- (Exam Topic 1)
Which method of password cracking takes the most time and effort?

1. A. Dictionary attack
2. B. Shoulder surfing
3. C. Rainbow tables
4. D. Brute force

Correct Answer: D
Brute-force attack when an attacker uses a set of predefined values to attack a target and analyze the response until he succeeds. Success depends on the set of predefined values. It will take more time if it is larger, but there is a better probability of success. In a traditional brute-force attack, the passcode or password is incrementally increased by one letter/number each time until the right passcode/password is found.

- (Exam Topic 2)
Jim, a professional hacker, targeted an organization that is operating critical Industrial Infrastructure. Jim used Nmap to scan open pons and running services on systems connected to the organization's OT network. He used an Nmap command to identify Ethernet/IP devices connected to the Internet and further gathered Information such as the vendor name, product code and name, device name, and IP address. Which of the following Nmap commands helped Jim retrieve the required information?

1. A. nmap -Pn -sT --scan-delay 1s --max-parallelism 1 -p < Port List > < Target IP >
2. B. nmap -Pn -sU -p 44818 --script enip-info < Target IP >
3. C. nmap -Pn -sT -p 46824 < Target IP >
4. D. nmap -Pn -sT -p 102 --script s7-info < Target IP >

Correct Answer: B
https://nmap.org/nsedoc/scripts/enip-info.html Example Usage enip-info:
- nmap --script enip-info -sU -p 44818 <host>
This NSE script is used to send a EtherNet/IP packet to a remote device that has TCP 44818 open. The script will send a Request Identity Packet and once a response is received, it validates that it was a proper response to the command that was sent, and then will parse out the data. Information that is parsed includes Device Type, Vendor ID, Product name, Serial Number, Product code, Revision Number, status, state, as well as the Device IP.
This script was written based of information collected by using the the Wireshark dissector for CIP, and EtherNet/IP, The original information was collected by running a modified version of the ethernetip.py script (https://github.com/paperwork/pyenip)

- (Exam Topic 2)
The network administrator at Spears Technology, Inc has configured the default gateway Cisco router's access-list as below:
You are hired to conduct security testing on their network.
You successfully brute-force the SNMP community string using a SNMP crack tool.
The access-list configured at the router prevents you from establishing a successful connection. You want to retrieve the Cisco configuration from the router. How would you proceed?

1. A. Use the Cisco's TFTP default password to connect and download the configuration file
2. B. Run a network sniffer and capture the returned traffic with the configuration file from the router
3. C. Run Generic Routing Encapsulation (GRE) tunneling protocol from your computer to the router masking your IP address
4. D. Send a customized SNMP set request with a spoofed source IP address in the range -192.168.1.0

Correct Answer: BD

- (Exam Topic 1)
Which of the following is a low-tech way of gaining unauthorized access to systems?

1. A. Social Engineering
2. B. Eavesdropping
3. C. Scanning
4. D. Sniffing

Correct Answer: A

- (Exam Topic 3)
Which tier in the N-tier application architecture is responsible for moving and processing data between the tiers?

1. A. Presentation tier
2. B. Application Layer
3. C. Logic tier
4. D. Data tier

Correct Answer: C