CA Foundation Business Economics Questions 2023 - Part 32
Fri, 03 Mar 2023
1. On a Windows network, user hashes are intended to be capture Which one of the following could be the tool that user selects in order to gather these hashes from broadcast messages?
A) Metasploit
B) Responder
C) Impacket
D) Wireshark
2. A rainbow table against a password file is captured and is now being used by the User. How are rainbow tables passwords cracked?
A) By decrypting the passwords
B) By comparing hashes to identify known values
C) By brute-force testing of hashes
D) By un-hashing the passwords
3. Which tool is best suited with the needs of the user, who wants to set up a false AP?
A) WiFite
B) Wireshark
C) Aircrack-ng
D) Kismet
4. Which one of the following technologies is the LEAST likely to interfere with vulnerability scanning results that have achieved by external penetration testers?
A) Intrusion Prevention System
B) Encryption
C) Containerization
D) Firewall
5. John is conducting a penetration test and a database server is being targete Which one of the following tools would be best to use in order to assist him in detecting vulnerabilities on that server?
A) Sqlmap
B) Nikto
C) OpenVAS
D) Nessus
A) Metasploit
B) Responder
C) Impacket
D) Wireshark
2. A rainbow table against a password file is captured and is now being used by the User. How are rainbow tables passwords cracked?
A) By decrypting the passwords
B) By comparing hashes to identify known values
C) By brute-force testing of hashes
D) By un-hashing the passwords
3. Which tool is best suited with the needs of the user, who wants to set up a false AP?
A) WiFite
B) Wireshark
C) Aircrack-ng
D) Kismet
4. Which one of the following technologies is the LEAST likely to interfere with vulnerability scanning results that have achieved by external penetration testers?
A) Intrusion Prevention System
B) Encryption
C) Containerization
D) Firewall
5. John is conducting a penetration test and a database server is being targete Which one of the following tools would be best to use in order to assist him in detecting vulnerabilities on that server?
A) Sqlmap
B) Nikto
C) OpenVAS
D) Nessus
1. Right Answer: C
Explanation: Responder, Metasploit-s SMB capture mode, and Wireshark can capture SMB hashes from broadcasts. This capability is not built in Impacket but a wide range of related tools is provided that includes the ability to authenticate the hashes once you have captured them..
2. Right Answer: B
Explanation: For a given set of password rules, rainbow tables are lists of pre-computed hashes for all possible passwords. Hashes are compared to the previously calculated hashes in a Rainbow table that match with the known password values. A relatively fast databaseLookup allows this to happen, allowing fast -crackingΓΒ of hashed passwords, in spite the fact that hashes are not reversible.
3. Right Answer: C
Explanation: A fake-AP functionality is built in Aircrack-NG, valid access points are identified with this tool, a target system is disassociated, cloned, and then acted as a man in the middle for future traffi
4. Right Answer: B
Explanation: The results of vulnerability scans are likely to be effected by the encryption technology as the services exposed by a system is not changed in it. Inbound scanning traffic, before it reaches target systems, may be blocked by Firewalls and intrusion prevention systems. External scanners are prevented from seeing services exposed within the
5. Right Answer: A
Explanation: Sqlmap is a dedicated database vulnerability scanner and is the most appropriate tool to be used in this scenario. Ryan might discover the same vulnerabilities using the general-purpose Nessus or OpenVAS scanners, but they are not dedicated database vulnerability scanning tools. Nikto is a web application vulnerability scanner.
Explanation: Responder, Metasploit-s SMB capture mode, and Wireshark can capture SMB hashes from broadcasts. This capability is not built in Impacket but a wide range of related tools is provided that includes the ability to authenticate the hashes once you have captured them..
2. Right Answer: B
Explanation: For a given set of password rules, rainbow tables are lists of pre-computed hashes for all possible passwords. Hashes are compared to the previously calculated hashes in a Rainbow table that match with the known password values. A relatively fast databaseLookup allows this to happen, allowing fast -crackingΓΒ of hashed passwords, in spite the fact that hashes are not reversible.
3. Right Answer: C
Explanation: A fake-AP functionality is built in Aircrack-NG, valid access points are identified with this tool, a target system is disassociated, cloned, and then acted as a man in the middle for future traffi
4. Right Answer: B
Explanation: The results of vulnerability scans are likely to be effected by the encryption technology as the services exposed by a system is not changed in it. Inbound scanning traffic, before it reaches target systems, may be blocked by Firewalls and intrusion prevention systems. External scanners are prevented from seeing services exposed within the
5. Right Answer: A
Explanation: Sqlmap is a dedicated database vulnerability scanner and is the most appropriate tool to be used in this scenario. Ryan might discover the same vulnerabilities using the general-purpose Nessus or OpenVAS scanners, but they are not dedicated database vulnerability scanning tools. Nikto is a web application vulnerability scanner.
0 Comments
Leave a comment
Categories
Recent posts
CA Foundation Business Economics Questions 2023 - Part 31
Fri, 03 Mar 2023
CA Foundation Business Economics Questions 2023 - Part 30
Fri, 03 Mar 2023
