312-50: EC-Council Certified Ethical Hacker (CEH v12) - Full

You got 4 of 125 possible points.

Your score: 3 %

Question Results

Question: Score 1 of 1

Which of the following is considered an exploit framework and has the ability to perform automated attacks on services, ports, applications and
unpatched security flaws in a computer system?

Response:

Wireshark

Metasploit

Maltego

Nessus

Question: Score 1 of 1

Gerald is performing a vulnerability scan that sniffs network traffic to find information. He is using Wireshark. What type of scan is he performing?

Response:

Internal assessment
 Active assessment

Passive assessment

External assessment

Question: Score 1 of 1

Which of the following is a cloud solution option where a customer can join with a group of users or organizations to share a cloud environment?

Response:

Public

Community

Hybrid

Private

Question: Score 0 of 1
(skipped)
Your organization's network uses the network address 192.168.1.64 with mask 255.255.255.192, and servers in your organization's
network are in the addresses 192.168.1.140, 192.168.1.141 and 192.168.1.142. The attacker who wanted to find them couldn't do it. He used the
following command for the network scanning: nmap 192.168.1.64/28 Why couldn't the attacker find these servers?

Response:

He is scanning from 192.168.1.64 to 192.168.1.78 because of the mask /28 and the servers are not in that range

He needs to add the command "ip address" just before the IP address
 The network must be dawn and the nmap command and IP address are ok

He needs to change the address to 192.168.1.0 with the same mask

Question: Score 0 of 1
(skipped)
Gavin is sending packets with the ACK flag turned on. What is he trying to do?

Response:

Denial of service attack

Fragment attack

Obfuscate from firewalls

Tunneling

Question: Score 0 of 1
(skipped)
Wireshark is one of the most important tools for a cybersecurity specialist. It is used for network troubleshooting, analysis, software,
etc. And you often have to work with a packet bytes pane. In what format is the data presented in this pane?

Response:

Binary

ASCII only

Hexadecimal

Decimal
Question: Score 0 of 1
(skipped)
Johnny decided to gather information for identity theft from the target organization. He wants to redirect the organization’s web traffic
to a malicious website. After some thought, he plans to perform DNS cache poisoning by exploiting the vulnerabilities in the DNS server software
and wants to modify the original IP address of the target website to that of a malicious website.

Which of the following techniques does Johnny plan to use?

Response:

Pharming

Pretexting

Skimming

Wardriving

Question: Score 0 of 1
(skipped)
After scanning the ports on the target machine, you see a list of open ports, which seems unusual to you:

- Starting NMAP 5.21 at 2019-06-18 12:32

- NMAP scan report for 172.19.40.112
- Host is up (1.00s latency).
- Not shown: 993 closed ports
- PORT STATE SERVICE
- 21/tcp open ftp
- 23/tcp open telnet
- 80/tcp open http
- 139/tcp open netbios-ssn
- 515/tcp open
- 631/tcp open ipp
- 9100/tcp open
- MAC Address: 00:00:5D:3F:EE:92

Based on the NMAP output, identify what is most likely this host?

Response:

The host is likely a Windows machine.

The host is likely a Linux machine.

The host is likely a router.

The host is likely a printer.

Question: Score 0 of 1
(skipped)
Often, for a successful attack, hackers very skillfully simulate phishing messages. To do this, they collect the maximum information
about the company that they will attack: emails of real employees (including information about the hierarchy in the company), information about the
appearance of the message (formatting, logos), etc. What is the name of this stage of the hacker's work?

Response:

Exploration stage

Enumeration stage

Reconnaissance stage

Investigation stage

Question: Score 0 of 1
(skipped)
Which of the following stores the server’s configuration files, the actual server executable, and log files?
Response:

Server root

Document root

Virtual document tree

Root directory

Question: Score 0 of 1
(skipped)
Which of the following tools would be used for dynamic malware analysis?

Response:

IDA Pro

PEView

Sysinternals

BinText

Question: Score 0 of 1
(skipped)
What is a "Collision attack"?

Response:

Collision attacks try to change the hash.

 Сollision attack on a hash tries to find two inputs producing the same hash value.

Collision attacks break the hash into several parts, with the same bytes in each part to get the private key.

Collision attacks attempt to recover information from a hash.

Question: Score 0 of 1
(skipped)
You need to conduct a technical assessment of the network for a small company that supplies medical services. All computers in the
company use Windows OS. What is the best approach for discovering vulnerabilities?

Response:

Use the built-in Windows Update tool.

Create a disk image of a clean Windows installation.

Check MITRE.org for the latest list of CVE findings.

Use a scan tool like Nessus.

Question: Score 0 of 1
(skipped)
What is the basis of a CRIME attack?

Response:

Flaws in TLS compression

Flaws in gzip compression

Flaws in TLS authentication nonces

 Flaws in cryptographic key generation

Question: Score 0 of 1
(skipped)
What is the primary security advantage of job rotation?

Response:

Cross-trained employees can fill more roles when needed.

It increases employee satisfaction, thus reducing insider threats.

Keeping employees changing keeps them on their toes.

Rotating employees increases the likelihood of finding negligence or intentional malfeasance.

