- (Topic 1)
Bob is doing a password assessment for one of his clients. Bob suspects that security policies are not in place. He also suspects that weak passwords are probably the norm throughout the company he is evaluating. Bob is familiar with password weaknesses and key loggers.
Which of the following options best represents the means that Bob can adopt to retrieve passwords from his clients hosts and servers?

1. A. Hardware, Software, and Sniffing.
2. B. Hardware and Software Keyloggers.
3. C. Passwords are always best obtained using Hardware key loggers.
4. D. Software only, they are the most effective.

Correct Answer: A

- (Topic 2)
Emily, an extrovert obsessed with social media, posts a large amount of private information, photographs, and location tags of recently visited places. Realizing this. James, a professional hacker, targets Emily and her acquaintances, conducts a location search to detect their geolocation by using an automated tool, and gathers information to perform other sophisticated attacks. What is the tool employed by James in the above scenario?

1. A. ophcrack
2. B. Hootsuite
3. C. VisualRoute
4. D. HULK

Correct Answer: B
Hootsuite may be a social media management platform that covers virtually each side of a social media manager??s role.
With only one platform users area unit ready to do the easy stuff like reverend cool content and schedule posts on social media in all the high to managing team members and measure ROI.
There area unit many totally different plans to decide on from, from one user set up up to a bespoken enterprise account that??s appropriate for much larger organizations.
Conducting location search on social media sites such as Twitter, Instagram, and Facebook helps attackers to detect the geolocation of the target. This information further helps attackers to perform various social engineering and non-technical attacks. Many online tools such as Followerwonk, Hootsuite, and Sysomos are available to search for both geotagged and non-geotagged information on social media sites. Attackers search social media sites using these online tools using keywords, usernames, date, time, and so on...

- (Topic 3)
Alex, a cloud security engineer working in Eyecloud Inc. is tasked with isolating applications from the underlying infrastructure and stimulating communication via well- defined channels. For this purpose, he used an open-source technology that helped him in developing, packaging, and running applications; further, the technology provides PaaS through OS-level visualization, delivers containerized software packages, and promotes fast software delivery. What is the cloud technology employed by Alex in the above scenario?

1. A. Virtual machine
2. B. Serverless computing
3. C. Docker
4. D. Zero trust network

Correct Answer: C

- (Topic 3)
During a reconnaissance mission, an ethical hacker uses Maltego, a popular footprinting tool, to collect information about a target organization. The information includes the target's Internet infrastructure details (domains, DNS names, Netblocks, IP address information).
The hacker decides to use social engineering techniques to gain further information. Which of the following would be the least likely method of social engineering to yield beneficial information based on the data collected?

1. A. Shoulder surfing to observe sensitive credentials input on the target's computers
2. B. Impersonating an ISP technical support agent to trick the target into providing further network details
3. C. Dumpster diving in the target company??s trash bins for valuable printouts
4. D. Eavesdropping on internal corporate conversations to understand key topics

Correct Answer: A
Shoulder surfing is a social engineering technique that involves looking over someone??s shoulder to observe sensitive information, such as passwords, PINs, or credit card numbers, that they enter on their computer, phone, or ATM. It is the least likely method of social engineering to yield beneficial information based on the data collected by Maltego, because it requires physical proximity and access to the target??s devices, which may not be feasible or safe for the hacker. Moreover, shoulder surfing does not leverage the information obtained by Maltego, such as domains, DNS names, Netblocks, or IP addresses, which are more relevant for network-based attacks.
The other options are more likely to yield beneficial information based on the data collected by Maltego, because they involve exploiting the target??s trust, curiosity, or negligence, and using the information obtained by Maltego to craft convincing scenarios or messages. Impersonating an ISP technical support agent to trick the target into providing further network details is a form of pretexting, where the hacker creates a false identity and scenario to obtain information or access from the target. Dumpster diving in the target company??s trash bins for valuable printouts is a technique that relies on the target??s negligence or lack of proper disposal of sensitive documents, such as network diagrams, passwords, or confidential reports. Eavesdropping on internal corporate conversations to understand key topics is a technique that exploits the target??s curiosity or lack of awareness, and allows the hacker to gather information about the target??s projects, plans, or problems, which can be used for further attacks or extortion. References:
✑ Social Engineering: Definition & 5 Attack Types
✑ How to Use Maltego Transforms to Map Network Infrastructure: An In-Depth Guide
✑ Social engineering: Definition, examples, and techniques

- (Topic 3)
Eric, a cloud security engineer, implements a technique for securing the cloud resources used by his organization. This technique assumes by default that a user attempting to access the network is not an authentic entity and verifies every incoming connection before allowing access to the network. Using this technique, he also imposed conditions such that employees can access only the resources required for their role.
What is the technique employed by Eric to secure cloud resources?

1. A. Serverless computing
2. B. Demilitarized zone
3. C. Container technology
4. D. Zero trust network

Correct Answer: D
Zero Trust Networks The Zero Trust model is a security implementation that by default assumes every user trying to access the network is not a trusted entity and verifies every incoming connection before allowing access to the network.It strictly follows the principle, ??Trust no one and validate before providing a cloud service or granting access permission.??It also allows companies to impose conditions, such as allowing employees to only access the appropriate resources required for their work role. (P.2997/2981)
Zero Trust is a strategic initiative that helps prevent successful data breaches by eliminating the concept of trust from an organization??s network architecture. Rooted in the principle of ??never trust, always verify,?? Zero Trust is designed to protect modern digital environments by leveraging network segmentation, preventing lateral movement, providing Layer 7 threat prevention, and simplifying granular user-access control.