26.
What type of analysis is best suited to identify a previously
unknown malware package operating on a compromised
system?
- A.Trend analysis
- B.Signature analysis
- C.Heuristic analysis
- D.Regression analysis
- Answer & Explanation
- Report
Answer : [C]
Explanation :
Explanation :
| Heuristic analysis focuses on behaviors, allowing a tool using it to identify malware behaviors instead of looking for a specific package. Trend analysis is typically used to identify large-scale changes from the norm, and it is more likely to be useful for a network than for a single PC. Regression analysis is used in statistical modeling. |
27.
Which of the following is not a common DNS antiharvesting technique?
- A.Blacklisting systems or networks
- B.Registering manually
- C.Rate limiting
- D.CAPTCHAs
- Answer & Explanation
- Report
Answer : [B]
Explanation :
Explanation :
| Registering manually won’t prevent DNS harvesting, but privacy services are often used to prevent personal or corporate information from being visible via domain registrars. CAPTCHAs, rate limiting, and blacklisting systems or networks that are gathering data are all common anti-DNS harvesting techniques. |
28.
What technique is being used in this command?
dig axfr @dns-server example.com
dig axfr @dns-server example.com
- A.DNS query
- B.nslookup
- C.dig scan
- D.Zone transfer
- Answer & Explanation
- Report
Answer : [D]
Explanation :
Explanation :
| The axfr flag indicates a zone transfer in both the dig and host utilities. |
29.
Which of the following is not a reason that penetration
testers often perform packet capture while conducting port and
vulnerability scanning?
- A.Work process documentation
- B.To capture additional data for analysis
- C.Plausible deniability
- D.To provide a timeline
- Answer & Explanation
- Report
Answer : [C]
Explanation :
Explanation :
| A packet capture can’t provide plausible deniability, as it provides evidence of action. Packet capture is often used to document work, including the time that a given scan or process occurred, and it can also be used to provide additional data for further analysis. |
30.
What process uses information such as the way that a
system’s TCP stack responds to queries, what TCP options it
supports, and the initial window size it uses?
- A.Service identification
- B.Fuzzing
- C.Application scanning
- D.OS detection
- Answer & Explanation
- Report
Answer : [D]
Explanation :
Explanation :
| Operating system detection often uses TCP options support, IP ID sampling, and window size checks, as well as other indicators that create unique fingerprints for various operating systems. Service identification often leverages banners since TCP capabilities are not unique to a given service. Fuzzing is a code testing method, and application scanning is usually related to web application security. |
|
|
||||||||||||||||||||||||||||
