- Expert Veri�ed, Online, Free.

 Custom View Settings

Topic 1 - Exam A

Question #1 Topic 1

In this form of encryption algorithm, every individual block contains 64-bit data, and three keys are used, where each key consists of 56 bits.
Which is this encryption algorithm?

A. IDEA

B. Triple Data Encryption Standard

C. AES

D. MD5 encryption algorithm

Correct Answer: B

Community vote distribution

B (100%)

  581777a 4 days, 18 hours ago

Selected Answer: B
B. Triple Data Encryption Standard
upvoted 1 times

  hsh67080 1 month ago

Selected Answer: B
B. Triple Data Encryption Standard
upvoted 1 times

  jeremy13 3 months, 1 week ago

Selected Answer: B
B. Triple Data Encryption Standard
upvoted 3 times

  eli117 4 months ago

Selected Answer: B
The encryption algorithm described is the Data Encryption Standard (DES). DES uses a block cipher to encrypt data in 64-bit blocks, and it uses
three keys in a process called Triple DES (3DES) encryption. Each key is 56 bits long, but only 48 of those bits are used in each round of the
encryption process. DES was widely used in the past, but it has since been replaced by more modern and secure encryption algorithms like the
Advanced Encryption Standard (AES).
upvoted 2 times
Question #2 Topic 1

John is investigating web-application �rewall logs and observers that someone is attempting to inject the following:

What type of attack is this?

A. SQL injection

B. Buffer over�ow

C. CSRF

D. XSS

Correct Answer: B

Community vote distribution

B (100%)

  jeremy13 3 months, 1 week ago

Selected Answer: B
B. Buffer overflow
upvoted 1 times

  eli117 4 months ago

Selected Answer: B
the attacker is attempting to write data beyond the bounds of the buffer by assigning a value to the element at index 10 of the buff array, which
only has 10 elements (0-9). This can lead to overwriting adjacent memory locations, potentially allowing the attacker to execute arbitrary code or
manipulate the program's behavior in unintended ways.
upvoted 2 times
Question #3 Topic 1

John, a professional hacker, performs a network attack on a renowned organization and gains unauthorized access to the target network. He
remains in the network without being detected for a long time and obtains sensitive information without sabotaging the organization.
Which of the following attack techniques is used by John?

A. Insider threat

B. Diversion theft

C. Spear-phishing sites

D. Advanced persistent threat

Correct Answer: D

Community vote distribution

D (100%)

  jeremy13 3 months, 1 week ago

Selected Answer: D
D. Advanced persistent threat
like V11 Q227
upvoted 1 times

  eli117 4 months ago

Selected Answer: D
An advanced persistent threat (APT) is a type of cyber attack where an attacker gains unauthorized access to a network and remains undetected for
an EXTENDED PERIOD OF TIME.
upvoted 4 times
Question #4 Topic 1

You are attempting to run an Nmap port scan on a web server. Which of the following commands would result in a scan of common ports with the
least amount of noise in order to evade IDS?

A. nmap -A - Pn

B. nmap -sP -p-65535 -T5

C. nmap -sT -O -T0

D. nmap -A --host-timeout 99 -T1

Correct Answer: C

Community vote distribution

C (75%) B (25%)

  jeremy13 3 months, 1 week ago

Selected Answer: C
C. nmap -sT -O -T0
Like V10 Q44
T0 => paranoid
upvoted 2 times

  digas 3 months, 1 week ago

Selected Answer: C
Correct option is C.
-T0 option is called "paranoid" because it's slow to try and avoid detection.
"While -T0 and -T1 may be useful for avoiding IDS alerts, they will take an extraordinarily long time to scan thousands of machines or ports. For
such a long scan, you may prefer to set the exact timing values you need rather than rely on the canned -T0 and -T1 values."
You can find this in the official documentation:
https://nmap.org/book/performance-timing-templates.html
upvoted 2 times

  sausageman 3 months, 3 weeks ago

Selected Answer: C
Correct option is C.
-T0 option is called "paranoid" because it's slow to try and avoid detection.
"While -T0 and -T1 may be useful for avoiding IDS alerts, they will take an extraordinarily long time to scan thousands of machines or ports. For
such a long scan, you may prefer to set the exact timing values you need rather than rely on the canned -T0 and -T1 values."
You can find this in the official documentation:
https://nmap.org/book/performance-timing-templates.html
upvoted 2 times

  eli117 4 months ago

Selected Answer: B
unfortunately they are all noisy so you have to choose the BEST option.

B. nmap -sP -p-65535 -T5

This command uses the following options:

-sP: This option specifies a Ping scan to discover hosts that are up and running, without actually scanning any ports.
-p-65535: This option specifies that all ports from 1 to 65535 should be scanned.
-T5: This option sets the timing template to aggressive, which means that the scan will run faster
upvoted 2 times

  Oushi 3 months, 3 weeks ago

If the question specifically says that you're attempting to run a port scan and asks which scan would result in a scan of common ports, why
would we us -sP which you say doesn't do any port scanning? Why would we run any kind of scan at -T5 if we're specifically asked to create as
little noise as possible when we know that the speed of -T5 means all of that network traffic will get created at once?
upvoted 2 times
Question #5 Topic 1

This wireless security protocol allows 192-bit minimum-strength security protocols and cryptographic tools to protect sensitive data, such as
GCMP-256, HMAC-SHA384, and ECDSA using a 384-bit elliptic curve.
Which is this wireless security protocol?

A. WPA3-Personal

B. WPA3-Enterprise

C. WPA2-Enterprise

D. WPA2-Personal

Correct Answer: B

Community vote distribution

B (100%)

  jeremy13 3 months, 1 week ago

Selected Answer: B
B. WPA3-Enterprise
like V11 Q204
upvoted 1 times

  eli117 4 months ago

Selected Answer: B
B. WPA3-Enterprise

WPA3 (Wi-Fi Protected Access 3) is the latest wireless security protocol that provides improved security and privacy over the older WPA2 protocol.
WPA3-Enterprise is designed for use in enterprise environments, where security is a critical concern. WPA3-Enterprise provides strong encryption
and authentication mechanisms to protect against various types of attacks, including password-based attacks and man-in-the-middle attacks.

WPA3-Enterprise supports the use of 192-bit minimum-strength security protocols, such as GCMP-256, to protect sensitive data. It also uses
cryptographic tools like HMAC-SHA384 and ECDSA using a 384-bit elliptic curve to provide strong security.

WPA3-Personal, on the other hand, is designed for use in home networks and provides improved security over the older WPA2-Personal protocol,
but it does not support the same level of security protocols as WPA3-Enterprise.
upvoted 1 times
Question #6 Topic 1

What are common �les on a web server that can be miscon�gured and provide useful information for a hacker such as verbose error messages?

A. httpd.conf

B. administration.con�g

C. php.ini

D. idq.dll

Correct Answer: C

Community vote distribution

C (73%) A (27%)

  sausageman Highly Voted  3 months, 3 weeks ago

Selected Answer: C
C:php.ini
CEH Book v12 Module 13 Page 1163
"As shown in the below figure, the configuration may give verbose error messages. "
"Figure 13.12: Screenshot displaying the php.ini file"
upvoted 6 times

  secn00b911 1 month, 2 weeks ago

you got a PDF version of the book and willing to share?
upvoted 1 times

  kapen Most Recent  3 weeks, 1 day ago

Selected Answer: C
php.ini misconfiguration may give verbose error messages. see pages 1792, Exam 312-50 Certified Ethical Hacker
upvoted 1 times

  naija4life 1 month, 1 week ago

Selected Answer: A
httpd.conf
upvoted 1 times

  aukaaya 3 months, 3 weeks ago

C:php.ini is the correct one
upvoted 1 times

  jeremy13 4 months ago

Selected Answer: C
C: php.ini
Although I think httpd.conf is also a possible answer, I would say php.ini
which can disclose more error messages (database etc..)
upvoted 1 times

  eli117 4 months ago

Selected Answer: A
A. httpd.conf

While files such as php.ini (which can also contain sensitive configuration information for PHP-based web applications) can also be misconfigured
and provide useful information to attackers, httpd.conf is generally considered to be the most commonly targeted file for this purpose, due to the
widespread use of the Apache web server.
upvoted 2 times
Question #7 Topic 1

Gerard, a disgruntled ex-employee of Sunglass IT Solutions, targets this organization to perform sophisticated attacks and bring down its
reputation in the market. To launch the attacks process, he performed DNS footprinting to gather information about DNS servers and to identify
the hosts connected in the target network. He used an automated tool that can retrieve information about DNS zone data including DNS domain
names, computer names, IP addresses, DNS records, and network Whois records. He further exploited this information to launch other
sophisticated attacks.
What is the tool employed by Gerard in the above scenario?

A. Towelroot

B. Knative

C. zANTI

D. Bluto

Correct Answer: D

Community vote distribution

D (100%)

  Vincent_Lu Highly Voted  2 months ago

D. Bluto
A. Towelroot is an Android phone root tool released by information security expert GeoHot. Users can use Towelroot to root their phones quickly
and easily.

B. Knative is an open source platform based on Kubernetes, mainly used for the development and execution of container applications, which can
be executed in cloud and local environments.

C. zANTI is a popular Android mobile security testing tool, mainly used to test the security and weaknesses of mobile applications, including
vulnerability scanning, password cracking, MITM attacks, etc.

D. Bluto is a DNS penetration testing tool based on Python, which can be used to test the security and vulnerability of DNS servers in the network.
Bluto can access DNS servers in the network and extract information from them, crack passwords, modify DNS information, etc.
upvoted 5 times

  jeremy13 Most Recent  3 months, 1 week ago

Selected Answer: D
D. Bluto
like V11 Q171
upvoted 2 times

  eli117 4 months ago

Selected Answer: D
D. Bluto

Bluto is an automated tool used for DNS footprinting. It is designed to retrieve information about DNS zone data including DNS domain names,
computer names, IP addresses, DNS records, and network Whois records. It can be used to map out a network and identify potential targets for
further attacks.
upvoted 2 times
Question #8 Topic 1

Tony is a penetration tester tasked with performing a penetration test. After gaining initial access to a target system, he �nds a list of hashed
passwords.
Which of the following tools would not be useful for cracking the hashed passwords?

A. Hashcat

B. John the Ripper

C. THC-Hydra

D. netcat

Correct Answer: B

Community vote distribution

D (100%)

  steffBarj 2 weeks, 2 days ago

Netcat is the correct answer
upvoted 1 times

  TRDRPR 2 weeks, 3 days ago

I think there is an error in the question, because the correct is John The Ripper, but they've added "Not To Be Used"
upvoted 1 times

  emiliete7 2 months, 1 week ago

Selected Answer: D
D correct
upvoted 1 times

  Whitedevil1997 2 months, 2 weeks ago

D is Corred
upvoted 1 times

  Muli_70 3 months ago

D is Correct , NOT TO BE USED.
So netcat should NOT BE USED for passwsord cracking.
upvoted 2 times

  teenwolf18 3 months, 1 week ago

D is correct, John the ripper is password cracking tool
upvoted 1 times

  OyorQSEC 3 months, 3 weeks ago

Netcat is a network connections reader/editor
upvoted 1 times

  jeremy13 4 months ago

Selected Answer: D
D. netcat
NOT BE useful for cracking the hashed passwords

The Netcat (nc) command is a command-line utility for reading and writing data between two computer networks. The communication happens
using either TCP or UDP.
upvoted 3 times

  bellabop 4 months ago

D. netcat

John the ripper is password cracking tool lmao

upvoted 1 times

  eli117 4 months ago

Selected Answer: D
D. netcat

Netcat (also known as "nc") is a networking utility that can be used for a variety of purposes, such as sending and receiving data across network
 connections. However, it is not a password cracking tool and would not be useful for cracking hashed passwords.
upvoted 1 times

Question #9 Topic 1

Which of the following Google advanced search operators helps an attacker in gathering information about websites that are similar to a speci�ed
target URL?

A. [inurl:]

B. [info:]

C. [site:]

D. [related:]

Correct Answer: D

Community vote distribution

D (100%)

  duke_of_kamulu 1 month, 1 week ago

related similar same is key point D is the answer
upvoted 1 times

  jeremy13 4 months ago

Selected Answer: D
D. related
List web pages that are “similar” to a specified web page.
https://gist.github.com/ikuamike/c2611b171d64b823c1c1956129cbc055
upvoted 3 times

  eli117 4 months ago

Selected Answer: D
D. [related:]

The [related:] operator can be used to find websites that are similar to a specified URL. This can be useful for attackers who are looking to identify
other websites that may be associated with a target, such as partners or suppliers, or to identify potential attack vectors that may be present on
other websites.
upvoted 2 times
Question #10 Topic 1

You are a penetration tester working to test the user awareness of the employees of the client XYZ. You harvested two employees’ emails from
some public sources and are creating a client-side backdoor to send it to the employees via email.
Which stage of the cyber kill chain are you at?

A. Reconnaissance

B. Weaponization

C. Command and control

D. Exploitation

Correct Answer: D

Community vote distribution

B (100%)

  eli117 Highly Voted  4 months ago

Selected Answer: B
B. Weaponization

The cyber kill chain is a framework that describes the different stages of a cyber attack. The stages of the kill chain are as follows:

Reconnaissance
Weaponization
Delivery
Exploitation
Installation
Command and Control
Actions on Objectives

In this scenario, the penetration tester has already completed the first stage of reconnaissance by harvesting the employees' email addresses from
public sources. They are now in the second stage of weaponization, where they are creating a client-side backdoor and attaching it to an email in
order to deliver it to the employees.

The next stages of the kill chain would be delivery, where the email is sent to the employees, followed by exploitation, installation, and command
and control, where the attacker gains access to the target system and establishes a channel for ongoing communication.
upvoted 8 times

  ZacharyDriver Most Recent  2 weeks, 1 day ago

Selected Answer: B
B. Weaponization
upvoted 1 times

  Rizwann 1 month ago

Selected Answer: B
Weaponisation
upvoted 1 times

  Vincent_Lu 1 month, 4 weeks ago

B. Weaponization
upvoted 1 times

  teenwolf18 3 months, 1 week ago

Weaponization
upvoted 2 times

  HeyacedoGomez 3 months, 3 weeks ago

Selected Answer: B
Weaponization
upvoted 2 times

  bellabop 4 months ago

Selected Answer: B
B. Weaponization
upvoted 3 times
Question #11 Topic 1

While performing an Nmap scan against a host, Paola determines the existence of a �rewall.
In an attempt to determine whether the �rewall is stateful or stateless, which of the following options would be best to use?

A. -sA

B. -sX

C. -sT

D. -sF

Correct Answer: A

Community vote distribution

A (88%) 13%

  ptrckm Highly Voted  4 months ago

Selected Answer: A
Correct answer is A.
From the nmap manual: "-sA (TCP ACK scan) This scan is different than the others discussed so far in that it never determines open (or even
open|filtered) ports. It is used to map out firewall rulesets, determining whether they are stateful or not and which ports are filtered."
upvoted 9 times

  jeremy13 Highly Voted  4 months ago

Selected Answer: A
A: -sA

One of the most interesting uses of ACK scanning is to differentiate between stateful and stateless firewalls. See the section called “ACK Scan” for
how to do this and why you would want to.
https://nmap.org/book/scan-methods-ack-scan.html
upvoted 5 times

  Harrysphills Most Recent  2 months, 1 week ago

C. -sT

The "-sT" option in Nmap performs a TCP connect scan, which involves establishing a full TCP connection with the target host. This type of scan can
help determine if the firewall is stateful because it requires the firewall to maintain and track the state of the TCP connections. If the scan is
successful and shows open ports, it indicates that the firewall is likely stateful since it allows the establishment of full TCP connections
upvoted 1 times

  teenwolf18 3 months, 1 week ago

TCP ACK Scan (-sA)
upvoted 2 times

  eli117 4 months ago

Selected Answer: C
C. -sT

The -sT option in Nmap is used to perform a TCP connect scan. This scan involves attempting to establish a full TCP connection with the target host
on the specified port(s). If the connection is successful, it indicates that the target port is open and that the firewall is stateful (i.e., it is allowing
traffic that is part of an established connection).

If the connection is unsuccessful, it indicates that the target port is either closed or filtered by a stateless firewall (i.e., a firewall that does not keep
track of the state of network connections). Note that some stateless firewalls may block TCP connect scans altogether, so this method may not
always be effective in identifying whether a firewall is stateful or stateless.
upvoted 2 times

  sausageman 3 months, 3 weeks ago

You need to get your NMAP right. 2 questions you answered wrong about NMAP already
upvoted 7 times
Question #12 Topic 1

A newly joined employee, Janet, has been allocated an existing system used by a previous employee. Before issuing the system to Janet, it was
assessed by Martin, the administrator. Martin found that there were possibilities of compromise through user directories, registries, and other
system parameters. He also identi�ed vulnerabilities such as native con�guration tables, incorrect registry or �le permissions, and software
con�guration errors.
What is the type of vulnerability assessment performed by Martin?

A. Database assessment

B. Host-based assessment

C. Credentialed assessment

D. Distributed assessment

Correct Answer: B

Community vote distribution

B (67%) C (33%)

  amomyty 4 weeks ago

C. Credentialed assessment
upvoted 1 times

  naija4life 1 month, 1 week ago

Selected Answer: C
C. Credentialed assessment
Credentialed scans require administrative access to the systems being scanned and are performed using the same credentials and privileges as an
administrative user. The scans perform a thorough examination of the system, looking for vulnerabilities that could be exploited by a malicious
attacker.
upvoted 1 times

  Harrysphills 2 months, 1 week ago

The type of vulnerability assessment performed by Martin is:

B. Host-based assessment

In a host-based assessment, the focus is on evaluating the security of an individual system or host. Martin assessed the allocated system by
examining user directories, registries, system parameters, native configuration tables, registry or file permissions, and software configuration errors.
This type of assessment helps identify vulnerabilities specific to the host, including misconfigurations, insecure settings, and potential avenues for
compromise. It aims to ensure the security and integrity of the individual system being assessed.
upvoted 1 times

  jeremy13 3 months, 1 week ago

Selected Answer: B
B. Host-based assessment
Like V11 Q245
upvoted 1 times

  eli117 4 months ago

Selected Answer: B
B. Host-based assessment

A host-based assessment is a type of vulnerability assessment that focuses on individual computer systems or hosts. It involves examining the
configuration, settings, and software installed on the host to identify vulnerabilities that could be exploited by attackers.
upvoted 1 times
Question #13 Topic 1

Jane, an ethical hacker, is testing a target organization’s web server and website to identify security loopholes. In this process, she copied the
entire website and its content on a local drive to view the complete pro�le of the site’s directory structure, �le structure, external links, images,
web pages, and so on. This information helps Jane map the website’s directories and gain valuable information.
What is the attack technique employed by Jane in the above scenario?

A. Session hijacking

B. Website mirroring

C. Website defacement

D. Web cache poisoning

Correct Answer: B

Community vote distribution

B (100%)

  Hamlemdr 1 month ago

Selected Answer: B
Website Mirroring
upvoted 1 times

  Vincent_Lu 1 month, 4 weeks ago

B. Website Mirroring
upvoted 1 times

  Harrysphills 2 months, 1 week ago

B.Website mirroring
upvoted 2 times

  jeremy13 3 months, 1 week ago

Selected Answer: B
B. Website mirroring
upvoted 1 times

  teenwolf18 3 months, 1 week ago

B. Website Mirroring
upvoted 1 times

  eli117 4 months ago

Selected Answer: B
B. Website mirroring

Website mirroring (also known as website copying or website cloning) is a technique used to create a copy of a website or web application on a
local drive or server. This technique is often used by ethical hackers and security researchers to analyze the structure and content of a website in
order to identify vulnerabilities or security weaknesses.
upvoted 2 times
Question #14 Topic 1

An organization is performing a vulnerability assessment for mitigating threats. James, a pen tester, scanned the organization by building an
inventory of the protocols found on the organization’s machines to detect which ports are attached to services such as an email server, a web
server, or a database server. After identifying the services, he selected the vulnerabilities on each machine and started executing only the relevant
tests.
What is the type of vulnerability assessment solution that James employed in the above scenario?