Question: Score 0 of 1
(skipped)
You are a penetration tester and are about to perform a scan on a specific server. The agreement that you signed with the client contains the
following specific condition for the scan: “The attacker must scan every port on the server several times using a set of spoofed source IP addresses.” Suppose
that you are using Nmap to perform this scan.

What flag will you use to satisfy this requirement?

Response:

The -g flag

The -A flag

The -f fag
 The -D flag

Question: Score 0 of 1
(skipped)
What is the correct way of using MSFvenom to generate a reverse TCP shellcode for Windows?

Response:

msfvenom -p windows/meterpreter/reverse_tcp LHOST=10.10.10.30 LPORT=4444 -f c

msfvenom -p windows/meterpreter/reverse_tcp RHOST=10.10.10.30 LPORT=4444 -f c

msfvenom -p windows/meterpreter/reverse_tcp LHOST=10.10.10.30 LPORT=4444 -f exe > shell.exe

msfvenom -p windows/meterpreter/reverse_tcp RHOST=10.10.10.30 LPORT=4444 -f exe > shell.exe

Question: Score 0 of 1
(skipped)
The network elements of the telecom operator are located in the data center under the protection of firewalls and intrusion prevention
systems. Which of the following is true for additional security measures?

Response:

Periodic security checks and audits are required. Access to network elements should be provided by user IDs with strong passwords.

Firewalls and intrusion detection systems are sufficient to ensure complete security.

No additional measures are required since attacks and downtime are inevitable, and a backup site is required.

No additional measures are required, since the attacker does not have physical access to the data center equipment.
Question: Score 0 of 1
(skipped)
Identify the Bluetooth hacking technique, which refers to the theft of information from a wireless device through Bluetooth?

Response:

Bluesnarfing

Bluebugging

Bluesmacking

Bluejacking

Question: Score 0 of 1
(skipped)
A post-breach forensic investigation revealed that a known vulnerability in Apache Struts was to blame for the Equifax data breach that
affected 147 million people In September of 2017. At the same time fix was available from the software vendor for several months before the
intrusion. In which of the following security processes has failed?

Response:

Security awareness training

Vendor risk management

Patch management

Secure development lifecycle

Question: Score 0 of 1
(skipped)
Code-breaking techniques help measure the encryption strength. Which of the following code-breaking techniques requires a high
level of mathematical and cryptographic skills and involves the use of social engineering techniques to extract cryptography keys?

Response:

Brute-Force

Frequency Analysis

Trickery and Deceit

One-Time Pad

Question: Score 0 of 1
(skipped)
Which of the following web application attack inject the special character elements "Carriage Return" and "Line Feed" into the user’s
input to trick the web server, web application, or user into believing that the current object is terminated and a new object has been initiated?

Response:

HTML Injection.

Log Injection.

CRLF Injection.

Server-Side JS Injection.

Question: Score 0 of 1
(skipped)
Pedro keeps receiving text messages that try to entice him to click on a link. What is the best description of this type of attack?
Response:

Phishing

SMSishing

Spimming

Spear phishing

Question: Score 0 of 1
(skipped)
Mary is flooding the target with suspicious packets. She wants to overload the IDS/IPS logging system. What is this called?

Response:

Insertion

DoS

Obfuscation

Flooding

Question: Score 0 of 1
(skipped)
Latosha is using Yersinia to test security on a client network. What kind of tool is Yersinia?

Response:

Packet sniffer
 IRDP spoofing tool

DNS poisoning tool

DHCP starvation tool

Question: Score 0 of 1
(skipped)
Your organization is implementing a vulnerability management program to evaluate and control the risks and vulnerabilities in IT
infrastructure. At the moment, your security department is in the vulnerability management lifecycle phase in which is executing the process of
applying fixes on vulnerable systems to reduce the impact and severity of vulnerabilities.

Which of the following vulnerability-management phases is your security department in?

Response:

Risk assessment

Verification

Remediation

Vulnerability scan

Question: Score 0 of 1
(skipped)
The evil hacker Antonio is trying to attack the IoT device. He will use several fake identities to create a strong illusion of traffic
congestion, affecting communication between neighbouring nodes and networks. What kind of attack does Antonio perform?

Response:

Exploit Kits
 Forged Malicious Device

Side-Channel Attack

Sybil Attack

Question: Score 0 of 1
(skipped)
John is looking for a system that includes stateful packet filtering along with intrusion detection. Which of the following systems
would be his best choice?

Response:

IPS

IDS

NGFW

AV

Question: Score 0 of 1
(skipped)
Viktor, the white hat hacker, conducts a security audit. He gains control over a user account and tries to access another account's
sensitive information and files. How can he do this?

Response:

Fingerprinting

Shoulder-Surfing
 Port Scanning

Privilege Escalation

Question: Score 0 of 1
(skipped)
Robin, an attacker, is attempting to bypass the firewalls of an organization through the DNS tunneling method in order to exfiltrate
data. He is using the NSTX tool for bypassing the firewalls. On which of the following ports should Robin run the NSTX tool?

Response:

Port 50

Port 23

Port 53

Port 80

Question: Score 1 of 1

Which of the following standards is most applicable for a major credit card company?

