SEC504: Hacker Tools, Techniques, Exploits, and Incident Handling Sample Questions
You gain the abilities to carry out incident response investigations thanks to SEC 504. You will learn how to create threat intelligence to construct efficient defense tactics for cloud and on-premises systems, as well as how to apply a dynamic incident response approach to developing cyberthreats. We’ll look at the most recent dangers to businesses, such as cloud application service MFA bypass and watering hole attacks, so you can understand the attackers’ perspective and foresee their actions. You may learn the details you need to comprehend how attackers search, exploit, reposition, and build persistence in traditional and cloud-based systems in SEC504. Half of class time is spent on hands-on activities that use visual association tools to simplify complicated subjects in order to aid in your development of retention and long-term memory of the course material. The SEC504: Hacker Tools, Techniques, Exploits, and Incident Handling Sample Questions covers the following topics:
- Describe Incident Response and Computer Crime Investigations
- Describe Recon, Scanning, and Enumeration Attacks
- Describe Password and Access Attacks
- Describe Public-Facing and Drive-By Attacks
- Evasion and Post-Exploitation Attacks
- Describe Capture the Flag Event
Q1)Any of the subsequent for a business, which incident handling process phases are in charge of defining the rules, engaging with the human workforce, developing a backup plan, and testing the plans?
- A. Preparation phase
- B. Eradication phase
- C. Identification phase
- D. Recovery phase
- E. Containment phase
Correct Answer: A
Q2)Which of the following claims regarding netcat is true? A full solution is represented by each accurate response. Decide which options apply.
- A. It offers specialized tunneling with the option to specify all network characteristics, such as UDP to TCP.
- B. It can be used as a tool for file transfers.
- C. It offers TCP and UDP ports connections both inbound and outgoing.
- D. A program’s stdin/stdout can be redirected using the nc -z command.
Correct Answer: A,B and C
Q3)Which of the following justifies putting security logging into place on a DNS server?
- A. For preventing malware assaults on DNS servers,
- B. Assessing DNS server performance,
- C. Keeping an eye on unlawful zone transfers,
- D. Keeping track of the number of queries that were successfully answered.
Correct Answer: C
Q4)The Klez worm is a spam-sending computer virus that opens executable attachments even in Microsoft Outlook’s preview pane by taking advantage of a flaw. The default Windows Address Book is where the Klez worm collects email addresses (WAB). Which registry value from the list below best describes this worm?
- A. HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunServices
- B. HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run
- C. HKEY_CURRENT_USER\Software\Microsoft\WAB\WAB4\Wab File Name = “file and pathname of the WAB file”
- D. HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
Correct Answer: C
Q5)You are employed at Net Perfect Inc. as a network administrator. The business’s network is Windows-based. The business wishes to patch any potential security holes found in the systems under test. To find the flaws, you utilize Nessus as a vulnerability scanning application. Which flaws in the list below can be remedied with Nessus? A full solution is represented by each accurate response. Decide which options apply.
- A. Misconfiguration is a. (e.g. open mail relay, missing patches, etc.)
- B. Security holes that let remote hackers access sensitive data on a system
- C. Security holes that let remote crackers access private information on a system
- D. Flaws that facilitate Code Injection Attacks
Correct Answer: A,B and C
Q6)Adam works for Umbrella Inc. as a security analyst. The company’s network is Windows-based. Windows XP is used to run all PCs. Adam receives a complaint from the manager of the sales department regarding the strange behavior of his computer. He informed Adam that overnight, some pornographic materials had arrived on his computer. Adam thinks the machine may have been infected with Trojan horses or other dangerous malware. He uses some port scanners and diagnostic software, and he discovers that the ports 12345, 12346, and 20034 are open. Adam also saw some modification with the Windows registry, which results in the launch of a single application each time Windows starts. Which of the following is the most probable cause of this problem?
- A. On the computer, Cheops-ng is already installed.
- B. Elsave is set up on the machine.
- C. NetBus is set up on the machine.
- D. The computer has NetStumbler installed.
Correct Answer: C
Q7)Which of the following applications contacts Hydra to perform a dictionary attack while scanning for vulnerabilities?
- A. Whishker
- B. Nessus
- C. SARA
- D. Nmap
Correct Answer: B
Q8)Which of the following scanning techniques uses solely RST packets from Windows operating systems, regardless of whether the port is open or closed?
