Summer Special Limited Time 70% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: 70percent

ECCouncil 312-50v12 Certified Ethical Hacker Exam (CEHv12) Exam Practice Test

Demo: 171 questions
Total 572 questions

Certified Ethical Hacker Exam (CEHv12) Questions and Answers

Question 1

In the field of cryptanalysis, what is meant by a “rubber-hose” attack?

Options:

A.

Forcing the targeted keystream through a hardware-accelerated device such as an ASIC.

B.

A backdoor placed into a cryptographic algorithm by its creator.

C.

Extraction of cryptographic secrets through coercion or torture.

D.

Attempting to decrypt ciphertext by making logical assumptions about the contents of the original plaintext.

Question 2

Which of the following tools is used to analyze the files produced by several packet-capture programs such as tcpdump, WinDump, Wireshark, and EtherPeek?

Options:

A.

tcptrace

B.

Nessus

C.

OpenVAS

D.

tcptraceroute

Question 3

What is one of the advantages of using both symmetric and asymmetric cryptography in SSL/TLS?

Options:

A.

Supporting both types of algorithms allows less-powerful devices such as mobile phones to use symmetric encryption instead.

B.

Symmetric algorithms such as AES provide a failsafe when asymmetric methods fail.

C.

Symmetric encryption allows the server to security transmit the session keys out-of-band.

D.

Asymmetric cryptography is computationally expensive in comparison. However, it is well-suited to securely negotiate keys for use with symmetric cryptography.

Question 4

You are a Network Security Officer. You have two machines. The first machine (192.168.0.99) has snort installed, and the second machine (192.168.0.150) has kiwi syslog installed. You perform a syn scan in your network, and you notice that kiwi syslog is not receiving the alert message from snort. You decide to run wireshark in the snort machine to check if the messages are going to the kiwi syslog machine. What Wireshark filter will show the connections from the snort machine to kiwi syslog machine?

Options:

A.

tcp.srcport= = 514 && ip.src= = 192.168.0.99

B.

tcp.srcport= = 514 && ip.src= = 192.168.150

C.

tcp.dstport= = 514 && ip.dst= = 192.168.0.99

D.

tcp.dstport= = 514 && ip.dst= = 192.168.0.150

Question 5

Bob, a system administrator at TPNQM SA, concluded one day that a DMZ is not needed if he properly configures the firewall to allow access just to servers/ports, which can have direct internet access, and block the access to workstations.

Bob also concluded that DMZ makes sense just when a stateful firewall is available, which is not the case of TPNQM SA.

In this context, what can you say?

Options:

A.

Bob can be right since DMZ does not make sense when combined with stateless firewalls

B.

Bob is partially right. He does not need to separate networks if he can create rules by destination IPs, one by one

C.

Bob is totally wrong. DMZ is always relevant when the company has internet servers and workstations

D.

Bob is partially right. DMZ does not make sense when a stateless firewall is available

Question 6

Which method of password cracking takes the most time and effort?

Options:

A.

Dictionary attack

B.

Shoulder surfing

C.

Rainbow tables

D.

Brute force

Question 7

Which address translation scheme would allow a single public IP address to always correspond to a single machine on an internal network, allowing "server publishing"?

Options:

A.

Overloading Port Address Translation

B.

Dynamic Port Address Translation

C.

Dynamic Network Address Translation

D.

Static Network Address Translation

Question 8

Shellshock allowed an unauthorized user to gain access to a server. It affected many Internet-facing services, which OS did it not directly affect?

Options:

A.

Linux

B.

Unix

C.

OS X

D.

Windows

Question 9

Which of the following viruses tries to hide from anti-virus programs by actively altering and corrupting the chosen service call interruptions when they are being run?

Options:

A.

Macro virus

B.

Stealth/Tunneling virus

C.

Cavity virus

D.

Polymorphic virus

Question 10

Which of the following represents the initial two commands that an IRC client sends to join an IRC network?

Options:

A.

USER, NICK

B.

LOGIN, NICK

C.

USER, PASS

D.

LOGIN, USER

Question 11

What is a NULL scan?

Options:

A.

A scan in which all flags are turned off

B.

A scan in which certain flags are off

C.

A scan in which all flags are on

D.

A scan in which the packet size is set to zero

E.

A scan with an illegal packet size

Question 12

You are the Network Admin, and you get a complaint that some of the websites are no longer accessible. You try to ping the servers and find them to be reachable. Then you type the IP address and then you try on the browser, and find it to be accessible. But they are not accessible when you try using the URL.

What may be the problem?

Options:

A.

Traffic is Blocked on UDP Port 53

B.

