an nmap scan of a firewalled subnet. Which of the following is not an nmap firewall evasion technique he could use?Fragmenting packetsChanging packet header flagsSpoofing the source IPAppending random data99 Which of the following commands will provide Ben with the most information about a host?dig -x [ip address]host [ip address]nslookup [ip address]zonet [ip address]
100 Fred's reconnaissance of an organization includes a search of the Censys network search engine. There, he discovers multiple certificates with validity dates as shown here:Validity2018-07-07 00:00:00 to 2019-08-11 23:59:59 (400 days, 23:59:59)2017-07-08 00:00:00 to 2019-08-12 23:59:59 (400 days, 23:59:59)2018-07-11 00:00:00 to 2019-08-15 23:59:59 (400 days, 23:59:59)What should Fred record in his reconnaissance notes?The certificates expired as expected, showing proper business practice.The certificates were expired by the CA, possibly due to nonpayment.The system that hosts the certificates may have been compromised.The CA may have been compromised, leading to certificate expiration.
101 When Casey scanned a network host, she received the results shown here. What does she know based on the scan results?The device is a Cisco device.The device is running CentO.The device was built by IBM.None of the above.
102 Fred conducts an SNMP sweep of a target organization and receives no-response replies from multiple addresses that he believes belong to active hosts. What does this mean?The machines are unreachable.The machines are not running SNMP servers.The community string he used is invalid.Any or all of the above may be true.
103 Angela wants to gather detailed information about the hosts on a network passively. If she has access to a Wireshark PCAP file from the network, which of the following tools can she use to provide automated analysis of the file?EttercapNetworkMinerSharkbaitDradis
104 While performing reconnaissance of an organization's network, Angela discovers that web.organization.com, www.organization.com, and documents.organization.com all point to the same host. What type of DNS record allows this?A CNAMEAn MX recordAn SPF recordAn SOA record
105 Aidan operates the point-of-sale network for a company that accepts credit cards and is thus required to be compliant with PCI DSS. During his regular assessment of the point-of-sale terminals, he discovers that a recent Windows operating system vulnerability exists on all of them. Since they are all embedded systems that require a manufacturer update, he knows that he cannot install the available patch. What is Aidan's best option to stay compliant with PCI DSS and protect his vulnerable systems?Replace the Windows embedded point-of-sale terminals with standard Windows systems.Build a custom operating system image that includes the patch.Identify, implement, and document compensating controls.Remove the POS terminals from the network until the vendor releases a patch.
106 What occurs when Mia uses the following command to perform an nmap scan of a network?nmap -sP 192.168.2.0/24A secure port scan of all hosts in the 192.168.0.0 to 192.168.2.255 network rangeA scan of all hosts that respond to ping in the 192.168.0.0 to 192.168.255.255 network rangeA scan of all hosts that respond to ping in the 192.168.2.0 to 192.168.2.255 network rangeA SYN-based port scan of all hosts in the 192.168.2.0 to 192.168.2.255 network range
107 Amir's remote scans of a target organization's class C network block using nmap ( nmap -sS 10.0.10.1/24) show only a single web server. If Amir needs to gather additional reconnaissance information about the organization's network, which of the following scanning techniques is most likely to provide additional detail?Use a UDP scan.Perform a scan from on-site.Scan using the -p 1-65535 flag.Use nmap's IPS evasion techniques.
108 Damian wants to limit the ability of attackers to conduct passive fingerprinting exercises on his network. Which of the following practices will help to mitigate this risk?Implement an IPS.Implement a firewall.Disable promiscuous mode for NICs.Enable promiscuous mode for NICs.
109 Wang submits a suspected malware file to malwr.com and receives the following information about its behavior. What type of tool is malwr.com?A reverse-engineering toolA static analysis sandbox A dynamic analysis sandboxA decompiler sandbox
110 As part of his active reconnaissance activities, Frank is provided with a shell account accessible via SSH. If Frank wants to run a default nmap scan on the network behind the firewall shown here, how can he accomplish this?ssh -t 192.168.34.11 nmap 192.168.34.0/24ssh -R 8080:192.168.34.11:8080 [remote account:remote password]ssh -proxy 192.168.11 [remote account:remote password]Frank cannot scan multiple ports with a single ssh command.
