Download CEH v12 Practice Questions WITH ANSWERS and more Exams Computer Science in PDF only on Docsity!
CEH |\v12 |\Practice |\Questions |\WITH |\
ANSWERS
Which |\of |\the |\following |\tools |\is |\a |\command-line |\vulnerability |\scanner |\that |\scans |\web |\servers |\for |\dangerous |\files/CGIs? A) |\Snort B) |\Kon-Boot C) |\John |\the |\Ripper D) |\Nikto |- |\CORRECT |\ANSWERS |\✔✔Nikto Michael, |\a |\technical |\specialist, |\discovered |\that |\the |\laptop |\of |\one |\of |
the |\employees |\connecting |\to |\a |\wireless |\point |\couldn't |\access |\the |
internet, |\but |\at |\the |\same |\time, |\it |\can |\transfer |\files |\locally. |\He |
checked |\the |\IP |\address |\and |\the |\default |\gateway. |\They |\are |\both |\on |
192.168.1.0/24. |\Which |\of |\the |\following |\caused |\the |\problem? A) |\The |\laptop |\is |\using |\an |\invalid |\IP |\address B) |\The |\laptop |\and |\the |\gateway |\are |\not |\on |\the |\same |\network |
C) |\The |\laptop |\isn't |\using |\a |\private |\IP |\address |
D) |\The |\gateway |\is |\not |\routing |\to |\a |\public |\IP |\address |- |\CORRECT |
ANSWERS |\✔✔The |\gateway |\is |\not |\routing |\to |\a |\public |\IP |\address
Josh, |\a |\security |\analyst, |\wants |\to |\choose |\a |\tool |\for |\himself |\to |
examine |\links |\between |\data. |\One |\of |\the |\main |\requirements |\is |\to |
present |\data |\using |\graphs |\and |\link |\analysis. |\Which |\of |\the |\following |
tools |\will |\meet |\John's |\requirements? A) |\Palantir B) |\Maltego C) |\Analyst's |\Notebook D) |\Metasploit |- |\CORRECT |\ANSWERS |\✔✔Maltego What |\describes |\two-factor |\authentication |\for |\a |\credit |\card |(using |\a |
card |\and |\pin)? A) |\Something |\you |\know |\and |\something |\you |\are |
B) |\Something |\you |\have |\and |\something |\you |\know C) |\Something |\you |\are |\and |\something |\you |\remember |
D) |\Something |\you |\have |\and |\something |\you |\are |- |\CORRECT |
ANSWERS |\✔✔Something |\you |\have |\and |\something |\you |\know Identify |\a |\vulnerability |\in |\OpenSSL |\that |\allows |\stealing |\the |
information |\protected |\under |\normal |\conditions |\by |\the |\SSL/TLS |
encryption |\used |\to |\secure |\the |\internet?
Alex, |\a |\cybersecurity |\specialist, |\received |\a |\task |\from |\the |\head |\to |
scan |\open |\ports. |\One |\of |\the |\main |\conditions |\was |\to |\use |\the |\most |
reliable |\type |\of |\TCP |\scanning. |\Which |\of |\the |\following |\types |\of |
scanning |\would |\Alex |\use? A) |\NULL |\Scan |
B) |\Half-open |\Scan |
C) |\TCP |\Connect/Full |\Open |\Scan |
D) |\Xmas |\Scan |- |\CORRECT |\ANSWERS |\✔✔TCP |\Connect/Full |\Open |\Scan Which |\of |\the |\following |\Nmap |\options |\will |\you |\use |\if |\you |\want |\to |
scan |\fewer |\ports |\than |\the |\default? |
A) |-p B) |-sP C) |-T D) |-F |- |\CORRECT |\ANSWERS |\✔✔-F You |\conduct |\an |\investigation |\and |\finds |\out |\that |\the |\browser |\of |\one |\of |\your |\employees |\sent |\malicious |\request |\that |\the |\employee |\knew |
nothing |\about. |\Identify |\the |\web |\page |\vulnerability |\that |\the |\attacker |\used |\to |\attack |\your |\employee?
