Ethical Hacking Essentials Exam Prep With Complete Solution

Ethic al Hacking Es senti als Ex am Prep With Comple te Solution The assurance that the systems responsible for delivering, storing, and processing information are accessible when required by authorized users is referred to by which of the following elements of information security? A. non-repudiation B. integrity C. confidentiality D. availability - Answer D. availability Identify the element of information security that refers to the quality of be ing genuine or uncorrupted as a characteristic of any communication, documents, or any data. A. integrity B. authenticity C. availability D. confidentiality - Answer B. authenticity Mark, a professional hacker, targets his opponent's website. He finds susceptible user inputs, injects malicious SQL code into the database, and tampers with critical information. Which of the following types of attack did Mark perform in the above scena rio? A. close-in attack B. passive attack C. insider attack D. active attack - Answer D. active attack Ruby, a hacker, visited her target company disguised as an aspiring candidate seeking a job. She noticed that certain sensitive documents were thrown in the trash near an employee's desk. She collected these documents, which included critical information that helped her to perform further attacks. Identify the type of attack performed by Ruby in the above scenario. A. close-in attack B. passive attack C. insider attack D. active attack - Answer A. close-in attack James, a malware programmer, intruded into a manufacturing plant that produces computer peripheral devices. James tampered with the software inside devices ready to be delivered to clients. The tampered program creates a backdoor that allows unauthorized access to the systems. Identify the type of attack performed by James in the above scenario to ga in unauthorized access to the delivered systems. A. directory traversal attack B. distribution attack C. phishing attack D. replay attack - Answer B. distribution attack Williams, an employee, was using his personal laptop within the organization's premises. He connected his laptop to the organization's internal network and began eavesdropping on the communication between other devices connected to the interna l network. He sniffed critical information such as login credentials and other confidential data passing through the network. Identify the type of attack performed by Williams in the above scenario . A. phishing attack B. SQL injection attack C. insider attack D. replay attack - Answer C. insider attack Jack is working as a malware analyst in an organization. He was assigned to inspect an attack performed against the organization. Jack determined that the attacker h ad restricted access to the main computer's files and folders and was demanding an onlin e payment to remove these restrictions. Which of the following type of attack has Jack identified in the above scena rio? A. phishing B. sniffing C. ransomware D. botnet - Answer C. ransomware Identify the type of attack vector that focuses on stealing information from the victim machine without its user being aware and tries to deliver a payload affecting compu ter performance. A. ATP attack B. botnet C. insider attack D. phishing - Answer A. ATP attack Andrew, a professional hacker, drafts an email that appears to be legitimate and attaches malicious links to lure victims; he then distributes it through communication channels or mails to obtain private information like account numbers. Identify the type of attack vector employed by Andrew in the above scenario. A. botnet B. phishing C. ransomware D. insider attack - Answer B. phishing Identify the insider attack wherein the miscreant can easily bypass security rules by using privileged access and cause a threat to the organization's information systems. A. SQL injection B. directory traversal attack C. pod slurping D. XSS attack - Answer C. pod slurping Which of the following acts defines legal prohibitions against circumvention of the technological protection measures employed by copyright owners to protect their works and against the removal or alteration of copyright management informa tion? A. HIPAA B. DMCA C. DPA D. PCI/DSS - Answer B. DMCA An organization located in Europe maintains a large amount of user data by follow ing all the security-related laws. It also follows GDPR protection principles, one of which states that the organization should only collect and process data necessary for the specified task. Which of the following GDPR protection principle is discussed in the above scenario? A. accuracy B. purpose limitation C. lawfulness, fairness, and transparency D. data minimization - Answer D. data minimization Which of the following titles in The Digital Millennium Copyright Act (DMCA) allows the owner of a copy of a program to make reproductions or adaptations when these are necessary to use the program in conjunction with a system? A. title II: online copyright infringement liability limitation B. title I: WIPO treaty implementation C. title V: protection of certain original designs D. title III: computer maintenance or repair - Answer D. title III: computer mainten ance and repar Which of the following titles of the Sarbanes Oxley Act (SOX) mandates that only se nior executives should take individual responsibility for the accuracy and completeness of corporate financial reports? A. title VIII: corporate and criminal fraud accountability B. title V: analyst conflicts of interest C. title III: corporate responsibility D. title X: corporate tax returns - Answer C. title III: corporate responsibility Which of the following countries has implemented the cyber law "Regulation of Investigatory Powers Act 2000"? A. Germany B. India C. Australia D. United Kingdom - Answer D. United Kingdom Adele, a professional hacker, initiated an attack on an organization. During the co urse of this attack, he established a two-way communication channel between the ta rget system and his server to communicate and pass data back and forth. Additionally, he employed encryption to hide the communication channe l. Which of the following phases of cyber kill chain methodology was Adele perf orming in the above scenario? A. command and control B. weaponization C. delivery D. exploitation - Answer A. command and control Don, a professional hacker, initiated an attack on a target organization. During the course of this attack, he employed automated tools to collect maximum weak points, vulnerabilities, and other sensitive information across the target network. Which of the following phases of cyber kill chain methodology is Don currently execu ting in the above scenario? A. delivery B. exploitation