Udemy test set prep questions with correct detailed answers pass guaranteed

A network technician is responsible for the basic security of the network. Management has asked if there is a way to improve the level of access users have to the company file server. Right now, any employee can upload and download files with basic system authentication (username and password). What should he configure to increase security? Kerberos authentication MDS authentication Multi-factor authentication Single sign-on authentication - correct answers Multi-factor authentication (Correct) You have just concluded a two-month engagement that targeted Dion Training's network. You have a detailed list of findings and have prepared your report for the company. Which of the following reasons explains why you must keep your report confidential and secure? The findings included may contain company intellectual property The findings contain privileged information about their customers The findings could be used by attackers to exploit the client's systems - correct answersThe findings could be used by attackers to exploit the client's systems Which of the following will an adversary do during the reconnaissance phase of the Lockheed Martin kill chain? (SELECT THREE) Harvest email addresses Identify employees on Social Media networks Release of malware on USB drives Acquire or develop zero-day exploits Select backdoor implants and appropriate command and control mechanisms Discover servers facing the public internet - correct answersHarvest email addresses Identify employees on Social Media networks Discover servers facing the public internet Edward's bank recently suffered an attack where an employee made an unauthorized modification to a customer's bank balance. Which tenant of cybersecurity was violated by this employee's actions? authorized modification to a customer's bank balance. Which tenant of cybersecurity was violated by this employee's actions? Confidentiality Authentication Integrity Availability - correct answersIntegrity (Correct) What is not an example of a type of support resource that a pentester might receive as part of a white box assessment? Network diagrams SOAP project files XSD PII of employees - correct answersPII of employees PII shouldn't be given to pen tester bc it could violate laws and regulations regarding maintaining employee data confidentiality and privacy Which of the following would trigger the penetration test to stop and contact the system owners during an engagement? A production server is successfully exploited Discovery of a production server with its log files deleted A production server is unresponsive to ping requests Discovery of encrypted credit card data being stored in their database - correct answersDiscovery of a production server with its log files deleted Pen testing team has direct communication path with system owners or trusted agents during engagement. Deleted log files should be considered an IOC and be investigated by company's security team before you continure w/ your engagement . Which of the following Nmap commands would scan DionT and probe any open ports to determine the versions of the running services on those ports? Which of the following Nmap commands would scan DionT and probe any open ports to determine the versions of the running services on those ports? nmap -sS DionT nmap -sT DionT nmap -sV DionT nmap -sL DionT - correct answersnmap -sV DionT (Correct) You are troubleshooting an issue with a Windows desktop and need to display the machine's active TCP connections. Which of the following commands should you use? use? net use netstat ipconfig ping - correct answersnetstat Netstat command is used to display active TCP connections, ports where the computer is listening, ethernet statistics, the IP routing table, IPv4 stats, and IPV6 statistics on windows. Good for determining malware installed and maintaining remote connection w/ command and control server Dion Training has just installed a brand new email server. Which of the following DNS records would need to be created to allow the new server to receive email on behalf of ? CNAME MX PTR A - correct answersMX (Correct) MX record is required in the DNS for a domain for the email server to accept emails on behalf of registered domain name You have received a laptop from a user who recently left the company. You went to the terminal in the operating system and typed 'history' into the prompt and see the following: -=-=-=-=-=-=-=-=-=-=-=-=-=-=- for i in seq 255; ping -c 1 10.1.0.$i; done -=-=-=-=-=-=-=-=-=-=-=-=-=-=- Which of the following best describes what actions were performed by this line of code? Conducted a ping sweep of the subnet - correct answersExplanation Code is performing ping sweep bc it says for every number in the sequence from 1-25, when it completes this sequence it is to return to the terminal prompt(done). Ping command uses an echo request and then receives an echo reply from the ping's target. Ping sweep doesn't use a SYN scan, which would require the use of tool like nmap or hping What nmap switch would you use to perform operating system detection? -OS -s0 -sP -O - correct answers-O You are working as part of a penetration testing team conducting engagement against Dion Training's network. You have been given a list of targets to scan in nmap in a text file called . Which of the following Nmap commands should you use to find all the servers from the list with ports 80 and 443 enabled and save the results in an XML formatted file called for importing into your team's report generation software? - correct answersNmap -p80,443 -iL -oX The command (nmap -p80,443 -iL -oG ) will only perform a nmap scan against ports 80 and 443. The -iL option will scan each of the listed server's IP addresses. The -oX option will save the results in an XML format to the file while still displaying the normal results to the shell. 1. which of the folowing is the best choice for performing a bluebugging attack? A. phone snoop b. bbproxy wler er - correct answersD. Bloover 2. operations staff promotes the use of mobile devices in the enterprise. the security team disagrees, noting multiple risks involved in adding mobile devices to the network. Which of the following actions provides some protections against the risks the security team is concerned about? A. Implement WPA B. add mac filtering to all WAPS c. implement MDM D. ensure all WAPs are from a single vendor - correct answersC. implement MDM 3. you wan tot gain admin privileges over your android device. which of the following tools is the best option fo r rooting the device? a. pangu ickroot 0n7 - correct answersB.oneclickroot 4. which of the following jailbreaking techniques wil leave the phone in a jailbroken state even after the reboot? red hered -tethered D. rooted - correct answersB. untethered 5. mobile device communication session using SSl fails and data is available for viewing by an attacker. which owasp top 10 mobile vulnerability category has been made available for the exploit? A. m3 insecure communication b. m4: insufficient authentication c.m5: insufficient cryptography d.m10 extraneous functionality - correct answersA. 6. which of the following is an ios jailbreaking type that cannot be patched by apples, as the failure is within the hardware itself and provides admin level access after successful completion? and hered om - correct answersD. bootrom 7. which iot communication model makes use of a component adding a collective(aka gateway device) before sending data to the cloud, which adds a measure of security control to the application? A. device to device B. device to cloud C. device to gateway D. device to security - correct answersC. device to gateway 8. which OWASP iot top 10 vulnerability category deals with poorly protected passwords? A. I1: weak guessable or hardcoded passwords B. I2: insecure network services C. I8: lack of device management D. I9: insecure default settings - correct answersB. 9. attacker leverages a vulnerability within Bluetooth on an IOT device and successfully shut down the air conditioning to the data center floor. Which of the following best describes the attack type used? A. HVAC B. BlueAir