312-50: EC-Council Certified Ethical Hacker (CEH v12) - Mini

You got 55 of 62 possible points.

Your score: 89 %

Question Results

Question: Score 1 of 1

Michael works as a system administrator. He receives a message that several sites are no longer available. Michael tried to go to the sites by URL,
but it didn't work. Then he tried to ping the sites and enter IP addresses in the browser - it worked. What problem could Michael identify?

Response:

Traffic is Blocked on UDP Port 88

Traffic is Blocked on UDP Port 56

Traffic is Blocked on UDP Port 69

Traffic is Blocked on UDP Port 53

Question: Score 1 of 1

Which of the following web pages would be most likely to give you information about the operating system and web server a website is using?

Response:

shodan.io
 archive.org

netcraft.com

exinfo.org

Question: Score 1 of 1

Jerome is performing a scan on a target server. He is sending a SYN scan. If the port is open, what will Jerome receive back?

Response:

SYN-ACK

ACK

Nothing

RST

Question: Score 1 of 1

Identify the technique by description: During the execution of this technique, an attacker copies the entire website and its content on a local drive to
view the complete profile of the site's directory structure, file structure, web pages, images, etc. Thanks to the information gathered using this
technique, an attacker map the website's directories and gains valuable information.

Response:

Website defacement

Session hijacking
 Website mirroring

Web cache poisoning

Question: Score 1 of 1

Identify the technique by description: The attacker wants to create a botnet. Firstly, he collects information about a large number of vulnerable
machines to create a list. Secondly, they infect the machines. The list is divided by assigning half of the list to the newly compromised
machines. The scanning process runs simultaneously. This technique ensures a very fast spreading and installation of malicious code.

Response:

Subnet scanning technique

Topological scanning technique

Permutation scanning technique

Hit-list scanning technique

Question: Score 1 of 1

Don, a student, came across a gaming app in a third-party app store and installed it. Subsequently, all the legitimate apps in his smartphone were
replaced by deceptive applications that appeared legitimate. He also received many advertisements on his smartphone after installing the app.

What is the attack performed on Don in the above scenario?

Response:

Clickjacking

SMS phishing attack

 Agent Smith attack

SIM card attack

Question: Score 1 of 1

Your organization is implementing a vulnerability management program to evaluate and control the risks and vulnerabilities in IT infrastructure. At
the moment, your security department is in the vulnerability management lifecycle phase in which is executing the process of applying fixes on
vulnerable systems to reduce the impact and severity of vulnerabilities.

Which of the following vulnerability-management phases is your security department in?

Response:

Vulnerability scan

Remediation

Verification

Risk assessment

Question: Score 1 of 1

While checking your organization's wireless network, you found that the wireless network component is not sufficiently secure. It uses an old
encryption protocol designed to mimic wired encryption. Which of the following protocols is used in your organization's wireless network?

Response:

WAP

WEP
 WPA3

RADIUS

Question: Score 1 of 1

A hacker has successfully infected an internet-facing server which he will then use to send junk mail, take part in coordinated attacks, or host junk
email content. Which sort of trojan infects this server?

Response:

Banking Trojans

Ransomware Trojans

Turtle Trojans

Botnet Trojan

Question: Score 1 of 1

Identify an adaptive SQL Injection testing technique by the description: A testing technique is used to discover coding errors by inputting massive
amounts of random data and observing the changes in the output.

Response:

Fuzz Testing.

Functional Testing.

Static application security testing.

 Dynamic Testing.

Question: Score 1 of 1

Terrance is trying to determine where in iOS location services are handled. Where should he look?

Response:

Core

Core Services

Services

Media

Question: Score 1 of 1

Alex, a network administrator, received a warning from IDS about a possibly malicious sequence of packets sent to a Web server in the network's
external DMZ. The packet traffic was captured by the IDS and saved to a PCAP file. Now Alex needs to determine if these packets are genuinely
malicious or simply a false positive. Which of the following type of network tools will he use?

Response:

Host-based intrusion prevention system (HIPS).

Intrusion Prevention System (IPS).

Protocol analyzer.

