When choosing a biometric system for your company, you should take into account the factors of
system performance and whether they are suitable for you or not. What determines such a factor as the
throughput rate? - The data collection speeds, data processing speed, or enrolment time.
Victims of DoS attacks often are web servers of high-profile organizations such as banking, commerce,
media companies, or government and trade organizations. Which of the following symptom could
indicate a DoS or DDoS attack? - An inability to access any website
Which of the following is a common IDS evasion technique? - Unicode characters
Identify the type of partial breaks in which the attacker discovers a functionally equivalent algorithm for
encryption and decryption, but without learning the key? - Global deduction.
Identify the attack by the description:
It is the wireless version of the phishing scam. This is an attack-type for a rogue Wi-Fi access point that
appears to be a legitimate one offered on the premises but has been set up to eavesdrop on wireless
communications.
When performing this attack, an attacker fools wireless users into connecting a device to a tainted
hotspot by posing as a legitimate provider.
This type of attack may be used to steal the passwords of unsuspecting users by either snooping the
communication link or by phishing, which involves setting up a fraudulent website and luring people
there. - Evil Twin
Identify the type of DNS configuration in which first DNS server on the internal network and second DNS
in DMZ? - Split DNS
Gabriella uses Google search operators, which allow you to optimize and expand the capabilities of
regular search. What will be the result of this request?
site:eccouncil.org discount -ilearn - Results about all discounts from the site eccouncil.org except for the
ilearn format.
,Which of the following documents describes the specifics of the testing, the associated violations and
essentially protects both the organization's interest and third-party penetration tester? - Rules of
Engagement
Lisandro is engaged in sending spam. To avoid blocking, he connects to incorrectly configured SMTP
servers that allow e-mail relay without authentication (which allows Lisandro to fake information about
the sender's identity). What is the name of such an SMTP server? - Open mail relay.
Which of the following is an attack where used precomputed tables of hashed passwords? - Rainbow
Table Attack
An attacker gained access to a Linux host and stolen the password file from /etc/passwd. Which of the
following scenarios best describes what an attacker can do with this file? - Nothing because the
password file does not contain the passwords themselves.
The evil hacker Ivan wants to attack the popular air ticket sales service. After careful study, he
discovered that the web application is vulnerable to introduced malicious JavaScript code through the
application form. This code does not cause any harm to the server itself, but when executed on the
client's computer, it can steal his personal data. What kind of attack is Ivan preparing to use? - XSS
One of the most popular tools in the pentester's arsenal - John the Ripper is designed for... - Test
password strength, brute-force encrypted or hashed passwords, and crack passwords via dictionary
attacks.
Which of the following nmap options can be used for very fast scanning? - -T5
Having a sufficient database of passwords, you can use statistical analysis of the list of words, you can
create a very effective way to crack passwords for such tools as, for example, John The Ripper. Which of
the attacks uses such an analysis to calculate the probability of placing characters in a quasi-brute
attack? - Markov Chain
Black-hat hacker Ivan created a fraudulent website to steal users' credentials. What of the proposed
tasks does he need to perform so that users are redirected to a fake one when entering the domain
name of a real site? - DNS spoofing
, Programming languages commonly associated with buffer overflows include __________, which provide
no built-in protection against accessing or overwriting data in any part of memory and do not
automatically check that data written to an array is within the boundaries of that array. - C
Jack needs to analyze the files produced by several packet-capture programs such as Wireshark,
tcpdump, EtherPeek and WinDump. Which of the following tools will Jack use? - tcptrace
Which of the following Linux-based tools will help you change any user's password or activate disabled
accounts if you have physical access to a Windows 2008 R2 and an Ubuntu 9.10 Linux LiveCD? - CHNTPW
Which of the following is an access control mechanism that allows multiple systems to use a CAS that
permits users to authenticate once and gain access to multiple systems? - Single sign-on
Identify the way to achieve chip-level security of an IoT device? - Encrypting the JTAG interface
The flexible SNMP architecture allows you to monitor and manage all network devices from a single
console. The data exchange is based on the Protocol Data Unit (PDU). There are 7 PDUs in the latest
version of the SNMP protocol. Which of them sends a notification about the past event immediately,
without waiting for the manager's request, and does not need confirmation of receipt? - Trap
You want to surf safely and anonymously on the Internet. Which of the following options will be best for
you? - Use Tor network with multi-node.
Enumeration is a process which establishes an active connection to the target hosts to discover potential
attack vectors in the system, and the same can be used for further exploitation of the system. What type
of enumeration is used to get shared resources on individual hosts on the network and a list of
computers belonging to the domain? - Netbios enumeration
Which of the following services run on TCP port 123 by default? - NTP
What is the first and most important phase that is the starting point for penetration testing in the work
of an ethical hacker? - Reconnaissance
The benefits of buying summaries with Stuvia:
Guaranteed quality through customer reviews
Stuvia customers have reviewed more than 700,000 summaries. This how you know that you are buying the best documents.
Quick and easy check-out
You can quickly pay through credit card or Stuvia-credit for the summaries. There is no membership needed.
Focus on what matters
Your fellow students write the study notes themselves, which is why the documents are always reliable and up-to-date. This ensures you quickly get to the core!
Frequently asked questions
What do I get when I buy this document?
You get a PDF, available immediately after your purchase. The purchased document is accessible anytime, anywhere and indefinitely through your profile.
Satisfaction guarantee: how does it work?
Our satisfaction guarantee ensures that you always find a study document that suits you well. You fill out a form, and our customer service team takes care of the rest.
Who am I buying these notes from?
Stuvia is a marketplace, so you are not buying this document from us, but from seller oneclass. Stuvia facilitates payment to the seller.
Will I be stuck with a subscription?
No, you only buy these notes for $13.48. You're not tied to anything after your purchase.