Cisco Skills For All.pdf

Full Transcript

Question 1 Which are two best practices used to secure APIs? (Choose two.) _ reputable and standard libraries to create the APIs _ou xuse make _ouinternal API documentation mandatory xsecure API services to provide HTTP endpoints only xkeep k_bo _ouAPI implementation and API security into one tier allowing the API developer to work on both facets simultaneously discussing company API development (or any other application development) on public forums x ou 2 Question Which type of threat actors use cybercrime attacks to promote what they believe in? _ hacktivists _ tton organized crime _ tton state-sponsored _ tton threats insider tton 3 Question A company conducted a penetration test 6 months ago. However, they have acquired new firewalls and servers to strengthen the network and increase capacity. Why would an administrator request a new penetration test? _ New _ cloud-based applications have been implemented. tton The _ servers require independent performance evaluation. tton The _ attack surface has changed with the new equipment added. tton The core data has been moved to the cloud infrastructure. tton 4 Question A network administrator performs a penetration test for a company that sells computer parts through an online storefront. The first step is to discover who owns the domain name that the company is using. Which penetration testing tool can be used to do this? _ Maltego _ tton Exif _ tton WHOIS _ tton h8mail tton 5 Question A penetration tester wants to quickly discover all the live hosts on the 192.168.0.0/24 network. Which command can do the ping sweep using the nmap tool? _ nmap _ 192.168.1.0/24 -open tton nmap _ -p 1-65535 localhost tton nmap _ -sP 192.168.0.0/24 tton nmap _ -sn 192.168.0.0/24 tton nmap -sV 192.168.0.255 tton 6 Question A penetration tester runs the command nmap -sF -p 80 192.168.1.1 against a Windows host and receives a response RST packet. What conclusion can be drawn on the status of port 80? _ port _ 80 is open tton undetermined as this is a default response on a Windows system _ tton port 80 is closed _ tton80 is open/filtered port tton 7 Question Which common tool is used by penetration testers to craft packets? _ Recon-ng _ tton h8mail _ tton pip3 _ tton nmap _ tton scapy tton 8 Question Why should a tester use query throttling techniques when running an authorized penetration test on a live network? _ to_create a larger attack surface on the target tton to _reduce the number of attack threads that are being sent to the target at the same time tton to _limit bandwidth on real-time antivirus and malware scanners tton to limit bandwidth on resource heavy applications tton Question 9 Why would an organization hire a red team? _ to_install equipment to protect against physical intrusion tton to _play the role of a threat actor by exposing vulnerabilities regarding technology tton to _evaluate the work of the security team of the organization tton to defend the organization against cybersecurity threats tton Question 10 Match the healthcare sector term to the respective description. Categories: Healthcare provider A Business associates B Healthcare clearinghouse C Health plan D Options: a person or organization that performs certain functions involving the use of PHI on behalf of, or provides services to, a covered entity a person or an organization that provides patient or medical services a government program that pays for healthcare an entity that processes nonstandard health information it receives from another entity into a standard format Question 11 Which _ two elements are typically on the front of a credit card? (Choose two.) primary _ou account number xembedded _ou microchip xdate of birth _ou xmagnetic stripe _ xcardou security code x ou Question 12 What can be used to document the testing timeline in a rules of engagement document? _ Recon-ng _ tton OWASP ZAP _ tton Burp Suite _ ttoncharts and work breakdown structures Gantt tton 13 Question A cybersecurity firm has been hired by an organization to perform penetration tests. The tests require a secure method of transferring data over a network. Which two protocols could be used to accomplish this task? (Choose two.) _ _ou xSCP SFTP _ou xS/MIME _ou xHTTPS _ou xPGP x ou 14 Question Match penetration testing methodology and standard with the respective description. Categories: OWASP WSTG A OSSTMM B MITRE ATT&CK C NIST D Options: this is a peer-reviewed security testing methodology maintained by the Institute for Security and Open Methodologies (ISECOM). It is an open security research community providing original resources, tools, and certifications in the security field. It uses a document that lays out repeatable and