- A. TCP FIN
- B. FTP bounce
- C. XMAS
- D. TCP SYN
Correct Answer: A
Q9)Which of the following dangerous malware uses user interaction to traverse computer networks?
- A. Worm
- B. Virus
- C. Hoax
- D. Trojan horses
Correct Answer: A
Q10)Which of the subsequent attack types is capable of cracking a hashed password?
- A. Brute force attack
- B. Evasion attack
- C. Denial of Service attack
- D. Teardrop attack
Correct Answer: A
Q11)Who are the main targets of smurf attacks on the modern Internet infrastructure?
- A. Smurf assaults mostly target IRC servers.
- B. Smurf assaults mostly target FTP servers.
- C. Smurf assaults mostly target SMTP servers.
- D. Smurf assaults mostly target mail servers.
Correct Answer: A
Q12)You have installed a Trojan on your friend’s computer, and you want to put it in the startup so that it will start to run whenever the computer reboots. Which registry entry from the list below will you change to complete the task?
- A. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Startup
- B. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Auto
- C. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices
- D. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Start
Correct Answer: C
Q13)Part-time hacker John gained unauthorized access to the www.yourbank.com banking website and used a SQL injection attack to steal the credit card details and bank account information of its users. Now John wants to negotiate a deal with Mark, a bad guy, and sell him this information in order to receive a good sum of money. He chooses to transmit Mark the information in concealed text since he does not want to provide Mark the compromised data in clear text format. For this, he uses a steganography tool to encrypt the concealed data using the IDEA encryption technique and conceal it in ASCII text by inserting whitespace to the end of lines. John is utilizing which of the following for steganography?
- A. Image Hide
- B. Mosaic
- C. Snow.exe
- D. Netcat
Correct Answer: C
Q14)Adam works for Umbrella Inc. as a senior programmer. He was given the task of writing a quick program to collect user feedback for a Web application. His program needs to be organized and straightforward. Whereas he should have ideally used printf(“%s”, str), he instead opts to use printf(str). What kind of attack will his program make the Web application vulnerable to?
- A. Format string attack
- B. Cross Site Scripting attack
- C. SQL injection attack
- D. Sequence++ attack
Correct Answer: A
Q15)In order to determine whether an application is susceptible to a SQL injection attack, which of the following characters will you use?
- A. Dash (-)
- B. Double quote (“)
- C. Single quote (‘)
- D. Semi colon (;)
Correct Answer: C
Q16)Adam’s wireless network is set up and configured. He has various security settings active on his wifi network, including altering the default SSID, turning on WPA encryption, and turning on MAC filtering. Adam observes that the speed of his wifi connection fluctuates between 8 Mbps and 16 Mbps at times. When Adam establishes a wireless connection to the management utility router, he learns that a device with an unknown name is already connected. Paul looks at the router’s logs and sees that the unknown device shares his laptop’s MAC address. Which of the following assaults took place against Adam’s wireless network?
- A. NAT spoofing
- B. DNS cache poisoning
- C. MAC spoofing
- D. ARP spoofing
Correct Answer: C
Q17)Which of the tools listed below can be used to identify steganography?
- A. Dskprobe
- B. Blindside
- C. ImageHide
- D. Snow
Correct Answer: A
Q18)Which of the following claims concerning session hijacking is accurate? A full solution is represented by each accurate response. Decide which options apply.
- A. Session hijacking is decreased when a lengthy random number or string is used as the session key.
- B. It is used to make the victim’s network resources work more slowly.
- C. When a hacker hijacks a TCP session between two machines, it is known as TCP session hijacking.
- D. It involves using a legitimate computer session to access data or services in a computer system without authorization.
Correct Answer: A,C and D
Q19)Which of the following attacks is a result of a program’s weaknesses brought on by bad programming practices?
- A. Evasion attack
- B. Denial-of-Service (DoS) attack
- C. Ping of death attack
- D. Buffer overflow attack
Correct Answer: D
Q20)Adam works for Umbrella Inc. as an incident handler. His recent responses to the situation fall short of the company’s expected standards. Because handling responses is so frantic, he consistently forgets some stages and protocols. Which of the above actions should Adam take to solve this issue with the least amount of administrative work?
- A. Write up an incident manual and read it whenever an incident happens.
- B. Designate a different person to review the procedures.
- C. Develop incident checklists.
- D. Form a new sub-team to monitor things.
Correct Answer: C