Correct Answer:

Semi-tethered jailbreaking is correct.

In semi-tethered jailbreaking, a reboot no longer retains the patched kernel; however, the software has already been added to the device. Therefore, if admin privileges are required, the installed jailbreaking tool can be used.

Incorrect Answers:

Tethered jailbreaking, untethered jailbreaking, and untethered jailbreaking are incorrect.

A reboot removes all jailbreaking patches in tethered mode, and in untethered mode, the kernel will remain patched (that is, jailbroken) after reboot, with or without a system connection. Rooting is associated with Android devices, not iOS.

Correct Answers:

Ensuring services run with least privilege is correct. Ensuring your services run with least privilege (instead of having all services run at admin level) can help in slowing down privilege escalation.

Incorrect Answers:

Ensuring drivers are appropriately signed, setting admin accounts to run with least privilege, and making maximum use of automated services are incorrect.

Ensuring drivers are in good shape is a good practice, but it doesn’t have a lot to do with privilege escalation prevention.

Admin accounts don’t run with least privilege; they’re admin accounts for a reason.

Automating services may save time but doesn’t slow down hacking efforts.

Correct Answer:

It allows traffic from a specific MAC address to enter a port is correct.

This is exceedingly confusing on purpose—because it’s how you’ll see it on the exam. “Port security” refers to a security feature on switches that allows an administrator to manually assign MAC addresses to a specific port; if the machine connecting to the port does not use that particular MAC, it isn’t allowed to even connect. Port security works on source addresses, so you’re automatically looking at “from,” not “to.” In other words, it is specifically allowing access (entering a port) to a defined MAC address—think of it as a whitelist. In other words, in truth, this type of implementation turns out to be a bit of a pain for the network staff, so most people don’t use it that way. In most cases, port security simply restricts the number of MAC addresses connected to a given port. Say your Windows 7 machine runs six VMs for testing, each with its own MAC. As long as your port security allows for at least seven MACs on the port, you’re in good shape.

Incorrect Answers:

It stops traffic sent to a specified MAC address from entering a port, it allows traffic sent to a specific MAC address to enter a port, and it stops traffic from a specific MAC from entering a port are incorrect.

Port security works on source addressing, so you can throw out the answers it stops traffic sent to a specified MAC address from entering a port and it allows traffic sent to a specific MAC address to enter a port.

It stops traffic from a specific MAC from entering a port is incorrect because it’s not stopping a specific MAC from connecting; it’s only allowing a specific one to do so.

Correct Answer:

Impersonation is correct.

A technical support attack is one in which the attacker calls a support desk in an effort to gain a password reset or other useful information. This is a very valuable method because if you get the right help desk person (that is, someone susceptible to a smooth-talking social engineer), you can get the keys to the kingdom.

Correct Answer:

Impersonation, spoofing, and reverse engineering are incorrect.

Impersonation occurs when an attacker pretends to be a person of authority.

Reverse social engineering occurs when the user calls the attacker for assistance.

Spoofing is not a social engineering attack.

Correct Answer:

Mobile based is correct. Mobile-based social engineering uses mobile device technology.

Incorrect Answers:

Human based, computer based, and technology based are incorrect.

The other two social engineering methods are human based and computer based. Technology based is not a valid term.

Correct Answer:

Fuzzing is correct.

Fuzzing is a software testing effort where tons of randomized inputs are hurled at the application to see how it reacts.

Incorrect Answers:

Mutation injection, bound testing, and extrapolation are incorrect.

These answers do not match the definition provided.

Correct Answer:

ZitMo is correct.

ZitMo (Zeus-in-the-Mobile) poses as a banking activation application. In the background, it captures bank login information and listens to all incoming SMS messages, forwarding them to a remote web server. Attackers forward the SMS texts to capture the second authentication factor sent to the victim via text.

Incorrect Answers:

Smishing, vishing, and jailbreak are incorrect.

Smishing uses SMS texts in social engineering attacks, whereas vishing uses voice phone calls. Jailbreak refers to unlocking an iOS device.

Correct Answer:

POODLE is correct.

POODLE interrupts TLS handshakes until things downgrade to a less secure method. The original variant of POODLE was a man-in-the-middle attack, where the bad guy exploits vulnerabilities in the TLS security protocol fallback mechanism.

Incorrect Answers:

Heartbleed, DROWN, and FREAK are incorrect.

Heartbleed exploits the heartbeat mechanism in OpenSSL.

DROWN exploits weaknesses in SSLv2.

Factoring Attack on RSA-EXPORT Keys (FREAK) is a man-in-the-middle attack forcing the downgrade of an RSA key to a weaker length.

Correct Answer:

Shoulder surfing is correct.

Shoulder surfing doesn’t necessarily require you to actually be on the victim’s shoulder—you just have to be able to watch their onscreen activity.

Incorrect Answer:

Eavesdropping, tailgating, and piggybacking are incorrect.

Eavesdropping refers to overhearing sensitive information from employee conversations.

Tailgating and piggybacking are methods to gain entry to a facility.

Correct Answer:

OS detection is correct.

OS detection is far more effective if at least one open and one closed TCP port are found. Set the --osscan-limit option, and Nmap will not even try OS detection against hosts that do not meet this criteria. This can save substantial time, particularly on -Pn scans against many hosts. You still need to enable OS detection with -O (or -A) for the --osscan-limit option to have any effect.

Incorrect Answers:

T switches, --fuzzy switch, and -TCP-only are incorrect.

The T switches deal with timing (higher is faster). The --fuzzy switch is the same as --osscan-guess. When Nmap is unable to detect a perfect OS match, it can offer near matches as possibilities. The match has to be very close for Nmap to do this by default. If you specify this option (or the equivalent --fuzzy option), Nmap will guess more aggressively. Nmap still tells you when an imperfect match is found and displays its confidence level (percentage) for each guess. Finally, -TCP-only does not exist.