- (Topic 2)
Ethical hacker jane Smith is attempting to perform an SQL injection attach. She wants to test the response time of a true or false response and wants to use a second command to determine whether the database will return true or false results for user IDs. which two SQL Injection types would give her the results she is looking for?

1. A. Out of band and boolean-based
2. B. Time-based and union-based
3. C. union-based and error-based
4. D. Time-based and boolean-based

Correct Answer: D
??Boolean based?? we mean that it is based on Boolean values, that is, true or false / true and false. AND Time-based SQL Injection is an inferential SQL Injection technique that relies on sending an SQL query to the database which forces the database to wait for a specified amount of time (in seconds) before responding. The response time will indicate to
the attacker whether the result of the query is TRUE or FALSE.
Boolean-based (content-based) Blind SQLi
Boolean-based SQL Injection is an inferential SQL Injection technique that relies on sending an SQL query to the database which forces the application to return a different result depending on whether the query returns a TRUE or FALSE result.
Depending on the result, the content within the HTTP response will change, or remain the same. This allows an attacker to infer if the payload used returned true or false, even though no data from the database is returned. This attack is typically slow (especially on large databases) since an attacker would need to enumerate a database, character by character.
Time-based Blind SQLi
Time-based SQL Injection is an inferential SQL Injection technique that relies on sending an SQL query to the database which forces the database to wait for a specified amount of time (in seconds) before responding. The response time will indicate to the attacker whether the result of the query is TRUE or FALSE.
Depending on the result, an HTTP response will be returned with a delay, or returned immediately. This allows an attacker to infer if the payload used returned true or false, even though no data from the database is returned. This attack is typically slow (especially on large databases) since an attacker would need to enumerate a database character by character.
https://www.acunetix.com/websitesecurity/sql-injection2/

- (Topic 2)
which type of virus can change its own code and then cipher itself multiple times as it replicates?

1. A. Stealth virus
2. B. Tunneling virus
3. C. Cavity virus
4. D. Encryption virus

Correct Answer: A
A stealth virus may be a sort of virus malware that contains sophisticated means of avoiding detection by antivirus software. After it manages to urge into the now- infected machine a stealth viruses hides itself by continually renaming and moving itself round the disc.Like other viruses, a stealth virus can take hold of the many parts of one??s PC. When taking control of the PC and performing tasks, antivirus programs can detect it, but a stealth virus sees that coming and can rename then copy itself to a special drive or area on the disc, before the antivirus software. Once moved and renamed a stealth virus will usually replace the detected ??infected?? file with a clean file that doesn??t trigger anti-virus detection. It??s a never-ending game of cat and mouse.The intelligent architecture of this sort of virus about guarantees it??s impossible to completely rid oneself of it once infected. One would need to completely wipe the pc and rebuild it from scratch to completely eradicate the presence of a stealth virus. Using regularly-updated antivirus software can reduce risk, but, as we all know, antivirus software is additionally caught in an endless cycle of finding new threats and protecting against them. https://www.techslang.com/definition/what-is-a-stealth-virus/

- (Topic 2)
Steve, an attacker, created a fake profile on a social media website and sent a request to Stella. Stella was enthralled by Steve's profile picture and the description given for his profile, and she initiated a conversation with him soon after accepting the request. After a few days. Sieve started asking about her company details and eventually gathered all the essential information regarding her company. What is the social engineering technique Steve employed in the above scenario?

1. A. Diversion theft
2. B. Baiting
3. C. Honey trap
4. D. Piggybacking

Correct Answer: C
The honey trap is a technique where an attacker targets a person online by pretending to be an attractive person and then begins a fake online relationship to obtain confidential information about the target company. In this technique, the victim is an insider who possesses critical information about the target organization.
Baiting is a technique in which attackers offer end users something alluring in exchange for
important information such as login details and other sensitive data. This technique relies on
the curiosity and greed of the end-users. Attackers perform this technique by leaving a physical
device such as a USB flash drive containing malicious files in locations where people can easily
find them, such as parking lots, elevators, and bathrooms. This physical device is labeled with a
legitimate company's logo, thereby tricking end-users into trusting it and opening it on their
systems. Once the victim connects and opens the device, a malicious file downloads. It infects
the system and allows the attacker to take control.
For example, an attacker leaves some bait in the form of a USB drive in the elevator with the
label "Employee Salary Information 2019" and a legitimate company's logo. Out of curiosity and
greed, the victim picks up the device and opens it up on their system, which downloads the
bait. Once the bait is downloaded, a piece of malicious software installs on the victim's system,
giving the attacker access.