Response:

Sarbanes-Oxley Act

FISMA

HIPAA

PCI-DSS
Question: Score 0 of 1
(skipped)
Which SQL injection testing technique is used to discover coding errors by inputting a massive amount of random data and observing
the changes in the output and security loopholes in web applications?

Response:

Function Testing

Fuzzing Testing

Static Testing

Dynamic Testing

Question: Score 0 of 1
(skipped)
Which of the following is a logical collection of Internet-connected devices such as computers, smartphones or Internet of things (IoT)
devices whose security has been breached and control ceded to a third party?

Response:

Rootkit

Spear Phishing

Spambot

Botnet
Question: Score 0 of 1
(skipped)
Which of the following best describes the "white box testing" methodology?

Response:

Only the internal operation of a system is known to the tester.

The internal operation of a system is only partly accessible to the tester.

The internal operation of a system is completely known to the tester.

Only the external operation of a system is accessible to the tester.

Question: Score 0 of 1
(skipped)
Mary found a high vulnerability during a vulnerability scan and notified her server team. After analysis, they sent her proof that a fix to
that issue had already been applied. The vulnerability that Marry found is called what?

Response:

False-negative

False-positive

Brute force attack

Backdoor

Question: Score 0 of 1
(skipped)
Which of the following is a component of IPsec that performs protocol-level functions required to encrypt and decrypt the packets?

Response:
 Internet Key Exchange (IKE)

IPsec driver

IPsec Policy Agent

Oakley

Question: Score 0 of 1
(skipped)
The Domain Name System (DNS) is the phonebook of the Internet. When a user tries to access a web address like “example.com”, web
browser or application performs a DNS Query against a DNS server, supplying the hostname. The DNS server takes the hostname and resolves it
into a numeric IP address, which the web browser can connect to.

Which of the proposed tools allows you to set different DNS query types and poll arbitrarily specified servers?

Response:

Nikto

Metasploit

Nslookup

Wireshark

Question: Score 0 of 1
(skipped)
You are configuring the connection of a new employee's laptop to join an 802.11 network. The new laptop has the same hardware and
software as the laptops of other employees. You used the wireless packet sniffer and found that it shows that the Wireless Access Point (WAR) is
not responding to the association requests being sent by the laptop. What can cause this problem?

Response:
 The WAP does not recognize the la[top's MAC address.

The laptop cannot see the SSID of the wireless network.

The laptop is configured for the wrong channel.

The laptop is not configured to use DHCP.

Question: Score 0 of 1
(skipped)
Your company regularly conducts backups of critical servers but cannot afford them to be sent off-site vendors for long-term storage
and archiving. The company found a temporary solution in the form of storing backups in the company's safe. During the next audit, there was a
risk associated with the fact that backup storages are not stored off-site.

The company manager has a plan to take the backup storages home with him and wants to know what two things he can do to secure the backup
tapes while in transit?

Response:

Degauss the backup tapes and transport them in a lockbox.

Encrypt the backup tapes and transport them in a lockbox.

Encrypt the backup tapes and use a courier to transport them.

Hash the backup tapes and transport them in a lockbox.

Question: Score 0 of 1
(skipped)
In which of the following SQL injection attacks does an attacker bypass user authentication by using a conditional OR clause in such a
way that the condition of the WHERE clause will always be true?

Response:
 Error-Based SQL Injection

UNION SQL Injection

End-of-Line Comment

Tautology

Question: Score 0 of 1
(skipped)
Let's assume that you decided to use PKI to protect the email you will send. At what layer of the OSI model will this message be
encrypted and decrypted?

Response:

Transport layer.

Presentation layer.

Session layer.

Application layer.

Question: Score 0 of 1
(skipped)
Which of the following frameworks contains a set of the most popular tools that facilitate your tasks of collecting information and data
from open sources?

Response:

BeEF
 OSINT framework

WebSploit Framework

Speed Phish Framework

Question: Score 0 of 1
(skipped)
Juanita is explaining an attack in which malicious code is implemented in an XAML message using XamlReader. What attack is she
describing?

Response:

SQL injection via SOAP

XXE (XML external entity injection)

XAML injection

Service hijacking

Question: Score 0 of 1
(skipped)
During the scan, you found a serious vulnerability, compiled a report and sent it to your colleagues. In response, you received proof
that they fixed this vulnerability a few days ago. How can you characterize this vulnerability?

Response:

False-negative

False-true
 True-false

False-positive

Question: Score 0 of 1
(skipped)
Which of the following is a passive wireless packet analyzer that works on Linux-based systems?

Response:

Burp Suite

OpenVAS

tshark

Kismet

Question: Score 0 of 1
(skipped)
Which of the following Bluetooth hacking techniques refers to the theft of information from a wireless device through Bluetooth?

Response:

Bluesmacking

Bluesnarfing

Bluejacking

Bluebugging
Question: Score 0 of 1
(skipped)
How works the mechanism of a Boot Sector Virus?

Response:

Modifies directory table entries to point to the virus code instead of the actual MBR.

Moves the MBR to another location on the Random-access memory and copies itself to the original location of the MBR.

Overwrites the original MBR and only executes the new virus code.

Moves the MBR to another location on the hard disk and copies itself to the original location of the MBR.

Question: Score 0 of 1
(skipped)
What would be the fastest way to perform content enumeration on a given web server by using the Gobuster tool?

