Fill in the blank
_________ is an attack where the attacker asks to transfer a large deposit through your bank account, promising to give you a large share if you share your account info.
What is advance fee scam, nigerian prince?
During an engagement, you identify that a target organization allows remote access for employees working off-site. You plan to test whether this access can be leveraged to enter the internal network. Which reconnaissance layer does this activity fall under, given that you are attempting to gain entry into the network using remote access?
A. Layer 2
B. Layer 3
C. Layer 4
D. Layer 5
B
Which operator finds directory listings exposed on web servers?
intitle:index.of
Bless is a ______ _______ written for the GNOME Desktop that lets you edit files as a sequence of bytes.
What is a hex editor?
You are conducting a network assessment and have discovered several open ports on a target system. To better understand what software is running on those ports, you decide to use Nmap. Which option would you include in your scan to probe the open ports and identify the services and versions running on them, and what does that option do?
A) -O: Attempt to determine the operating system of the target.
B) -sS: Perform a SYN "stealth" scan to check for open ports.
C) -sV: Probe open ports to determine service/version info.
D) -A: Enable aggressive mode, which includes OS detection, version detection, script scanning, and traceroute.
C
The field inside robots.txt that blocks access to directories is called this.
disallow
The command format to find a file by its name or by the username who owns it or by another type of selection is _____________.
What is the command "find <directory> <option> <item>"?
A detective has seized a suspect’s laptop and needs to examine the hard drive for evidence. She connects a blank drive and is about to run the “dd” command. What does the “dd” Unix/Linux command do as part of computer forensics?
A) creates an exact duplicate of a disk image
B) duplicates the slackspace on a hard disk
C) copies the hard drive to a solid state drive
D) creates a hash of all of the contents of a drive
A
What is Offsec's database, an index of search queries (we call them dorks) used to find publicly available information, intended for pentesters and security researchers?
Google Hacking Database
_______ is an online search engine used to find internet-connected devices for cybersecurity, research, and sometimes perform malicious activities.
What is Shodan.io?
After several major terrorist attacks, lawmakers realized that many serious computer crimes were not being treated as federal offenses because the old rules required very high damage amounts. Congress quickly passed a new law that lowered those damage thresholds and made many more cyberattacks automatically federal crimes.
Many legislative Acts affect computer security. Many legislative Acts affect computer security. Which Act changed computer crime damage assessments, increasing the number of crimes violating federal law?
A) The Health Insurance Portability and Accountability Act (HIPAA)
B) The Gramm- Leach-Bliley Act (GLBA)
C) The Uniting and Strengthening America by Providing Appropriate Tools Required to Intercept and Obstruct Terrorism Act (Patriot Act)
D) The Privacy Act
C
A very specific, targeted patch which is intended to be installed urgently and outside of regular updates.
Hotfix
The specific reserved IP address used to test the functionality of a device's Network Interface Card (NIC) is ________.
127.0.0.1
If the attacker successfully sends a malicious packet to the host address with all 1s in the host bit positions, what is the specific broadcast address the attacker is targeting in this 192.168.10.0 network?
192.168.10.255
What is the term for the unique identifier that all NICs are configured to recognize as themselves, which is used specifically to test the functionality of the NIC?
Loopback