Which two languages are commonly used in client scripting? (Choose two.) JavaScript VBScript Perl PHP Python Explanation & Hint: The two languages commonly used in client scripting are: JavaScript: JavaScript…
What are the three basic types of payloads within the Metasploit framework? (Choose three.) singles stagers stages crypto active Explanation & Hint: Within the Metasploit framework, the three basic types…
Which resource record type is used to display the mail servers for a domain? CNAME MX AAAA PTR Explanation & Hint: The resource record type used to display the mail…
Referring to the URL being accessed that is shown here, which encoding is used to represent the URL in ASCII? www.xn--gwtq9nb2a.jp Unicode Punycode UTF-32 EUC Explanation & Hint: The URL…
Which vulnerability is required to make SQL injection attacks possible? improper user input validation by the web application improper SQL database schema improper trust relationship between the web application and…
What is typically used by the attackers as a launching platform to deliver the payload to the targeted system? exploit kit day zero malware CnC channel SQL injections Explanation &…
Which two statements are true regarding the reconnaissance phase in the cyber kill chain model? (Choose two.) External to the network, threat actors review available information and resources about your…
Match the feature of the diamond model to the corresponding explanation. when the event occurred, broken into start and end times ==> time stamp A group of events, similar to the…
Match the phase of the kill chain model with the corresponding identification or prevention method. User access controls and strict limits to privilege levels can help mitigate risk. ==> actions on…
What does TTP stand for? time to prepare tactics, threats, and processes tactics, techniques, and procedures theory, testing, and proof Explanation & Hint: TTP stands for "Tactics, Techniques, and Procedures."…
Which two statements are true regarding the weaponization phase in the cyber kill chain model? (Choose two.) The designers of the weapon would not need to worry about the vulnerabilities…
Which two statements are true regarding the command-and-control (CnC) phase in the cyber kill chain model? (Choose two.) CnC is the process of the external threat actor beaconing inbound connection…
Which two statements are true regarding the exploitation phase in the cyber kill chain model? (Choose two.) Selection of the exploit is not important in the exploitation phase. The exploitation…
Which two statements are true regarding the installation or persistence phase in the cyber kill chain model? (Choose two.) This phase does not survive the system re-boots and the attack…
Which phase of the kill chain often involves performing social engineering? command-and-control installation reconnaissance exploitation Explanation & Hint: The phase of the kill chain that often involves performing social engineering…
Which node is responsible for conducting an intrusion in the diamond model? adversary capability infrastructure victim attacker vector Explanation & Hint: In the Diamond Model of Intrusion Analysis, the node…
Regarding the diamond model, which four nodes are used to model an intrusion? (Choose four.) adversary capability attacker network infrastructure capacity victim vector path Explanation & Hint: In the Diamond…
Which two statements are true regarding the delivery phase in the cyber kill chain model? (Choose two.) Delivery is the transmission of the payload to the target via a communication…
Regarding the diamond model, which tool or technique might the adversary use in an event? infrastructure victim capability attacker vector Explanation & Hint: In the context of the Diamond Model…
Which phase of the cyber kill chain model describes actions taken by the threat actor that are objective-dependent? installation CnC exploitation actions on objectives Explanation & Hint: The phase of…