Response:

Performing content enumeration using the bruteforce mode and 10 threads

Performing content enumeration using the bruteforce mode and random file extensions

Skipping SSL certificate verification

Performing content enumeration using a wordlist

Question: Score 0 of 1
(skipped)
Identify a low-tech way of gaining unauthorized access to information?
Response:

Sniffing

Social engineering

Scanning

Eavesdropping

Question: Score 0 of 1
(skipped)
Jane invites her friends Alice and John over for a LAN party. Alice and John access Jane’s wireless network without a password.
However, Jane has a long, complex password on her router. What attack has likely occurred?

Response:

Wardriving

Wireless sniffing

Evil twin

Piggybacking

Question: Score 0 of 1
(skipped)
You come to a party with friends and ask the apartment owner about access to his wireless network. It tells you the name of the
wireless point and its password, but when you try to connect to it, the connection occurs without asking for a password. Which of the following
attacks could have occurred?

Response:
 Evil twin attack

Piggybacking attack

Wardriving attack

Wireless sniffing

Question: Score 0 of 1
(skipped)
What is the key aspect of RST hijacking?

Response:

Intercepting RST packets

Spoofing RST packets to pretend to be the client

Spoofing RST packets from the client to reset the session

Blocking RST packets to force the session to stay active

Question: Score 0 of 1
(skipped)
Identify what the following code is used for:

- #!/usr/bin/python import socket buffer=["A"] counter=50 while len(buffer)<=100: buffer.apend ("A"*counter) counter=counter+50
- commands=["HELP","STATS.","RTIME.","LTIME.","SRUN.","TRUN.","GMON.","GDOG.","KSTET.","GTER.","HTER.","LTER.","KSTAN."]
for command in commands: for buffstring in buffer:
- print "Exploiting" +command+":"+str(len(buffstring))
- s=socket.socket(socket.AF_INET.socket.SOCK_STREAM) s.connect((‘127.0.0.1’,9999))
- s.recv(50)
- s.send(command+buffstring)
- s.close()

Response:

Buffer over-read

Brute-force

Buffer Overflow

Heap spraying

Question: Score 0 of 1
(skipped)
Abel, a cloud architect, uses container technology to deploy applications/software including all its dependencies, such as libraries and
configuration files, binaries, and other resources that run independently from other processes in the cloud environment. For the containerization of applications,
he follows the fivetier container technology architecture. Currently, Abel is verifying and validating image contents, signing images, and sending them to the
registries.

Which of the following tiers of the container technology architecture is Abel currently working in?

Response:

Tier-1: Developer machines

Tier-2: Testing and accreditation systems

Tier-3: Registries

Tier-4: Orchestrators

Question: Score 0 of 1
Which of the following is the type of message that sends the client to the server to begin a 3-way handshake while establishing a TCP (skipped)
connection?

Response:

RST

ACK

SYN

SYN-ACK

Question: Score 0 of 1
(skipped)
Ron, a security professional, was pen testing web applications and SaaS platforms used by his company. While testing, he found a vulnerability
that allows hackers to gain unauthorized access to API objects and perform actions such as view, update, and delete sensitive data of the company.

What is the API vulnerability revealed in the above scenario?

Response:

No ABAC validation

Business logic flaws

Improper use of CORS

Code injections

Question: Score 0 of 1
(skipped)
The ping utility is used to check the integrity and quality of connections in networks. In the process, it sends an ICMP Echo-Request
and captures the incoming ICMP Echo-Reply, but quite often remote nodes block or ignore ICMP. Which of the options will solve this problem?
Response:

Use hping

Use traceroute

Use arping

Use broadcast ping

Question: Score 0 of 1
(skipped)
Jack needs to analyze the files produced by several packet-capture programs such as Wireshark, tcpdump, EtherPeek and WinDump.
Which of the following tools will Jack use?

Response:

tcptrace

tcptraceroute

OpenVAS

Nessus

Question: Score 0 of 1
(skipped)
Which of the following services runs directly on TCP port 445?

Response:

Telnet
 Remote procedure call (RPC)

Network File System (NFS)

Server Message Block (SMB)

Question: Score 0 of 1
(skipped)
_____ is the Cloud Computing Standards Roadmap.

Response:

ISO 27017

ISO 27018

NIST SP 500-291

NIST SP 800-91

Question: Score 0 of 1
(skipped)
____ is a scanner just for IoT devices.

Response:

MultiPing

Foren6

HackRF One
 RIoT

Question: Score 0 of 1
(skipped)
How would you ensure that confidentiality is implemented in an organization?

Response:

Watchdog processes

Encryption

Cryptographic hashes

Web servers

Question: Score 0 of 1
(skipped)
The _____ processes all the connections from both mobile devices and land-line calls.

Response:

BSS

MSC

HLR

BTS
Question: Score 0 of 1
(skipped)
Which of the following is a Denial-of-service vulnerability for which security patches have not yet been released, or there is no
effective means of protection?

Response:

Yo-yo

Smurf

APDoS

Zero-Day

Question: Score 0 of 1
(skipped)
Which of the following is an access control mechanism that allows multiple systems to use a CAS that permits users to authenticate
once and gain access to multiple systems?