Traffic is Blocked on TCP Port 80

C.

Traffic is Blocked on TCP Port 54

D.

Traffic is Blocked on UDP Port 80

Question 13

Steve, a scientist who works in a governmental security agency, developed a technological solution to identify people based on walking patterns and implemented this approach to a physical control access.

A camera captures people walking and identifies the individuals using Steve’s approach.

After that, people must approximate their RFID badges. Both the identifications are required to open the door. In this case, we can say:

Options:

A.

Although the approach has two phases, it actually implements just one authentication factor

B.

The solution implements the two authentication factors: physical object and physical characteristic

C.

The solution will have a high level of false positives

D.

Biological motion cannot be used to identify people

Question 14

Bob is doing a password assessment for one of his clients. Bob suspects that security policies are not in place. He also suspects that weak passwords are probably the norm throughout the company he is evaluating. Bob is familiar with password weaknesses and key loggers.

Which of the following options best represents the means that Bob can adopt to retrieve passwords from his clients hosts and servers?

Options:

A.

Hardware, Software, and Sniffing.

B.

Hardware and Software Keyloggers.

C.

Passwords are always best obtained using Hardware key loggers.

D.

Software only, they are the most effective.

Question 15

DHCP snooping is a great solution to prevent rogue DHCP servers on your network. Which security feature on switchers leverages the DHCP snooping database to help prevent man-in-the-middle attacks?

Options:

A.

Spanning tree

B.

Dynamic ARP Inspection (DAI)

C.

Port security

D.

Layer 2 Attack Prevention Protocol (LAPP)

Question 16

Bob received this text message on his mobile phone: “Hello, this is Scott Smelby from the Yahoo Bank. Kindly contact me for a vital transaction on: scottsmelby@yahoo.com”. Which statement below is true?

Options:

A.

This is a scam as everybody can get a @yahoo address, not the Yahoo customer service employees.

B.

This is a scam because Bob does not know Scott.

C.

Bob should write to scottmelby@yahoo.com to verify the identity of Scott.

D.

This is probably a legitimate message as it comes from a respectable organization.

Question 17

Joseph was the Web site administrator for the Mason Insurance in New York, who's main Web site was located at www.masonins.com. Joseph uses his laptop computer regularly to administer the Web site. One night, Joseph received an urgent phone call from his friend, Smith. According to Smith, the main Mason Insurance web site had been vandalized! All of its normal content was removed and replaced with an attacker 's message ''Hacker Message: You are dead! Freaks!” From his office, which was directly connected to Mason Insurance's internal network, Joseph surfed to the Web site using his laptop. In his browser, the Web site looked completely intact.

No changes were apparent. Joseph called a friend of his at his home to help troubleshoot the problem. The Web site appeared defaced when his friend visited using his DSL connection. So, while Smith and his friend could see the defaced page, Joseph saw the intact Mason Insurance web site. To help make sense of this problem, Joseph decided to access the Web site using hisdial-up ISP. He disconnected his laptop from the corporate internal network and used his modem to dial up the same ISP used by Smith. After his modem connected, he quickly typed www.masonins.com in his browser to reveal the following web page:

After seeing the defaced Web site, he disconnected his dial-up line, reconnected to the internal network, and used Secure Shell (SSH) to log in directly to the Web server. He ran Tripwire against the entire Web site, and determined that every system file and all the Web content on the server were intact. How did the attacker accomplish this hack?

Options:

A.

ARP spoofing

B.

SQL injection

C.

DNS poisoning

D.

Routing table injection

Question 18

Which Intrusion Detection System is the best applicable for large environments where critical assets on the network need extra scrutiny and is ideal for observing sensitive network segments?

Options:

A.

Honeypots

B.

Firewalls

C.

Network-based intrusion detection system (NIDS)

D.

Host-based intrusion detection system (HIDS)

Question 19

Eve is spending her day scanning the library computers. She notices that Alice is using a computer whose port 445 is active and listening. Eve uses the ENUM tool to enumerate Alice machine. From the command prompt, she types the following command.

What is Eve trying to do?

Options:

A.

Eve is trying to connect as a user with Administrator privileges

B.

Eve is trying to enumerate all users with Administrative privileges

C.

Eve is trying to carry out a password crack for user Administrator

D.

Eve is trying to escalate privilege of the null user to that of Administrator

Question 20

What is the known plaintext attack used against DES which gives the result that encrypting plaintext with one DES key followed by encrypting it with a second DES key is no more secure than using a single key?

Options:

A.

Man-in-the-middle attack

B.

Meet-in-the-middle attack

C.

Replay attack

D.