A. Service-based solutions

B. Product-based solutions

C. Tree-based assessment

D. Inference-based assessment

Correct Answer: D

Community vote distribution

D (90%) 10%

  jeremy13 Highly Voted  4 months ago

Selected Answer: D
Book V12 : module 5 page 558
There are four types of vulnerability assessment solutions: product-based solutions, service-based solutions, tree-based assessment, and inference-
based assessment.

In an inference-based assessment, scanning starts by building an inventory of the

protocols found on the machine. After finding a protocol, the scanning process starts to detect which ports are attached to services, such as an
email server, web server, or database server. After finding services, it selects vulnerabilities on each machine and starts to execute only those
relevant tests.
upvoted 9 times

  phojr 1 week, 1 day ago

Do you have an offline book to read?
upvoted 1 times

  insaniunt Most Recent  2 days, 17 hours ago

Selected Answer: A
In this scenario, James built an inventory of the protocols found on the organization's machines to detect which ports are attached to services such
as an email server, a web server, or a database server. He then selected the vulnerabilities on each machine and executed only the relevant tests
based on the services identified. This approach is characteristic of service-based solutions, where the vulnerability assessment is focused on specific
services running on the machines.
upvoted 1 times

  Harrysphills 2 months, 1 week ago

A. Service-based solutions

In a service-based vulnerability assessment, the focus is on identifying vulnerabilities associated with specific services or protocols running on the
organization's machines. James built an inventory of the protocols found on the organization's machines to detect which ports are attached to
services such as email server, web server, or database server. He then selected the vulnerabilities specific to each machine and executed relevant
tests targeting those services. This approach allows for a more targeted and efficient assessment, focusing on the vulnerabilities associated with the
identified services.
upvoted 1 times

  Juice98 3 months ago

Selected Answer: D
▪ Inference-Based Assessment In an inference-based assessment, scanning starts by building an inventory of the
protocols found on the machine. After finding a protocol, the scanning process starts to detect which ports are attached to services, such as an
email server, web server, or database server. After finding services, it selects vulnerabilities on each machine and starts to execute only those
relevant tests.
upvoted 4 times

  teenwolf18 3 months, 1 week ago

inference-based assessment: scanning starts by building an inventory of the
protocols found on the machine.
upvoted 1 times

  Chipless 3 months, 3 weeks ago

 Selected Answer: D
In an inference-based assessment, scanning starts by building an inventory of the
protocols found on the machine. After finding a protocol, the scanning process starts to detect which ports are attached to services, such as an
email server, web server, or database server. After finding services, it selects vulnerabilities on each machine and starts to execute only those
relevant tests. SOURCE: CEH v12 eBook Module 5 pg 375
upvoted 3 times
  ptrckm 4 months ago
Selected Answer: D
D. Inference-based assessment

"In this approach, we pre-provide the tool with services and protocols found on the machine. The tool starts the scanning process to detect the
ports attached to services... Once it finds the services, it scans only the provided services for vulnerabilities." according to https://www.linkedin.com
/pulse/various-approaches-involved-vulnerability-assessment-solutions-aghao?trk=pulse-article_more-articles_related-content-card
upvoted 3 times

  eli117 4 months ago

Selected Answer: A
A. Service-based solutions

Service-based solutions are a type of vulnerability assessment solution that focus on identifying the services and protocols that are running on a
network or system. This involves building an inventory of the protocols found on the organization's machines in order to detect which ports are
attached to services such as an email server, a web server, or a database server. Once the services have been identified, the vulnerabilities on each
machine are selected, and only the relevant tests are executed.

Option B (Product-based solutions) involves assessing the security of specific products or applications, such as operating systems or web
applications.

Option C (Tree-based assessment) and option D (Inference-based assessment) are not recognized types of vulnerability assessment solutions.
upvoted 1 times
Question #15 Topic 1

Taylor, a security professional, uses a tool to monitor her company’s website, analyze the website’s tra�c, and track the geographical location of
the users visiting the company’s website.
Which of the following tools did Taylor employ in the above scenario?

A. Webroot

B. Web-Stat

C. WebSite-Watcher

D. WAFW00F

Correct Answer: B

Community vote distribution

B (100%)

  teenwolf18 3 months, 1 week ago

Selected Answer: B
B. Web-Stat
upvoted 1 times

  jeremy13 4 months ago

Selected Answer: B
B. Web-Stat (Book V12 :P200)
Monitoring Website Traffic of the Target Compagny : web-stat
upvoted 2 times

  eli117 4 months ago

Selected Answer: B
B. Web-Stat

Web-Stat is a web analytics tool that allows users to monitor and analyze website traffic. It provides real-time data about the number of visitors to
a website, the pages they visit, the time they spend on each page, and the geographical location of the visitors. This information can be used by
security professionals to identify potential threats or anomalies in website traffic and to track the effectiveness of security measures.

Option A (Webroot) is a security software company that provides antivirus and malware protection solutions for endpoints and networks.

Option C (WebSite-Watcher) is a website monitoring tool that allows users to track changes to web pages and receive notifications when updates
occur.

Option D (WAFW00F) is a web application firewall detection tool that can be used to identify the type of firewall being used by a website or web
application.
upvoted 2 times
Question #16 Topic 1

Becky has been hired by a client from Dubai to perform a penetration test against one of their remote o�ces. Working from her location in
Columbus, Ohio, Becky runs her usual reconnaissance scans to obtain basic information about their network. When analyzing the results of her
Whois search, Becky notices that the IP was allocated to a location in Le Havre, France.
Which regional Internet registry should Becky go to for detailed information?

A. ARIN

B. LACNIC

C. APNIC

D. RIPE

Correct Answer: A

Community vote distribution

D (100%)

  phojr 3 days, 21 hours ago

Why is the answer A instead of D?
upvoted 1 times

  Nst6310 2 weeks, 5 days ago

RIPE NCC (RIPE Network Coordination Centre) is the regional Internet registry responsible for allocating and managing IP address space in Europe,
the Middle East, and parts of Central Asia. It is the authority that maintains the registration and assignment of IP addresses and Autonomous
System Numbers (ASNs) in the RIPE region.

Option D. RIPE is the correct answer for obtaining detailed information about the IP address allocated to the location in Le Havre, France.
upvoted 1 times

  FelipeOrtega 2 months, 2 weeks ago

Selected Answer: D
Regional Internet Registries (RIRs):
ARIN (American Registry for Internet Numbers)
AFRINIC (African Network Information Center)
APNIC (Asia Pacific Network Information Center)
RIPE (Réseaux IP Européens Network Coordination Centre)
LACNIC (Latin American and Caribbean Network Information Center)
upvoted 3 times

  bellabop 4 months ago

Selected Answer: D
D. RIPE
upvoted 2 times

  jeremy13 4 months ago

Selected Answer: D
D. RIPE
France = Europe = RIPE NCC (Europe, the Middle East and Central Asia)
upvoted 4 times

  jeremy13 4 months ago

D. RIPE
France = RIPE
upvoted 2 times

  eli117 4 months ago

Selected Answer: D
D. RIPE

The RIPE NCC (Réseaux IP Européens Network Coordination Centre) is one of five regional Internet registries (RIRs) that is responsible for allocating
and managing IP addresses and autonomous system (AS) numbers in Europe, the Middle East, and parts of Central Asia.

Option A (ARIN) is responsible for allocating and managing IP addresses and AS numbers in North America.

Option B (LACNIC) is responsible for allocating and managing IP addresses and AS numbers in Latin America and the Caribbean.
 Option C (APNIC) is responsible for allocating and managing IP addresses and AS numbers in the Asia-Pacific region.
upvoted 3 times

Question #17 Topic 1

Harry, a professional hacker, targets the IT infrastructure of an organization. After preparing for the attack, he attempts to enter the target network
using techniques such as sending spear-phishing emails and exploiting vulnerabilities on publicly available servers. Using these techniques, he
successfully deployed malware on the target system to establish an outbound connection.
What is the APT lifecycle phase that Harry is currently executing?

A. Initial intrusion

B. Persistence

C. Cleanup

D. Preparation

Correct Answer: A

Community vote distribution

A (100%)

  Vincent_Lu 1 month ago

Selected Answer: A
Preparation
Initial Intrusion
Expansion
Persistence
Search and Exfiltration
Clean up
upvoted 2 times

  jeremy13 4 months ago

Selected Answer: A
A. Initial intrusion
Like questions V11 : Exam 312-50v11 topic 1 question 196
upvoted 2 times

  jeremy13 3 months, 1 week ago

CEH Book V12 Module 07 Page 966
from book : "
2. Initial Intrusion
Common techniques used for an initial intrusion are sending spear-phishing emails and exploiting vulnerabilities on publicly available servers. "
upvoted 2 times

  eli117 4 months ago

Selected Answer: A
A. Initial intrusion

In this scenario, Harry, a professional hacker, is targeting the IT infrastructure of an organization. He is using techniques such as sending spear-
phishing emails and exploiting vulnerabilities on publicly available servers to gain initial access to the target network. By successfully deploying
malware on the target system, he establishes an outbound connection, allowing him to maintain access to the network.

The APT lifecycle consists of several phases, including initial intrusion, persistence, command and control, lateral movement, and data exfiltration. In
the initial intrusion phase, the attacker gains access to the target network using various techniques, such as exploiting vulnerabilities or social
engineering.

Therefore, the correct answer is A. Initial intrusion.

upvoted 2 times
Question #18 Topic 1

Robin, a professional hacker, targeted an organization’s network to sniff all the tra�c. During this process, Robin plugged in a rogue switch to an
unused port in the LAN with a priority lower than any other switch in the network so that he could make it a root bridge that will later allow him to
sniff all the tra�c in the network.
What is the attack performed by Robin in the above scenario?

A. ARP spoo�ng attack

B. STP attack

C. DNS poisoning attack

D. VLAN hopping attack

Correct Answer: B

Community vote distribution

B (100%)

  jeremy13 4 months ago

Selected Answer: B
B. STP attack
upvoted 1 times

  eli117 4 months ago

Selected Answer: B
B. STP attack (Spanning Tree Protocol attack)

This is a type of STP attack, which manipulates the Spanning Tree Protocol to create a loop in the network topology, allowing the attacker to
intercept and inspect network traffic.
upvoted 4 times
Question #19 Topic 1

An attacker utilizes a Wi-Fi Pineapple to run an access point with a legitimate-looking SSID for a nearby business in order to capture the wireless
password.
What kind of attack is this?

A. MAC spoo�ng attack

B. War driving attack

C. Phishing attack

D. Evil-twin attack

Correct Answer: D

Community vote distribution

D (100%)

  fuuuuuu0641 1 month, 2 weeks ago

D. Evil-twin attack
upvoted 1 times

  jeremy13 4 months ago

Selected Answer: D
D. Evil-twin attack
upvoted 1 times

  eli117 4 months ago

Selected Answer: D
D. Evil-twin attack

In an evil-twin attack, an attacker sets up a fake wireless access point with a legitimate-looking SSID (Service Set Identifier) to trick users into
connecting to the attacker’s network instead of the legitimate one. The attacker can then intercept and capture sensitive information, such as
passwords, entered by users on the fake network. The Wi-Fi Pineapple is a popular tool used for conducting such attacks.
upvoted 3 times
Question #20 Topic 1

CyberTech Inc. recently experienced SQL injection attacks on its o�cial website. The company appointed Bob, a security professional, to build and
incorporate defensive strategies against such attacks. Bob adopted a practice whereby only a list of entities such as the data type, range, size,
and value, which have been approved for secured access, is accepted.
What is the defensive technique employed by Bob in the above scenario?

A. Whitelist validation

B. Output encoding

C. Blacklist validation

D. Enforce least privileges

Correct Answer: A

Community vote distribution

A (100%)

  HeyacedoGomez 3 months, 3 weeks ago

Selected Answer: A
Whitelist is the correct answer but allowlist is more appropriate
upvoted 1 times

  tc5899 4 months ago

A. Whitelist validation
In whitelist validation, only the inputs that have been explicitly allowed are accepted, and all other inputs are rejected. This technique involves
specifying a list of entities such as the data type, range, size, and value, which have been approved for secure access. Any input that is not on the
list is rejected, preventing attacks such as SQL injection, where an attacker attempts to inject malicious code into an application by exploiting
vulnerabilities in user input fields.
upvoted 3 times

  eli117 4 months ago

Selected Answer: A
A. Whitelist validation

In whitelist validation, only the inputs that have been explicitly allowed are accepted, and all other inputs are rejected. This technique involves
specifying a list of entities such as the data type, range, size, and value, which have been approved for secure access. Any input that is not on the
list is rejected, preventing attacks such as SQL injection, where an attacker attempts to inject malicious code into an application by exploiting
vulnerabilities in user input fields.
upvoted 2 times
Question #21 Topic 1

Joe works as an IT administrator in an organization and has recently set up a cloud computing service for the organization. To implement this
service, he reached out to a telecom company for providing Internet connectivity and transport services between the organization and the cloud
service provider.
In the NIST cloud deployment reference architecture, under which category does the telecom company fall in the above scenario?

A. Cloud consumer

B. Cloud broker

C. Cloud auditor

D. Cloud carrier

Correct Answer: D

Community vote distribution

D (100%)

  jeremy13 3 months, 1 week ago

Selected Answer: D
D. Cloud carrier
upvoted 2 times

  jeremy13 3 months, 1 week ago

CEH Book V12 Module 19 Page 3059
upvoted 2 times

  eli117 4 months ago

Selected Answer: D
D. Cloud carrier.

The NIST cloud deployment reference architecture consists of five categories: cloud consumer, cloud provider, cloud carrier, cloud auditor, and
cloud broker. The cloud carrier category includes the entities that provide network connectivity and transport services, enabling customers to
connect to cloud providers' services. In the given scenario, the telecom company provides Internet connectivity and transport services between the
organization and the cloud service provider, making it a cloud carrier.
upvoted 2 times
Question #22 Topic 1

Bobby, an attacker, targeted a user and decided to hijack and intercept all their wireless communications. He installed a fake communication
tower between two authentic endpoints to mislead the victim. Bobby used this virtual tower to interrupt the data transmission between the user
and real tower, attempting to hijack an active session. Upon receiving the user’s request, Bobby manipulated the tra�c with the virtual tower and
redirected the victim to a malicious website.
What is the attack performed by Bobby in the above scenario?

A. aLTEr attack

B. Jamming signal attack

C. Wardriving

D. KRACK attack

Correct Answer: A

Community vote distribution

A (100%)

  jeremy13 4 months ago

Selected Answer: A
A. aLTEr Attack
BOOK V12 Module 16 P2425
The aLTEr attack is usually performed on LTE devices that encrypt user data in the AES counter (AES-CTR) mode, which provides no integrity
protection. To perform this attack, the attacker installs a virtual (fake) communication tower between two authentic endpoints to mislead the victim.
The attacker uses this virtual tower to interrupt the data transmission between the user and real tower, attempting to hijack an active session. Upon
receiving the user’s request, the attacker manipulates the traffic with the virtual tower and redirects the victim to malicious websites.
upvoted 3 times

  eli117 4 months ago

Selected Answer: A
A. aLTEr attack.

Bobby installed a fake communication tower between two authentic endpoints to intercept and hijack all the wireless communications of a user.
This is an example of an aLTEr (Advanced LTE Recovery) attack, also known as an IMSI (International Mobile Subscriber Identity) catcher or a fake
cell tower attack. In this attack, the attacker sets up a rogue base station that mimics a legitimate cell tower to trick mobile devices into connecting
to it. Once connected, the attacker can intercept, monitor, and manipulate the traffic between the device and the legitimate cell tower.
upvoted 2 times
Question #23 Topic 1

John, a professional hacker, targeted an organization that uses LDAP for accessing distributed directory services. He used an automated tool to
anonymously query the LDAP service for sensitive information such as usernames, addresses, departmental details, and server names to launch
further attacks on the target organization.
What is the tool employed by John to gather information from the LDAP service?

A. ike-scan

B. Zabasearch

C. JXplorer

D. EarthExplorer

Correct Answer: C

Community vote distribution

C (100%)

  Vincent_Lu 1 month, 4 weeks ago

C. Jxplorer
upvoted 1 times

  jeremy13 4 months ago

Selected Answer: C
C. Jxplorer
JXplorer is a LDAP browser and editor. It is a standards compliant general purpose LDAP client that can be used to search, read and edit any
standard LDAP directory, or any directory service with an LDAP or DSML interface.
upvoted 1 times

  eli117 4 months ago

Selected Answer: C
C. JXplorer

JXplorer is a Java-based LDAP client that provides an easy-to-use interface for browsing LDAP directories, performing searches, and managing
directory data.
upvoted 2 times
Question #24 Topic 1

Annie, a cloud security engineer, uses the Docker architecture to employ a client/server model in the application she is working on. She utilizes a
component that can process API requests and handle various Docker objects, such as containers, volumes, images, and networks.
What is the component of the Docker architecture used by Annie in the above scenario?

A. Docker objects

B. Docker daemon

C. Docker client

D. Docker registries

Correct Answer: B

Community vote distribution

B (73%) C (27%)

  Vincent_Lu 1 month, 4 weeks ago

B. Docker daemon
https://docs.docker.com/get-started/overview/
The Docker daemon (dockerd) listens for Docker API requests and manages Docker objects such as images, containers, networks, and volumes.
upvoted 1 times

  sTaTiK 3 months, 1 week ago

Selected Answer: B
Anser is B. By GPT-4 and books with ansers!
upvoted 2 times

  sausageman 3 months, 3 weeks ago

Selected Answer: B
Answer is B.
Official Guide v12 page 1950:
"Docker Daemon: The Docker daemon (dockerd) processes the API requests and handles various Docker objects, such as containers, volumes,
images, and networks."
upvoted 3 times

  Chipless 3 months, 3 weeks ago

Selected Answer: B
The Docker daemon (dockerd) processes the API requests and handles various Docker objects, such as containers, volumes, images, and networks.
SOURCE: CEH v12 eBook Module 19 pg 1950
upvoted 3 times

  jeremy13 4 months ago

B. Docker daemon
like the question : 312-50v11 question 130

The Docker daemon (dockerd) listens for Docker API requests and manages Docker objects such as images, containers, networks, and volumes. A
daemon can also communicate with other daemons to manage Docker services.

https://docs.docker.com/get-started/overview/#the-docker-daemon
upvoted 4 times

  jeremy13 3 months, 1 week ago

CEH Book V12Module 19 Page 3088
from book :
Docker Daemon: The Docker daemon (dockerd) processes the API requests and handles various Docker objects, such as containers, volumes,
images, and networks.
upvoted 2 times

  eli117 4 months ago

Selected Answer: C
C. Docker client

The Docker client is a component of the Docker architecture that allows users to interact with the Docker daemon through the Docker API. It can
process API requests and handle various Docker objects such as containers, volumes, images, and networks. The Docker client can be used through
a command-line interface (CLI) or a graphical user interface (GUI).
upvoted 3 times
Question #25 Topic 1

Bob, an attacker, has managed to access a target IoT device. He employed an online tool to gather information related to the model of the IoT
device and the certi�cations granted to it.
Which of the following tools did Bob employ to gather the above information?

A. FCC ID search

B. Google image search

C. search.com

D. EarthExplorer

Correct Answer: A

Community vote distribution

A (100%)

  eli117 Highly Voted  4 months ago

Selected Answer: A
A. FCC ID search

Explanation:
Bob employed the FCC ID search tool to gather information related to the model of the IoT device and the certifications granted to it. The FCC ID is
a unique identifier assigned by the Federal Communications Commission (FCC) to identify wireless products in the market. The FCC ID search tool
helps in finding information related to the device's specifications, test reports, and other documentation related to its certification.
upvoted 5 times

  Vincent_Lu Most Recent  1 month, 4 weeks ago

A. FCC ID search
upvoted 1 times

  jeremy13 3 months, 1 week ago

Selected Answer: A
A. FCC ID search
upvoted 1 times
Question #26 Topic 1

What piece of hardware on a computer’s motherboard generates encryption keys and only releases a part of the key so that decrypting a disk on a
new piece of hardware is not possible?

A. CPU

B. UEFI

C. GPU

D. TPM

Correct Answer: D

Community vote distribution

D (100%)

  jeremy13 3 months, 1 week ago

Selected Answer: D
D. TPM
upvoted 1 times

  eli117 4 months ago

Selected Answer: D
D. TPM (Trusted Platform Module) is a hardware component on a computer's motherboard that generates and stores encryption keys, providing
additional security measures.
upvoted 3 times
Question #27 Topic 1

Gilbert, a web developer, uses a centralized web API to reduce complexity and increase the integrity of updating and changing data. For this
purpose, he uses a web service that uses HTTP methods such as PUT, POST, GET, and DELETE and can improve the overall performance, visibility,
scalability, reliability, and portability of an application.
What is the type of web-service API mentioned in the above scenario?

