ceh 2
ceh 2
or “Shellshock” vulnerability?
A. SYN Flood
B. SSH
A. Decoy scanning
D. Idle scanning
Suggestion:
Suggestion:
The correct answer(s): C
A. Paros Proxy
B. BBProxy
C. Blooover
D. BBCrack
Suggestion:
A. Bluedriving
B. Bluesmacking
C. Bluejacking
D. Bluesnarfing
Suggestion:
A. Browser Hacking
B. Cross-Site Scripting
C. SQL Injection
Suggestion:
B. Run a network sniffer and capture the returned traffic with the
configuration file from the router
Suggestion:
B. Burp
C. Hydra
D. Whisker
Suggestion:
Suggestion:
A. TEA
B. CAST-128
C. RC5
D. serpent
B. Diversion theft
C. Elicitation
D. Phishing
Suggestion:
Suggestion:
A. Gateway-based IDS
B. Network-based IDS
C. Host-based IDS
D. Open source-based
Suggestion:
A. Encrypt the Sales.xls using PGP and e-mail it to your personal gmail
account
B. Package the Sales.xls using Trojan wrappers and telnet them back
your home computer
C. You can conceal the Sales.xls database in another file like photo.jpg
or other files and send it out in an innocent looking email or file
transfer using Steganography techniques
Suggestion:
Suggestion:
A. Presentation tier
B. Application Layer
C. Logic tier
D. Data tier
Suggestion:
Suggestion:
Suggestion:
A. HIPAA
B. EU Safe Harbor
C. PCI-DSS
D. NIST-800-53
Suggestion:
A. 110
B. 389
C. 464
D. 445
A. Kube-controller-manager
B. Kube-scheduler
C. Kube-apiserver
D. Etcd cluster
Suggestion:
A. Spimming
B. Pharming
C. Phishing
D. Spear-phishing
Suggestion:
A. L0phtcrack
B. NetCat
D. Netbus
Suggestion:
D. A list of all mail proxy server addresses used by the targeted host
Suggestion:
A. SFTP
B. Ipsec
C. SSL
D. FTPS
Suggestion:
Suggestion:
Suggestion:
A. Shadowsocks
B. CeWL
C. Psiphon
D. Orbot
Suggestion:
A. -SN
B. -SX
C. -sV
D. -SF
Suggestion:
A. External assessment
B. Passive assessment
C. Host-based assessment
D. Application assessment
A. Robotium
B. BalenaCloud
C. Flowmon
D. IntentFuzzer
Suggestion:
C. Phishing
Suggestion:
Suggestion:
A. UDP scan
Suggestion:
A. SYN
B. RST
C. PSH
D. URG
E. FIN
Suggestion:
A. Birthday
B. Brute force
C. Man-in-the-middle
D. Smurf
Suggestion:
A. Null byte
B. IP fragmentation
C. Char encoding
D. Variation
Suggestion:
A. Code injections
C. No ABAC validation
Suggestion:
A. Firewall-management policy
B. Acceptable-use policy
C. Permissive policy
D. Remote-access policy
Suggestion:
A. PyLoris
B. Slowloris
C. Evilginx
D. PLCinject
Suggestion:
B. Server-side JS injection
C. CRLF injection
Suggestion:
Suggestion:
A. TACACS+
B. DIAMETER
C. Kerberos
D. RADIUS
Suggestion:
A. Macro virus
B. Stealth/Tunneling virus
C. Cavity virus
D. Polymorphic virus
Suggestion:
Suggestion:
Suggestion:
A. Nikto
B. Nmap
C. Metasploit
D. Armitage
Suggestion:
A. Wardriving
B. KRACK attack
D. aLTEr attack
Suggestion:
A. Bluesmacking
B. Bluebugging
C. Bluejacking
D. Bluesnarfing
Suggestion:
A. Session hijacking
B. Firewalking
D. Network sniffing
Suggestion:
A. Gateway-based IDS
B. Network-based IDS
C. Host-based IDS
D. Open source-based
Suggestion:
A. Hash value
B. Private key
C. Digital signature
D. Digital certificate
Suggestion:
Suggestion:
B. Cloud cryptojacking
C. Cloudborne attack
Suggestion:
B. Try to hang around the local pubs or restaurants near the bank, get
talking to a poorly-paid or disgruntled employee, and offer them
money if they'll abuse their access privileges by providing you with
sensitive information
Suggestion:
Suggestion:
A. website defacement
Suggestion:
A. Bob can be right since DMZ does not make sense when combined
with stateless firewall
D. Bob is partially right. DMZ does not make sense when a stateless
firewall is available
Answer Mark and next Verify
Suggestion:
*********************************
A. verification
B. Risk assessment
C. Vulnerability scan
D. Remedation
Suggestion:
Suggestion:
C. Nessus
D. Snort
Suggestion:
A. tcpsplice
B. Burp
C. Hydra
D. Whisker
Suggestion:
A. Session hijacking
B. Firewalking
D. Network sniffing
Suggestion:
A. Knative
B. zANTI
C. Towelroot
D. Bluto
Suggestion:
D. The operator knows that attacks and down time are inevitable and
should have a backup site.