Vulnerability scanner.
Question: Score 1 of 1

Which of the scenarios corresponds to the behaviour of the attacker from the example below: The attacker created and configured multiple domains
pointing to the same host to switch quickly between the domains and avoid detection.

Response:

Data staging.

Unspecified proxy activities.

Use of command-line interface.

DNS tunnelling.

Question: Score 1 of 1

Identify the algorithm according to the following description: That wireless security algorithm was rendered useless by capturing packets and
discovering the passkey in seconds. This vulnerability was strongly affected to TJ Maxx company. This vulnerability led to a network invasion of the
company and data theft through a technique known as wardriving.

Response:

Wired Equivalent Privacy (WEP)

Temporal Key Integrity Protocol (TKIP)

Wi-Fi Protected Access 2 (WPA2)

Wi-Fi Protected Access (WPA)

Question: Score 1 of 1

Which of the following method of password cracking takes the most time?

Response:

Shoulder surfing

Rainbow tables

Dictionary attack

Brute force

Question: Score 1 of 1

You analyze the logs and see the following output of logs from the machine with the IP address of 192.168.0.132:

- Time August 21 11:22:06 Port:20 Source:192.168.0.30 Destination:192.168.0.132 Protocol:TCP

- Time August 21 11:22:08 Port:21 Source:192.168.0.30 Destination:192.168.0.132 Protocol:TCP
- Time August 21 11:22:11 Port:22 Source:192.168.0.30 Destination:192.168.0.132 Protocol:TCP
- Time August 21 11:22:14 Port:23 Source:192.168.0.30 Destination:192.168.0.132 Protocol:TCP
- Time August 21 11:22:15 Port:25 Source:192.168.0.30 Destination:192.168.0.132 Protocol:TCP
- Time August 21 11:22:19 Port:80 Source:192.168.0.30 Destination:192.168.0.132 Protocol:TCP
- Time August 21 11:22:21 Port:443 Source:192.168.0.30 Destination:192.168.0.132 Protocol:TCP

What conclusion can you make based on this output?

Response:

Denial of service attack targeting 192.168.0.132

Port scan targeting 192.168.0.30

Port scan targeting 192.168.0.132

 Teardrop attack targeting 192.168.0.132

Question: Score 1 of 1

Gaining Access: Which of the following is a password cracking tool?

(Select all that apply)

Response:

John the Ripper

Airmon-ng

NMAP

Hydra

Question: Score 1 of 1

Sam is working as a system administrator in an organization. He captured the principal characteristics of a vulnerability and produced a numerical
score to reflect its severity using CVSS v3.0 to properly assess and prioritize the organization’s vulnerability management processes. The base
score that Sam obtained after performing CVSS rating was 4.0.

What is the CVSS severity level of the vulnerability discovered by Sam in the above scenario?

Response:

Low

High

Critical
 Medium

Question: Score 1 of 1

Identify Bluetooth attck techniques that is used in to send messages to users without the recipient's consent, for example for guerrilla marketing
campaigns?

Response:

Bluejacking

Bluebugging

Bluesnarfing

Bluesmacking

Question: Score 1 of 1

When using Linux, how do you get ping to keep sending packets until you manually stop it?

Response:

Use ping /t.

You cannot.

That is the default in Linux.

Use pint /n 0.
Question: Score 0 of 1

Ron, a security professional, was pen testing web applications and SaaS platforms used by his company. While testing, he found a vulnerability that allows
hackers to gain unauthorized access to API objects and perform actions such as view, update, and delete sensitive data of the company.

What is the API vulnerability revealed in the above scenario?

Response:

Business logic flaws

No ABAC validation

Improper use of CORS

Code injections

Question: Score 1 of 1

Buffer overflow mainly occurs when a created memory partition (or buffer) is written beyond its intended boundaries. If an attacker manages to do
this from outside the program, this can cause security problems since it can potentially allow them to manipulate arbitrary memory cells, although
many modern operating systems protect against the worst cases of this.

What programming language is this example in?

Response:
 Java

SQL

HTML

Question: Score 1 of 1

What is the most effective countermeasure for registration DoS attacks?

