- (Exam Topic 1)
Which is the first step followed by Vulnerability Scanners for scanning a network?
Correct Answer:
D
Vulnerability scanning solutions perform vulnerability penetration tests on the organizational network in three steps:
* 1. Locating nodes:
The first step in vulnerability scanning is to locate live hosts in the target network using various scanning techniques.
* 2. Performing service and OS discovery on them:
After detecting the live hosts in the target network, the next step is to enumerate the open ports and services and the operating system on the target systems.
* 3. Testing those services and OS for known vulnerabilities:
Finally, after identifying the open services and
the operating system running on the target nodes, they are tested for known vulnerabilities.
- (Exam Topic 3)
Upon establishing his new startup, Tom hired a cloud service provider (CSP) but was dissatisfied with their service and wanted to move to another CSP.
What part of the contract might prevent him from doing so?
Correct Answer:
B
- (Exam Topic 2)
How can you determine if an LM hash you extracted contains a password that is less than 8 characters long?
Correct Answer:
B
- (Exam Topic 3)
John, a security analyst working for an organization, found a critical vulnerability on the organization's LAN that allows him to view financial and personal information about the rest of the employees. Before reporting the vulnerability, he examines the information shown by the vulnerability for two days without disclosing any information to third parties or other internal employees. He does so out of curiosity about the other employees and may take advantage of this information later. What would John be considered as?
Correct Answer:
D
- (Exam Topic 2)
John wants to send Marie an email that includes sensitive information, and he does not trust the network that he is connected to. Marie gives him the idea of using PGP. What should John do to communicate correctly using this type of encryption?
Correct Answer:
B
When a user encrypts plaintext with PGP, PGP first compresses the plaintext. The session key works with a very secure, fast conventional encryption algorithm to encrypt the plaintext; the result is ciphertext. Once the data is encrypted, the session key is then encrypted to the recipient's public key
https://en.wikipedia.org/wiki/Pretty_Good_Privacy
Pretty Good Privacy (PGP) is an encryption program that provides cryptographic privacy and authentication for data communication. PGP is used for signing, encrypting, and decrypting texts, e-mails, files, directories, and whole disk partitions and to increase the security of e-mail communications.
PGP encryption uses a serial combination of hashing, data compression, symmetric-key cryptography, and finally public-key cryptography; each step uses one of several supported algorithms. Each public key is bound to a username or an e-mail address.
https://en.wikipedia.org/wiki/Public-key_cryptography
Public key encryption uses two different keys. One key is used to encrypt the information and the other is used to decrypt the information. Sometimes this is referred to as asymmetric encryption because two keys are required to make the system and/or process work securely. One key is known as the public key and should be shared by the owner with anyone who will be securely communicating with the key owner. However, the owner’s secret key is not to be shared and considered a private key. If the private key is shared with unauthorized recipients, the encryption mechanisms protecting the information must be considered compromised.