A. RESTful API

B. JSON-RPC

C. SOAP API

D. REST API

Correct Answer: A

Community vote distribution

A (100%)

  Nst6310 2 weeks, 5 days ago

A RESTful API (Representational State Transfer) is a type of web-service API that uses HTTP methods such as PUT, POST, GET, and DELETE to
perform operations on resources. It is designed to be simple, stateless, and scalable, making it suitable for modern web applications. RESTful APIs
use standard HTTP status codes and are commonly used for building web services that can be easily integrated with other systems.
upvoted 3 times

  jeremy13 3 months, 1 week ago

Selected Answer: A
A. RESTful API
upvoted 1 times

  eli117 4 months ago

Selected Answer: A
A. RESTful API

Explanation: The description of a web service that uses HTTP methods such as PUT, POST, GET, and DELETE, and is designed to reduce complexity
and increase the integrity of updating and changing data, matches the characteristics of a RESTful API. REST (Representational State Transfer) is a
popular architectural style used in creating web services that operate over HTTP.
upvoted 3 times
Question #28 Topic 1

To create a botnet, the attacker can use several techniques to scan vulnerable machines. The attacker �rst collects information about a large
number of vulnerable machines to create a list. Subsequently, they infect the machines. The list is divided by assigning half of the list to the newly
compromised machines. The scanning process runs simultaneously. This technique ensures the spreading and installation of malicious code in
little time.
Which technique is discussed here?

A. Subnet scanning technique

B. Permutation scanning technique

C. Hit-list scanning technique.

D. Topological scanning technique

Correct Answer: D

Community vote distribution

C (100%)

  ZacharyDriver 2 weeks, 1 day ago

Selected Answer: C
C. Hit-list Scanning Technique
upvoted 1 times

  Henrikrp 1 month, 1 week ago

Selected Answer: C
C. Hit-list scanning technique.
upvoted 1 times

  jeremy13 3 months, 1 week ago

Selected Answer: C
C. Hit-list scanning technique.
upvoted 1 times

  sTaTiK 3 months, 1 week ago

Selected Answer: C
Anser is Hitlist:
The technique discussed here is the Hit-list scanning technique.

In the Hit-list scanning technique, the attacker creates a list of potential targets that are vulnerable to a specific exploit or attack. The attacker then
uses this list to scan and infect the vulnerable machines. Once a machine is compromised, it can be used to scan for and infect other vulnerable
machines on the list. The list is then divided among the compromised machines, and the scanning process continues until all the machines on the
list are infected.

This technique is often used to create botnets, which are networks of infected machines that can be controlled by the attacker. Botnets can be used
for various purposes, such as launching DDoS attacks, stealing sensitive information, or distributing spam or malware. The Hit-list scanning
technique allows the attacker to quickly infect a large number of machines and create a powerful botnet.
upvoted 3 times

  Chipless 3 months, 3 weeks ago

Selected Answer: C
Hit-list Scanning
SOURCE: CEH v12 eBook Module 10 pg 954
upvoted 3 times

  jeremy13 4 months ago

C - Hit-List scanning technique
312-50v11- questions 147
Module 10 P1429 V12
*Hit-list Scanning
Through scanning, an attacker first collects a list of potentially vulnerable machines and then creates a zombie army. Subsequently, the attacker
scans the list to find a vulnerable machine. On finding one, the attacker installs malicious code on it and divides the list in half. The attacker
continues to scan one half, whereas the other half is scanned by the newly compromised machine. This process keeps repeating, causing the
number of compromised machines to increase exponentially. This technique ensures the installation of malicious code on all the potentially
vulnerable machines in the hit list within a short time.

*Topological Scanning
 This technique uses the information obtained from an infected machine to find new vulnerable machines. An infected host checks for URLs in the
hard drive of a machine that it wants to infect. Subsequently, it shortlists URLs and targets, and it checks their vulnerability. This technique yields
accurate results, and its performance is similar to that of the hit-list scanning technique.
upvoted 3 times

  eli117 4 months ago

Selected Answer: C
C. Hit-list scanning technique.

Explanation: The technique described in the scenario is known as the hit-list scanning technique, where an attacker compiles a list of potential
targets, and then targets them by dividing the list and assigning each part to a different infected machine. This allows for simultaneous scanning,
increasing the spread of the malicious code.
upvoted 2 times
Question #29 Topic 1

Nicolas just found a vulnerability on a public-facing system that is considered a zero-day vulnerability. He sent an email to the owner of the public
system describing the problem and how the owner can protect themselves from that vulnerability. He also sent an email to Microsoft informing
them of the problem that their systems are exposed to.
What type of hacker is Nicolas?

A. Black hat

B. White hat

C. Gray hat

D. Red hat

Correct Answer: B

Community vote distribution

B (100%)

  Vicky_One 2 weeks, 1 day ago

The answer is C: Gray Hat.

Somewhere between white and black are gray hat hackers. Gray hat hackers enact a blend of both black hat and white hat activities. Gray hat
hackers often look for vulnerabilities in a system without the owner's permission or knowledge. If issues are found, they report them to the owner,
sometimes requesting a small fee to fix the problem.
upvoted 1 times

  Mozah 1 month, 3 weeks ago

Anser is C: Gray Hat

A Gray hat can work as a white or black hat. Bear in mind that a white hacker can not perform anything without approval from the management.
upvoted 3 times

  jeremy13 3 months, 1 week ago

Selected Answer: B
B. White hat
upvoted 1 times

  eli117 4 months ago

Selected Answer: B
B. White hat

Explanation:
Nicolas is a white hat hacker. White hat hackers are security professionals who use their skills and knowledge to find vulnerabilities and security
weaknesses in systems and networks with the goal of improving security. They typically work with the permission and cooperation of the system
owner and adhere to ethical and legal standards. In this scenario, Nicolas has found a vulnerability and has taken responsible steps to inform the
owner of the system and a relevant third-party (Microsoft) of the issue.
upvoted 2 times

  phojr 1 week, 1 day ago

But in this case, Nicolas didn't have permission to hack in the first place. He did it on his own will.
upvoted 2 times
Question #30 Topic 1

Sophia is a shopping enthusiast who spends signi�cant time searching for trendy out�ts online. Clark, an attacker, noticed her activities several
times and sent a fake email containing a deceptive page link to her social media page displaying all-new and trendy out�ts. In excitement, Sophia
clicked on the malicious link and logged in to that page using her valid credentials.
Which of the following tools is employed by Clark to create the spoofed email?

A. Evilginx

B. Slowloris

C. PLCinject

D. PyLoris

Correct Answer: A

Community vote distribution

A (100%)

  Vincent_Lu Highly Voted  1 month, 4 weeks ago

A. Evilginx

A. Evilginx: A tool for phishing and credential harvesting by manipulating HTTPS traffic to steal sensitive information.

B. Slowloris: A DoS attack tool that exhausts server resources by keeping multiple connections open with minimal data, causing server overload.

C. PLCinject: A tool for attacking industrial control systems and programmable logic controllers, gaining unauthorized access and control over
critical infrastructure.

D. PyLoris: A DoS attack tool similar to Slowloris, performing low-and-slow attacks to exhaust server resources and deny service to legitimate users.
upvoted 6 times

  jeremy13 Most Recent  4 months ago

Selected Answer: A
A. Evilginx

Phishing Tools Phishing tools can be used by attackers to generate fake login pages to capture usernames and passwords, send spoofed emails,
and obtain the victim’s IP address and session cookies. This information can further be used by the attacker, who will use it to impersonate a
legitimate user and launch further attacks on the target organization :=>Tools like BLACKEYE / PhishX / PhishX / Trape / Evilginx
P1360 : Module 9
upvoted 2 times

  eli117 4 months ago

Selected Answer: A
A. Evilginx

Explanation: Evilginx is a powerful phishing tool that enables an attacker to intercept login credentials and session cookies of any web service that
is using a vulnerable two-factor authentication protocol. With this tool, attackers can create fake web pages that look exactly like the real ones,
luring users into providing their login credentials and allowing the attacker to intercept them.
upvoted 1 times
Question #31 Topic 1

John, a disgruntled ex-employee of an organization, contacted a professional hacker to exploit the organization. In the attack process, the
professional hacker installed a scanner on a machine belonging to one of the victims and scanned several machines on the same network to
identify vulnerabilities to perform further exploitation.
What is the type of vulnerability assessment tool employed by John in the above scenario?

A. Agent-based scanner

B. Network-based scanner

C. Cluster scanner

D. Proxy scanner

Correct Answer: A

Community vote distribution

A (73%) B (27%)

  jeremy13 Highly Voted  4 months ago

Selected Answer: A
A. Agent-based scanner
Module 05/P561 CEH bookV12
*Network-Based Scanner: Network-based scanners are those that interact only with the real machine where they reside and give the report to the
same machine after scanning.

*Agent-Based Scanner: Agent-based scanners reside on a single machine but can scan several machines on the same network.

*Proxy Scanner: Proxy scanners are the network-based scanners that can scan networks from any machine on the network.

* Cluster scanner: Cluster scanners are similar to proxy scanners, but they can simultaneously perform two or more scans on different machines in
the network.
upvoted 6 times

  sausageman Most Recent  3 months, 3 weeks ago

Selected Answer: A
Agent based scanner
upvoted 2 times

  eli117 4 months ago

Selected Answer: B
B. Network-based scanner

Explanation: In the given scenario, John employs a network-based scanner to identify vulnerabilities on the machines in the same network. A
network-based scanner is a type of vulnerability assessment tool that scans the network for vulnerabilities and identifies security holes in the
network devices and systems. It is a non-intrusive scanner that can detect vulnerabilities without accessing the system. It sends packets to the
network and analyzes the response to identify vulnerabilities.
upvoted 3 times

  best2000 3 months, 1 week ago

you would have been right is the was no installing. the question said the scanner was installed on a machine. the right answer is A
upvoted 3 times
Question #32 Topic 1

Joel, a professional hacker, targeted a company and identi�ed the types of websites frequently visited by its employees. Using this information, he
searched for possible loopholes in these websites and injected a malicious script that can redirect users from the web page and download
malware onto a victim's machine. Joel waits for the victim to access the infected web application so as to compromise the victim's machine.
Which of the following techniques is used by Joel in the above scenario?

A. Watering hole attack

B. DNS rebinding attack

C. MarioNet attack

D. Clickjacking attack

Correct Answer: A

Community vote distribution

A (100%)

  jeremy13 4 months ago

Selected Answer: A
A. Watering hole attack
P1952 / Module 14 CEH book V12

+Watering Hole Attack

It is a type of unvalidated redirect attack whereby the attacker first identifies the most visited website of the target, determines the vulnerabilities in
the website, injects
malicious code into the vulnerable web application, and then waits for the victim to browse the website. Once the victim tries to access the website,
the malicious code executes, infecting the victim.
upvoted 1 times

  eli117 4 months ago

Selected Answer: A
A. Watering hole attack

Explanation:
In the given scenario, Joel is using a technique called the watering hole attack. This technique involves the attacker targeting a specific group of
individuals or organization by infecting a website that the targeted group regularly visits, also known as the "watering hole". The attacker then
injects a malicious code into the website, which can be used to download malware onto the victim's machine. When the victim visits the infected
website, the malware is automatically downloaded onto their system. This attack is often used when traditional phishing techniques fail to work or
are too risky to execute.
upvoted 1 times
Question #33 Topic 1

Security administrator John Smith has noticed abnormal amounts of tra�c coming from local computers at night. Upon reviewing, he �nds that
user data have been ex�ltrated by an attacker. AV tools are unable to �nd any malicious software, and the IDS/IPS has not reported on any non-
whitelisted programs.
What type of malware did the attacker use to bypass the company’s application whitelisting?

A. File-less malware

B. Zero-day malware

C. Phishing malware

D. Logic bomb malware

Correct Answer: A

Community vote distribution

A (100%)

  eli117 Highly Voted  4 months ago

Selected Answer: A
A. File-less malware

Explanation: In this scenario, the attacker used file-less malware to bypass the company's application whitelisting. File-less malware resides entirely
in memory, making it difficult for antivirus software and IDS/IPS to detect. It can run in the context of a trusted process or system application, and
can be delivered through various attack vectors, including phishing emails, malicious websites, or network exploits.
upvoted 5 times

  Vincent_Lu Most Recent  1 month, 4 weeks ago

A. File-less malware
should be the answer.
But why not B?
upvoted 1 times

  deviii 1 week, 4 days ago

Because it's mentioned AV didn't flag any "non-whitelisted file"
upvoted 1 times

  jeremy13 4 months ago

Selected Answer: A
A. File-less malware
312-50v11 Q164
https://www.trellix.com/en-us/security-awareness/ransomware/what-is-fileless-malware.html
upvoted 2 times
Question #34 Topic 1

Dorian is sending a digitally signed email to Poly. With which key is Dorian signing this message and how is Poly validating it?

A. Dorian is signing the message with his public key, and Poly will verify that the message came from Dorian by using Dorian’s private key.

B. Dorian is signing the message with Poly’s private key, and Poly will verify that the message came from Dorian by using Dorian’s public key.

C. Dorian is signing the message with his private key, and Poly will verify that the message came from Dorian by using Dorian’s public key.

D. Dorian is signing the message with Poly’s public key, and Poly will verify that the message came from Dorian by using Dorian’s public key.

Correct Answer: C

Community vote distribution

C (100%)

  jeremy13 3 months, 1 week ago

Selected Answer: C
Like V11 Q150
upvoted 1 times

  eli117 4 months ago

Selected Answer: C
In digital signature, the sender signs the message using their private key, which only the sender knows. The recipient can verify that the message
came from the sender by using the sender's public key. Therefore, in this scenario, Dorian is signing the email with his private key, and Poly will
validate it using Dorian's public key.
upvoted 4 times
Question #35 Topic 1

Scenario: Joe turns on his home computer to access personal online banking. When he enters the URL www.bank.com, the website is displayed,
but it prompts him to re-enter his credentials as if he has never visited the site before. When he examines the website URL closer, he �nds that the
site is not secure and the web address appears different.
What type of attack he is experiencing?

A. DHCP spoo�ng

B. DoS attack

C. ARP cache poisoning

D. DNS hijacking

Correct Answer: D

Community vote distribution

D (100%)

  Vincent_Lu 1 month, 4 weeks ago

D. DNS hijacking

A. DHCP spoofing: Attacker impersonates DHCP server, obtains client IP addresses and network information, redirects to malicious networks.

B. DoS attack: Attacker overwhelms target system, consumes resources, causes service disruption.

C. ARP cache poisoning: Attacker sends false ARP responses, redirects target traffic to attacker-controlled location, enables man-in-the-middle
attacks.

D. DNS hijacking: Attacker modifies DNS queries/responses, redirects users to incorrect/malicious websites, steals sensitive information.
upvoted 1 times

  jeremy13 3 months, 1 week ago

Selected Answer: D
D. DNS hijacking
Like V11 Q205
upvoted 2 times

  eli117 4 months ago

Selected Answer: D
D. DNS hijacking.

Explanation: In the given scenario, Joe is experiencing a type of attack known as DNS hijacking. In DNS hijacking, an attacker diverts traffic intended
for a legitimate website to a different IP address, which may lead to a fake website designed to look like the original one. The purpose of such an
attack is to steal sensitive information, such as login credentials, from unsuspecting users. In this case, the attacker has redirected Joe to a phishing
website that mimics the original website, prompting him to enter his credentials.
upvoted 2 times
Question #36 Topic 1

Boney, a professional hacker, targets an organization for �nancial bene�ts. He performs an attack by sending his session ID using an MITM attack
technique. Boney �rst obtains a valid session ID by logging into a service and later feeds the same session ID to the target employee. The session
ID links the target employee to Boney’s account page without disclosing any information to the victim. When the target employee clicks on the link,
all the sensitive payment details entered in a form are linked to Boney’s account.
What is the attack performed by Boney in the above scenario?

A. Forbidden attack

B. CRIME attack

C. Session donation attack

D. Session �xation attack

Correct Answer: D

Community vote distribution

C (73%) D (27%)

  Nst6310 2 weeks, 5 days ago

D. Session fixation attack

In a session fixation attack, the attacker (Boney) tricks a user (the target employee) into using a session ID that the attacker already knows and has
control over. The attacker may obtain a valid session ID by logging into the service himself and then trick the target employee into using that same
session ID.
upvoted 2 times

  naija4life 1 month, 1 week ago

Selected Answer: D
D. Session fixation attack
upvoted 1 times

  Rocko1 2 months, 2 weeks ago

Selected Answer: C
Here is a great article for Session Donation : https://media.defcon.org/DEF%20CON%2017/DEF%20CON%2017%20presentations
/DEF%20CON%2017%20-%20alek_amrani-session_donation.pdf
upvoted 2 times

  victorfs 2 months, 2 weeks ago

Selected Answer: C
The correct option is C
upvoted 1 times

  sTaTiK 3 months, 1 week ago

Selected Answer: C
Anser is C in this case.
upvoted 2 times

  sausageman 3 months, 3 weeks ago

Selected Answer: C
C. Session donation attack
Jeremy13 explanation is correct
upvoted 2 times

  jeremy13 4 months ago

Selected Answer: C
C. Session donation attack
see 312-50v11 topic 1 question 188
Module 11 P1552 CEH BOOK V12

In a session donation attack, the attacker donates their own session ID to the target user. In this attack, the attacker first obtains a valid session ID
by logging into a service and later feeds the same session ID to the target user. This session ID links a target user to the attacker’s account page
without disclosing any information to the victim. When the target user clicks on the link and enters the details (username, password, payment
details, etc.) in a form, the entered details are linked to the attacker’s account. To initiate this attack, the attacker can send their session ID using
techniques such as cross-site cooking, an MITM attack, and session fixation.
upvoted 4 times
   eli117 4 months ago
Selected Answer: D
In a session fixation attack, the attacker fixes a valid session ID for a user, which allows the attacker to hijack the user's session after they
authenticate to the targeted application.
upvoted 3 times

Question #37 Topic 1

Kevin, a professional hacker, wants to penetrate CyberTech Inc’s network. He employed a technique, using which he encoded packets with Unicode
characters. The company’s IDS cannot recognize the packets, but the target web server can decode them.
What is the technique used by Kevin to evade the IDS system?

A. Session splicing

B. Urgency �ag

C. Obfuscating

D. Desynchronization

Correct Answer: C

Community vote distribution

C (100%)

  naija4life 1 month, 1 week ago

Selected Answer: C
C. Obfuscating
upvoted 1 times

  jeremy13 3 months, 1 week ago

Selected Answer: C
C. Obfuscating
CEH Book V12 Module 12 Page 1672
Obfuscating is an IDS evasion technique used by attackers to encode the attack packet payload in such a way that the destination host can only
decode the packet but not the IDS. Using Unicode characters, an attacker can encode attack packets that the IDS would not recognize but which an
IIS web server can decode.
upvoted 1 times

  eli117 4 months ago

Selected Answer: C
C. Obfuscating.

Explanation:
Obfuscation is a technique used by hackers to hide their malicious activities from security systems, such as Intrusion Detection Systems (IDS). In this
case, Kevin encoded the packets with Unicode characters to make them difficult for the IDS to recognize and understand. This technique is used to
bypass security measures and gain access to a system undetected. However, the target web server can decode the packets, which allows Kevin to
gain access to the system. Session splicing, urgency flag, and desynchronization are other techniques used by hackers to evade IDS systems, but
they are not applicable in this scenario.
upvoted 2 times
Question #38 Topic 1

Suppose that you test an application for the SQL injection vulnerability. You know that the backend database is based on Microsoft SQL Server. In
the login/password form, you enter the following credentials:

Based on the above credentials, which of the following SQL commands are you expecting to be executed by the server, if there is indeed an SQL
injection vulnerability?

