Which protocol is typically used as the communication channel between the client and the DDNS provider? HTTP/HTTPS DHCP ARP ICMP Explanation & Hint: The protocol typically used as the communication…
SQL injection attacks typically allow an attacker to perform which malicious activity? Inject operating system commands to the vulnerable SQL database server. Inject operating system commands to the vulnerable web…
Which language is used to describe the style and display properties of an HTML web page? CSS XSS XML CSRF Explanation & Hint: The language used to describe the style…
Which three are valid SQL commands? (Choose three.) SELECT UPDATE DESTROY ALTER MODIFY Explanation & Hint: The three valid SQL commands among the options provided are: SELECT: This command is…
Which protocol uses the well-known TCP port 110? POP IMAP SMTP DNS Explanation & Hint: The protocol that uses the well-known TCP port 110 is POP (Post Office Protocol), specifically…
Which two languages are commonly used in client scripting? (Choose two.) JavaScript VBScript Perl PHP Python Explanation & Hint: The two languages commonly used in client scripting are: JavaScript: JavaScript…
What are the three basic types of payloads within the Metasploit framework? (Choose three.) singles stagers stages crypto active Explanation & Hint: Within the Metasploit framework, the three basic types…
Which resource record type is used to display the mail servers for a domain? CNAME MX AAAA PTR Explanation & Hint: The resource record type used to display the mail…
Referring to the URL being accessed that is shown here, which encoding is used to represent the URL in ASCII? www.xn--gwtq9nb2a.jp Unicode Punycode UTF-32 EUC Explanation & Hint: The URL…
Which vulnerability is required to make SQL injection attacks possible? improper user input validation by the web application improper SQL database schema improper trust relationship between the web application and…
What is typically used by the attackers as a launching platform to deliver the payload to the targeted system? exploit kit day zero malware CnC channel SQL injections Explanation &…
Which two statements are true regarding the reconnaissance phase in the cyber kill chain model? (Choose two.) External to the network, threat actors review available information and resources about your…
Match the feature of the diamond model to the corresponding explanation. when the event occurred, broken into start and end times ==> time stamp A group of events, similar to the…
Match the phase of the kill chain model with the corresponding identification or prevention method. User access controls and strict limits to privilege levels can help mitigate risk. ==> actions on…
What does TTP stand for? time to prepare tactics, threats, and processes tactics, techniques, and procedures theory, testing, and proof Explanation & Hint: TTP stands for "Tactics, Techniques, and Procedures."…
Which two statements are true regarding the weaponization phase in the cyber kill chain model? (Choose two.) The designers of the weapon would not need to worry about the vulnerabilities…
Which two statements are true regarding the command-and-control (CnC) phase in the cyber kill chain model? (Choose two.) CnC is the process of the external threat actor beaconing inbound connection…
Which two statements are true regarding the exploitation phase in the cyber kill chain model? (Choose two.) Selection of the exploit is not important in the exploitation phase. The exploitation…
Which two statements are true regarding the installation or persistence phase in the cyber kill chain model? (Choose two.) This phase does not survive the system re-boots and the attack…
Which phase of the kill chain often involves performing social engineering? command-and-control installation reconnaissance exploitation Explanation & Hint: The phase of the kill chain that often involves performing social engineering…