CA Foundation Business Economics Questions 2023 - Part 32
Fri, 03 Mar 2023
Inspirational journeys
Follow the stories of academics and their research expeditions
Comptia Pentest+ 2023 Questions and answer - Part 51
1. What are the examples of IP spoofing?
A) Man-in-the-Middle
B) Cross-site Scripting
C) SQL Injections
D) ARP Poisoning
2. What type of attack is used to crack passwords by using a pre-computed table of hashed passwords?
A) Rainbow Table Attack
B) Hybrid Attack
C) Brute Force Attack
D) Dictionary Attack
3. Which of the following commands are most useful in Windows privilege escalation when attempting to identify potential OS-specific vulnerabilities to exploit? (Choose two)(Select 2answers)
A) systeminfo
B) netsh firewall show config
C) net users
D) wmic qfe
4. A weak encryption key is exploited by which of the following methods of attacking Windows systems that is used in Group Policy Objects to extract hardcoded user account passwords?
A) DLL Hijacking
B) LSASS Dumping
C) cpassword Extraction
D) SAM Database Cracking
5. Which method of attacking Windows family operating systems relies on remnants from the creation of a given system or server for privilege escalation?
A) Kerberoasting
B) Plaintext Credential Transmission via LDAP
C) Unattended Installation Artifact Harvesting
D) cpassword Extraction
A) Man-in-the-Middle
B) Cross-site Scripting
C) SQL Injections
D) ARP Poisoning
2. What type of attack is used to crack passwords by using a pre-computed table of hashed passwords?
A) Rainbow Table Attack
B) Hybrid Attack
C) Brute Force Attack
D) Dictionary Attack
3. Which of the following commands are most useful in Windows privilege escalation when attempting to identify potential OS-specific vulnerabilities to exploit? (Choose two)(Select 2answers)
A) systeminfo
B) netsh firewall show config
C) net users
D) wmic qfe
4. A weak encryption key is exploited by which of the following methods of attacking Windows systems that is used in Group Policy Objects to extract hardcoded user account passwords?
A) DLL Hijacking
B) LSASS Dumping
C) cpassword Extraction
D) SAM Database Cracking
5. Which method of attacking Windows family operating systems relies on remnants from the creation of a given system or server for privilege escalation?
A) Kerberoasting
B) Plaintext Credential Transmission via LDAP
C) Unattended Installation Artifact Harvesting
D) cpassword Extraction
1. Right Answer: A
Explanation: Man-in-the-Middle is an example of IP spoofing.
2. Right Answer: B
Explanation: Rainbow table attack is used to crack passwords by using a pre-computed table of hashed passwords.
3. Right Answer: A,D
Explanation: Maltego is proprietary software used for open-source intelligence and forensics, developed by Paterv Maltego focuses on providing a library of transforms for discovery of data from open sources, and visualizing that information in a graph format that is suitable for link analysis and data mining.
4. Right Answer: C
Explanation: Details on the OS name, version, security hotfixes, and BIOS information are returned by the command systeminfo for a given Windows host. When WMIC (Windows Management Interface CLI)-is used with the qfe flag, further details on the hotfixes present on a target Windows system will be provided by it. For the identification of OS-specific vulnerabilities for exploit on a Windows host both of the commands are immensely valuable.
5. Right Answer: C
Explanation: Group Policy Objects containing cpassword attribute is a glaring security vulnerability due to the use of a static encryption key for all such entries as well as the open publication of the key used by Microsoft on its documentation pages. A cpassword attribute found in a Group Policy Object is as good as storing a password in plaintext.
Explanation: Man-in-the-Middle is an example of IP spoofing.
2. Right Answer: B
Explanation: Rainbow table attack is used to crack passwords by using a pre-computed table of hashed passwords.
3. Right Answer: A,D
Explanation: Maltego is proprietary software used for open-source intelligence and forensics, developed by Paterv Maltego focuses on providing a library of transforms for discovery of data from open sources, and visualizing that information in a graph format that is suitable for link analysis and data mining.
4. Right Answer: C
Explanation: Details on the OS name, version, security hotfixes, and BIOS information are returned by the command systeminfo for a given Windows host. When WMIC (Windows Management Interface CLI)-is used with the qfe flag, further details on the hotfixes present on a target Windows system will be provided by it. For the identification of OS-specific vulnerabilities for exploit on a Windows host both of the commands are immensely valuable.
5. Right Answer: C
Explanation: Group Policy Objects containing cpassword attribute is a glaring security vulnerability due to the use of a static encryption key for all such entries as well as the open publication of the key used by Microsoft on its documentation pages. A cpassword attribute found in a Group Policy Object is as good as storing a password in plaintext.
Tags:
comptia it exams it certification exams it certifications 2023 comptia exam comptia certification comptia questions comptia a+ comptia exam prep comptia 2023 compti prep materials comptia practice exams questions and answers practice tests test question test comptia a+ comptia a+ 1001 comptioa a+ 1002 comptia casp comptia cloud comptia cysa comptia it fundamentals comptia linux comptia network+ comptia security+ linux essentials0 Comments
Categories
Recent posts
CA Foundation Business Economics Questions 2023 - Part 31
Fri, 03 Mar 2023
CA Foundation Business Economics Questions 2023 - Part 30
Fri, 03 Mar 2023
Leave a comment