CEH v11 312-50v11 Dumps PDF

Page: 38 / 39

Question 152

A group of hackers were roaming around a bank office building in a city, driving a luxury car. They were using hacking tools on their laptop with the intention to find a free-access wireless network. What is this hacking process known as?

Options:

GPS mapping

Spectrum analysis

Wardriving

Wireless sniffing

Question 153

At what stage of the cyber kill chain theory model does data exfiltration occur?

Options:

Actions on objectives

Weaponization

installation

Command and control

Question 154

When configuring wireless on his home router, Javik disables SSID broadcast. He leaves authentication “open” but sets the SSID to a 32-character string of random letters and numbers.

What is an accurate assessment of this scenario from a security perspective?

Options:

Since the SSID is required in order to connect, the 32-character string is sufficient to prevent brute-force attacks.

Disabling SSID broadcast prevents 802.11 beacons from being transmitted from the access point, resulting in a valid setup leveraging “security through obscurity”.

It is still possible for a hacker to connect to the network after sniffing the SSID from a successful wireless association.

Javik’s router is still vulnerable to wireless hacking attempts because the SSID broadcast setting can be enabled using a specially crafted packet sent to the hardware address of the access point.

Question 155

Calvin, a software developer, uses a feature that helps him auto-generate the content of a web page without manual involvement and is integrated with SSI directives. This leads to a vulnerability in the developed web application as this feature accepts remote user inputs and uses them on the page. Hackers can exploit this feature and pass malicious SSI directives as input values to perform malicious activities such as modifying and erasing server files. What is the type of injection attack Calvin's web application is susceptible to?