-
web.groovymark@gmail.com
- December 5, 2024
Question 41
Explain OSINT tool Recon-ng (CLI):
a) A vulnerability scanning tool for web applications
b) A more robust version of TheHarvester, gathering additional information like DNS and files
c) A graphical interface for metadata extraction
d) A tool for mapping network topologies
Correct Answer: A more robust version of TheHarvester, gathering additional information like DNS and files
Explanation: Recon-ng is an open-source tool that extends the capabilities of TheHarvester, providing additional features for DNS enumeration and file crawling.
Question 42
Describe Maltego (GUI):
a) A tool for encrypting documents
b) A social engineering attack simulation tool
c) A data analysis tool that uses “transforms” to automate data gathering and visualization
d) A software used for securing networks
Correct Answer: A data analysis tool that uses "transforms" to automate data gathering and visualization
Explanation: Maltego uses "transforms" to collect and analyze data from public sources, then displays the data in graphs that show relationships between entities.
Question 43
Explain pretexting:
a) A method to validate credentials before granting access
b) A social engineering tactic that involves presenting false information to manipulate someone into giving access
c) A form of phishing aimed at gathering login details
d) A technique to test firewall
Correct Answer: A social engineering tactic that involves presenting false information to manipulate someone into giving access
Explanation: Pretexting is a form of social engineering in which the attacker fabricates a story or pretext to gain the trust of the victim and extract confidential information.
Question 44
Explain elicitation:
a) A method of socially engineering a target to obtain direct access
b) A tactic used to passively collect information without the target knowing
c) A technique for injecting malware into a system
d) A method for configuring firewalls
Correct Answer: A tactic used to passively collect information without the target knowing
Explanation: Elicitation involves obtaining information from a target without directly asking for it, often using casual conversation or indirect means.
Question 45
What is BEC (Business Email Compromise)?
a) A method of encrypting emails for secure communication
b) A type of phishing attack in which attackers use email to impersonate business leaders
c) A technique for auditing corporate networks
d) A form of malware targeting corporate email servers
Correct Answer: A type of phishing attack in which attackers use email to impersonate business leaders
Explanation: BEC attacks involve attackers posing as business executives via email to manipulate employees into transferring money or sensitive dat
Question 46
xplain a hoax:
a) A phishing attempt that infects users with ransomware
b) A form of malicious communication that tricks users into taking undesired actions
c) A sophisticated hacking attempt on web applications
d) A malware scanning tool
Correct Answer: A form of malicious communication that tricks users into taking undesired actions
Explanation: Hoaxes use fake communications to deceive users into taking actions that may harm their systems or result in data loss.
Question 47
What is the Social Engineering Toolkit (SET)?
a) A tool used to detect social engineering attacks
b) A collection of tools in Kali Linux designed for social engineering attacks like phishing
c) A tool for securing email communications
d) A framework for vulnerability scanning
Correct Answer: A collection of tools in Kali Linux designed for social engineering attacks like phishing
Explanation: SET (Social Engineering Toolkit) helps attackers create phishing campaigns and malicious payloads to exploit human vulnerabilities in security.
Question 48
Explain pharming:
a) Infecting websites with malware
b) Redirecting users to a fake website that looks legitimate to steal their credentials
c) A method to track malware
d) Using social engineering to gather login details
Correct Answer: Redirecting users to a fake website that looks legitimate to steal their credentials
Explanation: In pharming, attackers create fake websites that mimic legitimate ones, tricking users into entering their credentials.
Question 49
Explain baiting:
a) Infecting networks with malware
b) Leaving infected physical media in a location for someone to find and use
c) Using email to manipulate users into downloading malware
d) A way to scan for open ports on a network
Correct Answer: Leaving infected physical media in a location for someone to find and use
Explanation: Baiting involves planting infected media, such as USB drives, in accessible locations where victims are likely to insert them into their computers.
Question 50
What are vishing and SPIT?
a) Two techniques for scanning network vulnerabilities
b) Techniques for phone-based social engineering attacks
c) Tools for analyzing malware behavior
d) Methods for bypassing firewalls
Correct Answer: Techniques for phone-based social engineering attacks
Explanation: Vishing is voice phishing where attackers extract information over the phone, and SPIT (Spam over Internet Telephony) is unsolicited voice messages sent over VoIP services.