Traffic analysis attack

Question 21

Why would you consider sending an email to an address that you know does not exist within the company you are performing a Penetration Test for?

Options:

A.

To determine who is the holder of the root account

B.

To perform a DoS

C.

To create needless SPAM

D.

To illicit a response back that will reveal information about email servers and how they treat undeliverable mail

E.

To test for virus protection

Question 22

If a tester is attempting to ping a target that exists but receives no response or a response that states the destination is unreachable, ICMP may be disabled and the network may be using TCP. Which other option could the tester use to get a response from a host using TCP?

Options:

A.

Traceroute

B.

Hping

C.

TCP ping

D.

Broadcast ping

Question 23

A bank stores and processes sensitive privacy information related to home loans. However, auditing has never been enabled on the system. What is the first step that the bank should take before enabling the audit feature?

Options:

A.

Perform a vulnerability scan of the system.

B.

Determine the impact of enabling the audit feature.

C.

Perform a cost/benefit analysis of the audit feature.

D.

Allocate funds for staffing of audit log review.

Question 24

Study the snort rule given below:

From the options below, choose the exploit against which this rule applies.

Options:

A.

WebDav

B.

SQL Slammer

C.

MS Blaster

D.

MyDoom

Question 25

Which of the following is the BEST way to defend against network sniffing?

Options:

A.

Using encryption protocols to secure network communications

B.

Register all machines MAC Address in a Centralized Database

C.

Use Static IP Address

D.

Restrict Physical Access to Server Rooms hosting Critical Servers

Question 26

What is the purpose of a demilitarized zone on a network?

Options:

A.

To scan all traffic coming through the DMZ to the internal network

B.

To only provide direct access to the nodes within the DMZ and protect the network behind it

C.

To provide a place to put the honeypot

D.

To contain the network devices you wish to protect

Question 27

What is not a PCI compliance recommendation?

Options:

A.

Use a firewall between the public network and the payment card data.

B.

Use encryption to protect all transmission of card holder data over any public network.

C.

Rotate employees handling credit card transactions on a yearly basis to different departments.

D.

Limit access to card holder data to as few individuals as possible.

Question 28

env x=’(){ :;};echo exploit’ bash –c ‘cat/etc/passwd’

What is the Shellshock bash vulnerability attempting to do on a vulnerable Linux host?

Options:

A.

Removes the passwd file

B.

Changes all passwords in passwd

C.

Add new user to the passwd file

D.

Display passwd content to prompt

Question 29

An attacker, using a rogue wireless AP, performed an MITM attack and injected an HTML code to embed a malicious applet in all HTTP connections.

When users accessed any page, the applet ran and exploited many machines. Which one of the following tools the hacker probably used to inject HTML code?

Options:

A.

Wireshark

B.

Ettercap

C.

Aircrack-ng

D.

Tcpdump

Question 30

During a black-box pen test you attempt to pass IRC traffic over port 80/TCP from a compromised web enabled host. The traffic gets blocked; however, outbound HTTP traffic is unimpeded. What type of firewall is inspecting outbound traffic?

Options:

A.

Circuit

B.

Stateful

C.

Application

D.

Packet Filtering

Question 31

An Intrusion Detection System (IDS) has alerted the network administrator to a possibly malicious sequence of packets sent to a Web server in the network’s external DMZ. The packet traffic was captured by the IDS and saved to a PCAP file. What type of network tool can be used to determine if these packets are genuinely malicious or simply a false positive?

Options:

A.

Protocol analyzer

B.

Network sniffer

C.

Intrusion Prevention System (IPS)

D.

Vulnerability scanner

Question 32

Susan has attached to her company's network. She has managed to synchronize her boss's sessions with that of the file server. She then intercepted his traffic destined for the server, changed it the way she wanted to and then placed it on the server in his home directory.

What kind of attack is Susan carrying on?

Options:

A.

A sniffing attack

B.

A spoofing attack

C.

A man in the middle attack

D.

A denial of service attack

Question 33

One of your team members has asked you to analyze the following SOA record. What is the version?

Rutgers.edu.SOA NS1.Rutgers.edu ipad.college.edu (200302028 3600 3600 604800 2400.) (Choose four.)

Options:

A.

200303028

B.

3600

C.

604800

D.

2400

E.

60

F.

4800

Question 34

You have gained physical access to a Windows 2008 R2 server which has an accessible disc drive. When you attempt to boot the server and log in, you are unable to guess the password. In your toolkit, you have an Ubuntu 9.10 Linux LiveCD. Which Linux-based tool can change any user’s password or activate disabled Windows accounts?

Options:

A.

John the Ripper

B.

SET

C.

CHNTPW

D.