- (Topic 3)
Given the complexities of an organization??s network infrastructure, a threat actor has exploited an unidentified vulnerability, leading to a major data breach. As a Certified Ethical Hacker (CEH), you are tasked with enhancing
the organization's security stance. To ensure a comprehensive security defense, you recommend a certain security strategy. Which of the following best represents the strategy you would likely suggest and why?

1. A. Develop an in-depth Risk Management process, involving identification, assessment, treatment, tracking, and review of risks to control the potential effects on the organization.
2. B. Establish a Defense-in-Depth strategy, incorporating multiple layers of security measures to increase the complexity and decrease the likelihood of a successful attack.
3. C. Adopt a Continual/Adaptive Security Strategy involving ongoing prediction, prevention, detection, and response actions to ensure comprehensive computer network defense.
4. D. Implement an Information Assurance (IA) policy focusing on ensuring the integrity, availability, confidentiality, and authenticity of information systems.

Correct Answer: C
The security strategy that you would likely suggest is to adopt a Continual/Adaptive Security Strategy involving ongoing prediction, prevention, detection, and response actions to ensure comprehensive computer network defense. This strategy is based on the concept of continuous monitoring and improvement of the security posture of an organization, using a feedback loop that integrates various security activities and technologies. A Continual/Adaptive Security Strategy aims to proactively identify and mitigate emerging threats, vulnerabilities, and risks, as well as to respond effectively and efficiently to security incidents and breaches. A Continual/Adaptive Security Strategy can help enhance the organization??s security stance by providing the following benefits12:
✑ It can reduce the attack surface and the exposure time of the organization??s
network infrastructure, by applying timely patches, updates, and configurations, as well as by implementing security controls and policies.
✑ It can increase the visibility and awareness of the organization??s network activity
and behavior, by collecting, analyzing, and correlating data from various sources, such as logs, sensors, alerts, and reports.
✑ It can improve the detection and prevention capabilities of the organization, by
using advanced tools and techniques, such as artificial intelligence, machine learning, threat intelligence, and behavioral analytics, to identify and block malicious or anomalous patterns and indicators.
✑ It can enhance the response and recovery processes of the organization, by using
automated and orchestrated actions, such as isolation, quarantine, remediation, and restoration, to contain and resolve security incidents and breaches, as well as by conducting lessons learned and root cause analysis to prevent recurrence.
The other options are not as appropriate as option C for the following reasons:
✑ A. Develop an in-depth Risk Management process, involving identification, assessment, treatment, tracking, and review of risks to control the potential effects on the organization: This option is not sufficient because risk management is only one aspect of a comprehensive security strategy, and it does not address the dynamic and evolving nature of cyber threats and vulnerabilities. Risk management is a process of identifying, analyzing, evaluating, and treating the risks that may affect the organization??s objectives and operations, as well as monitoring and reviewing the effectiveness of the risk treatment measures3. Risk management can help the organization prioritize and allocate resources for security, but it cannot guarantee the prevention or detection of security incidents and breaches, nor the response and recovery from them.
✑ B. Establish a Defense-in-Depth strategy, incorporating multiple layers of security measures to increase the complexity and decrease the likelihood of a successful attack: This option is not optimal because defense-in-depth is a traditional and static approach to security, and it may not be able to cope with the sophisticated and persistent attacks that exploit unknown or zero-day vulnerabilities. Defense-in- depth is a strategy of implementing multiple and diverse security controls and mechanisms at different layers of the organization??s network infrastructure, such
as perimeter, network, endpoint, application, and data, to provide redundancy and
resilience against attacks4. Defense-in-depth can help the organization protect its assets and systems from unauthorized access or damage, but it cannot ensure the timely detection and response to security incidents and breaches, nor the continuous improvement of the security posture.
✑ D. Implement an Information Assurance (IA) policy focusing on ensuring the
integrity, availability, confidentiality, and authenticity of information systems: This option is not comprehensive because information assurance is a subset of cybersecurity, and it does not cover all the aspects of a holistic security
strategy. Information assurance is a discipline of managing the risks associated with the use, processing, storage, and transmission of information and data, and ensuring the protection of the information and data from unauthorized access, use, disclosure, modification, or destruction5. Information assurance can help the organization safeguard its information and data from compromise or loss, but it does not address the prevention, detection, and response to security incidents and breaches, nor the adaptation and innovation of the security technologies and processes.
References:
✑ 1: Continual/Adaptive Security Strategy - an overview | ScienceDirect Topics
✑ 2: Continual Adaptive Security: A New Approach to Cybersecurity | SecurityWeek.Com
✑ 3: Risk Management - an overview | ScienceDirect Topics
✑ 4: Defense in Depth - an overview | ScienceDirect Topics
✑ 5: Information Assurance - an overview | ScienceDirect Topics