Response:

Role-Based Access Control (RBAC)

Mandatory access control (MAC)

Single sign-on

Discretionary Access Control (DAC)

Question: Score 0 of 1
(skipped)
Clark, a professional hacker, was hired by an organization to gather sensitive information about its competitors surreptitiously. Clark gathers the
server IP address of the target organization using Whois footprinting.

Further, he entered the server IP address as an input to an online tool to retrieve information such as the network range of the target organization
and to identify the network topology and operating system used in the network.

What is the online tool employed by Clark in the above scenario?

Response:

DuckDuckGo

AOL

ARIN

Baidu

Question: Score 0 of 1
(skipped)
A(n) _____ is a unique 32-character alphanumeric identifier given to a wireless local area network (WLAN).

Response:

BSSID

VLANID

SSID

WLANID

Question: Score 0 of 1
(skipped)
Creating very small packet fragments can cause _________.

Response:

the packet to avoid any analysis

firewalls not to see and analyze the packet

some of the TCP header information to be fragmented

firewall rules not to be applied

Question: Score 0 of 1
(skipped)
Bob wants to ensure that Alice can check whether his message has been tampered with. He creates a checksum of the message and encrypts it
using asymmetric cryptography.

What key does Bob use to encrypt the checksum for accomplishing this goal?

Response:

Alice’s public key

His own public key

His own private key

Alice’s private key

Question: Score 0 of 1
(skipped)
Ivan, a black hat hacker, tries to call numerous random numbers inside the company, claiming he is from the technical support service.
It offers company employee services in exchange for confidential data or login credentials. What method of social engineering does Ivan use?
Response:

Tailgating

Reverse Social Engineering

Elicitation

Quid Pro Quo

Question: Score 0 of 1
(skipped)
Carol is trying to find information about a specific IP address in Belgium. Which registry should she check?

Response:

RIPE NCC

ARIN

APNIC

LACNIC

Question: Score 0 of 1
(skipped)
In what authentication mode do the station and access point use the same key to provide authentication, which means that this key
should be enabled and configured manually on both the client and the authentication point?

Response:

Wi-Fi open system authentication

 Wi-Fi shared key authentication

Wi-Fi centralized server authentication

Wi-Fi ad hoc authentication

Question: Score 0 of 1
(skipped)
You have compromised a server on a network and successfully opened a shell. You aimed to identify all operating systems running on
the network. However, as you attempt to fingerprint all machines in the network using the nmap syntax below, it is not going through.

invictus@victim_server.~$ nmap -T4 -O 10.10.0.0/24 TCP/IP fingerprinting (for OS scan) xxxxxxx xxxxxx xxxxxxxxx. QUITTING! What seems to be
wrong?

Response:

The nmap syntax is wrong

This is a common behavior for a corrupted nmap application

The outgoing TCP/IP fingerprinting is blocked by the host firewall

OS Scan requires root privileges

Question: Score 0 of 1
(skipped)
Identify the algorithm according to the following description: That wireless security algorithm was rendered useless by capturing
packets and discovering the passkey in seconds. This vulnerability was strongly affected to TJ Maxx company. This vulnerability led to a network
invasion of the company and data theft through a technique known as wardriving.

Response:

Wired Equivalent Privacy (WEP)

 Wi-Fi Protected Access 2 (WPA2)

Temporal Key Integrity Protocol (TKIP)

Wi-Fi Protected Access (WPA)

Question: Score 0 of 1
(skipped)
A(n) _______ is a hardware device that sits in a network segment and gives access to all traffic in that segment.

Response:

SPAN port

hardware protocol analyzer

TAP

ARP relay

Question: Score 0 of 1
(skipped)
While browsing his social media feed, Jacob noticed Jane's photo with the caption: "Learn more about your friends," as well as
several personal questions under the post. Jacob is suspicious and texts Jane with questions about this post. Jane confirms that she did indeed
post it. With the assurance that the post is legitimate, Jacob responds to the questions on the friend's post.

A few days later, Jacob tries to log into his bank account and finds out that it has been compromised and the password was changed. What most
likely happened?

Response:

Jacob's password was stolen while he was enthusiastically participating in the survey.
 Jacob's computer was infected with a Banker Trojan.

Jacob inadvertently provided the answers to his security questions when responding to Jane's post.

Jacob's bank-account login information was brute-forced.

Question: Score 0 of 1
(skipped)
Leverox Solutions hired Arnold, a security professional, for the threat intelligence process. Arnold collected information about specific threats
against the organization. From this information, he retrieved contextual information about security events and incidents that helped him disclose potential risks
and gain insight into attacker methodologies.

He collected the information from sources such as humans, social media, and chat rooms as well as from events that resulted in cyberattacks. In this process,
he also prepared a report that includes identified malicious activities, recommended courses of action, and warnings for emerging attacks.

What is the type of threat intelligence collected by Arnold in the above scenario?

Response:

Strategic threat intelligence

Operational threat intelligence

Technical threat intelligence

Tactical threat intelligence

Question: Score 0 of 1
(skipped)
Ingrid is sending data to a target but encoding the data in hexadecimal. What evasion technique is this?

Response:
 WAF bypass

Desynchronization

Insertion

Tunneling

Question: Score 0 of 1
(skipped)
Which of the following is a network forensics analysis tool that can monitor and extract information from network traffic and capture
application data contained in the network traffic?

