Q: Performing a shoulder surfing in order to check other’s password is ____________ ethical practice.
A. not so good
B. a bad
C. a good
D. very good social engineering practice
Solution: Overlooking or peeping into someone’s system when he/she is entering his/her password is a bad practice and is against the ethics of conduct for every individual. Shoulder surfing is a social engineering attack approach used by some cyber-criminals to know your password and gain access to your system later.
Q: After performing ____________ the ethical hacker should never disclose client information to other parties.
A. penetration testing
B. hacking
C. exploiting
D. cracking
Solution: It is against the laws and ethics of ethical hackers that after doing penetration tests, the ethical hacker should never disclose client information to other parties. The protection of client data is in the hands of the ethical hacker who performed the tests.
Q: Which of these is not a step followed by cyber-criminals in data breaching?
A. Fixing the bugs
B. Exfiltration
C. Attack the system
D. Research and info-gathering
Solution: During a hack, the cyber-criminals first do a research on the victim gathers information on the victim’s system as well as network. Then perform the attack. Once the attacker gains access it steals away confidential data.
Q: Through the clickjacking attack, the employee’s confidential ______________ may get leaked or stolen.
A. hardcopy files
B. media files
C. papers
D. information
Solution: Through clickjacking, the employee’s system may get compromised by an infected program, trojans or spyware which got downloaded in the background automatically as the user fell into the trick of an attacker.
Q: Which of the following is not a proper aspect of user integration?
A. Employee’s authentication
B. Access control
C. Representing users in the database
D. Physical authorization
Solution: There are 3 main aspects that need to keep in mind when putting together new employees or users into an application. These are: Representing users in the database, Access control, and Employee’s authentication.
Q: In __________________ layer, vulnerabilities are directly associated with physical access to networks and hardware.
A. application
B. network
C. physical
D. data-link
Solution: In the physical layer, vulnerabilities are directly associated with physical access to networks and hardware such as unauthorized network access, damage or destruction of data & hardware and keystroke & Other Input Logging.
Q: Which of the following is not a vulnerability of the network layer?
A. Identity & Resource ID Vulnerability
B. Weak or non-existent authentication
C. Route spoofing
D. IP Address Spoofing
Solution: Weak or non-existent authentication is a vulnerability of the session layer. Route spoofing, identity & resource ID vulnerability & IP Address Spoofing are examples of network layer vulnerability.
Q: Failed sessions allow brute-force attacks on access credentials. This type of attacks are done in which layer of the OSI model?
A. Presentation layer
B. Session Layer
C. Physical layer
D. Data-link layer
Solution: Session identification may be subject to spoofing may lead to data leakage which depends on failed authentication attempts and allow hackers to allow brute-force attacks on access credentials.
Q: Which of the following is an example of application layer vulnerability?
A. Weak or non-existent authentication
B. MAC Address Spoofing
C. Cryptographic flaws lead to the privacy issue
D. Very complex application security controls
Solution: Very complex application security controls can be an example of application layer vulnerability. Inadequate security controls, as well as logical bugs in programs, are some other examples of such type.
Q: Trusted TCP/IP commands have the same needs & go through the identical verification process. Which of them is not a TCP/IP command?
A. tcpexec
B. ftp
C. telnet
D. rexec
Solution: Trusted TCP/IP commands such as ftp, rexec and telnet have the same needs & go through the identical verification process. Internet & TCP/IP are often implemented synonymously.