- (Topic 3)
A skilled ethical hacker was assigned to perform a thorough OS discovery on a potential target. They decided to adopt an advanced fingerprinting technique and sent a TCP packet to an open TCP port with specific flags enabled. Upon receiving the reply, they noticed the flags were SYN and ECN-Echo. Which test did the ethical hacker conduct and why was this specific approach adopted?

1. A. Test 3: The test was executed to observe the response of the target system when a packet with URG, PSH, SYN, and FIN flags was sent, thereby identifying the OS
2. B. Qrest 1: The test was conducted because SYN and ECN-Echo flags enabled to allow the hacker to probe the nature of the response and subsequently determine the OS fingerprint
3. C. Test 2: This test was chosen because a TCP packet with no flags enabled is known as a NULL packet and this would allow the hacker to assess the OS of the target
4. D. Test 6; The hacker selected this test because a TCP packet with the ACK flag enabled sent to a closed TCP port would yield more information about the OS

Correct Answer: B
The ethical hacker conducted Test 1, which is a TCP/IP stack fingerprinting technique that uses the SYN and ECN-Echo flags to determine the OS of the target system. The SYN flag is used to initiate a TCP connection, and the ECN-Echo flag is used to indicate that the sender supports Explicit Congestion Notification (ECN), which is a mechanism to reduce network congestion. Different OSes have different implementations and responses to these flags, which can reveal their identity. For example, Windows XP and 2000 will reply with SYN and ECN-Echo flags set, while Linux will reply with only SYN flag set. By sending a TCP packet with these flags enabled to an open TCP port and observing the reply, the ethical hacker can probe the nature of the response and subsequently determine the OS fingerprint.
The ethical hacker adopted this specific approach because it is an advanced and stealthy technique that can evade some firewalls and intrusion detection systems (IDS) that may block or alert other types of packets, such as NULL, FIN, or Xmas packets. Moreover, this technique can provide more accurate and reliable results than other techniques, such as banner grabbing or passive analysis, that may depend on the availability or validity of the information provided by the target system.
The other options are not correct, as they describe different tests and reasons. Test 3 is a TCP/IP stack fingerprinting technique that uses the URG, PSH, SYN, and FIN flags to determine the OS of the target system. Test 2 is a TCP/IP stack fingerprinting technique that uses a NULL packet, which is a TCP packet with no flags enabled, to determine the
OS of the target system. Test 6 is a TCP/IP stack fingerprinting technique that uses the ACK flag, which is used to acknowledge the receipt of a TCP segment, to determine the OS of the target system. References:
✑ OS and Application Fingerprinting | SANS Institute
✑ Operating System Fingerprinting | SpringerLink
✑ OS and Application Fingerprinting - community.akamai.com
✑ What is OS Fingerprinting and Techniques - Zerosuniverse

- (Topic 2)
Robin, a professional hacker, targeted an organization's network to sniff all the traffic. During this process.
Robin plugged in a rogue switch to an unused port in the LAN with a priority lower than any other switch in the network so that he could make it a root bridge that will later allow him to
sniff all the traffic in the network.
What is the attack performed by Robin in the above scenario?

1. A. ARP spoofing attack
2. B. VLAN hopping attack
3. C. DNS poisoning attack
4. D. STP attack

Correct Answer: D
STP prevents bridging loops in a redundant switched network environment. By avoiding loops, you can ensure that broadcast traffic does not become a traffic storm. STP is a hierarchical tree-like topology with a ??root?? switch at the top. A switch is elected as root based on the lowest configured priority of any switch (0 through 65,535). When a switch boots up, it begins a process of identifying other switches and determining the root bridge. After a root bridge is elected, the topology is established from its perspective of the connectivity. The switches determine the path to the root bridge, and all redundant paths are blocked. STP sends configuration and topology change notifications and acknowledgments (TCN/TCA) using bridge protocol data units (BPDU).
An STP attack involves an attacker spoofing the root bridge in the topology. The attacker broadcasts out an STP configuration/topology change BPDU in an attempt to force an STP recalculation. The BPDU sent out announces that the attacker??s system has a lower bridge priority. The attacker can then see a variety of frames forwarded from other switches to it. STP recalculation may also cause a denial-of-service (DoS) condition on the network by causing an interruption of 30 to 45 seconds each time the root bridge changes. An attacker using STP network topology changes to force its host to be elected as the root bridge.
switch

- (Topic 2)
which of the following Bluetooth hacking techniques refers to the theft of information from a wireless device through Bluetooth?

1. A. Bluesmacking
2. B. Bluebugging
3. C. Bluejacking
4. D. Bluesnarfing

Correct Answer: D
Bluesnarfing is the unauthorized access of information from a wireless device through
aBluetooth connection, often between phones, desktops, laptops, and PDAs (personal digital assistant).

- (Topic 3)
The security team of Debry Inc. decided to upgrade Wi-Fi security to thwart attacks such as dictionary attacks and key recovery attacks. For this purpose, the security team started implementing cutting-edge technology that uses a modern key establishment protocol called the simultaneous authentication of equals (SAE), also known as dragonfly key exchange, which replaces the PSK concept. What is the Wi-Fi encryption technology implemented by Debry Inc.?

1. A. WEP
2. B. WPA
3. C. WPA2
4. D. WPA3

Correct Answer: D

- (Topic 3)
Don, a student, came across a gaming app in a third-party app store and Installed it. Subsequently, all the legitimate apps in his smartphone were replaced by deceptive applications that appeared legitimate. He also received many advertisements on his smartphone after Installing the app. What is the attack performed on Don in the above scenario?

1. A. SMS phishing attack
2. B. SIM card attack
3. C. Agent Smith attack
4. D. Clickjacking

Correct Answer: C
Agent Smith Attack
Agent Smith attacks are carried out by luring victims into downloading and installing malicious
apps designed and published by attackers in the form of games, photo editors, or other
attractive tools from third-party app stores such as 9Apps. Once the user has installed the app,
the core malicious code inside the application infects or replaces the legitimate apps in the
victim's mobile device C&C commands. The deceptive application replaces legitimate apps such
as WhatsApp, SHAREit, and MX Player with similar infected versions. The application sometimes
also appears to be an authentic Google product such as Google Updater or Themes.
The attacker then produces a massive volume of irrelevant and fraudulent advertisements on the
victim's device through the infected app for financial gain. Attackers exploit these apps to steal
critical information such as personal information, credentials, and bank details, from the
victim's mobile device through C&C commands.