A) |\Cross-Site |\Request |\Forgery |(CSRF) B) |\Command |\Injection |\Attacks |
C) |\File |\Inclusion |\Attack |
D) |\Hidden |\Field |\Manipulation |\Attack |- |\CORRECT |\ANSWERS |\✔✔Cross- Site |\Request |\Forgery |(CSRF) Which |\of |\the |\following |\program |\attack |\both |\the |\boot |\sector |\and |
executable |\files? |
A) |\Stealth |\virus |
B) |\Polymorphic |\virus |
C) |\Macro |\virus |
D) |\Multipartite |\virus |- |\CORRECT |\ANSWERS |\✔✔Multipartite |\virus Which |\of |\the |\following |\is |\the |\type |\of |\violation |\when |\an |
unauthorized |\individual |\enters |\a |\building |\following |\an |\employee |
through |\the |\employee |\entrance? A) |\Reverse |\Social |\Engineering |
B) |\Tailgating |
C) |\Pretexting |
D) |\Announced |- |\CORRECT |\ANSWERS |\✔✔Tailgating
B) |\Email |\harvesting |
C) |\Email |\spoofing |
D) |\Email |\masquerading |- |\CORRECT |\ANSWERS |\✔✔Email |\Spoofing How |\works |\the |\mechanism |\of |\a |\Boot |\Sector |\Virus? A) |\Moves |\the |\MBR |\to |\another |\location |\on |\the |\Random-access |
memory |\and |\copies |\itself |\to |\the |\original |\location |\of |\the |\MBR B) |\Overwrites |\the |\original |\MBR |\and |\only |\executes |\the |\new |\virus |
code |
C) |\Modifies |\directory |\table |\entries |\to |\point |\to |\the |\virus |\code |\instead |\of |\the |\actual |\MBR D) |\Moves |\the |\MBR |\to |\another |\location |\on |\the |\hard |\disk |\and |\copies |
itself |\to |\the |\original |\location |\of |\the |\MBR |- |\CORRECT |\ANSWERS |
✔✔Moves |\the |\MBR |\to |\another |\location |\on |\the |\hard |\disk |\and |\copies |\itself |\to |\the |\original |\location |\of |\the |\MBR Which |\of |\the |\options |\presented |\below |\is |\not |\a |\Bluetooth |\attack? A) |\Bluesnarfing |
B) |\Bluesmacking |
C) |\Bluejacking |
D) |\Bluedriving |- |\CORRECT |\ANSWERS |\✔✔Bluedriving
Determine |\the |\type |\of |\SQL |\injection: |
SELECT |* |\FROM |\user |\WHERE |\name='x' |\AND |\userid |\IS |\NULL; |--'; |
A) |\UNION |\SQL |\Injection |
B) |\End |\of |\Line |\Comment |
C) |\Illegal/Logically |\Incorrect |\Query |
D) |\Tautology |- |\CORRECT |\ANSWERS |\✔✔End |\of |\Line |\Comment Viktor, |\a |\white |\hat |\hacker, |\received |\an |\order |\to |\perform |\a |
penetration |\test |\from |\the |\company |"Test |\us". |\He |\starts |\collecting |
information |\and |\finds |\the |\email |\of |\an |\employee |\of |\this |\company |\in |\free |\access. |\Viktor |\decides |\to |\send |\a |\letter |\to |\this |\email, |"boss@testus.com". |\He |\asks |\the |\employee |\to |\immediately |\open |\the |"link |\with |\the |\report" |\and |\check |\it. |\An |\employee |\of |\the |\company |"Test |\us" |\opens |\this |\link |\and |\infects |\his |\computer. |\Thanks |\to |\these |
manipulations, |\Viktor |\gained |\access |\to |\the |\corporate |\network |\and |
successfully |\conducted |\a |\pentest. |\What |\type |\of |\attack |\did |\Viktor |
use? A) |\Eavesdropping B) |\Piggybacking |
C) |\Tailgating |
D) |\Social |\engineering |- |\CORRECT |\ANSWERS |\✔✔Social |\Engineering
Ivan, |\an |\evil |\hacker, |\conducts |\an |\SQLi |\attack |\that |\is |\based |\on |
True/False |\questions. |\What |\type |\of |\SQLi |\does |\Ivan |\use? A) |\DMS-specific |\SQLi B) |\Compound |\SQLi |
C) |\Blind |\SQLi D) |\Classic |\SQLi |- |\CORRECT |\ANSWERS |\✔✔Blind |\SQLi Phillip, |\a |\cybersecurity |\specialist, |\needs |\a |\tool |\that |\can |\function |\as |
a |\network |\sniffer, |\record |\network |\activity, |\prevent |\and |\detect |
network |\intrusion. |\Which |\of |\the |\following |\tools |\is |\suitable |\for |
Phillip? A) |\Nessus B) |\Cain |& |\Abel |
C) |\Snort D) |\Nmap |- |\CORRECT |\ANSWERS |\✔✔Snort With |\which |\of |\the |\following |\SQL |\injection |\attacks |\can |\an |\attacker |
deface |\a |\web |\page, |\modify |\or |\add |\data |\in |\a |\database |\and |
compromised |\data |\integrity? A) |\Unauthorized |\access |\to |\an |\application |\
B) |\Information |\disclosure |
C) |\Compromised |\Data |\Integrity |
D) |\Loss |\of |\data |\availability |- |\CORRECT |\ANSWERS |\✔✔Compromised |
Data |\Integrity According |\to |\the |\Payment |\Card |\Industry |\Data |\Security |\Standard, |
when |\is |\it |\necessary |\to |\conduct |\external |\and |\internal |\penetration |
testing? A) |\At |\least |\once |\every |\two |\years |\and |\after |\any |\significant |\upgrade |
or |\modification |
B) |\At |\least |\one |\every |\three |\years |\or |\after |\any |\significant |\upgrade |\or |\modification |
C) |\At |\least |\twice |\a |\year |\or |\after |\any |\significant |\upgrade |\or |
modification |
D) |\At |\least |\once |\a |\year |\and |\after |\any |\significant |\upgrade |\or |
modification |- |\CORRECT |\ANSWERS |\✔✔At |\least |\once |\a |\year |\and |\after |\any |\significant |\upgrade |\or |\modification The |\attacker |\enters |\its |\malicious |\data |\into |\intercepted |\messages |\in |
a |\TCP |\session |\since |\source |\routing |\is |\disabled. |\He |\tries |\to |\guess |
the |\response |\of |\the |\client |\and |\server. |\What |\hijacking |\technique |\is |
described |\in |\this |\example?