Cain & Abel

Question 35

A large mobile telephony and data network operator has a data center that houses network elements. These are essentially large computers running on Linux. The perimeter of the data center is secured with firewalls and IPS systems.

What is the best security policy concerning this setup?

Options:

A.

Network elements must be hardened with user ids and strong passwords. Regular security tests and audits should be performed.

B.

As long as the physical access to the network elements is restricted, there is no need for additional measures.

C.

There is no need for specific security measures on the network elements as long as firewalls and IPS systems exist.

D.

The operator knows that attacks and down time are inevitable and should have a backup site.

Question 36

When you are getting information about a web server, it is very important to know the HTTP Methods (GET, POST, HEAD, PUT, DELETE, TRACE) that are available because there are two critical methods (PUT and DELETE). PUT can upload a file to the server and DELETE can delete a file from the server. You can detect all these methods (GET, POST, HEAD, DELETE, PUT, TRACE) using NMAP script engine. What Nmap script will help you with this task?

Options:

A.

http-methods

B.

http enum

C.

http-headers

D.

http-git

Question 37

Let's imagine three companies (A, B and C), all competing in a challenging global environment. Company A and B are working together in developing a product that will generate a major competitive advantage for them. Company A has a secure DNS server while company B has a DNS server vulnerable to spoofing. With a spoofing attack on the DNS server of company B, company C gains access to outgoing e-mails from company B. How do you prevent DNS spoofing?

Options:

A.

Install DNS logger and track vulnerable packets

B.

Disable DNS timeouts

C.

Install DNS Anti-spoofing

D.

Disable DNS Zone Transfer

Question 38

What two conditions must a digital signature meet?

Options:

A.

Has to be the same number of characters as a physical signature and must be unique.

B.

Has to be unforgeable, and has to be authentic.

C.

Must be unique and have special characters.

D.

Has to be legible and neat.

Question 39

Identify the UDP port that Network Time Protocol (NTP) uses as its primary means of communication?

Options:

A.

113

B.

69

C.

123

D.

161

Question 40

Null sessions are un-authenticated connections (not using a username or password.) to an NT or 2000 system. Which TCP and UDP ports must you filter to check null sessions on your network?

Options:

A.

137 and 139

B.

137 and 443

C.

139 and 443

D.

139 and 445

Question 41

You are tasked to perform a penetration test. While you are performing information gathering, you find an employee list in Google. You find the receptionist’s email, and you send her an email changing the source email to her boss’s email (boss@company). In this email, you ask for a pdf with information. She reads your email and sends back a pdf with links. You exchange the pdf links with your malicious links (these links contain malware) and send back the modified pdf, saying that the links don’t work. She reads your email, opens the links, and her machine gets infected. You now have access to the company network. What testing method did you use?

Options:

A.

Social engineering

B.

Piggybacking

C.

Tailgating

D.

Eavesdropping

Question 42

You have successfully comprised a server having an IP address of 10.10.0.5. You would like to enumerate all machines in the same network quickly.

What is the best Nmap command you will use?

Options:

A.

nmap -T4 -q 10.10.0.0/24

B.

nmap -T4 -F 10.10.0.0/24

C.

nmap -T4 -r 10.10.1.0/24

D.

nmap -T4 -O 10.10.0.0/24

Question 43

Which of the following programs is usually targeted at Microsoft Office products?

Options:

A.

Polymorphic virus

B.

Multipart virus

C.

Macro virus

D.

Stealth virus

Question 44

During a recent security assessment, you discover the organization has one Domain Name Server (DNS) in a Demilitarized Zone (DMZ) and a second DNS server on the internal network.

What is this type of DNS configuration commonly called?

Options:

A.

DynDNS

B.

DNS Scheme

C.

DNSSEC

D.

Split DNS

Question 45

CompanyXYZ has asked you to assess the security of their perimeter email gateway. From your office in New York, you craft a specially formatted email message and send it across the Internet to an employee of CompanyXYZ. The employee of CompanyXYZ is aware of your test. Your email message looks like this:

From: jim_miller@companyxyz.com

To: michelle_saunders@companyxyz.com Subject: Test message

Date: 4/3/2017 14:37

The employee of CompanyXYZ receives your email message.

This proves that CompanyXYZ’s email gateway doesn’t prevent what?

Options:

A.

Email Masquerading

B.

Email Harvesting

C.

Email Phishing

D.

Email Spoofing

Question 46

An incident investigator asks to receive a copy of the event logs from all firewalls, proxy servers, and Intrusion Detection Systems (IDS) on the network of an organization that has experienced a possible breach of security. When the investigator attempts to correlate the information in all of the logs, the sequence of many of the logged events do not match up.