Response:

Xplico

yersinia

mitm6

Hyenae NG

Question: Score 0 of 1
(skipped)
What is the current version of SSL/TLS being used?

Response:

1.1

1.2
 1.3

2.0

Question: Score 0 of 1
(skipped)
Shortly after replacing the outdated equipment, John, the company's system administrator, discovered a leak of critical customer
information. Moreover, among the stolen data was the new user’s information that excludes incorrect disposal of old equipment.

IDS did not notice the intrusion, and the logging system shows that valid credentials were used. Which of the following is most likely the cause of
this problem?

Response:

Default Credential

Industrial Espionage

Zero-day vulnerabilities

NSA backdoor

Question: Score 0 of 1
(skipped)
Identify the security model by description: In this security model, every user in the network maintains a ring of public keys. Also, a
user needs to encrypt a message using the receiver’s public key, and only the receiver can decrypt the message using their private key.

Response:

Web of trust

Secure Socket Layer

 Zero trust security model

Transport Layer Security

Question: Score 0 of 1
(skipped)
The evil hacker Ivan wants to attack the popular air ticket sales service. After careful study, he discovered that the web application is
vulnerable to introduced malicious JavaScript code through the application form. This code does not cause any harm to the server itself, but when
executed on the client's computer, it can steal his personal data. What kind of attack is Ivan preparing to use?

Response:

CSRF

XSS

SQL injection

LDAP Injection

Question: Score 0 of 1
(skipped)
_____ involves stealing a cloud service provider’s domain name.

Response:

Domain sniping

Domain hijacking

Cybersquatting
 DNS poisoning

Question: Score 0 of 1
(skipped)
Sniffing is a process of monitoring and capturing all data packets passing through a given network. An intruder can capture and
analyze all network traffic by placing a packet sniffer on a network in promiscuous mode. Sniffing can be either Active or Passive in nature. How
does passive sniffing work?

Response:

This is the process of sniffing through the gateway.

This is the process of sniffing through the switch.

This is the process of sniffing through the router.

This is the process of sniffing through the hub.

Question: Score 0 of 1
(skipped)
Covering tracks: Which of the following tools are capable of clearing log files?
(Select all that apply)

Response:

kismet

dd

psloglist

cowpatty
Question: Score 0 of 1
(skipped)
Which of the following files determines the basic configuration in an Android application, such as broadcast receivers, services, etc.?

Response:

AndroidManifest.xml

APK.info

classes.dex

resources.asrc

Question: Score 0 of 1
(skipped)
Monitoring your company’s assets is one of the most important jobs you can perform. What warnings should you try to reduce when
configuring security tools, such as security information and event management (SIEM) solutions or intrusion detection systems (IDS)?

Response:

Only False Positives

False Positives and False Negatives

True Positives and True Negatives

Only True Negatives

Question: Score 0 of 1
Maria, the leader of the Blue Team, wants to use network traffic analysis to implement the ability to detect an intrusion in her network (skipped)
of several hosts quickly. Which tool is best suited to perform this task?

Response:

Firewalls

Honeypot

NIDS

HIDS

Question: Score 0 of 1
(skipped)
Alex, a security engineer, needs to determine how much information can be obtained from the firm's public-facing web servers. First of
all, he decides to use Netcat to port 80 and receive the following output:

- HTTP/1.1 200 OK -

- Server: Microsoft-IIS/6 -
- Expires: Tue, 17 Jan 2011 01:41:33 GMT
- Date: Mon, 16 Jan 2011 01:41:33 GMT

- Content-Type: text/html -

- Accept-Ranges: bytes -
- Last Modified: Wed, 28 Dec 2010 15:32:21 GMT
- ETag:"b0aac0542e25c31:89d"

- Content-Length: 7369 -

Which of the following did Alex do?

Response:

Banner grabbing.

Cross-site scripting.
 SQL injection.

Cross-Site Request Forgery.

Question: Score 0 of 1
(skipped)
____ is designed explicitly for systems that have low power and limited memory. It is used for street lighting, radiation monitoring, and
smart cities.

Response:

RIoT

Zephyr

Contiki

RTOS

Question: Score 0 of 1
(skipped)
​How is ethical hacking different from hacking?

Response:

Ethical hackers never launch exploits.

Ethical hackers have signed written permission.

Ethical hackers act with malice.

Ethical hackers have verbal permission.

Question: Score 0 of 1
(skipped)
Beatrice believes her machine is infected with a well-known Trojan horse. She sees a great deal of unexplained activity on port 31338.
Which of the following is the most likely Trojan horse in this case?

Response:

DeepThroat

DarkComet RAT

Trojan Cow

DeepBO

Question: Score 0 of 1
(skipped)
Shredding documents is most effective against which type of attack?

Response:

Dumpster diving

Tailgating

SMSishing

Spimming

Question: Score 0 of 1
Rajesh, a system administrator, noticed that some clients of his company were victims of DNS Cache Poisoning. They were redirected (skipped)
to a malicious site when they tried to access Rajesh's company site. What is the best recommendation to deal with such a threat?

Response:

Customer awareness

Use a multi-factor authentication

Use of security agents on customers' computers.

