Download CEH CERTIFIED ETHICAL HACKER 2025 LATEST CERTIFICATION EXAM TEST BUNDLE MASTER SET and more Exams Cybercrime, Cybersecurity and Data Privacy in PDF only on Docsity!
(COMPLETE 100 0 Q&A) CEH CERTIFIED ETHICAL HACKER
LATEST CERTIFICATION EXAM TEST BUNDLE MASTER SET
EDITION EC-Council STANDARD EXAM 100% ORIGINAL QUESTION AND ANSWERS GRADED A SCORE 98% Which of the following phases of risk management is an ongoing iterative process that assigns priorities for risk mitigation and implementation plans to help determine the quantitative and qualitative value of risk? A Risk identification B Risk treatment C Risk tracking and review D Risk assessment D Jack, a security professional, was instructed to introduce a security standard to handle cardholder information for major debit, credit, prepaid, e-purse, ATM, and POS cards. In the process, Jack has employed a standard that offers robust and comprehensive standards as well as supporting materials to enhance payment-card data security. What is the security standard that Jack has employed?
A HIPAA
B SOX
C DMCA
D PCI DSS
D
Morris, an attacker, has targeted an organization's network. To know the structure of the target network, he combined footprinting techniques with a network utility that helped him create diagrammatic representations of the target network. What is the network utility employed by Morris in the above scenario? A Netcraft B Tracert C Shodan D BuzzSumo B Which of the following Google advanced search operators displays similar websites to the specified URL?
What is the Google dork that helped Jude find the VoIP login portals? A inurl:8080 intitle:"login" intext:"UserLogin" "English" B inurl:/voice/advanced/ intitle:Linksys SPA configuration C inurl:/remote/login?lang=en D !Host=. intext:enc_UserPassword=* ext:pcf A Stokes, an attacker, decided to find vulnerable IoT devices installed in the target organization. In this process, he used an online tool that helped him gather information such as a device's manufacturer details, its IP address, and the location where it is installed. What is the online tool that Stokes used in the above scenario? A DuckDuckGo B Baidu C Shodan D Bing C
CenSys Solutions hired Clark, a security professional, to enhance the Internet security of the organization. To achieve the goal, Clark employed a tool that provides various Internet security services, including anti-fraud and anti-phishing services, application testing, and PCI scanning. What is the tool used by Clark to perform the above activities? A Blisqy B OmniPeek C Netcraft D BTCrawler C Clark is a professional hacker. He targeted an organization for financial benefit and used various footprinting techniques to gather information about the target network. In this process, he employed a protocol used for querying databases that store the registered users or assignees of an Internet resource, such as a domain name, an IP address block, or an autonomous system. What is the protocol employed by Clark in the above scenario? A SMB B Whois
B
Which of the following countermeasures should be followed to safeguard the privacy, data, and reputation of an organization and to prevent information disclosure? A Keeping the domain name profile public B Enabling directory listings in the web servers C Avoiding domain-level cross-linking for critical assets D Turning on geolocation access on all mobile devices C Which of the following TCP communication flags notifies the transmission of a new sequence number and represents the establishment of a connection between two hosts? A FIN flag B SYN flag C PSH flag D RST flag
B
Which of the following hping commands is used by an attacker to scan the entire subnet to detect live hosts in a target network? A hping3 - 8 50- 60 - S 10.0.0.25 - V B hping3 - F - P - U 10.0.0.25 - p 80 C hping3 - 1 10.0.1.x --rand-dest - I eth D hping3 - 9 HTTP - I eth C Which of the following commands is used by an attacker to perform an ICMP ECHO ping sweep that can determine the live hosts from a range of IP addresses by sending ICMP ECHO requests to multiple hosts? A nmap - sn - PR 10.10.10. B nmap - sn - PU 10.10.10. C nmap - sn - PE 10.10.10. D nmap - sn - PE 10.10.10.5- 15 D