A. select * from Users where UserName = ‘attack’ ’ or 1=1 -- and UserPassword = ‘123456’

B. select * from Users where UserName = ‘attack’ or 1=1 -- and UserPassword = ‘123456’

C. select * from Users where UserName = ‘attack or 1=1 -- and UserPassword = ‘123456’

D. select * from Users where UserName = ‘attack’ or 1=1 --’ and UserPassword = ‘123456’

Correct Answer: A

Community vote distribution

D (75%) B (25%)

  kinok9438 17 hours, 29 minutes ago

D is the Correct
upvoted 1 times

  581777a 4 days, 18 hours ago

Selected Answer: D
D. select * from Users where UserName = ‘attack’ or 1=1 --’ and UserPassword = ‘123456’
upvoted 1 times

  Nst6310 2 weeks, 5 days ago

B. select * from Users where UserName = 'attack' or 1=1 -- and UserPassword = '123456'
Option D is incorrect because the SQL injection payload is placed after the closing single quote for 'UserPassword', which would likely result in a
syntax error.
Option A is incorrect because the payload is missing the closing single quote after 'attack', which would likely result in a syntax error.
upvoted 1 times

  Rijoe 1 month ago

A is the correct answer look closely, the username = attack' so the actual query will have 'attack' '....the additional hyphen is for the username then
2 hyphen for the query.
upvoted 1 times

  zhack405 1 month, 1 week ago

CEH BOOK V12 : P2204
SELECT Count(*) FROM Users WHERE UserName='Blah' or 1=1 --' AND Password='Springfield'
' ' --' ' '
upvoted 2 times

  Vincent_Lu 1 month, 3 weeks ago

D. select * from Users where UserName = ‘attack’ or 1=1 --’ and UserPassword = ‘123456’
upvoted 2 times

  predator67 2 months, 1 week ago

Selected Answer: D
The correct option is D.
upvoted 1 times

  victorfs 2 months, 3 weeks ago

Selected Answer: D
The correct option is D.

select * from Users where UserName = ‘attack’ or 1=1 --’ and UserPassword = ‘123456’
upvoted 1 times

  jeremy13 4 months ago

 Selected Answer: D
D. select * from Users where UserName = ‘attack’ or 1=1 --’ and UserPassword = ‘123456’
CEH BOOK V12 : P2204
SELECT Count(*) FROM Users WHERE UserName='Blah' or 1=1 --' AND Password='Springfield'

SQL Query Executed : SELECT Count(*) FROM Users WHERE UserName='Blah' or 1=1
Code after -- are now comments : --' AND Password='Springfield'
upvoted 3 times

  ShuvroD 3 months, 4 weeks ago

I have my CEHv12 exam tomorrow. Can anyone please give me temporary contributor access ?
upvoted 3 times
  eli117 4 months ago
Selected Answer: B
B. select * from Users where UserName = ‘attack’ or 1=1 -- and UserPassword = ‘123456’

In an SQL injection attack, the attacker manipulates the input of an application in a way that results in the execution of unintended SQL commands.
In this case, the attacker entered the username "attack' or 1=1 -" and the password "123456". The hyphen at the end of the username is used to
comment out the rest of the SQL query that the application may append to the query.
upvoted 2 times

Question #39 Topic 1

Which of the following commands checks for valid users on an SMTP server?

A. RCPT

B. CHK

C. VRFY

D. EXPN

Correct Answer: C

Community vote distribution

C (100%)

  581777a 4 days, 18 hours ago

Selected Answer: C
C. VRFY
upvoted 1 times

  jeremy13 3 months, 1 week ago

Selected Answer: C
C. VRFY
upvoted 1 times

  eli117 4 months ago

Selected Answer: C
C. VRFY

Explanation:
SMTP (Simple Mail Transfer Protocol) is a protocol used to transfer electronic mail messages between servers. The VRFY command is used to verify
the existence of an email address or to check whether a specific mailbox exists on the server. When a user submits a VRFY command with an email
address, the server will check whether the email address is valid and whether the mailbox exists on the server. If the email address is valid, the
server will respond with the name of the mailbox associated with the email address.
upvoted 2 times
Question #40 Topic 1

Bella, a security professional working at an IT �rm, �nds that a security breach has occurred while transferring important �les. Sensitive data,
employee usernames, and passwords are shared in plaintext, paving the way for hackers to perform successful session hijacking. To address this
situation, Bella implemented a protocol that sends data using encryption and digital certi�cates.
Which of the following protocols is used by Bella?

A. FTPS

B. FTP

C. HTTPS

D. IP

Correct Answer: A

Community vote distribution

A (76%) C (24%)

  jeremy13 Highly Voted  4 months ago

Selected Answer: A
A. FTPS
FTPS includes full support for the TLS and SSL cryptographic protocols, including the use of server-side public key authentication certificates and
client-side authorization certificates. It also supports compatible ciphers, including AES, RC4, RC2, Triple DES, and DES. It further supports hash
functions SHA, MD5, MD4, and MD2.
https://en.wikipedia.org/wiki/FTPS
upvoted 6 times

  Tafulu Most Recent  1 week, 1 day ago

"while transferring important files" I believe this is a dead giveaway to the correct answer
A. FTPS
upvoted 2 times

  Henrikrp 1 month, 1 week ago

Selected Answer: A
Both A and C fits the criteria, but the keyword is she 'transfers', indicating she initially used FTP, hence ftps
upvoted 4 times

  Vincent_Lu 1 month, 3 weeks ago

C. HTTPS

HTTPS is considered more secure than FTPS. It provides end-to-end encryption and uses digital certificates for identity verification. FTPS adds an
SSL/TLS encryption layer to FTP but lacks comprehensive security. HTTPS offers stronger encryption and identity protection.
upvoted 1 times

  ThoHNguyen 4 weeks, 1 day ago

while transferring important files - that is FTP
upvoted 1 times

  Vincent_Lu 1 month, 3 weeks ago

C. HTTPS
upvoted 1 times

  boog 2 months ago

A and C are correct. FTPS and HTTPS meet the criteria
upvoted 1 times

  boog 2 months ago

ChatGPT and ForefrontAI selected HTTPS
upvoted 2 times

  bellabop 3 months, 4 weeks ago

Selected Answer: A
"breach occured while transferring files". FTPS is an extension of the FTP protocol that adds support for Transport Layer Security (TLS) or Secure
Sockets Layer (SSL) encryption for securing file transfer. Bella could have implemented FTPS as a secure alternative to FTP, which uses plaintext for
data transfer and is susceptible to session hijacking attacks.
upvoted 3 times
   eli117 4 months ago
Selected Answer: C
C. HTTPS

Explanation:
HTTPS (Hypertext Transfer Protocol Secure) is a protocol used to secure communication over the internet. It is an extension of HTTP (Hypertext
Transfer Protocol) and uses Transport Layer Security (TLS) or Secure Sockets Layer (SSL) to encrypt data sent between a web server and a client.
HTTPS ensures that data transmitted between a web server and a client is encrypted and therefore secure against eavesdropping and tampering.

In the given scenario, Bella implemented a protocol that sends data using encryption and digital certificates to address the security breach caused
by plaintext transmission of sensitive data. This is exactly what HTTPS does, making it the correct answer.
upvoted 4 times

  581777a 4 days, 17 hours ago

You are wrong because it specifically says transporting files, and not over the internet.
upvoted 1 times

Question #41 Topic 1

John wants to send Marie an email that includes sensitive information, and he does not trust the network that he is connected to. Marie gives him
the idea of using PGP. What should John do to communicate correctly using this type of encryption?

A. Use his own private key to encrypt the message.

B. Use his own public key to encrypt the message.

C. Use Marie’s private key to encrypt the message.

D. Use Marie’s public key to encrypt the message.

Correct Answer: D

Community vote distribution

D (100%)

  581777a 4 days, 17 hours ago

Selected Answer: D
D. Use Marie’s public key to encrypt the message.
upvoted 1 times

  zhack405 1 month, 1 week ago

public key to encrypt the message
Priv. key to crypt message
and Priv.Key to signg msg and to Pub.Key to verify
upvoted 1 times

  jeremy13 4 months ago

D. Use Marie’s public key to encrypt the message.
upvoted 1 times

  eli117 4 months ago

Selected Answer: D
D. Use Marie’s public key to encrypt the message.

Explanation:

PGP (Pretty Good Privacy) is an encryption software that can be used to encrypt and decrypt electronic communications, such as emails. PGP uses a
combination of symmetric-key and public-key encryption to provide confidentiality and authenticity to the communications.
upvoted 3 times
Question #42 Topic 1

In the Common Vulnerability Scoring System (CVSS) v3.1 severity ratings, what range does medium vulnerability fall in?

A. 4.0-6.0

B. 3.9-6.9

C. 3.0-6.9

D. 4.0-6.9

Correct Answer: D

Community vote distribution

D (92%) 8%

  jeremy13 Highly Voted  4 months ago

Selected Answer: D
CVSS v3.0 Ratings
Low 0.1-3.9
Medium 4.0-6.9
High 7.0-8.9
Critical 9.0-10.0
https://nvd.nist.gov/vuln-metrics/cvss
upvoted 9 times

  581777a Most Recent  4 days, 17 hours ago

Medium 4.0-6.9
upvoted 1 times

  mcakir 3 months ago

Yes. The correct answer is D.
https://www.first.org/cvss/v3.1/specification-document
Table 14: Qualitative severity rating scale
upvoted 3 times

  eli117 4 months ago

Selected Answer: D
Correct answer is D. Ignore the other response where I said it was C.
upvoted 2 times

  tc5899 4 months ago

Low 0.1 - 3.9
Medium 4.0 - 6.9
High 7.0 - 8.9
Critical 9.0 - 10.0
upvoted 3 times

  eli117 4 months ago

Selected Answer: C
C. 3.0-6.9

Explanation:

The Common Vulnerability Scoring System (CVSS) is a framework used to assess the severity of software vulnerabilities. CVSS assigns a score to
each vulnerability based on its potential impact on the confidentiality, integrity, and availability of a system, as well as its complexity and the level
of user interaction required to exploit the vulnerability.
upvoted 1 times

  eli117 4 months ago

This answer is incorrect. Correct answer is D.
upvoted 3 times
Question #43 Topic 1

Bill is a network administrator. He wants to eliminate unencrypted tra�c inside his company’s network. He decides to setup a SPAN port and
capture all tra�c to the datacenter. He immediately discovers unencrypted tra�c in port UDP 161.
What protocol is this port using and how can he secure that tra�c?

A. RPC and the best practice is to disable RPC completely.

B. SNMP and he should change it to SNMP V3.

C. SNMP and he should change it to SNMP V2, which is encrypted.

D. It is not necessary to perform any actions, as SNMP is not carrying important information.

Correct Answer: B

Community vote distribution

B (100%)

  581777a 4 days, 17 hours ago

Selected Answer: B
B. SNMP and he should change it to SNMP V3.
upvoted 1 times

  Vincent_Lu 1 month, 3 weeks ago

B. SNMP and he should change it to SNMP V3.

https://en.wikipedia.org/wiki/Simple_Network_Management_Protocol#Version_3

Although SNMPv3 makes no changes to the protocol aside from the addition of cryptographic security...
upvoted 1 times

  jeremy13 3 months, 1 week ago

Selected Answer: B
B. SNMP and he should change it to SNMP V3.
upvoted 2 times

  eli117 4 months ago

Selected Answer: B
B. Change SNMP to SNMP V3.

Explanation:

SNMP (Simple Network Management Protocol) is a protocol used for managing and monitoring network devices, such as routers, switches, and
servers. SNMP uses UDP port 161 for communication. However, SNMP V1 and V2 use clear text community strings for authentication, making them
vulnerable to eavesdropping and other attacks.

To secure SNMP traffic, Bill should change the SNMP version to SNMP V3, which provides enhanced security features, such as authentication,
encryption, and message integrity. SNMP V3 requires a username and password for authentication, and it supports encryption of the data being
transmitted.
upvoted 3 times
Question #44 Topic 1

Consider the following Nmap output:

What command-line parameter could you use to determine the type and version number of the web server?

A. -sV

B. -sS

C. -Pn

D. -V

Correct Answer: A

Community vote distribution

A (100%)

  581777a 4 days, 17 hours ago

Selected Answer: A
A. -sV
upvoted 1 times

  Vincent_Lu 1 month, 3 weeks ago

A. -sV
https://nmap.org/book/man-briefoptions.html
-sV: Probe open ports to determine service/version info
upvoted 1 times

  jeremy13 3 months, 1 week ago

Selected Answer: A
A. -sV
upvoted 1 times

  eli117 4 months ago

Selected Answer: A
-sV

Explanation:

The "-sV" parameter is used to determine the service version of the target system. This parameter instructs Nmap to attempt to determine the
version of any services running on the target system, such as the web server running on port 80 in this case.

When the "-sV" parameter is used, Nmap will try to identify the service version by comparing the fingerprint of the service with a database of
known fingerprints. This allows Nmap to determine the type and version number of the service running on the target system.
upvoted 2 times
Question #45 Topic 1

Bob was recently hired by a medical company after it experienced a major cyber security breach. Many patients are complaining that their
personal medical records are fully exposed on the Internet and someone can �nd them with a simple Google search. Bob’s boss is very worried
because of regulations that protect those data.
Which of the following regulations is mostly violated?

A. PCI DSS

B. PII

C. ISO 2002

D. HIPPA/PHI

Correct Answer: D

Community vote distribution

D (100%)

  581777a 4 days, 17 hours ago

Selected Answer: D
D. HIPPA/PHI
upvoted 1 times

  Vincent_Lu 1 month, 3 weeks ago

D. HIPPA/PHI
============
A. PCI DSS: The Payment Card Industry Data Security Standard (PCI DSS) is a set of security standards designed to ensure the protection of
cardholder data.
B. PII: Personally Identifiable Information (PII) refers to any information that can be used to identify an individual, such as their name, address, social
security number, or email address.
C. ISO 2002: There is no known standard or widely recognized term "ISO 2002".
D. HIPAA/PHI: The Health Insurance Portability and Accountability Act (HIPAA) establishes rules and regulations to safeguard protected health
information (PHI). It applies to healthcare providers, health plans, and other entities handling patient data to ensure its confidentiality, integrity, and
availability.
upvoted 2 times

  jeremy13 3 months, 1 week ago

Selected Answer: D
D. HIPPA/PHI
upvoted 1 times

  eli117 4 months ago

Selected Answer: D
D. HIPAA/PHI (Health Insurance Portability and Accountability Act/Protected Health Information)

Explanation:

HIPAA is a US federal law that sets national standards for the protection of certain health information. HIPAA regulations apply to healthcare
providers, health plans, and healthcare clearinghouses, as well as their business associates. Protected Health Information (PHI) is any individually
identifiable health information that is transmitted or maintained by a HIPAA-covered entity.
upvoted 2 times
Question #46 Topic 1

Infecting a system with malware and using phishing to gain credentials to a system or web application are examples of which phase of the ethical
hacking methodology?

A. Scanning

B. Gaining access

C. Maintaining access

D. Reconnaissance

Correct Answer: B

Community vote distribution

B (100%)

  581777a 4 days, 16 hours ago

Selected Answer: B
B. Gaining access Most Voted
upvoted 1 times

  jeremy13 3 months, 1 week ago

Selected Answer: B
B. Gaining access
upvoted 2 times

  eli117 4 months ago

Selected Answer: B
B. Gaining access

Explanation:

The ethical hacking methodology consists of five phases, which are: reconnaissance, scanning, gaining access, maintaining access, and covering
tracks.

The phase that involves infecting a system with malware and using phishing to gain credentials to a system or web application is the gaining access
phase. In this phase, the attacker attempts to gain unauthorized access to the target system or network by exploiting vulnerabilities,
misconfigurations, or weaknesses in the security controls.
upvoted 4 times
Question #47 Topic 1

Larry, a security professional in an organization, has noticed some abnormalities in the user accounts on a web server. To thwart evolving attacks,
he decided to harden the security of the web server by adopting a few countermeasures to secure the accounts on the web server.
Which of the following countermeasures must Larry implement to secure the user accounts on the web server?

A. Retain all unused modules and application extensions.

B. Limit the administrator or root-level access to the minimum number of users.

C. Enable all non-interactive accounts that should exist but do not require interactive login.

D. Enable unused default user accounts created during the installation of an OS.

Correct Answer: B

Community vote distribution

B (100%)

  581777a 4 days, 16 hours ago

Selected Answer: B
B. Limit the administrator or root-level access to the minimum number of users
upvoted 1 times

  jeremy13 3 months, 1 week ago

Selected Answer: B
B. Limit the administrator or root-level access to the minimum number of users.
upvoted 2 times

  eli117 4 months ago

Selected Answer: B
B. Limit the administrator or root-level access to the minimum number of users.

Explanation:

Limiting the administrator or root-level access to the minimum number of users is a best practice for securing user accounts on a web server. This
helps to reduce the attack surface and minimize the risk of unauthorized access or privilege escalation.
upvoted 3 times
Question #48 Topic 1

There are multiple cloud deployment options depending on how isolated a customer’s resources are from those of other customers. Shared
environments share the costs and allow each customer to enjoy lower operations expenses. One solution is for a customer to join with a group of
users or organizations to share a cloud environment.
What is this cloud deployment option called?

A. Private

B. Community

C. Public

D. Hybrid

Correct Answer: B

Community vote distribution

B (100%)

  581777a 4 days, 16 hours ago

Selected Answer: B
B. Community
upvoted 1 times

  jeremy13 3 months, 1 week ago

Selected Answer: B
B. Community
upvoted 1 times

  eli117 4 months ago

Selected Answer: B
B. Community

Explanation:

The three main types of cloud deployment options are: private, public, and hybrid. However, there is also a fourth deployment option called
community cloud.

In a community cloud, a cloud infrastructure is shared by several organizations or groups that have similar computing requirements and concerns.
These organizations may be from the same industry, have similar security or compliance requirements, or have other commonalities that make it
beneficial for them to share a cloud environment.

Community cloud environments can provide benefits such as lower costs, improved security, and shared expertise. They can also enable
collaboration and resource sharing among organizations.
upvoted 2 times
Question #49 Topic 1

Allen, a professional pen tester, was hired by XpertTech Solutions to perform an attack simulation on the organization’s network resources. To
perform the attack, he took advantage of the NetBIOS API and targeted the NetBIOS service. By enumerating NetBIOS, he found that port 139 was
open and could see the resources that could be accessed or viewed on a remote system. He came across many NetBIOS codes during
enumeration.
Identify the NetBIOS code used for obtaining the messenger service running for the logged-in user?

A. <00>

B. <20>

C. <03>

D. <1B>

Correct Answer: C

Community vote distribution

C (94%) 6%

  RobdJ Highly Voted  3 months, 3 weeks ago

Selected Answer: C
00: Workstation Service (workstation name)
03: Windows Messenger service
06: Remote Access Service
20: File Service (also called Host Record)
21: Remote Access Service client
1B: Domain Master Browser – Primary Domain Controller for a domain
1D: Master Browser
upvoted 8 times

  Chipless Highly Voted  3 months, 3 weeks ago

Selected Answer: C
<03> Messenger service running for the logged-in user. SOURCE: CEH v12 eBook Module 4 Pg 276

Sounds silly but I remember this one by picturing all the "E" and "S" letters in the word MESSENGER as "3"s.
upvoted 7 times

  581777a Most Recent  4 days, 16 hours ago

Selected Answer: C
C. <03>
upvoted 1 times

  72SK 3 months, 4 weeks ago

The <03> NetBIOS code is associated with where you can retrieve the messenger service for a logged-in user
upvoted 3 times

  eli117 4 months ago

Selected Answer: B
B. <20>

Explanation:

NetBIOS (Network Basic Input/Output System) is a protocol used for communication over a local area network (LAN). It provides services such as
name resolution, session establishment, and datagram delivery.

When performing enumeration of NetBIOS, different NetBIOS codes can be encountered that represent different services or resources on a remote
system.

In the given scenario, Allen is targeting the NetBIOS service on port 139 and has found that he can see the resources that can be accessed or
viewed on a remote system. To obtain the messenger service running for the logged-in user, he should look for the NetBIOS code <20>, which
represents the messenger service.
upvoted 1 times
Question #50 Topic 1

Don, a student, came across a gaming app in a third-party app store and installed it. Subsequently, all the legitimate apps in his smartphone were
replaced by deceptive applications that appeared legitimate. He also received many advertisements on his smartphone after installing the app.
What is the attack performed on Don in the above scenario?