Use Domain Name System Security Extensions (DNSSEC)

Question: Score 0 of 1
(skipped)
Gabrielle is looking for a tool that will specifically check for buffer overflow vulnerabilities. What tool should she choose?

Response:

Foren6

IoTsploit

RIoT

beSTORM

Question: Score 0 of 1
(skipped)
Pedro is creating a virus to test system security. It will not harm the system, but after every 10 times it is copied, it will change its
signature and the email it attaches to in order to avoid detection. What is this called?

Response:
 Polymorphic virus

Sparse infector virus

Overwriting virus

Metamorphic virus

Question: Score 0 of 1
(skipped)
Which of the following USB tools using to copy files from USB devices silently?

Response:

USBDumper

USBSniffer

USBSnoopy

USBGrabber

Question: Score 0 of 1
(skipped)
Deion is investigating suspected malware in a client’s system. This malware can attack the computer in multiple ways, such as by
infecting the boot sector of the hard disk and one or more files. What is the best term for this?

Response:

Multipartite virus

Cluster virus
 Polymorphic virus

Sparse infector virus

Question: Score 0 of 1
(skipped)
Stephen, an attacker, targeted the industrial control systems of an organization. He generated a fraudulent email with a malicious attachment and
sent it to employees of the target organization.

An employee who manages the sales software of the operational plant opened the fraudulent email and clicked on the malicious attachment. This resulted in
the malicious attachment being downloaded and malware being injected into the sales software maintained in the victim’s system.

Further, the malware propagated itself to other networked systems, finally damaging the industrial automation components.

What is the attack technique used by Stephen to damage the industrial systems?

Response:

HMI-based attack

SMishing attack

Reconnaissance attack

Spear-phishing attack

Question: Score 0 of 1
(skipped)
Define Metasploit module used to perform arbitrary, one-off actions such as port scanning, denial of service, SQL injection and
fuzzing?

Response:

Auxiliary Module.
 NOPS Module.

Payload Module.

Exploit Module.

Question: Score 0 of 1
(skipped)
Social engineering is most useful in what phase of the CEH methodology?

Response:

Gaining access

Escalating privileges

Footprinting

Getting passwords

Question: Score 0 of 1
(skipped)
Jerrod is running an hping v3 scan on a target machine. He wants to send TCP SYN packets every 3 seconds to port 445 on host
10.10.10.15. Which command will do that?

Response:

hping3 -i 3 10.10.10.15 -sS -V -p 445

hping3 1 0.10.10.15 -sS -V -p 445 -i 3

hping3 10.10.10.15 -S -V -p 445 -i 3

 hping3 -i 3 10.10.10.15 -S -V -p 445 -i 3

Question: Score 0 of 1
(skipped)
SQL injection is an attack against what?

Response:

Device

Network

Server

User

Question: Score 0 of 1
(skipped)
Why does 'OR '1' = '1 work?

Response:

It is always a true statement.

SQL cannot process it, and it causes an error.

This command has special meaning in SQL.

It does not work.

Question: Score 0 of 1
(skipped)
Mohanned is trying to avoid introducing malware into his network. Any time a new program is planned for deployment, he first installs
that program on an isolated, non-networked machine to test it. What best describes this process?

Response:

Air gap

Sheep dip

Malware analysis

Antivirus

Question: Score 0 of 1
(skipped)
Which among the following is the best example of the hacking concept called “clearing tracks”?

Response:

An attacker gains access to a server through an exploitable vulnerability.

During a cyberattack, a hacker injects a rootkit into a server.

After a system is breached, a hacker creates a backdoor to allow re-entry into a system.

During a cyberattack, a hacker corrupts the event logs on all machines.

Question: Score 0 of 1
(skipped)
ISAPI filters is a powerful tool that is used to extend the functionality of IIS. However, improper use can cause huge harm. Why do EC-
Council experts recommend that security analysts monitor the disabling of unused ISAPI filters?
Response:

To prevent leaks of confidential data

To defend against webserver attacks

To prevent memory leaks

To defend against wireless attacks

Question: Score 0 of 1
(skipped)
You must discover all the active devices hidden by a restrictive firewall in the IPv4 range in a target network. Which of the following
host discovery techniques will you use?

Response:

ARP ping scan

ACK flag probe scan

TCP Maimon scan

UDP scan

Question: Score 0 of 1
(skipped)
Imagine the following scenario:

- An attacker created a website with tempting content and benner like: 'Do you want to make $10 000 in a month?'.
- Victim clicks to the interesting and attractive content URL.
- Attacker creates a transparent 'iframe' in front of the banner which victim attempts to click. Victim thinks that he/she clicks to the 'Do you want to make $10 000
in a month?' banner but actually he/she clicks to the content or UPL that exists in the transparent 'iframe' which is set up by the attacker.
What is the name of the attack which is described in the scenario?

Response:

HTTP Parameter Pollution

HTML Injection

Session Fixation

Clickjacking Attack

Question: Score 0 of 1
(skipped)
John wants to attack the target organization, but before that, he needs to gather information. For these purposes, he performs DNS
footprinting to gather information about DNS servers and identify the hosts connected to the target network. John is going to use an automated tool
that can retrieve information about DNS zone data, including DNS domain names, computer names, IP addresses, DNS records, and network Whois
records.