A certain type of port scanning technique is similar to the TCP SYN scan and can be performed quickly by scanning thousands of ports per second on a fast network that is not obstructed by a firewall, offering a strong sense of security. Which of the following is this type of port scanning technique? A IDLE/IPID header scanning B SCTP COOKIE ECHO scanning C SSDP scanning D SCTP INIT scanning D An attacker performed OS banner grabbing on a target host. They analyzed the packets received from the target system and identified that the values of time to live (TTL) and TCP window size as 255 and 4128, respectively. What is the operating system of the target host on which the attacker performed banner grabbing? A Linux (Kernel 2.4 and 2.6)
B Google Linux C Windows 98, Vista, and 7 (Server 2008) D iOS 12.4 (Cisco Routers) D Which of the following OS discovery techniques is used by an attacker to identify a target machine's OS by observing the TTL values in the acquired scan result? A OS discovery using Nmap B OS discovery using Unicornscan C OS discovery using Nmap Script Engine D OS discovery using IPv6 fingerprinting B Which of the following IDS/firewall evasion techniques is used by an attacker to bypass Internet censors and evade certain IDS and firewall rules? A IP address decoy B Sending bad checksums
A TCP 25
B TCP 20/
C TCP/UDP 5060, 5061
D TCP 179
B
Which of the following Net View commands is used by an attacker to view all the available shares in a domain? A net view <computername> /ALL B net view /domain: C net view /domain D net view <computername> C Which of the following commands is used by the SNMP manager continuously to retrieve all the data stored in an array or table? A GetResponse B GetNextRequest
C GetRequest D SetRequest B George hired an attacker named Joan to perform a few attacks on a competitor organization and gather sensitive information. In this process, Joan performed enumeration activities on the target organization's systems to access the directory listings within Active Directory. What is the type of enumeration that Joan has performed in the above scenario? A SNMP enumeration B LDAP enumeration C NTP enumeration D NetBIOS enumeration B
A - m n B - u user C - M mode D - p port C Given below are the different phases of the vulnerability management lifecycle.
- Monitor
- Vulnerability scan
- Identify assets and create a baseline
- Risk assessment
- Verification
- Remediation What is the correct sequence of phases involved in the vulnerability management lifecycle? A 1 → 2 → 3 → 4 → 5 → 6 B 2 → 1 → 5 → 3 → 6 → 4
C 3 → 2 → 4 → 6 → 5 → 1
D 3 → 1 → 4 → 5 → 6 → 2
C
Jaden, a security professional in an organization, introduced new tools and services into the organization. Before introducing the tools, he had to evaluate whether the tools are effective and appropriate for the organization. He used a publicly available and free-to-use list of standardized identifiers for software vulnerabilities and exposures to evaluate the tools. Which of the following databases did Jaden use to evaluate the tools and services? A LACNIC B CVE C Whois D ARIN B
B
Ben, an ethical hacker, was hired by an organization to check its security levels. In the process, Ben examined the network from a hacker's perspective to identify exploits and vulnerabilities accessible to the outside world by using devices such as firewalls, routers, and servers. Which of the following types of vulnerability assessment did Ben perform on the organization? A Active assessment B Passive assessment C External assessment D Internal assessment C Clark, an ethical hacker, is performing vulnerability assessment on an organization's network. Instead of performing footprinting and network scanning, he used tools such as Nessus and Qualys for the assessment. Which of the following types of vulnerability assessment did Clark perform on the organization?
A Manual assessment B Credentialed assessment C Distributed assessment D Automated assessment D Ray, a security professional in an organization, was instructed to identify all potential security weaknesses in the organization and fix them before an attacker can exploit them. In the process, he consulted a third-party consulting firm to run a security audit of the organization's network. Which of the following types of solutions did Ray implement in the above scenario? A Product-based solution B Service-based solution C Tree-based assessment D Inference-based assessment B