A. SIM card attack

B. Clickjacking

C. SMS phishing attack

D. Agent Smith attack

Correct Answer: D

Community vote distribution

D (100%)

  581777a 4 days, 16 hours ago

Selected Answer: D
D. Agent Smith attack
upvoted 1 times

  Vincent_Lu 1 month, 3 weeks ago

D. Agent Smith attack
-----------------------------------------
A. SIM card attack: Attacker exploits vulnerabilities in SIM cards to clone, intercept messages, or manipulate SIM card data for unauthorized access
or fraudulent activities.

B. Clickjacking: Attacker hides malicious elements or buttons behind legitimate-looking content or transparent overlays to deceive users into
unintended actions, such as executing malicious downloads or making unintended purchases.

C. SMS phishing attack: Attackers send fraudulent SMS messages, pretending to be from legitimate organizations or individuals, to deceive users
into revealing sensitive information or performing malicious actions.

D. Agent Smith attack: Malware specifically targeting Android devices, disguising as legitimate apps and infecting devices through vulnerabilities.
Once infected, it replaces legitimate apps with malicious versions, aiming to generate revenue through deceptive ads and propagate malware.
upvoted 2 times

  Kingpin3690 1 month, 2 weeks ago

Do you know if just learning this version V12 examtopic of the exam will alow us to pass it?
upvoted 2 times

  Vincent_Lu 1 month, 3 weeks ago

https://antivirus.comodo.com/blog/computer-safety/agent-smith-malware-attack/
upvoted 1 times

  jeremy13 3 months, 1 week ago

Selected Answer: D
D. Agent Smith attack
upvoted 1 times

  eli117 4 months ago

Selected Answer: D
D. Agent Smith attack

Explanation:

The scenario describes an attack known as the Agent Smith attack. This is a type of malware that infects Android devices by disguising itself as a
legitimate app in third-party app stores. Once the user installs the app, the malware will replace legitimate apps on the device with fake, malicious
versions. It can also display unwanted advertisements and collect sensitive information from the device.
upvoted 1 times
Question #51 Topic 1

Samuel, a security administrator, is assessing the con�guration of a web server. He noticed that the server permits SSLv2 connections, and the
same private key certi�cate is used on a different server that allows SSLv2 connections. This vulnerability makes the web server vulnerable to
attacks as the SSLv2 server can leak key information.
Which of the following attacks can be performed by exploiting the above vulnerability?

A. Padding oracle attack

B. DROWN attack

C. DUHK attack

D. Side-channel attack

Correct Answer: B

Community vote distribution

B (100%)

  Vincent_Lu 1 month, 3 weeks ago

B. DROWN attack
-------------------------------
A. Padding oracle attack: Exploiting padding to decrypt data.
B. DROWN attack: Decrypting SSL/TLS communications through SSLv2 vulnerability.
C. DUHK attack: Exploiting weak random number generators to compromise encryption.
D. Side-channel attack: Extracting sensitive data through unintended channels, such as power consumption, electromagnetic radiation, or timing
variations, to infer sensitive data or cryptographic keys.
upvoted 3 times

  jeremy13 3 months, 1 week ago

Selected Answer: B
B. DROWN attack
upvoted 1 times

  eli117 4 months ago

Selected Answer: B
B. DROWN attack

Explanation:

The scenario describes a vulnerability where the web server permits SSLv2 connections and the same private key certificate is used on a different
server that also allows SSLv2 connections. This is a security weakness because SSLv2 is a deprecated and insecure protocol that is susceptible to
attacks.

One attack that can be performed by exploiting this vulnerability is the DROWN (Decrypting RSA with Obsolete and Weakened eNcryption) attack.
This attack allows an attacker to decrypt intercepted SSL traffic by exploiting a vulnerability in the SSLv2 protocol.

In the DROWN attack, the attacker first sends specially crafted packets to the SSLv2 server to obtain data encrypted with the server's private key.
The attacker can then use this data to decrypt intercepted SSL traffic that was encrypted with the same private key.
upvoted 3 times
Question #52 Topic 1

Clark, a professional hacker, was hired by an organization to gather sensitive information about its competitors surreptitiously. Clark gathers the
server IP address of the target organization using Whois footprinting. Further, he entered the server IP address as an input to an online tool to
retrieve information such as the network range of the target organization and to identify the network topology and operating system used in the
network.
What is the online tool employed by Clark in the above scenario?

A. DuckDuckGo

B. AOL

C. ARIN

D. Baidu

Correct Answer: C

Community vote distribution

C (100%)

  581777a 4 days, 16 hours ago

Selected Answer: C
C. ARIN
upvoted 1 times

  Vincent_Lu 1 month, 3 weeks ago

C. ARIN
upvoted 1 times

  jeremy13 3 months, 1 week ago

Selected Answer: C
C. ARIN
American Registry for Internet Numbers (ARIN) (https://www.arin.net)
CEH BOOK V12 Module 02 Page 216
upvoted 2 times

  eli117 4 months ago

Selected Answer: C
C. ARIN

Explanation:

The scenario describes a reconnaissance phase technique called footprinting, which involves gathering information about a target organization in
order to identify potential vulnerabilities or attack vectors.

In this case, Clark has used Whois footprinting to obtain the server IP address of the target organization. He has then used an online tool to
retrieve information such as the network range of the target organization and to identify the network topology and operating system used in the
network.

One such online tool that can be used for this purpose is ARIN (American Registry for Internet Numbers). ARIN is a non-profit organization that
manages the allocation and registration of IP addresses and other Internet number resources in North America.
upvoted 2 times
Question #53 Topic 1

You are a penetration tester and are about to perform a scan on a speci�c server. The agreement that you signed with the client contains the
following speci�c condition for the scan: “The attacker must scan every port on the server several times using a set of spoofed source IP
addresses.” Suppose that you are using Nmap to perform this scan.
What �ag will you use to satisfy this requirement?

A. The -g �ag

B. The -A �ag

C. The -f �ag

D. The -D �ag

Correct Answer: D

Community vote distribution

D (100%)

  581777a 4 days, 16 hours ago

Selected Answer: D
D. The -D flag
upvoted 1 times

  Vincent_Lu 1 month, 3 weeks ago

D. The -D flag
--------------------------------
IP Address Decoy
nmap -D a.a.a.a,b.b.b.b,c.c.c.c {Target IP}

IP Address Spoofing
nmap -S a.a.a.a {Target IP}
upvoted 1 times

  tc5899 3 months, 3 weeks ago

-D for decoy
upvoted 3 times

  eli117 4 months ago

Selected Answer: D
D. The -D flag

Explanation:

The scenario describes a specific condition for a penetration testing scan, where the tester is required to scan every port on a server several times
using a set of spoofed source IP addresses. The tester is using Nmap to perform the scan and needs to know which flag to use to satisfy this
requirement.

The -D flag is used in Nmap to specify a decoy scan. A decoy scan involves sending packets with spoofed IP addresses in order to disguise the true
source of the scan. This can be used to make it more difficult for network intrusion detection systems (NIDS) to detect the scan, as well as to
confuse the target system about the true source of the traffic.

To use the -D flag, the tester specifies a list of decoy IP addresses to be used in the scan. These decoy addresses will be interspersed with the true
source IP address in the scan traffic.
upvoted 3 times
Question #54 Topic 1

Jude, a pen tester, examined a network from a hacker’s perspective to identify exploits and vulnerabilities accessible to the outside world by using
devices such as �rewalls, routers, and servers. In this process, he also estimated the threat of network security attacks and determined the level
of security of the corporate network.
What is the type of vulnerability assessment that Jude performed on the organization?

A. Application assessment

B. External assessment

C. Passive assessment

D. Host-based assessment

Correct Answer: B

Community vote distribution

B (100%)

  581777a 4 days, 16 hours ago

Selected Answer: B
B. External assessment
upvoted 1 times

  Vincent_Lu 1 month, 3 weeks ago

B. External assessment
-------------------------------------------
Application assessment: It evaluates specific software applications to identify vulnerabilities and weaknesses that could be exploited by attackers.

External assessment: It assesses the security of external systems and networks from an external perspective to identify vulnerabilities and security
weaknesses.

Passive assessment: It evaluates security by monitoring and analyzing network traffic and system behavior without directly interacting with the
system.

Host-based assessment: It evaluates the security of individual hosts or servers by inspecting their configuration, patches, and security policies.
upvoted 2 times

  eli117 4 months ago

Selected Answer: B
B. External assessment

Explanation:

The scenario describes a type of vulnerability assessment where a pen tester (Jude) examines a network from a hacker's perspective to identify
exploits and vulnerabilities that are accessible to the outside world, such as through firewalls, routers, and servers. This type of assessment is called
an external assessment.

External assessments are designed to simulate an attack from an external threat actor, such as a hacker or cybercriminal. The focus is on identifying
vulnerabilities that are accessible from the Internet, such as open ports, unpatched software, weak passwords, and misconfigured systems.

External assessments typically involve a combination of automated scanning tools and manual testing techniques. The objective is to determine the
level of security of the corporate network and estimate the threat of network security attacks.
upvoted 2 times
Question #55 Topic 1

Widespread fraud at Enron, WorldCom, and Tyco led to the creation of a law that was designed to improve the accuracy and accountability of
corporate disclosures. It covers accounting �rms and third parties that provide �nancial services to some organizations and came into effect in
2002. This law is known by what acronym?

A. SOX

B. FedRAMP

C. HIPAA

D. PCI DSS

Correct Answer: A

Community vote distribution

A (100%)

  581777a 4 days, 16 hours ago

Selected Answer: A
A. SOX
upvoted 1 times

  Vincent_Lu 1 month, 3 weeks ago

A. SOX
--------------------------
A. SOX: Financial reporting and governance standards for publicly traded companies.
B. FedRAMP: Security assessment and authorization program for cloud services.
C. HIPAA: Standards for protecting sensitive patient health information.
D. PCI DSS: Security standards for protecting payment card data.
upvoted 2 times

  eli117 4 months ago

Selected Answer: A
A. SOX

Explanation:

The law described in the scenario is the Sarbanes-Oxley Act (SOX), which was passed by the U.S. Congress in 2002 in response to a series of high-
profile corporate accounting scandals, including Enron, WorldCom, and Tyco.

SOX was designed to improve the accuracy and accountability of corporate disclosures by imposing new requirements on publicly traded
companies, accounting firms, and third parties that provide financial services to these organizations.
upvoted 3 times
Question #56 Topic 1

Abel, a security professional, conducts penetration testing in his client organization to check for any security loopholes. He launched an attack on
the DHCP servers by broadcasting forged DHCP requests and leased all the DHCP addresses available in the DHCP scope until the server could
not issue any more IP addresses. This led to a DoS attack, and as a result, legitimate employees were unable to access the client’s network.
Which of the following attacks did Abel perform in the above scenario?

A. Rogue DHCP server attack

B. VLAN hopping

C. STP attack

D. DHCP starvation

Correct Answer: D

Community vote distribution

D (100%)

  581777a 4 days, 16 hours ago

Selected Answer: D
D. DHCP starvation
upvoted 1 times

  Vincent_Lu 1 month, 3 weeks ago

D. DHCP starvation
----------------------------------------
A. Rogue DHCP server attack: Unauthorized DHCP server distributing IP addresses.
B. VLAN hopping: Exploiting VLAN vulnerabilities for unauthorized network access.
C. STP attack: Disrupting networks through Spanning Tree Protocol manipulation.
D. DHCP starvation: Flooding DHCP server to exhaust IP address pool.
upvoted 4 times

  eli117 4 months ago

Selected Answer: D
D. DHCP starvation

Explanation:

The scenario describes an attack in which Abel launched a DHCP starvation attack on the client organization's DHCP servers. A DHCP starvation
attack is a type of DoS attack that involves flooding the DHCP server with forged DHCP requests in an attempt to lease all available IP addresses in
the DHCP scope. This causes the server to run out of available IP addresses, and as a result, legitimate clients are unable to obtain an IP address
and connect to the network.
upvoted 4 times
Question #57 Topic 1

This form of encryption algorithm is a symmetric key block cipher that is characterized by a 128-bit block size, and its key size can be up to
256 bits. Which among the following is this encryption algorithm?

A. HMAC encryption algorithm

B. Two�sh encryption algorithm

C. IDEA

D. Blow�sh encryption algorithm

Correct Answer: B

Community vote distribution

B (100%)

  eli117 Highly Voted  4 months ago

Selected Answer: B
B. Twofish encryption algorithm

Explanation:

The Twofish encryption algorithm is a symmetric key block cipher that was designed to be secure, efficient, and flexible. It uses a block size of 128
bits and can have key sizes up to 256 bits, making it highly secure.

Twofish was one of the five finalists in the Advanced Encryption Standard (AES) competition organized by the U.S. National Institute of Standards
and Technology (NIST) in 1997. Although it was not selected as the winner, Twofish is still considered a highly secure encryption algorithm and is
widely used in various applications.
upvoted 6 times
Question #58 Topic 1

Jude, a pen tester working in Keiltech Ltd., performs sophisticated security testing on his company's network infrastructure to identify security
loopholes. In this process, he started to circumvent the network protection tools and �rewalls used in the company. He employed a technique that
can create forged TCP sessions by carrying out multiple SYN, ACK, and RST or FIN packets. Further, this process allowed Jude to execute DDoS
attacks that can exhaust the network resources.
What is the attack technique used by Jude for �nding loopholes in the above scenario?

A. Spoofed session �ood attack

B. UDP �ood attack

C. Peer-to-peer attack

D. Ping-of-death attack

Correct Answer: A

Community vote distribution

A (100%)

  eli117 Highly Voted  4 months ago

Selected Answer: A
A. Spoofed session flood attack

Explanation:

Jude used a spoofed session flood attack to bypass the network protection tools and firewalls used in his company's network infrastructure. This
attack technique involves creating forged TCP sessions by sending multiple SYN, ACK, RST, or FIN packets to the target system. By doing so, the
attacker can exhaust the target system's resources and make it unresponsive to legitimate requests.

In a spoofed session flood attack, the attacker sends packets with a forged source IP address, making it difficult for the target system to distinguish
between legitimate and malicious traffic. This makes it easier for the attacker to bypass network protection tools and firewalls, which may be
configured to block traffic from known malicious IP addresses.
upvoted 6 times

  581777a Most Recent  4 days, 16 hours ago

Selected Answer: A
A. Spoofed session flood attack
upvoted 1 times

  Vincent_Lu 1 month, 3 weeks ago

A. Spoofed session flood attack
upvoted 2 times
Question #59 Topic 1

Jim, a professional hacker, targeted an organization that is operating critical industrial infrastructure. Jim used Nmap to scan open ports and
running services on systems connected to the organization’s OT network. He used an Nmap command to identify Ethernet/IP devices connected
to the Internet and further gathered information such as the vendor name, product code and name, device name, and IP address.
Which of the following Nmap commands helped Jim retrieve the required information?

A. nmap -Pn -sT --scan-delay 1s --max-parallelism 1 -p < Port List > < Target IP >

B. nmap -Pn -sU -p 44818 --script enip-info < Target IP >

C. nmap -Pn -sT -p 46824 < Target IP >

D. nmap -Pn -sT -p 102 --script s7-info < Target IP >

Correct Answer: B

Community vote distribution

B (100%)

  eli117 Highly Voted  4 months ago

Selected Answer: B
B. nmap -Pn -sU -p 44818 --script enip-info < Target IP >

Explanation:

The Ethernet/IP protocol is commonly used in industrial control systems (ICS) and critical infrastructure. Jim targeted an organization that is
operating critical industrial infrastructure, and he used Nmap to scan open ports and running services on systems connected to the organization's
OT network.

To identify Ethernet/IP devices connected to the Internet and gather information such as the vendor name, product code and name, device name,
and IP address, Jim used the Nmap script "enip-info". This script is designed to scan for Ethernet/IP devices and gather information about them.
upvoted 6 times

  Vincent_Lu 1 month, 3 weeks ago

The port 44818 should be the TCP (explicit) and port 2222 is the UDP (implicit).
I'm curious why the answer is "B. nmap -Pn -sU -p 44818 --script enip-info < Target IP >`", but not "B. nmap -Pn -sT -p 44818 --script enip-info
< Target IP >`"?
upvoted 2 times

  581777a Most Recent  4 days, 16 hours ago

Selected Answer: B
B. nmap -Pn -sU -p 44818 --script enip-info < Target IP >
upvoted 1 times

  jeremy13 4 months ago

Selected Answer: B
EtherNet/IP makes use of TCP port number 44818 for explicit messaging and UDP port number 2222 for implicit messaging

https://en.wikipedia.org/wiki/EtherNet/IP
upvoted 3 times

  Vincent_Lu 1 month, 3 weeks ago

The port 44818 should be the TCP (explicit) and port 2222 is the UDP (implicit).
I'm curious why the answer is "B. nmap -Pn -sU -p 44818 --script enip-info < Target IP >`", but not "B. nmap -Pn -sT -p 44818 --script enip-info
< Target IP >`"?
upvoted 1 times
Question #60 Topic 1

While testing a web application in development, you notice that the web server does not properly ignore the “dot dot slash” (../) character string
and instead returns the �le listing of a folder higher up in the folder structure of the server.
What kind of attack is possible in this scenario?

A. Cross-site scripting

B. SQL injection

C. Denial of service

D. Directory traversal

Correct Answer: D

Community vote distribution

D (100%)

  581777a 4 days, 16 hours ago

Selected Answer: D
D. Directory traversal
upvoted 1 times

  Danieluuqo 3 months, 3 weeks ago

Selected Answer: D
The answer is D
upvoted 2 times

  eli117 4 months ago

Selected Answer: D
D. Directory traversal

In a directory traversal attack, an attacker can access files and directories that are stored outside of the web root directory. The attacker can exploit
this vulnerability to access sensitive information such as configuration files, password files, and other sensitive data.
upvoted 2 times
Question #61 Topic 1

Richard, an attacker, aimed to hack IoT devices connected to a target network. In this process, Richard recorded the frequency required to share
information between connected devices. After obtaining the frequency, he captured the original data when commands were initiated by the
connected devices. Once the original data were collected, he used free tools such as URH to segregate the command sequence. Subsequently, he
started injecting the segregated command sequence on the same frequency into the IoT network, which repeats the captured signals of the
devices.
What is the type of attack performed by Richard in the above scenario?

A. Cryptanalysis attack

B. Reconnaissance attack

C. Side-channel attack

D. Replay attack

Correct Answer: D

Community vote distribution

D (100%)

  eli117 Highly Voted  4 months ago

Selected Answer: D
D. Replay attack

Explanation:

In the given scenario, Richard aims to hack IoT devices connected to a target network using a replay attack. He records the frequency required to
share information between connected devices and captures the original data when commands are initiated by the connected devices. Once the
original data are collected, he uses free tools such as URH to segregate the command sequence. Subsequently, he starts injecting the segregated
command sequence on the same frequency into the IoT network, which repeats the captured signals of the devices.

In a replay attack, an attacker records legitimate data transmissions and later retransmits them, hoping to impersonate the original sender or gain
unauthorized access. The attacker captures the data packets or messages transmitted between two entities and replays them back to the same or
another entity, leading to unauthorized access, impersonation, or denial of service.
upvoted 5 times

  581777a Most Recent  4 days, 16 hours ago

Selected Answer: D
D. Replay attack
upvoted 1 times
Question #62 Topic 1

Which of the following allows attackers to draw a map or outline the target organization's network infrastructure to know about the actual
environment that they are going to hack?

A. Vulnerability analysis

B. Malware analysis

C. Scanning networks

D. Enumeration

Correct Answer: C

Community vote distribution

C (63%) D (38%)

  581777a 4 days, 16 hours ago

Selected Answer: D
D. Enumeration

Enumeration involves gathering information about a target network, such as identifying active hosts, open ports, and network services. Attackers
use enumeration to create a map or outline of the target organization's network infrastructure, which helps them understand the environment they
are planning to exploit. This information is valuable for planning and executing further attacks on the network.
upvoted 1 times

  ZacharyDriver 2 weeks, 1 day ago

Selected Answer: C
C. Scanning Networks
upvoted 1 times

  naija4life 1 month, 1 week ago

Selected Answer: D
D. Enumeration
Enumeration in cyber security is extracting a system's valid usernames, machine names, share names, directory names, and other information.
upvoted 2 times

  Vincent_Lu 1 month, 3 weeks ago

C. Scanning networks
upvoted 1 times

  eli117 4 months ago

Selected Answer: C
C. Scanning networks

Scanning networks allows attackers to draw a map or outline the target organization's network infrastructure to know about the actual
environment that they are going to hack. Scanning can help the attacker identify the IP addresses, operating systems, open ports, and running
services of the systems connected to the target network. This information can then be used to identify vulnerabilities and plan further attacks.
upvoted 4 times
Question #63 Topic 1

Your company was hired by a small healthcare provider to perform a technical assessment on the network. What is the best approach for
discovering vulnerabilities on a Windows-based computer?

