While scanning with Nmap, Patin found several hosts which have the IP ID of incremental sequences. He then decided to conduct: nmap -Pn -p- -si kiosk.adobe.com www.riaa.com. kiosk.adobe.com is the host with incremental IP ID sequence. What is the purpose of using "-si" with Nmap?

• A.Conduct stealth scan
• B.Conduct ICMP scan
• C.Conduct IDLE scan
• D.Conduct silent scan

Comment: *

Name: *

Email: *

Verification: *

An Intrusion Detection System (IDS) has alerted the network administrator to a possibly malicious sequence of packets sent to a Web server in the network's external DMZ. The packet traffic was captured by the IDS and saved to a PCAP file. What type of network tool can be used to determine if these packets are genuinely malicious or simply a false positive?

• A.Intrusion Prevention System (IPS)
• B.Network sniffer
• C.Vulnerability scanner
• D.Protocol analyzer

Comment: *

Name: *

Email: *

Verification: *

A group of hackers were roaming around a bank office building in a city, driving a luxury car. They were using hacking tools on their laptop with the intention to find a free-access wireless network. What is

• A.GPS mapping
• B.Wardriving Wireless sniffing
• C.Spectrum analysis
• D.this hacking process known as?

Comment: *

Name: *

Email: *

Verification: *

Robin, a professional hacker, targeted an organization's network to sniff all the traffic. During this process.
Robin plugged in a rogue switch to an unused port in the LAN with a priority lower than any other switch in the network so that he could make it a root bridge that will later allow him to sniff all the traffic in the network.
What is the attack performed by Robin in the above scenario?

• A.ARP spoofing attack
• B.VLAN hopping attack
• C.DNS poisoning attack
• D.STP attack

Correct Answer: C

Domain Name Server (DNS) spoofing (a.k.a. DNS cache poisoning) is an attack in which altered DNS records are used to redirect online traffic to a fraudulent website that resembles its intended destination.
Once there, users are prompted to login into (what they believe to be) their account, giving the perpetrator the opportunity to steal their access credentials and other types of sensitive information. Furthermore, the malicious website is often used to install worms or viruses on a user's computer, giving the perpetrator long-term access to it and the data it stores.
Methods for executing a DNS spoofing attack include:
Man in the middle (MITM)- The interception of communications between users and a DNS server in order to route users to a different/malicious IP address.
DNS server compromise- The direct hijacking of a DNS server, which is configured to return a malicious IP address.

DNS cache poisoning example
The following example illustrates a DNS cache poisoning attack, in which an attacker (IP 192.168.3.300) intercepts a communication channel between a client (IP 192.168.1.100) and a server computer belonging to the website www.estores.com (IP 192.168.2.200).
In this scenario, a tool (e.g., arpspoof) is used to dupe the client into thinking that the server IP is 192.168.3.300. At the same time, the server is made to think that the client's IP is also 192.168.3.300.
Such a scenario would proceed as follows:
The attacker uses arpspoof to issue the command: arpspoof 192.168.1.100 192.168.2.200. This modifies the MAC addresses in the server's ARP table, causing it to think that the attacker's computer belongs to the client.
The attacker once again uses arpspoof to issue the command: arpspoof 192.168.2.200 192.168.1.100, which tells the client that the perpetrator's computer is the server.
The attacker issues the Linux command: echo 1> /proc/sys/net/ipv4/ip_forward. As a result, IP packets sent between the client and server are forwarded to the perpetrator's computer.
The host file, 192.168.3.300 estores.com is created on the attacker's local computer, which maps the website www.estores.com to their local IP.
The perpetrator sets up a web server on the local computer's IP and creates a fake website made to resemble www.estores.com.
Finally, a tool (e.g., dnsspoof) is used to direct all DNS requests to the perpetrator's local host file. The fake website is displayed to users as a result and, only by interacting with the site, malware is installed on their computers.

Comment: *

Name: *

Email: *

Verification: *

Which of the following types of SQL injection attacks extends the results returned by the original query, enabling attackers to run two or more statements if they have the same structure as the original one?

• A.Blind SQL injection
• B.Allnion SQL injection
• C.Error-based injection
• D.Boolean-based blind SQL injection

Comment: *

Name: *

Email: *

Verification: *