111 Angela captured the following packets during a reconnaissance effort run by her organization's red team. What type of information are they looking for?Vulnerable web applicationsSQL injectionDirectory traversal attacksPasswords
112 Which sources are most commonly used to gather information about technologies a target organization uses during intelligence gathering?OSINT searches of support forums and social engineeringPort scanning and social engineering Social media review and document metadataSocial engineering and document metadata
113 Sarah has been asked to assess the technical impact of suspected reconnaissance performed against her organization. She is informed that a reliable source has discovered that a third party has been performing reconnaissance by querying WHOIS data. How should Sarah categorize the technical impact of this type of reconnaissance?HighMediumLowShe cannot determine this from the information given.
114 Rick is reviewing flows of a system on his network and discovers the following flow logs. What is the system doing?ICMP "Echo request" Date flow start Duration Proto Src IP Addr:Port->Dst IP Addr:Port Packets Bytes Flows 2019-07-11 04:58:59.518 10.000 ICMP 10.1.1.1:0->10.2.2.6:8.0 11 924 1 2019-07-11 04:58:59.518 10.000 ICMP 10.2.2.6:0->10.1.1.1:0.0 11 924 1 2019-07-11 04:58:59.518 10.000 ICMP 10.1.1.1:0->10.2.2.7:8.0 11 924 1 2019-07-11 04:58:59.518 10.000 ICMP 10.2.2.7:0->10.1.1.1:0.0 11 924 1 2019-07-11 04:58:59.518 10.000 ICMP 10.1.1.1:0->10.2.2.8:8.0 11 924 1 2019-07-11 04:58:59.518 10.000 ICMP 10.2.2.8:0->10.1.1.1:0.0 11 924 1 2019-07-11 04:58:59.518 10.000 ICMP 10.1.1.1:0->10.2.2.9:8.0 11 924 1 2019-07-11 04:58:59.518 10.000 ICMP 10.2.2.9:0->10.1.1.1:0.0 11 924 1 2019-07-11 04:58:59.518 10.000 ICMP 10.1.1.1:0->10.2.2.10:8.0 11 924 1 2019-07-11 04:58:59.518 10.000 ICMP 10.2.2.10:0->10.1.1.1:0.0 11 924 1 2019-07-11 04:58:59.518 10.000 ICMP 10.1.1.1:0->10.2.2.6:11.0 11 924 1 2019-07-11 04:58:59.518 10.000 ICMP 10.2.2.11:0->10.1.1.1:0.0 11 924 1A port scanA failed three-way handshake A ping sweepA traceroute
115 Ryan's passive reconnaissance efforts resulted in the following packet capture. Which of the following statements cannot be verified based on the packet capture shown for the host with IP address 10.0.2.4?The host does not have a DNS entry.It is running a service on port 139.It is running a service on port 445.It is a Windows system.
116 Stacey encountered a system that shows as “filtered” and “firewalled” during an nmap scan. Which of the following techniques should she not consider as she is planning her next scan?Packet fragmentationSpoofing the source addressUsing decoy scansSpoofing the destination address
117 Kim is preparing to deploy a new vulnerability scanner and wants to ensure that she can get the most accurate view of configuration issues on laptops belonging to traveling salespeople. Which technology will work best in this situation?Agent-based scanningServer-based scanningPassive network monitoringNoncredentialed scanning
118 Carla runs a vulnerability scan of a new appliance that engineers are planning to place on her organization's network and finds the results shown here. Of the actions listed, which would correct the highest criticality vulnerability?Block the use of TLS v1.0.Replace the expired SSL certificate.Remove the load balancer.Correct the information leakage vulnerability.
119 In what type of attack does the