Suggestion:
which type of virus can change its own code and then cipher
itself multiple times as it replicates?
A. Stealth virus
B. Tunneling virus
C. Cavity virus
D. Encryption virus
Suggestion:
Suggestion:
D. A list of all mail proxy server addresses used by the targeted host
Answer Mark and next Verify
Suggestion:
A. XXE
B. SQLi
C. IDOR
D. XXS
Suggestion:
A. ACK
B. SYN
C. RST
D. SYN-ACK
Suggestion:
Suggestion:
Suggestion:
A. SolarWinds
B. USER2SID
C. Cheops
D. SID2USER
E. DumpSec
Suggestion:
A. 802.16 (WiMax)
B. 802.11g
C. 802.11b
D. 802.11a
Suggestion:
A. Exploration
B. Investigation
C. Reconnaissance
D. Enumeration
Suggestion:
A. WEP
B. WPA
C. WPA2
D. WPA3
Suggestion:
B. Proper chain of custody was not observed while collecting the logs.
Suggestion:
A. -sA
B. -sX
C. -sT
D. -sF
Suggestion:
**********************************************************************
****
A. Cloud booker
B. Cloud consumer
C. Cloud carrier
D. Cloud auditor
Suggestion:
Suggestion:
B. Hashcat
C. netcat
D. THC-Hydra
While examining audit logs, you discover that people are able
to telnet into the SMTP server on port 25. You would like to
block this, though you do not see any evidence of an attack or
other wrong doing. However, you are concerned about
affecting the normal functionality of the email server. From
the following options choose how best you can achieve this
objective?
Suggestion:
Suggestion:
A. Spear-phishing attack
B. SMishing attack
C. Reconnaissance attack
D. HMI-based attack
Suggestion:
C. Forbidden attack
D. CRIME attack
A. Hit-list-scanning technique
Suggestion:
A. CAST-128
B. AES
D. DES
Suggestion:
The correct answer(s): A
Suggestion:
A. web shells
B. Webhooks
C. REST API
D. SOAP API
Suggestion:
A. IDEA
D. AES
Suggestion:
Suggestion:
A. Hybrid
B. Community
C. Public
D. Private
Suggestion:
A. VLAN hopping
B. DHCP starvation
D. STP attack
Suggestion:
A. Spanning tree
C. Port security
Suggestion:
The correct answer(s): B
A. 110
B. 135
C. 139
D. 161
E. 445
F. 1024
Suggestion:
C. Spear-phishing sites
D. insider threat
Suggestion:
Which DNS resource record can indicate how long any "DNS
poisoning" could last?
A. MX
B. SOA
C. NS
D. TIMEOUT
Suggestion:
A. Gateway-based IDS
B. Network-based IDS
C. Host-based IDS
D. Open source-based
Suggestion:
A. Dorian is signing the message with his public key. and Poly will
verify that the message came from Dorian by using Dorian's private
key.
B. Dorian Is signing the message with Polys public key. and Poly will
verify that the message came from Dorian by using Dorian's public
key.
C. Dorian is signing the message with his private key. and Poly will
verify that the message came from Dorian by using Dorian's public
key.
D. Dorian is signing the message with Polys private key. and Poly will
verify mat the message came from Dorian by using Dorian's public
key.
Suggestion:
D. DNS enumeration
Suggestion:
A. Infoga
B. WebCopier Pro
C. Netsparker
D. NCollector Studio
Suggestion:
A. Reconnaissance
B. Maintaining access
C. Scanning
D. Gaining access
Suggestion:
A. Nikto
C. Dsniff
D. Snort
Suggestion:
A. Man-in-the-middle attack
B. Meet-in-the-middle attack
C. Replay attack
Suggestion:
Suggestion:
A. Bluesmacking
B. BlueSniffing
C. Bluejacking
D. Bluesnarfing
Suggestion:
Suggestion:
A. Session hijacking
D. Cross-site scripting
Suggestion:
D. Ataque STP
Sugerencia: