Ethical Hacking Essentials Exam Prep with Verified Solutions

Ethical Hacking Essentials Exam Prep with Verified Solutions 1. D. availability 2. B. authenticity 3. D. active attack The assurance that the systems responsible for deliver - ing, storing, and processing information are accessible when required by authorized users is referred to by which of the following elements of information security? A. non-repudiation B. integrity C. confidentiality D. availability Identify the element of information security that refers to the quality of being genuine or uncorrupted as a charac - teristic of any communication, documents, or any data. A. integrity B. authenticity C. availability D. confidentiality Mark, a professional hacker, targets his opponent's web- site. He finds susceptible user inputs, injects malicious SQL code into the database, and tampers with critical information. Which of the following types of attack did Mark perform in the above scenario? A. close -in attack B. passive attack C. insider attack D. active attack 4. A. close -in attack Ruby, a hacker, visited her target company disguised as an aspiring candidate seeking a job. She noticed that cer- tain sensitive documents were thrown in the trash near an employee's desk. She collected these documents, which included critical information that helped her to perform further attacks. 5. B. distribution at- tack 6. C. insider attack Identify the type of attack performed by Ruby in the above scenario. A. close -in attack B. passive attack C. insider attack D. active attack James, a malware programmer, intruded into a manufac - turing plant that produces computer peripheral devices. James tampered with the software inside devices ready to be delivered to clients. The tampered program creates a backdoor that allows unauthorized access to the systems. Identify the type of attack performed by James in the above scenario to gain unauthorized access to the deliv- ered systems. A. directory traversal attack B. distribution attack C. phishing attack D. replay attack Williams, an employee, was using his personal laptop within the organization's premises. He connected his laptop to the organization's internal network and began eavesdropping on the communication between other de- vices connected to the internal network. He sniffed critical information such as login credentials and other confiden - tial data passing through the network. Identify the type of attack performed by Williams in the above scenario. A. phishing attack B. SQL injection attack C. insider attack D. replay attack 7. C. ransomware 8. A. ATP attack 9. B. phishing Jack is working as a malware analyst in an organization. He was assigned to inspect an attack performed against the organization. Jack determined that the attacker had restricted access to the main computer's files and folders and was demanding an online payment to remove these restrictions. Which of the following type of attack has Jack identified in the above scenario? A. phishing B. sniffing C. ransomware D. botnet Identify the type of attack vector that focuses on stealing information from the victim machine without its user being aware and tries to deliver a payload affecting computer performance. A. ATP attack B. botnet C. insider attack D. phishing Andrew, a professional hacker, drafts an email that ap - pears to be legitimate and attaches malicious links to lure victims; he then distributes it through communication channels or mails to obtain private information like ac - count numbers. Identify the type of attack vector employed by Andrew in the above scenario. A. botnet B. phishing C. ransomware D. insider attack 10. 11. 12. 13. C. pod slurping B. DMCA D. data minimiza - tion D. title III: com - puter mainte - nance and repar Identify the insider attack wherein the miscreant can eas- ily bypass security rules by using privileged access and cause a threat to the organization's information systems. A. SQL injection B. directory traversal attack C. pod slurping D. XSS attack Which of the following acts defines legal prohibitions against circumvention of the technological protection measures employed by copyright owners to protect their works and against the removal or alteration of copyright management information? A. HIPAA B. DMCA C. DPA D. PCI/DSS An organization located in Europe maintains a large amount of user data by following all the security -related laws. It also follows GDPR protection principles, one of which states that the organization should only collect and process data necessary for the specified task. Which of the following GDPR protection principle is dis- cussed in the above scenario? A. accuracy B. purpose limitation C. lawfulness, fairness, and transparency D. data minimization Which of the following titles in The Digital Millennium Copyright Act (DMCA) allows the owner of a copy of a program to make reproductions or adaptations when these are necessary to use the program in conjunction with a system?