Which resource is a lightweight and portable tool that allows the creation of bind and reverse shells from a compromised host? WMImplant WSC2 BloodHound Netcat Explanation & Hint: Many tools…
Refer to the exhibit. An attacker opens a port or a listener on the compromised system and waits for a connection. The goal is to connect to the victim from…
Which resource is a Windows utility that combines the old CMD functionality with a new scripting/cmdlet instruction set with built-in system administration functionality? Socat Wsc2 PowerShell Twittor Explanation & Hint:…
Which tool is an open-source container vulnerability scanner that can be used to find vulnerabilities in a Docker image? Anchore’s Grype GATTacker Social-Engineer Toolkit (SET) Nimbostratus Explanation & Hint: Anchore’s…
Which tool can be used to perform on-path attacks in BLE implementations? GATTacker Social-Engineer Toolkit (SET) Nimbostratus Dagda Explanation & Hint: Tools such as GATTacker can be used to perform…
A threat actor has compromised a VM in a data center and discovered a vulnerability that provides access to data in another VM. What type of VM vulnerability has been…
Which option is a characteristic of a VM hypervisor? Type 1 hypervisors are also known as native or bare-metal hypervisors. Type 1 hypervisors run on top of other operating systems.…
Why do cloud architectures help minimize the impact of DoS or DDoS attacks compared to hosting services on-premise? cloud providers use a distributed architecture cloud providers provide sandbox analysis cloud…
Which credential harvesting tool could be used to send a spear phishing email with a link to a malicious site to a target victim? Social-Engineer Toolkit (SET) Searchsploit Drozer Dagda…
Which tool is a set of open-source analysis tools that uses the ClamAV antivirus engine to help detect vulnerabilities, Trojans, backdoors, and malware in Docker images and containers? Anchore’s Grype…
A threat actor uploaded a VM with malicious software to the VMware Marketplace. When an organization deploys the VM, the threat actor can manipulate the systems, applications, and user data.…
Which option is a collection of compute interface specifications designed to offer management and monitoring capabilities independently of the CPU, firmware, and operating system of the host? Intelligent Platform Management…
Which two IoT systems should never be exposed to the Internet? (Choose two.) turbines in a power plant robots in a factory refrigerators in a restaurant thermostat in a home…
Which option is a security vulnerability that affects IoT implementations? plaintext communication and data leakage VM escape vulnerabilities certificate pinning hyperjacking Explanation & Hint: Common IoT security vulnerabilities include: Insecure…
Match the Bluetooth Low Energy (BLE) phase to the description. Phase 1 ==> Transport-specific key distribution Phase 2 ==> Short-term key generation Phase 3 ==> Pairing feature exchange Explanation & Hint: Place the…
Which tool is an open-source framework used to test the security of iOS applications? Needle Drozer APK Studio ApkX Explanation & Hint: Needle is an open-source framework used to test…
Which mobile device vulnerability is targeted when a threat actor reverse engineers a mobile app to see how it creates and stores keys in the iOS Keychain? insecure storage passcode…
Which tool helps software developers and cloud consumers deploy applications in the cloud and use the resources that the cloud provider offers? Software development kits (SDKs) Cloud development kits (CDKs)…
A threat actor has compromised a VM in a cloud environment that shares the same physical hardware as non-compromised VMs. Which cloud technology attack method could now be used to…
What is a common cause of data breaches in attacks against misconfigured cloud assets? using insecure permission configurations for cloud object storage services using hard-coded credentials to access different services…