A. Use the built-in Windows Update tool

B. Use a scan tool like Nessus

C. Check MITRE.org for the latest list of CVE �ndings

D. Create a disk image of a clean Windows installation

Correct Answer: B

Community vote distribution

B (100%)

  581777a 4 days, 16 hours ago

Selected Answer: B
B. Use a scan tool like Nessus

Nessus is a widely used vulnerability scanning tool that can help identify vulnerabilities, misconfigurations, and potential security issues in a system.
It scans the target system for known vulnerabilities and provides detailed reports on its findings, allowing you to take appropriate actions to
address the identified security issues.

While the other options (A, C, and D) are also important considerations in the context of cybersecurity and system assessment, using a specialized
vulnerability scanning tool like Nessus is specifically designed to efficiently discover and assess vulnerabilities in a system.
upvoted 1 times

  Vincent_Lu 1 month, 3 weeks ago

B. Use a scan tool like Nessus
upvoted 1 times

  eli117 4 months ago

Selected Answer: B
B. Use a scan tool like Nessus.

Using a scan tool like Nessus is a good approach for discovering vulnerabilities on a Windows-based computer. Nessus can scan and analyze a
system for vulnerabilities, configuration errors, and other security issues. It can also provide reports on the security posture of the system and
suggest remediation steps. Other methods like using Windows Update or checking CVE findings can be useful, but they may not be as
comprehensive as using a dedicated vulnerability scanner. Creating a disk image of a clean Windows installation is also useful, but it is more
relevant for forensic analysis rather than vulnerability assessment.
upvoted 2 times
Question #64 Topic 1

Susan, a software developer, wants her web API to update other applications with the latest information. For this purpose, she uses a user-de�ned
HTTP callback or push APIs that are raised based on trigger events; when invoked, this feature supplies data to other applications so that users
can instantly receive real-time information.
Which of the following techniques is employed by Susan?

A. Web shells

B. Webhooks

C. REST API

D. SOAP API

Correct Answer: B

Community vote distribution

B (100%)

  581777a 4 days, 16 hours ago

Selected Answer: B
B. Webhooks

Webhooks are user-defined HTTP callbacks or push APIs that allow applications to communicate with each other in real-time. They are triggered by
specific events and send data to other applications automatically when those events occur. In this scenario, Susan is using webhooks to update
other applications with the latest information and provide real-time data to users.
upvoted 1 times

  Vincent_Lu 1 month, 3 weeks ago

B. Webhooks
------------------------------
A. Web shells: Web-based remote access tools.
B. Webhooks: Allows real-time updates using HTTP callback.
C. REST API: Uses HTTP methods to access and manipulate resources.
D. SOAP API: Uses XML messaging format for remote procedure calls.
upvoted 1 times

  jeremy13 3 months ago

Selected Answer: B
B. Webhooks
upvoted 1 times

  eli117 4 months ago

Selected Answer: B
B. Webhooks

Explanation:

Susan is using Webhooks to update other applications with the latest information from her web API. Webhooks are user-defined HTTP callbacks
that are raised based on trigger events. When the trigger event occurs, the Webhook feature supplies data to other applications so that users can
instantly receive real-time information.

Webhooks are useful for a variety of purposes, such as automating workflows, updating data, and triggering notifications. They are widely used in
modern web applications, especially in the context of real-time data sharing.
upvoted 1 times
Question #65 Topic 1

Which IOS jailbreaking technique patches the kernel during the device boot so that it becomes jailbroken after each successive reboot?

A. Tethered jailbreaking

B. Semi-untethered jailbreaking

C. Semi-tethered jailbreaking

D. Untethered jailbreaking

Correct Answer: D

Community vote distribution

D (100%)

  581777a 4 days, 16 hours ago

Selected Answer: D
D. Untethered jailbreaking
upvoted 1 times

  Vincent_Lu 1 month, 3 weeks ago

D. Untethered jailbreaking
upvoted 1 times

  Rocko1 2 months ago

In a tethered jailbreak, the device must be connected to a computer each time it is restarted. The jailbreak exploit needs to be applied again using
special software or tools to gain access to the device’s filesystem and allow the installation of unauthorized apps and modifications. Without this
reapplication, the device will boot into a non-jailbroken state.

On the other hand, an untethered jailbreak is more convenient as it does not require a computer connection every time the device restarts. Once
the untethered jailbreak is successfully performed, the modifications made to the device remain persistent even after a reboot. The device can be
turned on and off without losing the jailbreak status, allowing the use of unauthorized apps and tweaks without any additional steps.
upvoted 2 times

  eli117 4 months ago

Selected Answer: D
D. Untethered jailbreaking

Explanation:

Untethered jailbreaking is a type of jailbreaking technique that allows an iOS device to maintain the jailbreak state even after rebooting. This is
achieved by patching the kernel during the device boot process so that it always loads a jailbroken version of the operating system. Unlike tethered
or semi-tethered jailbreaking, the user does not need to connect the device to a computer each time it is rebooted to maintain the jailbreak state.
upvoted 2 times
Question #66 Topic 1

Stella, a professional hacker, performs an attack on web services by exploiting a vulnerability that provides additional routing information in the
SOAP header to support asynchronous communication. This further allows the transmission of web-service requests and response messages
using different TCP connections.
Which of the following attack techniques is used by Stella to compromise the web services?

A. Web services parsing attacks

B. WS-Address spoo�ng

C. SOAPAction spoo�ng

D. XML injection

Correct Answer: B

Community vote distribution

B (100%)

  581777a 4 days, 15 hours ago

Selected Answer: B
B. WS-Address spoofing
upvoted 1 times

  jeremy13 2 months, 4 weeks ago

Selected Answer: B
B. WS-Address spoofing
CEH Book V12 Module 14 P2076
"WS-address provides additional routing information in the SOAP header to support asynchronous communication"
upvoted 4 times

  eli117 4 months ago

Selected Answer: B
B. WS-Address spoofing

Explanation:

WS-Address spoofing is an attack technique used to exploit a vulnerability that provides additional routing information in the SOAP header to
support asynchronous communication. This vulnerability allows the transmission of web-service requests and response messages using different
TCP connections. An attacker can exploit this vulnerability by modifying the WS-Addressing header to redirect the web-service request to a
different endpoint or server.

In a WS-Address spoofing attack, the attacker crafts a malicious SOAP message that includes a modified WS-Addressing header. This header
contains a spoofed address that points to a malicious endpoint or server controlled by the attacker. When the SOAP message is processed by the
web service, it sends the response to the spoofed address specified in the header, allowing the attacker to intercept and modify the response.
upvoted 4 times
Question #67 Topic 1

Attacker Steve targeted an organization’s network with the aim of redirecting the company’s web tra�c to another malicious website. To achieve
this goal, Steve performed DNS cache poisoning by exploiting the vulnerabilities in the DNS server software and modi�ed the original IP address of
the target website to that of a fake website.
What is the technique employed by Steve to gather information for identity theft?

A. Pharming

B. Skimming

C. Pretexting

D. Wardriving

Correct Answer: A

Community vote distribution

A (100%)

  581777a 4 days, 15 hours ago

Selected Answer: A
A. Pharming
upvoted 1 times

  Vincent_Lu 1 month, 3 weeks ago

A. Pharming
---------------------
A. Pharming: DNS or computer manipulation to redirect to fraudulent websites.
B. Skimming: Illegally capturing sensitive information, such as credit card details.
C. Pretexting: Deceiving individuals by creating fictional scenarios to extract information.
D. Wardriving: Searching for Wi-Fi networks for potential exploitation.
upvoted 2 times

  jeremy13 2 months, 4 weeks ago

Selected Answer: A
A. Pharming
CEH Book V12 Module 09 P1357
"Pharming is a social engineering technique in which the attacker executes malicious programs on a victim’s computer or server, and when the
victim enters any URL or domain name, it automatically redirects the victim’s traffic to an attacker-controlled website. This attack is also known as
“Phishing without a Lure.” The attacker steals confidential information like credentials, banking details, and other information related to web-based
services.
Pharming attack can be performed in two ways: DNS Cache Poisoning and Host File Modification"
upvoted 2 times

  eli117 4 months ago

Selected Answer: A
A. Pharming

Explanation:

Pharming is a type of cyber attack where an attacker redirects the traffic of a legitimate website to a fake website, which is designed to look
identical to the original website. The attackers achieve this by exploiting vulnerabilities in the DNS server software or by modifying the local hosts
file on the victim's computer. The aim of this attack is to gather sensitive information, such as login credentials, credit card details, or other
personal information, from the victim.

In the given scenario, Steve performed DNS cache poisoning to redirect the web traffic of the target organization's website to a malicious website.
By doing this, he can trick the users into entering their sensitive information into the fake website, which can be later used for identity theft.
upvoted 2 times
Question #68 Topic 1

What is the port to block �rst in case you are suspicious that an IoT device has been compromised?

A. 22

B. 48101

C. 80

D. 443

Correct Answer: B

Community vote distribution

B (100%)

  581777a 4 days, 15 hours ago

Selected Answer: B
B. 48101
upvoted 1 times

  Vincent_Lu 1 month, 3 weeks ago

B. 48101
upvoted 1 times

  jeremy13 2 months, 4 weeks ago

Selected Answer: B
B. 48101
CEH Book V12 Module 18 P 2896
How to Defend Against IoT Hacking :
Monitor traffic on port 48101, as infected devices attempt to spread the malicious file using port 48101.
upvoted 2 times

  eli117 4 months ago

Selected Answer: B
B. 48101

Explanation:

Port 48101 is the default port used by Mirai, one of the most well-known IoT botnets. Mirai searches for IoT devices that have weak or default
credentials, and once it gains access, it uses port 48101 to communicate with its command and control (C&C) server. By blocking port 48101, the
infected device will not be able to communicate with the C&C server, and this can prevent the attacker from controlling the device or launching
DDoS attacks.
upvoted 3 times
Question #69 Topic 1

Clark is a professional hacker. He created and con�gured multiple domains pointing to the same host to switch quickly between the domains and
avoid detection.
Identify the behavior of the adversary in the above scenario.

A. Unspeci�ed proxy activities

B. Use of command-line interface

C. Data staging

D. Use of DNS tunneling

Correct Answer: B

Community vote distribution

A (86%) 14%

  jeremy13 Highly Voted  3 months, 4 weeks ago

Selected Answer: A
A. Unspecified proxy activities
CEH book V12 Module 1 P26

Unspecified Proxy Activities : An adversary can create and configure multiple domains pointing to the same host, thus, allowing an adversary to
switch quickly between the domains to avoid detection. Security professionals can find unspecified domains by checking the data feeds that are
generated by those domains. Using this data feed, the security professionals can also find any malicious files downloaded and the unsolicited
communication with the outside network based on the domains.
upvoted 7 times

  naija4life Most Recent  1 month, 1 week ago

Selected Answer: D
D. Use of DNS tunneling
upvoted 1 times

  victorfs 2 months, 3 weeks ago

Selected Answer: A
The correct option is A.
. Unspecified proxy activities
upvoted 1 times

  sTaTiK 3 months, 1 week ago

Selected Answer: A
The Anser is A, you can check ansers on V11.
upvoted 2 times

  sausageman 3 months, 3 weeks ago

Selected Answer: A
A. Unspecified proxy activities
In my book is module 1 page 18
upvoted 2 times

  eli117 4 months ago

Selected Answer: D
D. Use of DNS tunneling

Explanation:

DNS tunneling is a technique used by adversaries to bypass security controls and exfiltrate data from a compromised network. It involves creating
DNS queries and responses that encapsulate other types of traffic, such as command and control communications or stolen data.
upvoted 1 times
Question #70 Topic 1

What �rewall evasion scanning technique make use of a zombie system that has low network activity as well as its fragment identi�cation
numbers?

A. Packet fragmentation scanning

B. Spoof source address scanning

C. Decoy scanning

D. Idle scanning

Correct Answer: D

Community vote distribution

D (91%) 9%

  jeremy13 Highly Voted  3 months, 4 weeks ago

Selected Answer: D
D. Idle scanning
Like 312-50v11 Q228
upvoted 5 times

  581777a Most Recent  4 days, 14 hours ago

Selected Answer: D
D. Idle scanning
upvoted 1 times

  Vincent_Lu 1 month, 3 weeks ago

D. Idle scanning
https://en.wikipedia.org/wiki/Idle_scan#Finding_a_zombie_host
The first step in executing an idle scan is to find an appropriate zombie. It needs to assign IP ID packets incrementally...
upvoted 1 times

  victorfs 2 months, 3 weeks ago

Selected Answer: D
The correct option is D.

Idle scanning (also known as zombie scanning) is a firewall evasion technique that uses a zombie system with low network activity to scan a target
system
upvoted 2 times

  Muli_70 3 months ago

The correct answer is A. Packet fragmentation scanning is a technique used to evade firewalls by fragmenting packets to bypass firewall rules. In
this technique, the attacker sends a large packet that is broken down into smaller fragments. The fragments are sent to the target system and are
reassembled by the system's TCP/IP stack. The firewall may only inspect the first fragment, allowing the subsequent fragments to bypass the
firewall rules. The attacker may use a zombie system with low network activity to generate fragmented packets with random fragment identification
numbers to evade detection.
In contrast, the technique mentioned in the question uses the fragmentation identification numbers of a zombie system to evade firewall scanning.
Therefore, the correct answer is A, packet fragmentation scanning.
upvoted 1 times

  sausageman 3 months, 3 weeks ago

Selected Answer: D
D. Idle scanning
upvoted 2 times

  eli117 4 months ago

Selected Answer: A
A. Packet fragmentation scanning

Packet fragmentation scanning involves breaking up packets into smaller fragments to evade firewall or intrusion detection system (IDS) rules that
are configured to block or detect packets of a certain size or pattern. By using a zombie system with low network activity, the attacker can minimize
the chances of detection and increase the chances of successful evasion. The attacker can also manipulate the fragment identification numbers to
avoid detection.
upvoted 1 times
Question #71 Topic 1

By performing a penetration test, you gained access under a user account. During the test, you established a connection with your own machine
via the SMB service and occasionally entered your login and password in plaintext.
Which �le do you have to clean to clear the password?

A. .xsession-log

B. .pro�le

C. .bashrc

D. .bash_history

Correct Answer: D

Community vote distribution

D (100%)

  581777a 4 days, 14 hours ago

Selected Answer: D
D. .bash_history
upvoted 1 times

  Vincent_Lu 1 month, 3 weeks ago

D..bash_history
upvoted 1 times

  jeremy13 2 months, 3 weeks ago

Selected Answer: D
D. .bash_history
upvoted 2 times

  eli117 4 months ago

Selected Answer: D
D. .bash_history

Explanation:
The .bash_history file is a log of commands executed in the Bash shell. If a user enters their login and password in plaintext, it will be stored in the
.bash_history file. This file can be cleared to remove any plaintext passwords that may have been stored.

The .xsession-log file records X session messages, and the .profile and .bashrc files are scripts that are run at login to set environment variables and
configure the shell. These files do not typically contain plaintext passwords.
upvoted 4 times
Question #72 Topic 1

Jack, a disgruntled ex-employee of Incalsol Ltd., decided to inject �leless malware into Incalsol's systems. To deliver the malware, he used the
current employees' email IDs to send fraudulent emails embedded with malicious links that seem to be legitimate. When a victim employee clicks
on the link, they are directed to a fraudulent website that automatically loads Flash and triggers the exploit.
What is the technique used by Jack to launch the �leless malware on the target systems?

A. In-memory exploits

B. Legitimate applications

C. Script-based injection

D. Phishing

Correct Answer: D

Community vote distribution

D (90%) 10%

  581777a 4 days, 14 hours ago

Selected Answer: D
D. Phishing
upvoted 1 times

  Vincent_Lu 1 month, 3 weeks ago

D. Phishing
upvoted 1 times

  jeremy13 2 months, 3 weeks ago

Selected Answer: D
D. Phishing
upvoted 1 times

  victorfs 2 months, 3 weeks ago

Selected Answer: D
The correcto option is D.
Phising
upvoted 1 times

  sausageman 3 months, 3 weeks ago

Selected Answer: D
My bad it's D phishing:
Module 07 Page 727
"Attackers commonly use social engineering techniques such as phishing to spread fileless malware to the target systems. They send spam emails
embedded with malicious links to the victim. When the victim clicks on the link, he/she will be directed to a fraudulent website that automatically
loads Flash and triggers the exploit."
upvoted 2 times

  sausageman 3 months, 3 weeks ago

Selected Answer: A
A. In-memory exploits
Book v12 Module 07 Page 725
upvoted 1 times

  sausageman 3 months, 3 weeks ago

My bad it's D phishing:
Module 07 Page 727
"Attackers commonly use social engineering techniques such as phishing to spread fileless malware to the target systems. They send spam
emails embedded with malicious links to the victim. When the victim clicks on the link, he/she will be directed to a fraudulent website that
automatically loads Flash and triggers the exploit."
upvoted 2 times

  eli117 4 months ago

Selected Answer: D
D. Phishing

Explanation:
Jack used phishing to deliver the fileless malware to Incalsol's systems. Phishing is a social engineering attack where an attacker sends fraudulent
emails, text messages, or instant messages that seem to be from a legitimate source to trick the victim into divulging sensitive information, clicking
on a link, or downloading an attachment. In this case, Jack used the current employees' email IDs to send fraudulent emails embedded with
malicious links that seem to be legitimate
upvoted 4 times
Question #73 Topic 1

Wilson, a professional hacker, targets an organization for �nancial bene�t and plans to compromise its systems by sending malicious emails. For
this purpose, he uses a tool to track the emails of the target and extracts information such as sender identities, mail servers, sender IP addresses,
and sender locations from different public sources. He also checks if an email address was leaked using the haveibeenpwned.com API.
Which of the following tools is used by Wilson in the above scenario?

A. Factiva

B. ZoomInfo

C. Netcraft

D. Infoga

Correct Answer: D

Community vote distribution

D (100%)

  581777a 4 days, 14 hours ago

Selected Answer: D
D. Infoga
upvoted 1 times

  Vincent_Lu 1 month, 3 weeks ago

D. Infoga
upvoted 1 times

  Vincent_Lu 1 month, 3 weeks ago

A. Factiva: Factiva is a business information and research
platform that provides access to a wide range of global news sources, industry publications, and company data.
B. ZoomInfo: ZoomInfo is a platform that offers access to a vast database of company and contact information. It provides detailed profiles of
businesses, including company overviews, employee details, and contact information.
C. Netcraft: Netcraft is a company that specializes in internet security services and research. They provide various tools and services to help
organizations protect their online assets from threats such as phishing attacks, malware, and network vulnerabilities.
D. Infoga: Infoga is an open-source information gathering tool used for gathering email accounts, usernames, and other personal information
from various online sources. It can be used for reconnaissance and intelligence gathering in ethical hacking and cybersecurity assessments.
upvoted 2 times

  victorfs 2 months, 3 weeks ago

Selected Answer: D
The correct option is D.
Infoga
upvoted 1 times

  eli117 4 months ago

Selected Answer: D
D. Infoga

Explanation:

Wilson is using Infoga to extract information such as sender identities, mail servers, sender IP addresses, and sender locations from different public
sources. Infoga is an open-source tool that can be used for email reconnaissance, and it is used to collect email addresses and related data such as
contacts, domain names, and IP addresses.

Infoga uses various search engines and other public sources to gather information, including Google, Bing, Yahoo, PGP servers, and Have I Been
Pwned. By collecting data from these sources, Infoga can help attackers find email addresses and other information about a target, which can be
used in phishing attacks and other types of social engineering.
upvoted 4 times
Question #74 Topic 1

David is a security professional working in an organization, and he is implementing a vulnerability management program in the organization to
evaluate and control the risks and vulnerabilities in its IT infrastructure. He is currently executing the process of applying �xes on vulnerable
systems to reduce the impact and severity of vulnerabilities.
Which phase of the vulnerability-management life cycle is David currently in?