Response:

Using an SPI firewall

Using Cisco configuration

Encrypting traffic

Using CAPTCHA

Question: Score 1 of 1

Which of the following is the fastest way to perform content enumeration on a web server using the Gobuster tool?

Response:

Performing content enumeration using a wordlist.

Performing content enumeration using the brute-force mode and random file extensions.
 Performing content enumeration using the brute-force mode and 10 threads.

Skipping SSL certificate verification.

Question: Score 1 of 1

Your boss informed you that a problem was detected in the service running on port 389 and said that you must fix this problem as soon as possible.
What service is running on this port, and how can you fix this problem?

Response:

The service is SMTP, and you must change it to SMIME, which is an encrypted way to send emails.

The findings do not require immediate actions and are only suggestions.

The service is LDAP. You must change it to 636, which is LDAPS.

The service is NTP, and you have to change it from UDP to TCP to encrypt it.

Question: Score 1 of 1

Which of the following describes сross-site request forgery?

Response:

A browser makes a request to a server without the user's knowledge.

Modifying the request by the proxy server between the client and the server.

A request sent by a malicious user from a browser to a server.

A server makes a request to another server without the user's knowledge.

Question: Score 0 of 1

Which of the following parameters is Nmap helps evade IDS or firewalls?

Response:

-T

-r

-R

-A

Question: Score 1 of 1

Alex, an employee of a law firm, receives an email with an attachment "Court_Notice_09082020.zip". There is a file inside the archive
"Court_Notice_09082020.zip.exe". Alex does not notice that this is an executable file and runs it.

After that, a window appears with the notification "This word document is corrupt" and at the same time, malware copies data to APPDATA\local
directory takes place in the background and begins to beacon to a C2 server to download additional malicious binaries. What type of malware has
Alex encountered?

Response:

Macro Virus

Key-Logger

Trojan

Worm
Question: Score 1 of 1

Even though IDS and firewall security controls can prevent any unauthorized network access, there are many evasion techniques used by attackers
to exploit security limitations. One such technique is where the attacker changes the source IP addresses so that the attacks appear to be coming in
as someone else.

Identify the IDS/firewall evasion technique used by the attacker?

Response:

IP Address Spoofing

Packet Fragmentation

Source Routing

IP Address Decoy

Question: Score 1 of 1

Identify Google advanced search operator which helps an attacker gather information about websites that are similar to a specified target URL?

Response:

[link:]

[site:]

[related:]

[inurl:]
Question: Score 1 of 1

Identify a security policy that defines using of a VPN for gaining access to an internal corporate network?

Response:

Network security policy

Information protection policy

Remote access policy

Access control policy

Question: Score 1 of 1

You are a penetration tester and are about to perform a scan on a specific server. The agreement that you signed with the client contains the following specific
condition for the scan: “The attacker must scan every port on the server several times using a set of spoofed source IP addresses.” Suppose that you are using
Nmap to perform this scan.

What flag will you use to satisfy this requirement?

Response:

The -f fag

The -A flag

The -g flag

The -D flag
Question: Score 1 of 1

Identify the attack by description: When performing this attack, an attacker installs a fake communication tower between two authentic endpoints to
mislead a victim. He uses this virtual tower to interrupt the data transmission between the user and the real tower, attempting to hijack an active
session.

After that, the attacker receives the user's request and can manipulate the virtual tower traffic and redirect a victim to a malicious website.

Response:

Wardriving

aLTEr attack

Jamming signal attack

KRACK attack

Question: Score 1 of 1

John performs black-box testing. It tries to pass IRC traffic over port 80/TCP from a compromised web-enabled host during the test. Traffic is
blocked, but outbound HTTP traffic does not meet any obstacles. What type of firewall checks outbound traffic?

Response:

Stateful

Application

Circuit

Packet Filtering
Question: Score 1 of 1

Which rootkit is characterized by its function of adding code and/or replacing some of the operating-system kernel code to obscure a backdoor on a
system?

Response:

Library-level rootkit

Kern el-level rootkit

User-mode rootkit

Hypervisor-level rootkit

Question: Score 1 of 1

Jack sent an email to Jenny with a business proposal. Jenny accepted it and fulfilled all her obligations. Jack suddenly refused his offer when
everything was ready and said that he had never sent an email. Which of the following digital signature properties will help Jenny prove that Jack is
lying?

