©FYNDLAY 2024/2025 ALL RIGHTS RESERVED 2:49PM A+
CND - Prep A - EC-Council Exam Questions
And Answers |Latest 2025 | Guaranteed Pass.
Risk
Asset + Threat + Vulnerability
Vulnerability
existence of a weakness, when exploited, leads to event compromising the security of the
system
Threat
potential occurrence of an undesired event, eventually damage operational activities of an
organization
Technological Vulnerabilities
inherent weakness in the operating system, printers, scanners or other networking
equipment
Configuration vulnerabilities
Improper password management vulnerability
Attack
Action taken towards breaching an IT system’s security through vulnerabilities
Tailgating
unauthorized person wearing a fake ID badge and following an authorized employee through
a door
configuration vulnerability
misconfiguration of computing and network devices, default password and settings
1
, ©FYNDLAY 2024/2025 ALL RIGHTS RESERVED 2:49PM A+
Phishing
attacker sends email with link asking for personal or financial information
Rooting
allows Android users to attain privileged control within Android’s subsystem
Jailbreaking
removes sandbox restrictions in iPhones, enables malicious apps to access restricted mobile
resources
indicator of malicious user redirection
requested website redirects the user back to Google
AD
Cloudborne attack
vulnerability in bare-metal cloud server that enables attackers to implant malicious backdoor
in its firmware
Cloud hopper attack
attacker gains remote access to a MSP and its users, and utilize information to launch further
attacks on the users
Wrapping attack
SOAP message in TLS layer, attackers duplicate body of the message and send it to the server
as a legitimate user
Wardriving attack
detection of wireless LANs either by sending probe requests over a connection or by listening
to web beacons
HoneySpot access point attack
attacker set up a fake hotspot and steal users’ credentials
Reconnaissance
hacking phase - dumpster diving or social engineering techniques
Clearing tracks
hacking phase - steganography and tunneling techniques
Lockheed Martin’s Cyber Kill Chain - weaponization phase
2
, ©FYNDLAY 2024/2025 ALL RIGHTS RESERVED 2:49PM A+
Creating a phishing email campaign
Lockheed Martin’s Cyber Kill Chain - delivery phase
Implementing various hacking tools against operating systems, applications, and servers of the
target organization
Lockheed Martin’s Cyber Kill Chain - command and control phase
hiding the evidence of compromise using techniques such as encryption
AD
Jailbreaking
installing a modified set of kernel patches that run third-party applications not signed by the
OS vendor
Teardrop attack
wireless network attack on IP protocol offset fields of UDP packet to cause a target machine
to reboot or shut down
Confidentiality
ensure that information is not disclosed to unauthorized parties
Proactive approach
methods or techniques used to make informed decisions on future attacks
reactive approach
Security monitoring methods such as IDS, IPS, and TRS
Warning signs
deterrence control to ensure physical network security
Security architect
supervises the implementation of computer and network security in an organization by
finding efficient methods
Security analyst
maintains the privacy and integrity of an internal network and evaluates the efficiency of the
security measures
defense-in-depth security - first level of defense or countermeasures
Policies, procedures, and awareness
3
CND - Prep A - EC-Council Exam Questions
And Answers |Latest 2025 | Guaranteed Pass.
Risk
Asset + Threat + Vulnerability
Vulnerability
existence of a weakness, when exploited, leads to event compromising the security of the
system
Threat
potential occurrence of an undesired event, eventually damage operational activities of an
organization
Technological Vulnerabilities
inherent weakness in the operating system, printers, scanners or other networking
equipment
Configuration vulnerabilities
Improper password management vulnerability
Attack
Action taken towards breaching an IT system’s security through vulnerabilities
Tailgating
unauthorized person wearing a fake ID badge and following an authorized employee through
a door
configuration vulnerability
misconfiguration of computing and network devices, default password and settings
1
, ©FYNDLAY 2024/2025 ALL RIGHTS RESERVED 2:49PM A+
Phishing
attacker sends email with link asking for personal or financial information
Rooting
allows Android users to attain privileged control within Android’s subsystem
Jailbreaking
removes sandbox restrictions in iPhones, enables malicious apps to access restricted mobile
resources
indicator of malicious user redirection
requested website redirects the user back to Google
AD
Cloudborne attack
vulnerability in bare-metal cloud server that enables attackers to implant malicious backdoor
in its firmware
Cloud hopper attack
attacker gains remote access to a MSP and its users, and utilize information to launch further
attacks on the users
Wrapping attack
SOAP message in TLS layer, attackers duplicate body of the message and send it to the server
as a legitimate user
Wardriving attack
detection of wireless LANs either by sending probe requests over a connection or by listening
to web beacons
HoneySpot access point attack
attacker set up a fake hotspot and steal users’ credentials
Reconnaissance
hacking phase - dumpster diving or social engineering techniques
Clearing tracks
hacking phase - steganography and tunneling techniques
Lockheed Martin’s Cyber Kill Chain - weaponization phase
2
, ©FYNDLAY 2024/2025 ALL RIGHTS RESERVED 2:49PM A+
Creating a phishing email campaign
Lockheed Martin’s Cyber Kill Chain - delivery phase
Implementing various hacking tools against operating systems, applications, and servers of the
target organization
Lockheed Martin’s Cyber Kill Chain - command and control phase
hiding the evidence of compromise using techniques such as encryption
AD
Jailbreaking
installing a modified set of kernel patches that run third-party applications not signed by the
OS vendor
Teardrop attack
wireless network attack on IP protocol offset fields of UDP packet to cause a target machine
to reboot or shut down
Confidentiality
ensure that information is not disclosed to unauthorized parties
Proactive approach
methods or techniques used to make informed decisions on future attacks
reactive approach
Security monitoring methods such as IDS, IPS, and TRS
Warning signs
deterrence control to ensure physical network security
Security architect
supervises the implementation of computer and network security in an organization by
finding efficient methods
Security analyst
maintains the privacy and integrity of an internal network and evaluates the efficiency of the
security measures
defense-in-depth security - first level of defense or countermeasures
Policies, procedures, and awareness
3
