQuestion 29 (1 point)In the URL encoding scheme, the URL is converted into a valid ASCII format, so that data can be safely transported over HTTP. Which character is used in the URL encoding followed by the character’s two-digit ASCII code, which is expressed in hexadecimal?. Select oneQuestion 29 options:#&$%SaveQuestion 30 (1 point)Which of the following attack allows Android users to attain privileged control access with in Android’s subsystemQuestion 30 options:RootingJailbreakingSMiShingApp SandboxingSaveQuestion 31 (1 point)From the following, identify the attack in which an attacker exploit default configuration and settings of off-the-self libraries and code.Question 31 options:Operating System AttackMisconfiguration AttacksApplication-Level AttackShrink-Wrap Code AttacksSaveQuestion 32 (1 point)Using which port the attacker can compromise the entire network, and receive a copy of every packet that passes through a switchQuestion 32 options:SPAN PortTAP PortUDP portTCP portSaveQuestion 33 (1 point)Run the following ‘nbtstat’ command, in order to get the content of NetBIOS name cache, the tables of NetBIOS names and their resolved IP addresseQuestion 33 options:. nbstat .exe -enbstat .exe -tnbstat .exe -cnbstat .exe -iSaveQuestion 34 (1 point)Google supports several advanced operators that help in modifying the search. Which of the following Google advanced search operator displays the web pages stored in the Google cacheQuestion 34 options:[site:][link:][info:][cache:]SaveQuestion 35 (1 point)In which type of Social engineering technique does an attacker secretly observers the target to gain critical information such as passwords, credit card information, etc.Question 35 options:EavesdroppingShoulder surfing Dumpster divingImpersonation on social networking sitesSaveQuestion 36 (1 point)Jack, a skillful hacker targeted a major banking services firm located in Japan, using the LOIC (Low Orbit Ion Cannon) tool, Jack made the number of HTTP requests rise to a high level, which made the victim’s server with the number of requests and resulted in failure of server responding to the request and crashed. Which type of attack Jack performed in the above scenario?Question 36 options:Social engineering attackMITM attackPacket Injection attackDoS and DDoSSaveQuestion 37 (1 point)In Code Breaking Methodologies, which of the following method involves the use of social engineering techniques to extract cryptographic keysQuestion 37 options:Brute-ForceTrickery and DeceitFrequency AnalysisOne-Time PadSaveQuestion 38 (1 point)From the following identify the technique through which an attacker distributes malware on the web by sending a malware attached email and tricking the victim to click the attachment.Question 38 options:Social Engineered Click-jackingSpearphishing SitesSpam EmailsDrive-by DownloadsSaveQuestion 39 (1 point)From the following TCP Communication Flags identity the flag which Initiates a connection between different hosts.Question 39 options:SYNFINACK. PSHSaveQuestion 40 (1 point)Which of the following term is defined as the process of installing a modified set of kernel patches that allows running third-party applications not signed by the OS vendor?Question 40 options:TrackingHijackingBlackjackingJailbreakingSaveQuestion 41 (1 point)Attacker uses the ‘%00’ character prior to a string in order to bypass detection mechanism. Identify the type of evasion technique used by the attacker.Question 41 options:Case VariationURL EncodingNull ByteObfuscated CodesSaveQuestion 42 (1 point)Identify the type of vulnerability assessment used to determine the vulnerabilities in a workstation or server by performing configuration level check through the command line.Question 42 options:Active AssessmentNetwork AssessmentsHost-Based AssessmentApplication AssessmentSaveQuestion 43 (1 point)In the Permanent Denial-of-service, the attacker will uses the ‘Bricking a system’ method, in order to __________Question 43 options:Send fraudulent hardware updates to the victimsLaunch a massive denial of service attacks and compromise websitesExploit weaknesses in programming source codeSend malicious email attached to the victiSaveQuestion 44 (1 point)Which of the following cryptographic attack technique involves extraction of cryptographic secrets (e.g. the password to an encrypted file) from a person by coercion or tortureQuestion 44 options:Chosen-ciphertext AttackCiphertext-only AttackAdaptive Chosen-plaintext AttackRubber Hose AttackSaveQuestion 45 (1 point)In which of the following mobile platform vulnerabilities, unsolicited text/email mssages sent to mobile devices from known/ unknown phone numbers/email IDs.Question 45 options:Mobile PhishingSMS SpamSMS PhishingMobile SpamSaveQuestion 46 (1 point)Which type of rootkit is used to hide the information about the attacker by replacing original system calls with fake ones?Question 46 options:Application Level RootkitLibrary Level Rootkit Boot Loader Level RootkitHardware/Firmware RootkitSaveQuestion 47 (1 point)Cloud Pent Testing is not allowed for one of the following Cloud Computing type, as it might impact on the infrastructureQuestion 47 options:Platform-as-a-Service (PaaS)Software-as-a-Service (SaaS)Hybrid-as-a-Service(HaaS)Infrastructure-as-a-Service (IaaS)SaveQuestion 48 (1 point)Which of the following statement is true for Service Request Floods A. An attacker or group of zombies attempts to exhaust server resources by setting up and tearing down TCP connections B. It attacks the servers with a high rate of connections from a valid source C. It initiates a request for a single connectionQuestion 48 options:ONLY An attacker or group of zombies attempts to exhaust server resources by setting up and tearing down TCP is true connectionsBoth It attacks the servers with a high rate of connections from a valid source and It initiates a request for a single connection are trueBoth An attacker or group of zombies attempts to exhaust server resources by setting up and tearing down TCP connections and It attacks the servers with a high rate of connections from a valid source are trueOnly It initiates a request for a single connection is trueSaveQuestion 49 (1 point)Switch Port Stealing sniffing technique uses the following attack to sniff the packetsQuestion 49 options:MAC floodingARP SpoofingDHCP attacksDNS poisoningSaveQuestion 50 (1 point)Vulnerability management life cycle is an important process that helps in finding and remediating security weaknesses before they are exploited.identify the phase that involves the remediation.Question 50 options:Pre-Assessment PhaseVulnerability Assessment PhaseRisk Assessment PhasePost Assessment PhaseSave

What Students Are Saying About Us

.......... Customer ID: 12*** | Rating: ⭐⭐⭐⭐⭐
"Honestly, I was afraid to send my paper to you, but splendidwritings.com proved they are a trustworthy service. My essay was done in less than a day, and I received a brilliant piece. I didn’t even believe it was my essay at first 🙂 Great job, thank you!"

.......... Customer ID: 14***| Rating: ⭐⭐⭐⭐⭐
"The company has some nice prices and good content. I ordered a term paper here and got a very good one. I'll keep ordering from this website."

"Order a Custom Paper on Similar Assignment! No Plagiarism! Enjoy 20% Discount"