consistent security testing. this is a compilation of high-level phases of web application security testing and digs deeper into the testing methods used. This is primarily used by penetration testers from the web application security testing perspective. this is a resource for learning about the tactics of an adversary, techniques, and procedures (TTPs). This framework is a collection of different matrices of tactics, techniques, and sub-techniques used by penetration testers for both offensive and defensive purposes. this is a document created to provide organizations with guidelines on planning and conducting information security testing. It is considered an industry standard for penetration testing guidance and is called out in many other industry standards and documents. Question 15 Which three practices are commonly adopted when setting up a penetration testing lab environment? (Choose three.) _ use a honeypot for all tests run from the physical attack platforms _ou xuse a closed environment for all testing purposes _ xcreate ou _outhe penetration testing environment using virtual machines and virtual switches xensure _ou that when something crashes, it can be determined how and why it happened xuse an open environment to allow for free passage of attack packets to the target machines xcreate outhe penetration testing environment using physical equipment and switches in order to route the packets freely k_bo Question 16 An organization wants to test its vulnerability to an employee with network privileges accessing the network maliciously. Which type of penetration test should be used to test this vulnerability? _ white-box _ black-box _ tton blue-box _ tton gray-box tton 17 Question Refer to the exhibit. A penetration is being prepared to run the EternalBlue exploit using Metasploit against a target with an IP address of 10.0.0.1/8 from the source PC with an IP address of 10.0.0.111/8. What two commands must be entered before the exploit command can be run? (Choose two.) _ LHOST 10.0.0.1 _ou xset set LHOST 10.0.0.111 _ xset_ou TARGET 10.0.0.1 xset_ou TARGET 10.0.0.111 xset_ou RHOST 10.0.0.111 xset ou RHOST 10.0.0.1 x ou Question 18 A penetration tester runs the Nmap NSE script nmap --script smtp-open-relay.nse 10.0.0.1 command on a Kali Linux PC. What is the purpose of running this script? _ to_compromise any open relays on the target server tton to _check open relay configurations on the target server tton to _compromise any snmp community strings on the target PC tton to check whether the smtp authentication is compromised on the target server tton 19 Question Refer to the exhibit. What is the penetration tester trying to achieve by running this exploit? _ to_launch 220 packets of fragmented data to the FTP port on the target system tton to _check if the target system will allow FTP anonymous login tton to _enumerate FTP login on the target system tton to compromise the target system for a remote session tton 20 Question A penetration tester deploys a rogue AP in the target wireless infrastructure. What is the first step that has to be taken to force wireless clients to connect to the rogue AP? _ send _ de-authentication frames to the clients tton spoof _ the MAC address of the rogue AP tton set _ the PSK key to match the clients tton send ttonout21false DNS beacons Question A cybersecurity student is learning about the Social-Engineer Toolkit (SET), and the student has discovered that this tool can be used to launch various social engineering attacks. Which two social engineering attacks can be launched using SET? _ Google _ou phishing xInfectious _ou media generator xCreate _ou a payload and listener xFake _ouflash update xSimple hijacker x ou 22 Question A threat actor spoofed the phone number of the director of HR and called the IT help desk with a login problem. The threat actor claims to be the director and wants the help desk to change the password. What method of influence is this cybercriminal using? _ social _ proof tton fear _ tton scarcity _ tton authority tton 23 Question Which statement correctly describes a type of physical social engineering attack? o_bu Dumpster phishing refers to a threat actor who scavenges for victims' private information in garbage and recycling containers. tton o_bu Tailgating and piggybacking attacks can only be defeated through the use of control vestibules in conjunction with multifactor authentication. _ tton Shoulder surfing attacks are performed only by a short distance between the threat actor and the victim. _ tton engineering techniques, software, and hardware can perform badge cloning attacks. Social tton 24 Question What is a characteristic of a pharming attack? _ a_ social engineering attack carried out in a phone conversation atton _threat actor redirects a victim from a valid website to a malicious legitimate looking site atton type of attack where the threat actor obtains confidential data of the victim using binoculars or even a telescope o_bu atton type of attack in which a social engineer impersonates another person to have physical access to systems in an organization Question 25 What kind of social engineering attack can be prevented by developing policies such as updating anti-malware applications regularly and using secure virtual browsers with little connectivity to the rest of the system and the rest of the network? _ SMS _ phishing tton watering hole _ tton tailgating _ tton vishing tton 26 Question An attacker enters the string ‘John’ or ‘1=1’ on a web form that is connected to a back-end SQL server causing the server to display all records in the database table. Which type of SQL injection attack was used in this scenario? _ out-of-band SQL injection _ tton error-based SQL injection _ inferential SQL injection _ tton boolean SQL injection tton 27 Question What are two examples of immutable queries that should be used as mitigation for SQL injection vulnerabilities? (Choose two.) _ stacked _ou queries xstatic _ouqueries xparameterized queries _ou xin-band queries _ou xtime-delay queries x ou 28 Question An attacker enters the string 192.168.78.6;cat /etc/httpd/httpd.conf on a web application hosted on a Linux server. Which type of attack occurred? _ command injection _ tton session hijacking _ tton SQL _ injection tton redirect tton 29attack Question Which two misconfigured cloud authentication methods could leverage a cloud asset? (Choose two.) _ _ou and access management (IAM) implementations xidentity biometric _ou authentication xlocal _ouauthentication xfederated _ou authentication xIntelligent x ou 30 Platform Management Interface (IPMI) Question Match the cloud attack to the description. Categories: Privilege Escalation A Credential Harvesting B Account Takeover C Options: act of gathering and stealing valid usernames, passwords, tokens, PINs, and any other types of credentials through infrastructure breaches act of exploiting a bug or design flaw in a software or firmware application to gain access to resources that normally would have been protected from an application or a user when a threat actor gains access to a user or application account and uses it to then gain access to more accounts and information Question 31 What is the purpose of using the smtp-user-enum -M VRFY -u snp -t 10.0.0.1 command in Kali Linux? _ to_verify if a certain user exists on the SMTP server 10.0.0.1 tton to _compromise SMTP open relay server 10.0.0.1 tton to _initiate an SMTP conversation with an email server 10.0.0.1 tton to start a Transport Layer Security (TLS) connection to an email server 10.0.0.1 tton 32 Question Match the mobile device security testing tool to the description. Categories: Needle A Burp Suite B ApkX C Drozer D Options: this tool enables you to decompile Android application package files. this open-source framework is used to test the security of iOS applications. this can test mobile applications and determine how they communicate with web services and APIs. this Android testing platform and framework provides access to numerous exploits that can be used to attack Android platforms. Question 33 Match the mobile device attack to the description. Categories: Spamming A Reverse engineering B Sandbox analysis C Options: this is the process of analyzing a mobile app to extract information about the source code to understand the underlying architecture of a mobile application and potentially manipulate the mobile device. this presents users with links to redirect them to malicious sites to steal sensitive information or install malware. this can enable a threat actor to bypass the access control mechanisms implemented by Android, Apple iOS, and mobile app developers. Question 34 Which _ two Bluetooth Low Energy (BLE) statements are true? (Choose two.) BLE pairing is done by mobile apps. xAll_ ou BLE-enabled devices implement cryptographic functions. _ou xThreat actors can listen to BLE advertisements and leverage misconfigurations. _ xBLE advertisement can be intercepted using specialized antennas and equipment. _ou xBLE ouinvolves a five-phase process to establish a connection. x ou Question 35 Match the insecure code practice to the description. Categories: Unprotected APIs A Comments in source code B Hard-coded credentials C Lack of error handling and overly verbose error handling D Options: developers include information in source code that could provide too much information and might be leveraged by an attacker. many APIs lack adequate controls and are difficult to monitor. The breadth and complexity of APIs also make it difficult to automate effective security testing. a catastrophic flaw that an attacker can leverage to completely compromise an application or the underlying system. a type of weakness and security malpractice that can provide information to help an attacker perform additional attacks on the targeted system. Question 36 Which C2 utility can be used to create multiple reverse shells? _ TrevorC2 _ tton WMImplant _ tton Wsc2 _ tton Socat tton 37 Question Refer to the exhibit. The attacking system has a listener (port open), and the victim initiates a connection back to the attacking system. Which two resources can create this type of malicious activity? (Choose two.) _ BloodHound _ou xEmpire _ou xSysinternals _ou xSteghide _ou xNetcat x ou 38 Question Match the PowerSploit module/script to the respective description. Categories: Get-VaultCredential A PowerUp B PowerView C Set-CriticalProcess D Invoke-Portscan E Options: displays Windows vault credential objects, including plaintext web credentials performs network and Windows domain enumeration and exploitation does a simple TCP port scan using regular sockets, based rather loosely on Nmap acts as clearinghouse of common privilege escalation checks, along with some weaponization vectors causes the machine to blue screen upon exiting PowerShell Question 39 Which two tools can create a remote connection with a compromised system? (Choose two.) _ _ou xMetasploit Nmap _ou xMimikatz _ou xSysinternals _ou xBloodHound x ou 40 Question Which two options are PowerSploit modules/scripts? (Choose two.) _ Get-HotFix _ou xGet-Process _ou xGet-ChildItem _ou xGet-Keystrokes _ou xGet-SecurityPackages x ou 41 Question Why is it important to use Common Vulnerability Scoring System (CVSS) to reference the ratings of vulnerabilities identified when preparing the final penetration testing report? _ It_is an international standard for listing publicly known vulnerabilities. Ittton is authorized by governments around the world. _ It_is easy to use. Ittton has been adopted by many tools, vendors, and organizations. tton 42 Question A company hires a professional to perform penetration testing. The tester has identified and verified that one web application is vulnerable to SQL injection and cross-site scripting attacks. Which technical control measure should the tester recommend to the company? _ role-based access control (RBAC) _ tton user input sanitization _ tton multifactor authentication _ tton process-level remediation tton 43 Question The IT security department of a company has developed an access policy for the datacenter. The policy specifies that the datacenter is locked between 5:30 pm through 7:45 am daily except for emergency access approved by the IT manager. What is the operational control implemented? _ job _ rotation tton user _ training tton time-of-day restrictions _ tton mandatory vacations tton 44 Question A security audit for a company recommends that the company implement multifactor authentication for the datacenter access. Which solution would achieve the goal? _ access _ control vestibule tton minimum password requirements _ tton video surveillance _ tton controls biometric tton 45 Question What are three examples of the items a penetration tester must clean from systems as part of the post-engagement cleanup process? (Choose three.) _ tester-created credentials _ou xshells _ xgiven passwords _ou xsystem ou patches _ xnetwork diagrams _ou xtools ou x ou 46 Question Refer to the exhibit. Which Python data structure is used? _ dictionary _ tton tree _ tton list _ tton array Question 47 Which _ statement describes the concept of Bash shell in operating systems? Bash _ shell is a command shell that supports interactive command execution only. tton Bash _ shell is a GUI that can be used in operating systems. tton Bash _ shell is a command shell and language interpreter for an operating system. tton Bash shell is a Linux GUI. tton Question 48 Which three tools can be used to perform passive reconnaissance? (Choose three.) _ _ou xDig Nslookup _ou xHost _ou xNmap _ou xZenmap _ou xEnum4linux x ou 49 Question An attacker uses John the Ripper to crack a password file. The attacker issued the ~$ john --list=formats command in Kali Linux. Which information is the attacker trying to find? _ the _ ciphertext formats supported by the current version tton the _ command line format to crack a password file tton the _ output format supported by the current version tton the password file format tton 50 Question What are two exploitation frameworks? (Choose two.) _ BeEF _ou xProxychains _ou xTor _ou xMetasploit _ou xEncryption x ou