312-50v13 Free Practice Test

- (Topic 3)
Jack, a disgruntled ex-employee of Incalsol Ltd., decided to inject fileless malware into Incalsol's systems. To deliver the malware, he used the current employees' email IDs to send fraudulent emails embedded with malicious links that seem to be legitimate. When a victim employee clicks on the link, they are directed to a fraudulent website that automatically loads Flash and triggers the exploit. What is the technique used byjack to launch the fileless malware on the target systems?

1. A. In-memory exploits
2. B. Phishing
3. C. Legitimate applications
4. D. Script-based injection

Correct Answer: B
Launching Fileless Malware through Phishing Attackers commonly use social engineering techniques such as phishing to spread fileless malware to the target systems. Fileless malware exploits vulnerabilities in system tools to load and run malicious payloads on the victim??s machine to compromise the sensitive information stored in the process memory. (P.978/962)

- (Topic 2)
An attacker redirects the victim to malicious websites by sending them a malicious link by email. The link appears authentic but redirects the victim to a malicious web page, which allows the attacker to steal the victim's data. What type of attack is this?

1. A. Phishing
2. B. Vlishing
3. C. Spoofing
4. D. DDoS

Correct Answer: A
https://en.wikipedia.org/wiki/Phishing
Phishing is a type of social engineering attack often used to steal user data, including login credentials and credit card numbers. It occurs when an attacker, masquerading as a trusted entity, dupes a victim into opening an email, instant message, or text message. The recipient is then tricked into clicking a malicious link, which can lead to the installation of malware, the freezing of the system as part of a ransomware attack, or the revealing of sensitive information.
An attack can have devastating results. For individuals, this includes unauthorized purchases, the stealing of funds, or identify theft.
Moreover, phishing is often used to gain a foothold in corporate or governmental networks as a part of a larger attack, such as an advanced persistent threat (APT) event. In this latter
scenario, employees are compromised in order to bypass security perimeters, distribute malware inside a closed environment, or gain privileged access to secured data.
An organization succumbing to such an attack typically sustains severe financial losses in addition to declining market share, reputation, and consumer trust. Depending on the scope, a phishing attempt might escalate into a security incident from which a business will have a difficult time recovering.

- (Topic 2)
What hacking attack is challenge/response authentication used to prevent?

1. A. Replay attacks
2. B. Scanning attacks
3. C. Session hijacking attacks
4. D. Password cracking attacks

Correct Answer: A

- (Topic 3)
You are using a public Wi-Fi network inside a coffee shop. Before surfing the web, you use your VPN to prevent intruders from sniffing your traffic. If you did not have a VPN, how would you identify whether someone is performing an ARP spoofing attack on your laptop?

1. A. You should check your ARP table and see if there is one IP address with two different MAC addresses.
2. B. You should scan the network using Nmap to check the MAC addresses of all the hosts and look for duplicates.
3. C. You should use netstat to check for any suspicious connections with another IP address within the LAN.
4. D. You cannot identify such an attack and must use a VPN to protect your traffic, r

Correct Answer: A
ARP Spoofing Attack ARP packets can be forged to send data to the attacker??s machine.Attackers flood a target computer??s ARP cache with forged entries, which is also known as poisoning. (P.1143/1127)

- (Topic 3)
Mason, a professional hacker, targets an organization and spreads Emotet malware through malicious script. After infecting the victim's device. Mason further used Emotet to spread the infection across local networks and beyond to compromise as many machines as possible. In this process, he used a tool, which is a self-extracting RAR file, to retrieve information related to network resources such as writable share drives. What is the tool employed by Mason in the above scenario?

1. A. NetPass.exe
2. B. Outlook scraper
3. C. WebBrowserPassView
4. D. Credential enumerator

Correct Answer: D
https://us-cert.cisa.gov/ncas/alerts/TA18-201A
Currently, Emotet uses five known spreader modules: NetPass.exe, WebBrowserPassView, Mail PassView, Outlook scraper, and a credential enumerator. Credential enumerator is a self-extracting RAR file containing two components: a bypass component and a service component. The bypass component is used for the enumeration of network resources and either finds writable share drives using Server Message Block (SMB) or tries to brute force user accounts, including the administrator account. Once an available system is found, Emotet writes the service component on the system, which writes Emotet onto the disk. Emotet??s access to SMB can result in the infection of entire domains (servers and clients).