D) |\False |\positive |- |\CORRECT |\ANSWERS |\✔✔False |\positive Which |\of |\the |\following |\requires |\establishing |\national |\standards |\for |
electronic |\health |\care |\transactions |\and |\national |\identifiers |\for |
providers, |\health |\insurance |\plans, |\and |\employers? A) |\PCI-DSS B) |\HIPAA C) |\DMCA D) |\SOX |- |\CORRECT |\ANSWERS |\✔✔HIPAA Let's |\assume |\that |\you |\decided |\to |\use |\PKI |\to |\protect |\the |\email |\you |
will |\send. |\At |\what |\layer |\of |\the |\OSI |\model |\will |\this |\message |\be |
encrypted |\and |\decrypted? A) |\Session |\layer B) |\Application |\layer C) |\Presentation |\layer D) |\Transport |\layer |- |\CORRECT |\ANSWERS |\✔✔Presentation |\layer Mark, |\the |\network |\administrator, |\must |\allow |\UDP |\traffic |\on |\the |\host |\10.0.0.3 |\and |\internet |\traffic |\in |\the |\host |\10.0.0.2. |\In |\addition |\to |\the |
main |\task, |\he |\needs |\to |\allow |\all |\FTP |\traffic |\to |\the |\rest |\of |\the |\
network |\and |\deny |\all |\other |\traffic. |\Mark |\applies |\his |\ACL |
configuration |\on |\the |\router, |\and |\everyone |\has |\a |\problem |\with |
accessing |\FTP. |\In |\addition, |\hosts |\that |\are |\allowed |\access |\to |\the |
internet |\cannot |\connect |\to |\it. |\In |\accordance |\with |\the |\following |
configuration, |\determine |\what |\happened |\on |\the |\network? |\access-list |\ 102 |\deny |\tcp |\any |\any |
|\access-list |\ 104 |\permit |\udp |\host |\10.0.0.3 |\any |\access-list |\ 110 |\permit |\tcp |\host |\10.0.0.2 |\eq |\www |\any |\access-list |\ 108 |\permit |\tcp |\any |\eq |\ftp |\any A) |\The |\ACL |\ 104 |\needs |\to |\be |\first |\because |\its |\UDP |
B) |\The |\ACL |\ 110 |\needs |\to |\be |\changed |\to |\port |\ 80 C) |\The |\ACL |\for |\FTP |\must |\be |\before |\the |\ACL |\ 110 D) |\The |\first |\ACL |\is |\denying |\all |\TCP |\traffic, |\and |\the |\router |\is |\ignoring |\the |\other |\ACLs |- |\CORRECT |\ANSWERS |\✔✔The |\first |\ACL |\is |\denying |\all |\TCP |\traffic, |\and |\the |\router |\is |\ignoring |\the |\other |\ACLs Suppose |\your |\company |\has |\implemented |\identify |\people |\based |\on |
walking |\patterns |\and |\made |\it |\part |\pf |\physical |\control |\access |\to |\the |
office. |\The |\system |\works |\according |\to |\the |\following |\principle: |
The |\camera |\captures |\people |\walking |\and |\identifies |\employees, |\and |
then |\they |\must |\attach |\their |\RFID |\badges |\to |\access |\the |\office. |
Which |\of |\the |\following |\best |\describes |\this |\technology?