A. Remediation

B. Veri�cation

C. Risk assessment

D. Vulnerability scan

Correct Answer: A

Community vote distribution

A (100%)

  581777a 4 days, 14 hours ago

Selected Answer: A
A. Remediation
upvoted 1 times

  Vincent_Lu 1 month, 3 weeks ago

A. Remediation
----------------------------------
Vulnerability Management Life Cycle
1. Idntify assets and Creating Baseline
2. Vulnerability Scan
3. Risk Assessment
4. Remediation
5. Verification
6. Monitor
upvoted 1 times

  jeremy13 2 months, 3 weeks ago

Selected Answer: A
A. Remediation
12-50v11 Q214
upvoted 1 times

  eli117 4 months ago

Selected Answer: A
A. Remediation

Explanation:

The vulnerability-management life cycle consists of several phases, including risk assessment, vulnerability scan, reporting, prioritization,
remediation, and verification. The remediation phase is the process of applying fixes on vulnerable systems to reduce the impact and severity of
vulnerabilities.

In this phase, the organization takes actions to fix the identified vulnerabilities based on their severity and impact on the business. The remediation
process includes the application of patches, the installation of updates, the configuration of settings, and the implementation of security controls to
reduce the risk of exploitation.
upvoted 1 times
Question #75 Topic 1

Alice, a professional hacker, targeted an organization’s cloud services. She in�ltrated the target’s MSP provider by sending spear-phishing emails
and distributed custom-made malware to compromise user accounts and gain remote access to the cloud service. Further, she accessed the
target customer pro�les with her MSP account, compressed the customer data, and stored them in the MSP. Then, she used this information to
launch further attacks on the target organization.
Which of the following cloud attacks did Alice perform in the above scenario?

A. Cloud cryptojacking

B. Man-in-the-cloud (MITC) attack

C. Cloud hopper attack

D. Cloudborne attack

Correct Answer: C

Community vote distribution

C (90%) 10%

  581777a 4 days, 14 hours ago

Selected Answer: C
C. Cloud hopper attack
upvoted 1 times

  Vincent_Lu 1 month, 3 weeks ago

C. Cloud hopper attack
-----------------------------------------
A. Cloud cryptojacking: Unauthorized mining of cryptocurrencies using cloud resources.
B. Man-in-the-cloud (MITC) attack: Unauthorized access and manipulation of cloud storage.
C. Cloud hopper attack: Targeting cloud service providers to access multiple client networks.
D. Cloudborne attack: Exploiting cloud infrastructure vulnerabilities to compromise data or resources.
upvoted 1 times

  victorfs 2 months, 3 weeks ago

Selected Answer: C
The correct option is C.
Cloud hopper attack
upvoted 1 times

  sausageman 3 months, 3 weeks ago

Selected Answer: C
C. Cloud hopper attack
Book v12 Module 19 Page 1992
"Cloud hopper attacks are triggered at managed service providers (MSPs) and their customers. Once the attack is successfully implemented,
attackers can gain remote access to the intellectual property and critical information of the target MSP and its global users/customers. Attackers
also move laterally in the network from one system to another in the cloud environment to gain further access to sensitive data pertaining to the
industrial entities, such as manufacturing, government bodies, healthcare, and finance"
upvoted 3 times

  jeremy13 3 months, 4 weeks ago

Selected Answer: C
C. Cloud hopper attack
like 312-50v11 Q141
CEH book V12 Module19 P3155

Cloud hopper attacks are triggered at managed service providers (MSPs) and their customers. Once the attack is successfully implemented,
attackers can gain remote access to the intellectual property and critical information of the target MSP and its global users/customers.
...
Attackers initiate spear-phishing emails with custom-made malware to compromise user accounts of staff members or cloud service firms to obtain
confidential information.
...
Attackers breach the security mechanisms impersonating a valid service provider and gain complete access to corporate data of the enterprise and
connected customers.
..
The attacker then extracts the information from the MSP and uses that information to launch further attacks on the target organization and users.
upvoted 4 times
   eli117 4 months ago
Selected Answer: B
B. Man-in-the-cloud (MITC) attack

Explanation:

Alice performed a Man-in-the-cloud (MITC) attack on the target organization's cloud services. A MITC attack is a type of attack in which the
attacker gains access to a user's cloud storage account and modifies or deletes data without the user's knowledge. In this case, Alice infiltrated the
target's MSP provider by sending spear-phishing emails and distributing custom-made malware to compromise user accounts and gain remote
access to the cloud service. She then accessed the target customer profiles with her MSP account, compressed the customer data, and stored them
in the MSP. This allowed her to launch further attacks on the target organization.
upvoted 1 times

Question #76 Topic 1

Judy created a forum. One day, she discovers that a user is posting strange images without writing comments. She immediately calls a security
expert, who discovers that the following code is hidden behind those images:

What issue occurred for the users who clicked on the image?

A. This php �le silently executes the code and grabs the user’s session cookie and session ID.

B. The code redirects the user to another site.

C. The code injects a new cookie to the browser.

D. The code is a virus that is attempting to gather the user’s username and password.

Correct Answer: A

Community vote distribution

A (100%)

  Vincent_Lu 1 month, 3 weeks ago

A. This php file silently executes the code and grabs the user’s session cookie and session ID.
upvoted 1 times

  kapen 2 weeks, 2 days ago

Would be nice if you could explain more the details of the script, I could not figure out the , 'user session cookie' & 'session ID' part in the script.
Does the cookie provides both?
upvoted 1 times

  eli117 4 months ago

Selected Answer: A
A. This PHP file silently executes the code and grabs the user’s session cookie and session ID.

Explanation:

The code embedded behind the strange images posted by the user on the forum is a PHP file that runs in the background and steals the user's
session cookies and session ID. The PHP script silently executes in the background, and the user may not be aware that their session has been
compromised.
upvoted 2 times

  kapen 2 weeks, 2 days ago

Would be nice if you could explain more the details of the script, I could not figure out the , 'user session cookie' & 'session ID' part in the script.
Does the cookie provides both?
upvoted 1 times
Question #77 Topic 1

Ethical hacker Jane Smith is attempting to perform an SQL injection attack. She wants to test the response time of a true or false response and
wants to use a second command to determine whether the database will return true or false results for user IDs.
Which two SQL injection types would give her the results she is looking for?

A. Out of band and boolean-based

B. Union-based and error-based

C. Time-based and union-based

D. Time-based and boolean-based

Correct Answer: B

Community vote distribution

D (80%) A (20%)

  581777a 4 days, 14 hours ago

Selected Answer: D
Time-based SQL Injection: This technique involves causing the database to delay its response, allowing the attacker to infer information based on
the response time. By injecting malicious SQL code that includes time-delay functions (such as WAITFOR DELAY in Microsoft SQL Server or SLEEP()
in MySQL), the attacker can observe whether the web application's response time changes, indicating a successful injection.

Union-based SQL Injection: This technique involves exploiting a vulnerability in the SQL query to manipulate the structure of the query and retrieve
data from other database tables. The attacker uses the UNION SQL operator to combine the results of their malicious query with the original query,
extracting data from different tables and columns. The attacker can use boolean conditions to test whether certain conditions are true or false.
upvoted 1 times

  angellorv 1 month, 1 week ago

Answer B (Union-based and error base - sub category of IN-BAND SQLinjection)
https://www.acunetix.com/websitesecurity/sql-injection2/
Union-based SQLi: leverages the UNION SQL operator to combine the results of two or more SELECT statements into a single result which is then
returned as part of the HTTP response
upvoted 1 times

  Vincent_Lu 1 month, 3 weeks ago

D. Time-based and boolean-based
upvoted 1 times

  victorfs 2 months, 3 weeks ago

Selected Answer: D
The correct option is D.

D. Time-based and boolean-based

upvoted 1 times

  Muli_70 3 months ago

C. Time-based and union-based

Time-based injection would allow her to test the response time of a true or false response.

Union-based injection would allow her to use a second command to determine whether the database will return true or false results for user IDs.
upvoted 1 times

  sTaTiK 3 months, 1 week ago

Selected Answer: D
Time-based cuz is blind and yes or no its boolean.
upvoted 1 times

  sausageman 3 months, 3 weeks ago

Selected Answer: D
D. Time-based and boolean-based
upvoted 2 times

  jeremy13 3 months, 4 weeks ago

Selected Answer: D
D. Time-based and boolean-based
 like 312-50V11 Q182
upvoted 3 times

  eli117 4 months ago

Selected Answer: A
A. Out of band and boolean-based.

Out of band SQL injection involves using an out-of-band (OOB) channel to communicate with the attacker's system. The attacker typically uses this
method when the vulnerable application is unable to retrieve data from the database and display it on the web page. The OOB channel can be
used to retrieve the data from the database and send it to the attacker's system.

Boolean-based SQL injection involves using true or false conditions to infer information about the database. This method involves injecting SQL
statements that force the database to return a true or false response, depending on whether the statement is correct or not. By analyzing the
response, an attacker can determine whether the injected SQL statement was executed or not.
upvoted 2 times
Question #78 Topic 1

Jason, an attacker, targeted an organization to perform an attack on its Internet-facing web server with the intention of gaining access to backend
servers, which are protected by a �rewall. In this process, he used a URL https://xyz.com/feed.php?url=externalsite.com/feed/to to obtain a
remote feed and altered the URL input to the local host to view all the local resources on the target server.
What is the type of attack Jason performed in the above scenario?

A. Web server miscon�guration

B. Server-side request forgery (SSRF) attack

C. Web cache poisoning attack

D. Website defacement

Correct Answer: B

Community vote distribution

B (100%)

  Vincent_Lu 1 month, 3 weeks ago

B. Server-side request forgery (SSRF) attack
upvoted 1 times

  victorfs 2 months, 3 weeks ago

Selected Answer: B
The correct option is B.
SSRF
upvoted 1 times

  jeremy13 3 months, 4 weeks ago

Selected Answer: B
B. Server-side request forgery (SSRF) attack
Like : 312-50v11 Q11
Book CEH V12 : Module14 P1948
SSRF vulnerabilities evolve in the following manner. Generally, server-side requests are initiated to obtain information from an external resource
and feed it into an application. For instance, a designer can utilize a URL such as https://xyz.com/feed.php?url=externalsite.com/feed/to to obtain a
remote feed. If attackers can alter the URL input to the localhost, then they can view all the local resources on the server.
upvoted 2 times

  eli117 4 months ago

Selected Answer: B
B. Server-side request forgery (SSRF) attack

Explanation:

In the given scenario, Jason performed a Server-side request forgery (SSRF) attack to gain access to backend servers that were protected by a
firewall. In an SSRF attack, the attacker sends a request to a web server with a manipulated URL input that points to an external system controlled
by the attacker. The web server processes the request, and the attacker can use this to access resources on the server that are not intended to be
accessible.

In this case, the attacker used the URL input to obtain a remote feed and then manipulated the input to point to the local host, which allowed the
attacker to view all local resources on the target server. By exploiting this vulnerability, the attacker could potentially gain access to sensitive
information or even take control of the server.
upvoted 2 times
Question #79 Topic 1

George is a security professional working for iTech Solutions. He was tasked with securely transferring sensitive data of the organization between
industrial systems. In this process, he used a short-range communication protocol based on the IEEE 203.15.4 standard. This protocol is used in
devices that transfer data infrequently at a low rate in a restricted area, within a range of 10-100 m.
What is the short-range wireless communication technology George employed in the above scenario?

A. LPWAN

B. MQTT

C. NB-IoT

D. Zigbee

Correct Answer: D

Community vote distribution

D (100%)

  Vincent_Lu 1 month, 3 weeks ago

D. Zigbee
upvoted 1 times

  victorfs 2 months, 3 weeks ago

Selected Answer: D
The correct option is D.
Zigbee
upvoted 1 times

  jeremy13 3 months, 4 weeks ago

Selected Answer: D
D. Zigbee
like 312-50v11 246
CEH BOOK Module 16 P2372
802.15.4 (ZigBee): The 802.15.4 standard has a low data rate and complexity.
upvoted 2 times

  eli117 4 months ago

Selected Answer: D
D. Zigbee

Explanation: George employed a short-range communication protocol based on the IEEE 203.15.4 standard, which is used in devices that transfer
data infrequently at a low rate in a restricted area, within a range of 10-100 m. Zigbee is a wireless communication technology that is designed for
low-power, low-data-rate applications, and it operates on the IEEE 203.15.4 standard. Zigbee uses mesh networking, which means that each device
in the network can act as a repeater to extend the network's range. This makes Zigbee an ideal technology for industrial systems that require
secure and reliable communication over short distances.
upvoted 3 times
Question #80 Topic 1

Eric, a cloud security engineer, implements a technique for securing the cloud resources used by his organization. This technique assumes by
default that a user attempting to access the network is not an authentic entity and veri�es every incoming connection before allowing access to
the network. Using this technique, he also imposed conditions such that employees can access only the resources required for their role.
What is the technique employed by Eric to secure cloud resources?

A. Demilitarized zone

B. Zero trust network

C. Serverless computing

D. Container technology

Correct Answer: B

Community vote distribution

B (100%)

  581777a 4 days, 14 hours ago

Selected Answer: B
B. Zero trust network
upvoted 1 times

  Vincent_Lu 1 month, 3 weeks ago

B. Zero trust network
upvoted 2 times

  eli117 4 months ago

Selected Answer: B
A zero trust network is a security model that assumes that every user, device, and application attempting to access the network is a potential threat,
regardless of whether they are inside or outside the network perimeter. It verifies every incoming connection before allowing access to the network
and imposes strict conditions such as least privilege access, microsegmentation, and continuous monitoring.

In the given scenario, Eric implemented a technique for securing the cloud resources used by his organization that assumes by default that a user
attempting to access the network is not an authentic entity and verifies every incoming connection before allowing access to the network. He also
imposed conditions such that employees can access only the resources required for their role. This is a typical example of the zero trust security
model, which is designed to prevent unauthorized access to network resources and protect against potential security breaches.
upvoted 3 times
Question #81 Topic 1

You are a penetration tester tasked with testing the wireless network of your client Brakeme SA. You are attempting to break into the wireless
network with the SSID “Brakeme-Internal.” You realize that this network uses WPA3 encryption.
Which of the following vulnerabilities is the promising to exploit?

A. Cross-site request forgery

B. Dragonblood

C. Key reinstallation attack

D. AP miscon�guration

Correct Answer: B

Community vote distribution

B (86%) 14%

  Vincent_Lu 1 month, 3 weeks ago

B. Dragonblood
upvoted 1 times

  sausageman 3 months, 3 weeks ago

Selected Answer: B
B. Dragonblood
upvoted 1 times

  sausageman 3 months, 3 weeks ago

B. Dragonblood
upvoted 1 times

  jeremy13 3 months, 4 weeks ago

Selected Answer: B
B. Dragonblood
Like 312-50v11 Q224
same as tc5899
CEH V12 Module16 P2510
upvoted 3 times

  tc5899 4 months ago

Selected Answer: B
B- Dragonblood is a set of vulnerabilities in the WPA3 security standard that allows attackers to recover keys, downgrade security mechanisms, and
launch various information-theft attacks
Attackers can use various tools, such as Dragonslayer, Dragonforce, Dragondrain, and Dragontime, to exploit these vulnerabilities and launch
attacks on WPA3-enabled networks.
CEH v11 manual. pg. 2322
upvoted 2 times

  eli117 4 months ago

Selected Answer: C
C. Key reinstallation attack

WPA3 is the latest encryption protocol for wireless networks and is considered more secure than its predecessor, WPA2. However, WPA3 is still
susceptible to the Key Reinstallation Attack (KRACK), which is a vulnerability that allows attackers to intercept and manipulate network traffic.

In a KRACK attack, an attacker exploits a flaw in the WPA3 protocol that allows them to reinstall an already-in-use key. This can enable the attacker
to decrypt, replay, or manipulate network traffic, which can compromise the security of the network.
upvoted 1 times
Question #82 Topic 1

What is the common name for a vulnerability disclosure program opened by companies in platforms such as HackerOne?

A. White-hat hacking program

B. Bug bounty program

C. Ethical hacking program

D. Vulnerability hunting program

Correct Answer: C

Community vote distribution

B (100%)

  581777a 4 days, 14 hours ago

Selected Answer: B
B. Bug bounty program

Bug bounty programs invite security researchers, often referred to as white-hat hackers, to find and responsibly disclose security vulnerabilities in
exchange for monetary rewards or recognition. These programs provide an organized and controlled way for ethical hackers to contribute to the
security of software and systems.
upvoted 1 times

  kapen 1 week ago

Selected Answer: B
B. Bug bounty program
https://hackerone.com/security?type=team
upvoted 1 times

  Vincent_Lu 1 month, 3 weeks ago

B. Bug bounty program
upvoted 1 times

  victorfs 2 months, 3 weeks ago

Selected Answer: B
The correct is option B.
B. Bug bounty program
upvoted 1 times

  jeremy13 3 months, 4 weeks ago

Selected Answer: B
B. Bug bounty program
Like 312-50v11 Q158
CEH book Module 14 P2186

A bug bounty program is a challenge or agreement hosted by organizations, websites, or software developers for tech-savvy individuals or ethical
hackers to participate and break into their security to report the latest bugs and vulnerabilities
upvoted 2 times

  eli117 4 months ago

Selected Answer: B
Answer: B

Explanation:

The common name for a vulnerability disclosure program opened by companies in platforms such as HackerOne is a bug bounty program. These
programs are designed to encourage security researchers and ethical hackers to report vulnerabilities they find in a company's systems, software,
or hardware. Companies offer monetary rewards, recognition, or other incentives for researchers who report vulnerabilities that meet the criteria
specified in the program. This helps companies to identify and address vulnerabilities before they can be exploited by malicious actors.
upvoted 2 times
Question #83 Topic 1

A DDoS attack is performed at layer 7 to take down web infrastructure. Partial HTTP requests are sent to the web infrastructure or applications.
Upon receiving a partial request, the target servers opens multiple connections and keeps waiting for the requests to complete.
Which attack is being described here?

A. Desynchronization

B. Slowloris attack

C. Session splicing

D. Phlashing

Correct Answer: B

Community vote distribution

B (100%)

  Vincent_Lu 1 month, 3 weeks ago

B. Slowloris attack
-----------------------------------
A. Desynchronization: disrupts the synchronization between different components a system, so exploits the vulnerabilities that related to the
synchronization of data or processes.
B. Slowloris attack: a type of denial-of-service (DoS) attack to web server. The attacker sends incomplete HTTP requests to the web server, keeping
connections open to consume and exhaust resources to make web server unavailable.
C. Session splicing: attacker intercepts and combines parts of different sessions to gain unauthorized access or perform malicious actions. This
attack typically targets web-based sessions, allowing the attacker to bypass authentication or gain access to sensitive information.
D. Phlashing: attack IOT devices to break its firmware or hardware to permanently disable a device or system.
upvoted 2 times

  jeremy13 3 months, 4 weeks ago

Selected Answer: B
B. Slowloris attack
312-50v11 Q187
CEH book Module 10 P1452

Slowloris is a DDoS attack tool used to perform layer-7 DDoS attacks to take down web infrastructure. It is distinctly different from other tools in
that it uses perfectly legitimate HTTP traffic to take down a target server. In Slowloris attacks, the attacker sends partial HTTP requests to the target
web server or application. Upon receiving the partial requests, the target server opens multiple connections and waits for the requests to complete
upvoted 2 times

  eli117 4 months ago

Selected Answer: B
B. Slowloris attack.

Explanation: In a Slowloris attack, the attacker sends partial HTTP requests to the web infrastructure or applications. Upon receiving a partial
request, the target server opens multiple connections and keeps waiting for the requests to complete. The attacker then sends a slow stream of
subsequent requests that are never completed, which leads to resource exhaustion on the server, eventually causing it to crash or become
unavailable. This attack is performed at layer 7 to take down web infrastructure.
upvoted 2 times
Question #84 Topic 1

Andrew is an Ethical Hacker who was assigned the task of discovering all the active devices hidden by a restrictive �rewall in the IPv4 range in a
given target network.
Which of the following host discovery techniques must he use to perform the given task?

A. UDP scan

B. ARP ping scan

C. ACK �ag probe scan

D. TCP Maimon scan

Correct Answer: C

Community vote distribution

B (100%)

  Vincent_Lu 1 month, 3 weeks ago

B. ARP ping scan
-----------------------------------
A. UDP scan: Network scan using UDP packets to check port status on a target system.