- (Topic 3)
You are the chief security officer at AlphaTech, a tech company that specializes in data storage solutions. Your company is developing a new cloud storage platform where users can store their personal files. To ensure data security, the development team is proposing to use symmetric encryption for data at rest. However, they are unsure of how to securely manage and distribute the symmetric keys to users. Which of the following strategies
would you recommend to them?

1. A. Use hash functions to distribute the keys.
2. B. implement the Diffie-Hellman protocol for secure key exchange.
3. C. Use HTTPS protocol for secure key transfer.
4. D. Use digital signatures to encrypt the symmetric keys.

Correct Answer: C
Symmetric encryption is a method of encrypting and decrypting data using the same secret key. Symmetric encryption is fast and efficient, but it requires a secure way of managing and distributing the keys to the users who need them. If the keys are compromised, the data is no longer secure.
One of the strategies to securely manage and distribute symmetric keys is to use HTTPS protocol for secure key transfer. HTTPS is a protocol that uses SSL/TLS to encrypt the communication between a client and a server over the Internet. HTTPS can protect the symmetric keys from being intercepted or modified by an attacker during the key transfer process. HTTPS can also authenticate the server and the client using certificates, ensuring that the keys are sent to and received by the intended parties.
To use HTTPS protocol for secure key transfer, the development team needs to implement the following steps1:
✑ Generate a symmetric key for each user who wants to store their files on the cloud storage platform. The symmetric key will be used to encrypt and decrypt the user??s files.
✑ Generate a certificate for the cloud storage server. The certificate will contain the server??s public key and other information, such as the server??s domain name, the issuer, and the validity period. The certificate will be signed by a trusted certificate authority (CA), which is a third-party entity that verifies the identity and legitimacy of the server.
✑ Install the certificate on the cloud storage server and configure the server to use HTTPS protocol for communication.
✑ When a user wants to upload or download their files, the user??s client (such as a web browser or an app) will initiate a HTTPS connection with the cloud storage server. The client will verify the server??s certificate and establish a secure session with the server using SSL/TLS. The client and the server will negotiate a session key, which is a temporary symmetric key that will be used to encrypt the data exchanged during the session.
✑ The cloud storage server will send the user??s symmetric key to the user??s client, encrypted with the session key. The user??s client will decrypt the symmetric key with the session key and use it to encrypt or decrypt the user??s files.
✑ The user??s client will store the symmetric key securely on the user??s device, such as in a password-protected file or a hardware token. The user??s client will also delete the session key after the session is over.
Using HTTPS protocol for secure key transfer can ensure that the symmetric keys are protected from eavesdropping, tampering, or spoofing attacks. However, this strategy also has some challenges and limitations, such as:
✑ The development team needs to obtain and maintain valid certificates for the cloud storage server from a trusted CA, which might incur costs and administrative overhead.
✑ The users need to trust the CA that issued the certificates for the cloud storage server and verify the certificates before accepting them.
✑ The users need to protect their symmetric keys from being lost, stolen, or corrupted on their devices. The development team needs to provide a mechanism for key backup, recovery, or revocation in case of such events.
✑ The users need to update their symmetric keys periodically to prevent key exhaustion or reuse attacks. The development team needs to provide a mechanism for key rotation or renewal in a secure and efficient manner.
References:
✑ Key Management - OWASP Cheat Sheet Series
✑ Symmetric Cryptography & Key Management: Exhaustion, Rotation, Defence
✑ What is Key Management? How does Key Management work? | Encryption Consulting