Response:

Non-Repudiation

Integrity

Authentication

Confidentiality
Question: Score 1 of 1

John is configuring Snort rules. He is adding actions. What would the action pass do?

Response:

Drop the packet

Nothing

Pass the packet to the alert system

Log the packet but let it pass

Question: Score 1 of 1

Suppose your company has implemented identify people based on walking patterns and made it part of physical control access to the office. The
system works according to the following principle: The camera captures people walking and identifies employees, and then they must attach their
RFID badges to access the office.
Which of the following best describes this technology?

Response:

Although the approach has two phases, it actually implements just one authentication factor.

Biological motion cannot be used to identify people.

The solution will have a high level of false positives.

The solution implements the two factors authentication: physical object and physical characteristic.

Question: Score 1 of 1
Your friend installed the application from a third-party app store. After a while, some of the applications in his smartphone were replaced by
malicious applications that appeared legitimate, and he began to receive a lot of advertising spam. Which of the following attacks has your friend
been subjected to?

Response:

SIM card attack

Agent Smith attack

SMS phishing attack

Clickjacking

Question: Score 1 of 1

You have been asked to perform a penetration test on a company. You have only been given the company domain name and gateway IP address.
What type of test is this?

Response:

Clear box

White box

Black box

Glass box

Question: Score 0 of 1

Which of the following malware component is a software that protects malware from undergoing reverse engineering or analysis, and is thus hard to
be detected by a security mechanism?
Response:

Dropper

Payload

Obfuscator

Crypter

Question: Score 1 of 1

Gideon is trying to perform an SNMP scan. What ports should he scan?

(Choose all that apply.)

Response:

139

445

161

162

Question: Score 1 of 1

The ping utility is used to check the integrity and quality of connections in networks. In the process, it sends an ICMP Echo-Request and captures
the incoming ICMP Echo-Reply, but quite often remote nodes block or ignore ICMP. Which of the options will solve this problem?

Response:

Use arping
 Use broadcast ping

Use hping

Use traceroute

Question: Score 1 of 1

During testing execution, you established a connection with your computer using the SMB service and entered your login and password in
plaintext. After the testing is completed, you need to delete the data about the login and password you entered so that no one can use it. Which of
the following files do you need to clear?

Response:

.bashrc

.xsession-log

.profile

.bash_history

Question: Score 1 of 1

In order to tailor your tests during a web-application scan, you decide to determine which webserver version is hosting the application. On using the
sV flag with Nmap. you obtain the following response: 80/tcp open http-proxy Apache Server 7.1.6.

what Information-gathering technique does this best describe?

Response:

Brute forcing
 Banner grabbing

WhOiS lookup

Dictionary attack

Question: Score 1 of 1

The attacker created a fake account on a dating site and wrote to John with an offer to get acquainted. Fake profile photos enthralled John, and he
initiated a conversation with the attacker's fake account. After a few hours of communication, the attacker began asking about his company and
eventually gathered all the essential information about the target company.

What is the social engineering technique the attacker used in this scenario?

Response:

Piggybacking

Diversion theft

Baiting

Honey trap

Question: Score 1 of 1

Identify the Bluetooth hacking technique, which refers to the theft of information from a wireless device through Bluetooth?

Response:

Bluejacking

Bluesmacking
 Bluebugging

Bluesnarfing

Question: Score 1 of 1

Which of the following Bluetooth hacking techniques refers to the theft of information from a wireless device through Bluetooth?

Response:

Bluebugging

Bluesmacking

Bluesnarfing

Bluejacking

Question: Score 0 of 1

John is looking for a system that includes stateful packet filtering along with intrusion detection. Which of the following systems would be his best
choice?

Response:

NGFW

IDS

AV

IPS
Question: Score 0 of 1

Experienced employees of the EC-Council monitor the market of security providers every day in search of the best solutions for your business.
According to EC-Council experts, which vulnerability scanner combines comprehensive static and dynamic security checks to detect vulnerabilities
such as XSS, File Inclusion, SQL injection, command execution, and more?