What is the most likely cause?

Options:

A.

The network devices are not all synchronized.

B.

Proper chain of custody was not observed while collecting the logs.

C.

The attacker altered or erased events from the logs.

D.

The security breach was a false positive.

Question 47

Which definition among those given below best describes a covert channel?

Options:

A.

A server program using a port that is not well known.

B.

Making use of a protocol in a way it is not intended to be used.

C.

It is the multiplexing taking place on a communication link.

D.

It is one of the weak channels used by WEP which makes it insecure

Question 48

What is the minimum number of network connections in a multihomed firewall?

Options:

A.

3

B.

5

C.

4

D.

2

Question 49

Which of the following is a component of a risk assessment?

Options:

A.

Administrative safeguards

B.

Physical security

C.

DMZ

D.

Logical interface

Question 50

Peter, a Network Administrator, has come to you looking for advice on a tool that would help him perform SNMP enquires over the network.

Which of these tools would do the SNMP enumeration he is looking for? Select the best answers.

Options:

A.

SNMPUtil

B.

SNScan

C.

SNMPScan

D.

Solarwinds IP Network Browser

E.

NMap

Question 51

An attacker with access to the inside network of a small company launches a successful STP manipulation attack. What will he do next?

Options:

A.

He will create a SPAN entry on the spoofed root bridge and redirect traffic to his computer.

B.

He will activate OSPF on the spoofed root bridge.

C.

He will repeat this action so that it escalates to a DoS attack.

D.

He will repeat the same attack against all L2 switches of the network.

Question 52

Which of the following describes the characteristics of a Boot Sector Virus?

Options:

A.

Modifies directory table entries so that directory entries point to the virus code instead of the actual program.

B.

Moves the MBR to another location on the RAM and copies itself to the original location of the MBR.

C.

Moves the MBR to another location on the hard disk and copies itself to the original location of the MBR.

D.

Overwrites the original MBR and only executes the new virus code.

Question 53

MX record priority increases as the number increases. (True/False.)

Options:

A.

True

B.

False

Question 54

Which is the first step followed by Vulnerability Scanners for scanning a network?

Options:

A.

OS Detection

B.

Firewall detection

C.

TCP/UDP Port scanning

D.

Checking if the remote host is alive

Question 55

Why is a penetration test considered to be more thorough than vulnerability scan?

Options:

A.

Vulnerability scans only do host discovery and port scanning by default.

B.

A penetration test actively exploits vulnerabilities in the targeted infrastructure, while a vulnerability scan does not typically involve active exploitation.

C.

It is not – a penetration test is often performed by an automated tool, while a vulnerability scan requires active engagement.

D.

The tools used by penetration testers tend to have much more comprehensive vulnerability databases.

Question 56

The following is an entry captured by a network IDS. You are assigned the task of analyzing this entry. You notice the value 0x90, which is the most common NOOP instruction for the Intel processor. You figure that the attacker is attempting a buffer overflow attack.

You also notice "/bin/sh" in the ASCII part of the output.

As an analyst what would you conclude about the attack?

Options:

A.

The buffer overflow attack has been neutralized by the IDS

B.

The attacker is creating a directory on the compromised machine

C.

The attacker is attempting a buffer overflow attack and has succeeded

D.

The attacker is attempting an exploit that launches a command-line shell

Question 57

A network admin contacts you. He is concerned that ARP spoofing or poisoning might occur on his network. What are some things he can do to prevent it? Select the best answers.

Options:

A.

Use port security on his switches.

B.

Use a tool like ARPwatch to monitor for strange ARP activity.

C.

Use a firewall between all LAN segments.

D.

If you have a small network, use static ARP entries.

E.

Use only static IP addresses on all PC's.

Question 58

which of the following protocols can be used to secure an LDAP service against anonymous queries?

Options:

A.

SSO

B.

RADIUS

C.

WPA

D.

NTLM

Question 59

This kind of password cracking method uses word lists in combination with numbers and special characters:

Options:

A.

Hybrid

B.

Linear

C.

Symmetric

D.

Brute Force

Question 60

what are common files on a web server that can be misconfigured and provide useful Information for a hacker such as verbose error messages?

Options:

A.

httpd.conf

B.

administration.config

C.

idq.dll

D.

php.ini

Question 61

What is the minimum number of network connections in a multi homed firewall?

Options:

A.

3

B.

5

C.

4

D.