Which of the following tools will John use?

Response:

Bluto

Towelroot

Knative

zANTI

Question: Score 0 of 1
(skipped)
What is the most common technique for steganography?
Response:

Encryption

Carrier hiding

QuickStego

LSB replacement

Question: Score 0 of 1
(skipped)
What is the purpose of the demilitarized zone?

Response:

To provide a place for a honeypot.

To add an extra layer of security to an organization's local area network.

To scan all traffic coming through the DMZ to the internal network.

To add a protect to network devices.

Question: Score 0 of 1
(skipped)
Ivan, a black hacker, wants to attack the target company. He thought about the fact that vulnerable IoT devices could be used in the
company. To check this, he decides to use the tool, scan the target network for specific types of IoT devices and detect whether they are using the
default, factory-set credentials. Which of the following tools will Ivan use?

Response:
 IoTSeeker

Azure IoT Central

Bullguard IoT

Cloud IoT Core

Question: Score 0 of 1
(skipped)
What is the name of a popular tool (or rather, an entire integrated platform written in Java) based on a proxy used to assess the
security of web applications and conduct practical testing using a variety of built-in tools?

Response:

Burp Suite

Wireshark

CxSAST

Nmap

Question: Score 0 of 1
(skipped)
Lachelle is working to analyze suspected malware on a system. She has found code that breaches via a known security vulnerability.
What is the proper term for this?

Response:

Injector
 Payload

Malicious code

Exploit

Question: Score 0 of 1
(skipped)
The network administrator has received the task to eliminate all unencrypted traffic inside the company's network. During the analysis,
it detected unencrypted traffic in port UDP 161. Which of the following protocols uses this port and what actions should the network administrator
take to fix this problem?

Response:

SNMP and he should change it to SNMP V2.

SNMP and he should change it to SNMP V3.

RPC and the best practice is to disable RPC completely.

CMIP and enable the encryption for CMIP.

Question: Score 0 of 1
(skipped)
Which of the following is an on-premise or cloud-hosted solution responsible for enforcing security, compliance, and governance
policies in the cloud application?

Response:

Container Security Tools

Next-Generation Secure Web Gateway

 Secure access service edge

Cloud Access Security Broker

Question: Score 0 of 1
(skipped)
Tyrell is using Telnet to try to find out what web server software is running on a target web server. What is Tyrell doing?

Response:

Banner grabbing

Scanning

Command injection

CSRF

Question: Score 0 of 1
(skipped)
Maria conducted a successful attack and gained access to a Linux server. She wants to avoid that NIDS will not catch the succeeding
outgoing traffic from this server in the future. Which of the following is the best way to avoid detection of NIDS?

Response:

Alternate Data Streams.

Out of band signaling.

Protocol Isolation.

Encryption.
Question: Score 0 of 1
(skipped)
An attacker stole financial information from a bank by compromising only a single server. After that, the bank decided to hire a third-
party organization to conduct a full security assessment. Cybersecurity specialists have been provided with information about this case, and they
need to provide an initial recommendation. Which of the following will be the best recommendation?

Response:

Issue new certificates to the web servers from the root certificate authority.

Require all employees to change their passwords immediately.

Move the financial data to another server on the same IP subnet.

Place a front-end web server in a demilitarized zone that only handles external web traffic.

Question: Score 0 of 1
(skipped)
Which of the following best describes crypters?

Response:

Software tools that use a combination of encryption and code manipulation to render malware as undetectable to antivirus software

Software tools that use compression to pack the malware executable into a smaller size

Software that appears to perform a desirable function for the user prior to running or installing it but instead performs a function that steals information
or otherwise harms the system

Software that hides data in other files

Question: Score 0 of 1
(skipped)
During a pen test, you have access to two machines and want to capture session IDs sent from the server. The first machine has
Wireshark installed and is the client. Its IP address is 192.168.123.99. The second machine is the web server and is issuing session IDs. Its IP
address is 192.168.123.150.

Which of the following Wireshark filters best meets your needs and gives you just the packets with session IDs issued by the web server?

Response:

tcp.srcport == 80 && ip.src == 192.168.123.150

tcp.srcport == 80 && ip.src == 192.168.123.99

tcp.srcport != 80 && ip.src != 192.168.123.150

tcp.srcport == 80 && tcp.analysis.retransmission

Question: Score 0 of 1
(skipped)
Ivan, a black hat hacker, got the username from the target environment. In conditions of limited time, he decides to use a list of
common passwords, which he will pass as an argument to the hacking tool. Which of the following is the method of attack that Ivan uses?

Response:

Password spraying attack.

Known plaintext attack.

Smudge attack.

Dictionary attack.
Question: Score 0 of 1
(skipped)
Identify the type of fault injection attack to IoT device by description: During this attack attacker injects faults into the power supply
that can be used for remote execution, also causing the skipping of key instructions. Also, an attacker injects faults into the clock network used for
delivering a synchronized signal across the chip.

Response:

Power/clock/reset glitching

Frequency/voltage tampering

Temperature attack

Optical, EMFI, BBI

Money Back Guarantee Testimonial FAQs Privacy Policy Terms and Conditions About Us Join Us Contact Us