Response:

Cisco ASA

Saleae Logic Analyzer

AT&T USM Anywhere

Syhunt Hybrid

Question: Score 1 of 1

To invisibly maintain access to a machine, an attacker utilizes a rootkit that sits undetected in the core components of the operating system. What is
this type of rootkit an example of?

Response:

Firmware rootkit

Kernel rootkit

Hypervisor rootkit

Hardware rootkit
Question: Score 1 of 1

The company "Work Town" hired a cybersecurity specialist to perform a vulnerability scan by sniffing the traffic on the network to identify the active
systems, network services, applications, and vulnerabilities. What type of vulnerability assessment should be performed for "Work Town"?

Response:

External assessment.

Active assessment.

Internal assessment.

Passive assessment.

Question: Score 1 of 1

Nicolas just found a vulnerability on a public-facing system that is considered a zero-day vulnerability. He sent an email to the owner of the public
system describing the problem and how the owner can protect themselves from that vulnerability. He also sent an email to Microsoft informing them
of the problem that their systems are exposed to.

What type of hacker is Nicolas?

Response:

Black hat

Gray hat

White hat

Red hat
Question: Score 0 of 1

Which of the following USB tools using to copy files from USB devices silently?

Response:

USBDumper

USBSnoopy

USBSniffer

USBGrabber

Question: Score 1 of 1

Identify the type of SQLi by description: This type of SQLi doesn't show any error message. Its use may be problematic due to as it returns
information when the application is given SQL payloads that elicit a true or false response from the server. When the attacker uses this method, an
attacker can extract confidential information by observing the responses.

Response:

Union SQLi

Blind SQLi

Out-of-band SQLi

Error-based SQLi
Question: Score 0 of 1

Identify the attacks in which DDoS vulnerabilities do not have patches or effective defensive mechanisms, and until the victim identifies the threat
actor’s attack strategy and deploys a patch for the exploited DDoS vulnerability, the attacker actively blocks all the victim’s resources and steals the
victim’s data?

Response:

Pulse Wave DDoS Attack

Ping of Death Attack

Zero-Day DDoS Attack

Smurf Attack

Question: Score 1 of 1

What is the key aspect of RST hijacking?

Response:

Spoofing RST packets from the client to reset the session

Spoofing RST packets to pretend to be the client

Intercepting RST packets

Blocking RST packets to force the session to stay active

Question: Score 1 of 1

Which of the following commands verify a user ID on an SMTP server?

Response:

RCPT

NOOP

EXPN

VRFY

Question: Score 1 of 1

To send an email using SMTP protocol which does not encrypt messages and leaving the information vulnerable to being read by an unauthorized
person. To solve this problem, SMTP can upgrade a connection between two mail servers to use TLS, and the transmitted emails will be encrypted.
Which of the following commands is used by SMTP to transmit email over TLS?

Response:

UPGRADETLS

FORCETLS

OPPORTUNISTICTLS

STARTTLS

Question: Score 1 of 1

Percival, the evil hacker, found the contact number of cybersecuritycompany.org on the internet and dialled the number, claiming himself to
represent a technical support team from a vendor. He informed an employee of cybersecuritycompany that a specific server would be compromised
and requested the employee to follow the provided instructions.
Consequently, he prompted the victim to execute unusual commands and install malicious files, which were then used to collect and pass critical
information to his machine. Which of the following social engineering techniques did Percival use?

Response:

Phishing

Elicitation

Quid pro quo

Diversion theft

Question: Score 1 of 1

Which of the following Trojans are used by attackers to destroy or change the entire content of a database and also attack the websites by
physically changing the underlying HTML format?

Response:

E-banking Trojan

Mobile Trojans

Point-of-Sale Trojan

Defacement Trojan

Question: Score 1 of 1

You are a penetration tester working to test the user awareness of the employees of the client XYZ. You harvested two employees’ emails from some
public sources and are creating a client-side backdoor to send it to the employees via email. Which stage of the cyber kill chain are you at?

Response:
Weaponization

Exploitation

Reconnaissance

Command and control

Money Back Guarantee Testimonial FAQs Privacy Policy Terms and Conditions About Us Join Us Contact Us