2

Question 62

Every company needs a formal written document which spells out to employees precisely what they are allowed to use the company's systems for, what is prohibited, and what will happen to them if they break the rules. Two printed copies of the policy should be given to every employee as soon as possible after they join the organization. The employee should be asked to sign one copy, which should be safely filed by the company. No one should be allowed to use the company's computer systems until they have signed the policy in acceptance of its terms.

What is this document called?

Options:

A.

Information Audit Policy (IAP)

B.

Information Security Policy (ISP)

C.

Penetration Testing Policy (PTP)

D.

Company Compliance Policy (CCP)

Question 63

What do Trinoo, TFN2k, WinTrinoo, T-Sight, and Stracheldraht have in common?

Options:

A.

All are hacking tools developed by the legion of doom

B.

All are tools that can be used not only by hackers, but also security personnel

C.

All are DDOS tools

D.

All are tools that are only effective against Windows

E.

All are tools that are only effective against Linux

Question 64

In this attack, a victim receives an e-mail claiming from PayPal stating that their account has been disabled and confirmation is required before activation. The attackers then scam to collect not one but two credit card numbers, ATM PIN number and other personal details. Ignorant users usually fall prey to this scam.

Which of the following statement is incorrect related to this attack?

Options:

A.

Do not reply to email messages or popup ads asking for personal or financial information

B.

Do not trust telephone numbers in e-mails or popup ads

C.

Review credit card and bank account statements regularly

D.

Antivirus, anti-spyware, and firewall software can very easily detect these type of attacks

E.

Do not send credit card numbers, and personal or financial information via e-mail

Question 65

Jim, a professional hacker, targeted an organization that is operating critical Industrial Infrastructure. Jim used Nmap to scan open pons and running services on systems connected to the organization's OT network. He used an Nmap command to identify Ethernet/IP devices connected to the Internet and further gathered Information such as the vendor name, product code and name, device name, and IP address. Which of the following Nmap commands helped Jim retrieve the required information?

Options:

A.

nmap -Pn -sT --scan-delay 1s --max-parallelism 1 -p < Port List > < Target IP >

B.

nmap -Pn -sU -p 44818 --script enip-info < Target IP >

C.

nmap -Pn -sT -p 46824 < Target IP >

D.

nmap -Pn -sT -p 102 --script s7-info < Target IP >

Question 66

jane invites her friends Alice and John over for a LAN party. Alice and John access Jane's wireless network without a password. However. Jane has a long, complex password on her router. What attack has likely occurred?

Options:

A.

Wireless sniffing

B.

Piggybacking

C.

Evil twin

D.

Wardriving

Question 67

Robin, a professional hacker, targeted an organization's network to sniff all the traffic. During this process.

Robin plugged in a rogue switch to an unused port in the LAN with a priority lower than any other switch in the network so that he could make it a root bridge that will later allow him to sniff all the traffic in the network.

What is the attack performed by Robin in the above scenario?

Options:

A.

ARP spoofing attack

B.

VLAN hopping attack

C.

DNS poisoning attack

D.

STP attack

Question 68

What hacking attack is challenge/response authentication used to prevent?

Options:

A.

Replay attacks

B.

Scanning attacks

C.

Session hijacking attacks

D.

Password cracking attacks

Question 69

Suppose that you test an application for the SQL injection vulnerability. You know that the backend database

is based on Microsoft SQL Server. In the login/password form, you enter the following credentials:

Username: attack' or 1=1 -

Password: 123456

Based on the above credentials, which of the following SQL commands are you expecting to be executed by the server, if there is indeed an SQL injection vulnerability?

Options:

A.

select * from Users where UserName = 'attack'' or 1=1 -- and UserPassword = '123456'

B.

select * from Users where UserName = 'attack' or 1=1 -- and UserPassword = '123456'

C.

select * from Users where UserName = 'attack or 1=1 -- and UserPassword = '123456'

D.

select * from Users where UserName = 'attack' or 1=1 --' and UserPassword = '123456'

Question 70

The network team has well-established procedures to follow for creating new rules on the firewall. This includes having approval from a manager prior to implementing any new rules. While reviewing the firewall configuration, you notice a recently implemented rule but cannot locate manager approval for it. What would be a good step to have in the procedures for a situation like this?

Options:

A.

Have the network team document the reason why the rule was implemented without prior manager approval.

B.

Monitor all traffic using the firewall rule until a manager can approve it.

C.

Do not roll back the firewall rule as the business may be relying upon it, but try to get manager approval as soon as possible.

D.

Immediately roll back the firewall rule until a manager can approve it

Question 71

You are performing a penetration test for a client and have gained shell access to a Windows machine on the internal network. You intend to retrieve all DNS records for the internal domain, if the DNS server is at 192.168.10.2 and the domain name is abccorp.local, what command would you type at the nslookup prompt to attempt a zone transfer?