D) |\NOPS |\module |- |\CORRECT |\ANSWERS |\✔✔Auxiliary |\module Which |\of |\the |\following |\is |\a |\network |\software |\suite |\designed |\for |
802.11 |\WEP |\and |\WPA-PSK |\keys |\cracking |\that |\can |\recover |\keys |\once |
enough |\data |\packets |\have |\been |\captured? |
A) |\Aircrack-ng B) |\wificracker |
C) |\WLAN-crack D) |\Airgaurd |- |\CORRECT |\ANSWERS |\✔✔Aircrack-ng What |\is |\an |\automated |\software |\testing |\technique |\that |\involves |
providing |\invalid, |\unexpected, |\or |\random |\data |\as |\inputs |\to |\a |
computer |\program? A) |\Security |\testing |
B) |\Concolic |\Testing |
C) |\Fuzz |\testing |
D) |\Monkey |\testing |- |\CORRECT |\ANSWERS |\✔✔Fuzz |\testing Which |\of |\the |\following |\tools |\is |\a |\packet |\sniffer, |\network |\detector |
and |\IDS |\for |\802.11(a,b,g,n) |\wireless |\LANs?
A) |\Nessus B) |\Abel |
C) |\Kismet D) |\Nmap |- |\CORRECT |\ANSWERS |\✔✔Kismet John, |\a |\system |\administrator, |\is |\learning |\how |\to |\work |\with |\new |
technology: |\Docker. |\He |\will |\use |\it |\to |\create |\a |\network |\connection |
between |\the |\container |\interfaces |\and |\its |\parent |\host |\interface. |
Which |\of |\the |\following |\network |\drivers |\is |\suitable |\for |\John? A) |\Overlay |\networking |
B) |\Macvlan |\networking |
C) |\Host |\networking |
D) |\Bridge |\networking |- |\CORRECT |\ANSWERS |\✔✔Macvlan |\networking The |\attacker |\posted |\a |\message |\and |\an |\image |\on |\the |\forum, |\in |
which |\he |\embedded |\a |\malicious |\link. |\When |\the |\victim |\clicks |\on |\this |\link, |\the |\victim's |\browser |\sends |\an |\authenticated |\request |\to |\a |
server. |\What |\type |\of |\attack |\did |\the |\attacker |\use? A) |\Session |\hijacking |
B) |\SQL |\injection |
C) |\Cross-site |\scripting |\
D) |\Exploit |\kits |- |\CORRECT |\ANSWERS |\✔✔Sybil |\attack Which |\of |\the |\following |\can |\be |\designated |\as |"Wireshark |\for |\CLI"? A) |\Nessus |
B) |\ethereal |
C) |\John |\the |\Ripper |
D) |\tcpdump |- |\CORRECT |\ANSWERS |\✔✔tcpdump What |\is |\the |\purpose |\of |\the |\demilitarized |\zone? A) |\To |\scan |\all |\traffic |\coming |\through |\the |\DMZ |\to |\the |\internal |
network |
B) |\To |\provide |\a |\place |\for |\a |\honeypot |
C) |\To |\add |\protection |\to |\network |\devices |
D) |\To |\add |\an |\extra |\layer |\of |\security |\to |\an |\organization's |\local |\area |
network |- |\CORRECT |\ANSWERS |\✔✔To |\add |\an |\extra |\layer |\of |\security |
to |\an |\organization's |\local |\area |\network Which |\of |\the |\following |\Nmap's |\commands |\allows |\you |\to |\most |
reduce |\the |\probability |\of |\detection |\by |\IDS |\when |\scanning |\common |
ports?
A) |\nmap |-A |--host-timeout |\99-T B) |\nmap |-sT |-O |-T C) |\nmap |-sT |-O |-T D) |\nmap |-A |-Pn |- |\CORRECT |\ANSWERS |\✔✔nmap |-sT |-O |-T Jack |\sent |\an |\email |\to |\Jenny |\with |\a |\business |\proposal. |\Jenny |
accepted |\it |\and |\fulfilled |\all |\her |\obligations. |\Jack |\suddenly |\refused |
his |\offer |\when |\everything |\was |\ready |\and |\said |\taht |\he |\had |\never |
sent |\an |\email. |\Which |\of |\the |\following |\digital |\signature |\properties |
will |\help |\Jenny |\prove |\that |\Jack |\is |\lying? A) |\Authentication |
B) |\Non-Repudiation |
C) |\Integrity |
D) |\Confidentiality |- |\CORRECT |\ANSWERS |\✔✔Non-Repudiation Identify |\the |\standard |\by |\the |\description: A |\regulation |\contains |\a |\set |\of |\guidelines |\that |\everyone |\who |
processes |\any |\electronic |\data |\in |\medicine |\should |\adhere |\to. |\It |
includes |\information |\on |\medical |\practices, |\ensuring |\that |\all |
necessary |\measures |\are |\in |\place |\while |\saving, |\accessing, |\and |
sharing |\any |\electronic |\medical |\data |\to |\secure |\patient |\data. A) |\FISMA
