jane, an ethical hacker. Is testing a target organization's web server and website to identity security loopholes. In this process, she copied the entire website and its content on a local drive to view the complete profile of the site's directory structure, file structure, external links, images, web pages, and so on. This information helps jane map the website's directories and gain valuable information. What is the attack technique employed by Jane in the above scenario?

A. website mirroring

B. Session hijacking

C. Web cache poisoning

D. Website defacement

Mary found a high vulnerability during a vulnerability scan and notified her server team. After analysis, they sent her proof that a fix to that issue had already been applied. The vulnerability that Marry found is called what?

A. False-negative

B. False-positive

C. Brute force attack

D. Backdoor

Identify the web application attack where the attackers exploit vulnerabilities in dynamically generated web pages to inject client-side script into web pages viewed by other users.

A. LDAP Injection attack

B. Cross-Site Scripting (XSS)

C. SQL injection attack

D. Cross-Site Request Forgery (CSRF)

Windows LAN Manager (LM) hashes are known to be weak.

Which of the following are known weaknesses of LM? (Choose three.)

A. Converts passwords to uppercase.

B. Hashes are sent in clear text over the network.

C. Makes use of only 32-bit encryption.

D. Effective length is 7 characters.

An attacker is trying to redirect the traffic of a small office. That office is using their own mail server, DNS server and NTP server because of the importance of their job. The attacker gain access to the DNS server and redirect the direction www.google.com to his own IP address. Now when the employees of the office want to

go to Google they are being redirected to the attacker machine. What is the name of this kind of attack?

A. MAC Flooding

B. Smurf Attack

C. DNS spoofing

D. ARP Poisoning

Jacob works as a system administrator in an organization. He wants to extract the source code of a mobile application and disassemble the application to analyze its design flaws. Using this technique, he wants to fix any bugs in the application, discover underlying vulnerabilities, and improve defense strategies against attacks.

What is the technique used by Jacob in the above scenario to improve the security of the mobile application?

A. Reverse engineering

B. App sandboxing

C. Jailbreaking

D. Social engineering

How is the public key distributed in an orderly, controlled fashion so that the users can be sure of the sender's identity?

A. Hash value

B. Private key

C. Digital signature

D. Digital certificate

Which of the following steps for risk assessment methodology refers to vulnerability identification?

A. Determines if any flaws exist in systems, policies, or procedures

B. Assigns values to risk probabilities; Impact values.

C. Determines risk probability that vulnerability will be exploited (High. Medium, Low)

D. Identifies sources of harm to an IT system. (Natural, Human. Environmental)

What hacking attack is challenge/response authentication used to prevent?

A. Replay attacks

B. Scanning attacks

C. Session hijacking attacks

D. Password cracking attacks

Fingerprinting an Operating System helps a cracker because:

A. It defines exactly what software you have installed

B. It opens a security-delayed window based on the port being scanned

C. It doesn't depend on the patches that have been applied to fix existing security holes

D. It informs the cracker of which vulnerabilities he may be able to exploit on your system