Options:

A.

list server=192.168.10.2 type=all

B.

is-d abccorp.local

C.

Iserver 192.168.10.2-t all

D.

List domain=Abccorp.local type=zone

Question 72

John is an incident handler at a financial institution. His steps in a recent incident are not up to the standards of the company. John frequently forgets some steps and procedures while handling responses as they are very stressful to perform. Which of the following actions should John take to overcome this problem with the least administrative effort?

Options:

A.

Create an incident checklist.

B.

Select someone else to check the procedures.

C.

Increase his technical skills.

D.

Read the incident manual every time it occurs.

Question 73

John wants to send Marie an email that includes sensitive information, and he does not trust the network that he is connected to. Marie gives him the idea of using PGP. What should John do to communicate correctly using this type of encryption?

Options:

A.

Use his own public key to encrypt the message.

B.

Use Marie's public key to encrypt the message.

C.

Use his own private key to encrypt the message.

D.

Use Marie's private key to encrypt the message.

Question 74

You need a tool that can do network intrusion prevention and intrusion detection, function as a network sniffer, and record network activity, what tool would you most likely select?

Options:

A.

Nmap

B.

Cain & Abel

C.

Nessus

D.

Snort

Question 75

When discussing passwords, what is considered a brute force attack?

Options:

A.

You attempt every single possibility until you exhaust all possible combinations or discover the password

B.

You threaten to use the rubber hose on someone unless they reveal their password

C.

You load a dictionary of words into your cracking program

D.

You create hashes of a large number of words and compare it with the encrypted passwords

E.

You wait until the password expires

Question 76

This form of encryption algorithm is asymmetric key block cipher that is characterized by a 128-bit block size, and its key size can be up to 256 bits. Which among the following is this encryption algorithm?

Options:

A.

Twofish encryption algorithm

B.

HMAC encryption algorithm

C.

IDEA

D.

Blowfish encryption algorithm

Question 77

Which of the following steps for risk assessment methodology refers to vulnerability identification?

Options:

A.

Determines if any flaws exist in systems, policies, or procedures

B.

Assigns values to risk probabilities; Impact values.

C.

Determines risk probability that vulnerability will be exploited (High. Medium, Low)

D.

Identifies sources of harm to an IT system. (Natural, Human. Environmental)

Question 78

You work for Acme Corporation as Sales Manager. The company has tight network security restrictions. You are trying to steal data from the company's Sales database (Sales.xls) and transfer them to your home computer. Your company filters and monitors traffic that leaves from the internal network to the Internet. How will you achieve this without raising suspicion?

Options:

A.

Encrypt the Sales.xls using PGP and e-mail it to your personal gmail account

B.

Package the Sales.xls using Trojan wrappers and telnet them back your home computer

C.

You can conceal the Sales.xls database in another file like photo.jpg or other files and send it out in an innocent looking email or file transfer using Steganography techniques

D.

Change the extension of Sales.xls to sales.txt and upload them as attachment to your hotmail account

Question 79

What does the following command in netcat do?

nc -l -u -p55555 < /etc/passwd

Options:

A.

logs the incoming connections to /etc/passwd file

B.

loads the /etc/passwd file to the UDP port 55555

C.

grabs the /etc/passwd file when connected to UDP port 55555

D.

deletes the /etc/passwd file when connected to the UDP port 55555

Question 80

What is the algorithm used by LM for Windows2000 SAM?

Options:

A.

MD4

B.

DES

C.

SHA

D.

SSL

Question 81

Henry Is a cyber security specialist hired by BlackEye - Cyber security solutions. He was tasked with discovering the operating system (OS) of a host. He used the Unkornscan tool to discover the OS of the target system. As a result, he obtained a TTL value, which Indicates that the target system is running a Windows OS. Identify the TTL value Henry obtained, which indicates that the target OS is Windows.

Options:

A.

64

B.

128

C.

255

D.

138

Question 82

Which of the following statements is FALSE with respect to Intrusion Detection Systems?

Options:

A.

Intrusion Detection Systems can be configured to distinguish specific content in network packets

B.

Intrusion Detection Systems can easily distinguish a malicious payload in an encrypted traffic

C.

Intrusion Detection Systems require constant update of the signature library

D.

Intrusion Detection Systems can examine the contents of the data n context of the network protocol

Question 83

Elliot is in the process of exploiting a web application that uses SQL as a back-end database. He’s determined that the application is vulnerable to SQL injection, and has introduced conditional timing delays into injected queries to determine whether they are successful. What type of SQL injection is Elliot most likely performing?

Options:

A.