B. ARP ping scan: Scan method using ARP requests to discover IP and MAC addresses in a local network.

C. ACK flag probe scan: TCP port scan using ACK flag to determine port status.

D. TCP Maimon scan: Port scan using specific flag combinations(Maimon Techniques), including SYN and FIN to determine port status.
upvoted 2 times

  victorfs 2 months, 3 weeks ago

Selected Answer: B
The correct option is B.
B. ARP ping scan
upvoted 1 times

  jeremy13 3 months, 4 weeks ago

Selected Answer: B
B. ARP ping scan
Like 312-50 V11 Q160
CEH book V12 Module 03 P285

In the ARP ping scan, the ARP packets are sent for discovering all active devices in the IPv4 range even though the presence of such devices is
hidden by restrictive firewalls.
upvoted 2 times

  eli117 4 months ago

Selected Answer: B
Answer: B

Explanation: To discover all the active devices hidden by a restrictive firewall in the IPv4 range, Andrew should use an ARP ping scan technique. ARP
ping scan is an efficient and effective technique that enables a host to discover all the active hosts on the network, especially when it is difficult to
identify devices using the traditional methods such as ICMP ping. ARP requests are used to check the existence of each device with a specific IP
address within the network, and the devices with the corresponding MAC addresses reply with an ARP response. Therefore, by sending ARP
requests to each IP address in a range, Andrew can identify all active devices within the network.
upvoted 3 times
Question #85 Topic 1

Abel, a cloud architect, uses container technology to deploy applications/software including all its dependencies, such as libraries and
con�guration �les, binaries, and other resources that run independently from other processes in the cloud environment. For the containerization of
applications, he follows the �ve-tier container technology architecture. Currently, Abel is verifying and validating image contents, signing images,
and sending them to the registries.
Which of the following tiers of the container technology architecture is Abel currently working in?

A. Tier-1: Developer machines

B. Tier-2: Testing and accreditation systems

C. Tier-3: Registries

D. Tier-4: Orchestrators

Correct Answer: C

Community vote distribution

B (88%) 13%

  jeremy13 Highly Voted  3 months, 4 weeks ago

Selected Answer: B
B. Tier-2: Testing and accreditation systems
Like 312-50V11 Q174
CEH BOOK V12 Module 19 P3082
* Tier-1: Developer machines - image creation, testing and accreditation

*Tier-2: Testing and accreditation systems - verification and validation of image contents, signing images and sending them to the registries

* Tier-3: Registries - storing images and disseminating images to the orchestrators based on requests

* Tier-4: Orchestrators - transforming images into containers and deploying containers to hosts

* Tier-5: Hosts - operating and managing containers as instructed by the orchestrator Module
upvoted 5 times

  Vincent_Lu Most Recent  1 month, 2 weeks ago

B. Tier-2: Testing and accreditation systems
upvoted 1 times

  victorfs 2 months, 3 weeks ago

Selected Answer: B
The correct option is B.
B. Tier-2: Testing and accreditation systems
upvoted 1 times

  sausageman 3 months, 3 weeks ago

Selected Answer: B
B. Tier-2: Testing and accreditation systems
upvoted 1 times

  eli117 4 months ago

Selected Answer: C
Answer: C. Tier-3: Registries

Explanation:

The five-tier container technology architecture is as follows:

Tier-1: Developer machines: In this tier, developers build container images by including all the application dependencies and resources that are
required to run the application.
Tier-2: Testing and accreditation systems: This tier is used to test the container images and ensure that they are free from vulnerabilities, errors, and
other issues. This tier is also used for the approval of container images before they are sent to the registry.
Tier-3: Registries: This tier is used to store container images. These images can be shared across different environments and can be deployed to
any cloud infrastructure.
Tier-4: Orchestrators: In this tier, container images are managed, scheduled, and deployed on cloud infrastructure.
Tier-5: Runtime: This tier is responsible for running the containers in the production environment.
upvoted 1 times
Question #86 Topic 1

Henry is a cyber security specialist hired by BlackEye – Cyber Security Solutions. He was tasked with discovering the operating system (OS) of a
host. He used the Unicornscan tool to discover the OS of the target system. As a result, he obtained a TTL value, which indicates that the target
system is running a Windows OS.
Identify the TTL value Henry obtained, which indicates that the target OS is Windows.

A. 128

B. 255

C. 64

D. 138

Correct Answer: A

Community vote distribution

A (78%) B (22%)

  ZacharyDriver 2 weeks, 1 day ago

Selected Answer: A
A. 128
upvoted 1 times

  Vincent_Lu 1 month, 2 weeks ago

A. 128
upvoted 1 times

  victorfs 2 months, 3 weeks ago

Selected Answer: A
The correct option is A.
128 for Windows OS
upvoted 1 times

  sausageman 3 months, 3 weeks ago

Selected Answer: A
A. 128
upvoted 2 times

  jeremy13 3 months, 4 weeks ago

Selected Answer: A
A. 128
Like 312-50v11 Q206
CEH BOOK V12
Module 03 P 336
Windows = 128

https://ostechnix.com/identify-operating-system-ttl-ping/
upvoted 3 times

  eli117 4 months ago

Selected Answer: B
B. 255

Explanation:

The TTL (Time to Live) value represents the maximum number of hops (routers) that a packet can take before being discarded or deemed expired.
Each router that the packet traverses decrements the TTL value by one. In Unicornscan, a TTL value of 255 indicates that the target host is running a
Windows OS, while a value of 64 indicates a Linux/Unix OS. A value of 128 is often associated with network infrastructure devices such as routers
and switches, while a value of 138 may indicate a NetBIOS session (a Windows protocol).
upvoted 2 times

  kapen 2 weeks, 2 days ago

Do you have a reference where it says 255TLL for Windows? (something similar to Jeremy13) 312-50v11 Q206
CEH BOOK V12
Module 03 P 336
upvoted 1 times
Question #87 Topic 1

Daniel is a professional hacker who is attempting to perform an SQL injection attack on a target website, www.moviescope.com. During this
process, he encountered an IDS that detects SQL injection attempts based on prede�ned signatures. To evade any comparison statement, he
attempted placing characters such as “’or ‘1’=‘1’” in any basic injection statement such as “or 1=1.”
Identify the evasion technique used by Daniel in the above scenario.

A. Char encoding

B. IP fragmentation

C. Variation

D. Null byte

Correct Answer: C

Community vote distribution

C (100%)

  jeremy13 3 months, 4 weeks ago

Selected Answer: C
C. Variation
Like 312-50v11 Q190
CEH BOOK V12 Module 15 P2336

Evasion Technique: Variation Variation is an evasion technique whereby the attacker can easily evade any comparison statement. The attacker does
this by placing characters such as “' or '1'='1'” in any basic injection statement such as “or 1=1” or with other accepted SQL comments. The SQL
interprets this as a comparison between two strings or characters instead of two numeric values.
upvoted 3 times

  eli117 4 months ago

Selected Answer: C
Answer: C. Variation

Explanation:

In the given scenario, Daniel is attempting to evade the IDS that detects SQL injection attempts based on predefined signatures. To bypass the
detection mechanism, he used the variation technique. The variation technique is a method of altering the injection code so that it cannot be
detected by an IDS. In this technique, an attacker alters the injection code, for example, by changing the case of letters or by adding extra
characters or spaces to the code, to bypass the signature-based detection. By using the variation technique, the attacker can bypass the signature-
based detection mechanisms, and the malicious code is executed on the targeted system.
upvoted 2 times
Question #88 Topic 1

SQL injection (SQLi) attacks attempt to inject SQL syntax into web requests, which may bypass authentication and allow attackers to access
and/or modify data attached to a web application.
Which of the following SQLi types leverages a database server’s ability to make DNS requests to pass data to an attacker?

A. In-band SQLi

B. Union-based SQLi

C. Out-of-band SQLi

D. Time-based blind SQLi

Correct Answer: C

Community vote distribution

C (100%)

  Vincent_Lu 1 month, 2 weeks ago

C. Out-of-band SQLi
upvoted 1 times

  Vincent_Lu 1 month, 1 week ago

1.In-band SQLi: Stacked/Union/Error
2.Inferential SQLi: Boolean/Time
3.Out-of-band SQLi: DNS
upvoted 2 times

  sausageman 3 months, 3 weeks ago

Selected Answer: C
C. Out-of-band SQLi
upvoted 1 times

  eli117 4 months ago

Selected Answer: C
C. Out-of-band SQLi.

Out-of-band SQL injection is an advanced form of SQL injection that is not reliant on the same channel as the application. In this technique, the
attacker uses a different channel, such as an email, to send the data to an external server that is under their control. An example of this technique is
exploiting a SQL vulnerability that allows an attacker to make DNS requests from the victim's server to an external server under the attacker's
control, allowing them to pass data to the attacker.
upvoted 3 times
Question #89 Topic 1

Attacker Rony installed a rogue access point within an organization’s perimeter and attempted to intrude into its internal network. Johnson, a
security auditor, identi�ed some unusual tra�c in the internal network that is aimed at cracking the authentication mechanism. He immediately
turned off the targeted network and tested for any weak and outdated security mechanisms that are open to attack.
What is the type of vulnerability assessment performed by Johnson in the above scenario?

A. Wireless network assessment

B. Application assessment

C. Host-based assessment

D. Distributed assessment

Correct Answer: A

Community vote distribution

A (63%) B (25%) 13%

  ZacharyDriver 2 weeks, 1 day ago

Selected Answer: A
A. Wireless Network Assessment
upvoted 1 times

  Vincent_Lu 1 month, 2 weeks ago

Selected Answer: C
C. Host-based assessment
Because Johnson must focus on authentication mechanism, and which should be belonging to the scope of "C. Host-based assessment"
upvoted 1 times

  victorfs 2 months, 2 weeks ago

Selected Answer: B
The correct opción is B
B. Application assessment

Where is te wireless Network here?

Johnson's approach of shutting down the target network and testing for any weak and outdated security mechanisms indicates a more general
assessment focused on applications and systems, rather than a specific evaluation of wireless networks. Johnson's goal is to identify weaknesses in
authentication mechanisms and potential vulnerabilities in applications or systems that could allow for an attack.
upvoted 2 times

  eli117 4 months ago

Selected Answer: A
The answer is A. Wireless network assessment. Johnson identified unusual traffic in the internal network that is aimed at cracking the authentication
mechanism, which suggests that there might be a rogue access point within the organization's perimeter. As a security auditor, Johnson
immediately turned off the targeted network and performed a wireless network assessment to identify any weak and outdated security
mechanisms that are open to attack.
upvoted 4 times

  victorfs 2 months, 2 weeks ago

I think is B opción.
Application assesment
upvoted 1 times
Question #90 Topic 1

In this attack, an adversary tricks a victim into reinstalling an already-in-use key. This is achieved by manipulating and replaying cryptographic
handshake messages. When the victim reinstalls the key, associated parameters such as the incremental transmit packet number and receive
packet number are reset to their initial values.
What is this attack called?

A. Evil twin

B. Chop chop attack

C. Wardriving

D. KRACK

Correct Answer: D

Community vote distribution

D (100%)

  Vincent_Lu 1 month, 2 weeks ago

Selected Answer: D
D. KRACK: This is an abbreviation for Key Reinstallation Attacks. It is a type of security vulnerability attack against the Wi-Fi security protocol WPA2,
where attackers can exploit this vulnerability to steal sensitive information during Wi-Fi communication.
upvoted 1 times

  victorfs 2 months, 3 weeks ago

Selected Answer: D
The correcto option is D.
D. KRACK
upvoted 1 times

  eli117 4 months ago

Selected Answer: D
D. KRACK (Key Reinstallation Attack)
upvoted 2 times
Question #91 Topic 1

After an audit, the auditors inform you that there is a critical �nding that you must tackle immediately. You read the audit report, and the problem
is the service running on port 389.
Which service is this and how can you tackle the problem?

A. The service is NTP, and you have to change it from UDP to TCP in order to encrypt it.

B. The service is LDAP, and you must change it to 636, which is LDAPS.

C. The �ndings do not require immediate actions and are only suggestions.

D. The service is SMTP, and you must change it to SMIME, which is an encrypted way to send emails.

Correct Answer: B

Community vote distribution

B (100%)

  Vincent_Lu 1 month, 2 weeks ago

Selected Answer: B
A. NTP:123
B. LDAP:389, LDPS:636
D. SMTP:25, SMTPS: 465, 587
upvoted 1 times

  victorfs 2 months, 3 weeks ago

Selected Answer: B
B. The service is LDAP, and you must change it to 636, which is LDAPS.
upvoted 1 times

  eli117 4 months ago

Selected Answer: B
B. The service is LDAP, and you must change it to 636, which is LDAPS. The problem is that LDAP (Lightweight Directory Access Protocol) is running
on port 389, which is not encrypted. The solution is to change the port to 636, which is LDAPS (LDAP over SSL/TLS) and encrypts the
communication.
upvoted 1 times
Question #92 Topic 1

Mike, a security engineer, was recently hired by BigFox Ltd. The company recently experienced disastrous DoS attacks. The management had
instructed Mike to build defensive strategies for the company's IT infrastructure to thwart DoS/DDoS attacks. Mike deployed some
countermeasures to handle jamming and scrambling attacks.
What is the countermeasure Mike applied to defend against jamming and scrambling attacks?

A. Allow the transmission of all types of addressed packets at the ISP level

B. Disable TCP SYN cookie protection

C. Allow the usage of functions such as gets and strcpy

D. Implement cognitive radios in the physical layer

Correct Answer: D

Community vote distribution

D (100%)

  Vincent_Lu 1 month, 1 week ago

Selected Answer: D
D. Implement cognitive radios in the physical layer
upvoted 1 times

  victorfs 2 months, 3 weeks ago

Selected Answer: D
D. Implement cognitive radios in the physical layer
upvoted 1 times

  eli117 4 months ago

Selected Answer: D
D. Implement cognitive radios in the physical layer.

Cognitive radios can sense the environment, sense other RF devices' signals, and use different frequencies in response to the sensing results. This
makes the device very flexible in terms of being able to adjust to different environments and also to be able to detect and evade jamming or
scrambling attacks. By deploying cognitive radios, Mike can mitigate the effects of DoS/DDoS attacks that use jamming or scrambling techniques.
upvoted 3 times
Question #93 Topic 1

You are using a public Wi-Fi network inside a coffee shop. Before sur�ng the web, you use your VPN to prevent intruders from sni�ng your tra�c.
If you did not have a VPN, how would you identify whether someone is performing an ARP spoo�ng attack on your laptop?

A. You should check your ARP table and see if there is one IP address with two different MAC addresses.

B. You should scan the network using Nmap to check the MAC addresses of all the hosts and look for duplicates.

C. You should use netstat to check for any suspicious connections with another IP address within the LAN.

D. You cannot identify such an attack and must use a VPN to protect your tra�c.

Correct Answer: B

Community vote distribution

A (100%)

  eli117 Highly Voted  4 months ago

Selected Answer: A
A. You should check your ARP table and see if there is one IP address with two different MAC addresses.

ARP spoofing is a type of attack where an attacker sends fake ARP (Address Resolution Protocol) messages to associate their MAC address with the
IP address of another host on the network. This allows the attacker to intercept and modify traffic intended for the victim. By checking the ARP
table on your laptop, you can see if there is any IP address with two different MAC addresses, which would indicate an ARP spoofing attack is in
progress.
upvoted 6 times

  Vicky_One Most Recent  1 week ago

Answer is B
It can never be a duplicated IPs, you only can see a duplicated MAC addresses.
upvoted 1 times

  Vincent_Lu 1 month, 1 week ago

Selected Answer: A
A. You should check your ARP table and see if there is one IP address with two different MAC addresses.
upvoted 1 times

  victorfs 2 months, 3 weeks ago

Selected Answer: A
A. You should check your ARP table and see if there is one IP address with two different MAC addresses.
upvoted 1 times
Question #94 Topic 1

Lewis, a professional hacker, targeted the IoT cameras and devices used by a target venture-capital �rm. He used an information-gathering tool to
collect information about the IoT devices connected to a network, open ports and services, and the attack surface area. Using this tool, he also
generated statistical reports on broad usage patterns and trends. This tool helped Lewis continually monitor every reachable server and device on
the Internet, further allowing him to exploit these devices in the network.
Which of the following tools was employed by Lewis in the above scenario?

A. NeuVector

B. Lacework

C. Censys

D. Wapiti

Correct Answer: C

Community vote distribution

C (100%)

  Vincent_Lu 1 month, 2 weeks ago

Selected Answer: C
A. NeuVector: NeuVector is a security platform for container environments that provides real-time container security monitoring and protection. It
can detect and prevent security vulnerabilities and attacks within containers.

B. Lacework: Lacework is a cloud security platform that uses artificial intelligence and machine learning technologies to monitor and protect the
security of cloud environments. It can detect and respond to security incidents and threats in cloud infrastructure.

C. Censys: Censys is an internet information gathering platform that scans and analyzes devices and services on the global internet. Censys
provides relevant information about device configurations, security vulnerabilities, and network threats.

D. Wapiti: Wapiti is an open-source web vulnerability scanner used to find security vulnerabilities in websites. It can detect common vulnerabilities
in web applications and provide corresponding reports and recommendations.
upvoted 1 times

  eli117 4 months ago

Selected Answer: C
C. Censys.

Censys is a popular information-gathering tool used to collect information about devices connected to a network, open ports and services, and the
attack surface area. It is used to generate statistical reports on broad usage patterns and trends, and to continually monitor every reachable server
and device on the Internet, making it an ideal tool for hackers to gather information about their targets.
upvoted 3 times
Question #95 Topic 1

Techno Security Inc. recently hired John as a penetration tester. He was tasked with identifying open ports in the target network and determining
whether the ports are online and any �rewall rule sets are encountered.
John decided to perform a TCP SYN ping scan on the target network.
Which of the following Nmap commands must John use to perform the TCP SYN ping scan?

A. nmap -sn -PO < target IP address >

B. nmap -sn -PS < target IP address >

C. nmap -sn -PA < target IP address >

D. nmap -sn -PP < target IP address >

Correct Answer: B

Community vote distribution

B (100%)

  Vincent_Lu 1 month, 1 week ago

Selected Answer: B
B. nmap -sn -PS < target IP address >
upvoted 1 times

  victorfs 2 months, 3 weeks ago

Selected Answer: B
B. nmap -sn -PS < target IP address >
upvoted 1 times

  eli117 4 months ago

Selected Answer: B
B. nmap -sn -PS < target IP address >

Explanation:

In a TCP SYN ping scan, Nmap sends a TCP SYN packet to the target port, expecting a SYN-ACK or RST response from an open port. If the response
is RST, it means the port is closed. If there is no response, the port may be either open or filtered. This method is used to detect whether a port is
open or closed.

The -sn option in Nmap is used for host discovery, and it disables port scanning. The -PS option is used to specify a TCP SYN ping scan, while the
-PA and -PP options are used for TCP ACK and ICMP ping scans, respectively.

Therefore, the correct command for a TCP SYN ping scan in Nmap is:

nmap -sn -PS < target IP address >

upvoted 4 times
Question #96 Topic 1

Ricardo has discovered the username for an application in his target’s environment. As he has a limited amount of time, he decides to attempt to
use a list of common passwords he found on the Internet. He compiles them into a list and then feeds that list as an argument into his password-
cracking application.
What type of attack is Ricardo performing?

A. Brute force

B. Known plaintext

C. Dictionary

D. Password spraying

Correct Answer: C

Community vote distribution

C (100%)

  victorfs 2 months, 3 weeks ago

Selected Answer: C
C. Dictionary
upvoted 1 times

  eli117 4 months ago

Selected Answer: C
Ricardo is performing a dictionary attack, where he is using a list of common passwords to attempt to gain unauthorized access to the application
using a list of words.
upvoted 1 times

Question #97 Topic 1

What would be the fastest way to perform content enumeration on a given web server by using the Gobuster tool?

A. Performing content enumeration using the bruteforce mode and 10 threads

B. Performing content enumeration using the bruteforce mode and random �le extensions

C. Skipping SSL certi�cate veri�cation

D. Performing content enumeration using a wordlist

Correct Answer: D

Community vote distribution

D (100%)