Error-based SQL injection

B.

Blind SQL injection

C.

Union-based SQL injection

D.

NoSQL injection

Question 84

Clark is a professional hacker. He created and configured multiple domains pointing to the same host to switch quickly between the domains and avoid detection.

Identify the behavior of the adversary In the above scenario.

Options:

A.

use of command-line interface

B.

Data staging

C.

Unspecified proxy activities

D.

Use of DNS tunneling

Question 85

A newly joined employee. Janet, has been allocated an existing system used by a previous employee. Before issuing the system to Janet, it was assessed by Martin, the administrator. Martin found that there were possibilities of compromise through user directories, registries, and other system parameters. He also Identified vulnerabilities such as native configuration tables, incorrect registry or file permissions, and software configuration errors. What is the type of vulnerability assessment performed by Martin?

Options:

A.

Credentialed assessment

B.

Database assessment

C.

Host-based assessment

D.

Distributed assessment

Question 86

Robin, an attacker, is attempting to bypass the firewalls of an organization through the DNS tunneling method in order to exfiltrate data. He is using the NSTX tool for bypassing the firewalls. On which of the following ports should Robin run the NSTX tool?

Options:

A.

Port 53

B.

Port 23

C.

Port 50

D.

Port 80

Question 87

When a normal TCP connection starts, a destination host receives a SYN (synchronize/start) packet from a source host and sends back a SYN/ACK (synchronize acknowledge). The destination host must then hear an ACK (acknowledge) of the SYN/ACK before the connection is established. This is referred to as the "TCP three-way handshake." While waiting for the ACK to the SYN ACK, a connection queue of finite size on the destination host keeps track of connections waiting to be completed. This queue typically empties quickly since the ACK is expected to arrive a few milliseconds after the SYN ACK.

How would an attacker exploit this design by launching TCP SYN attack?

Options:

A.

Attacker generates TCP SYN packets with random destination addresses towards a victim host

B.

Attacker floods TCP SYN packets with random source addresses towards a victim host

C.

Attacker generates TCP ACK packets with random source addresses towards a victim host

D.

Attacker generates TCP RST packets with random source addresses towards a victim host

Question 88

Take a look at the following attack on a Web Server using obstructed URL:

How would you protect from these attacks?

Options:

A.

Configure the Web Server to deny requests involving "hex encoded" characters

B.

Create rules in IDS to alert on strange Unicode requests

C.

Use SSL authentication on Web Servers

D.

Enable Active Scripts Detection at the firewall and routers

Question 89

Bob, your senior colleague, has sent you a mail regarding a deal with one of the clients. You are requested to accept the offer and you oblige. After 2 days. Bob denies that he had ever sent a mail. What do you want to ""know"" to prove yourself that it was Bob who had send a mail?

Options:

A.

Authentication

B.

Confidentiality

C.

Integrity

D.

Non-Repudiation

Question 90

jane, an ethical hacker. Is testing a target organization's web server and website to identity security loopholes. In this process, she copied the entire website and its content on a local drive to view the complete profile of the site's directory structure, file structure, external links, images, web pages, and so on. This information helps jane map the website's directories and gain valuable information. What is the attack technique employed by Jane in the above scenario?

Options:

A.

website mirroring

B.

Session hijacking

C.

Web cache poisoning

D.

Website defacement

Question 91

Bob is going to perform an active session hijack against Brownies Inc. He has found a target that allows session oriented connections (Telnet) and performs the sequence prediction on the target operating system. He manages to find an active session due to the high level of traffic on the network. What is Bob supposed to do next?

Options:

A.

Take over the session

B.

Reverse sequence prediction

C.

Guess the sequence numbers

D.

Take one of the parties offline

Question 92

Alice, a professional hacker, targeted an organization's cloud services. She infiltrated the targets MSP provider by sending spear-phishing emails and distributed custom-made malware to compromise user accounts and gain remote access to the cloud service. Further, she accessed the target customer profiles with her MSP account, compressed the customer data, and stored them in the MSP. Then, she used this information to launch further attacks on the target organization. Which of the following cloud attacks did Alice perform in the above scenario?

Options:

A.

Cloud hopper attack

B.

Cloud cryptojacking

C.

Cloudborne attack

D.

Man-in-the-cloud (MITC) attack

Question 93

There have been concerns in your network that the wireless network component is not sufficiently secure. You perform a vulnerability scan of the wireless network and find that it is using an old encryption protocol that was designed to mimic wired encryption, what encryption protocol is being used?

Options:

A.

WEP

B.

RADIUS

C.

WPA

D.

WPA3

Question 94

Identify the correct terminology that defines the above statement.

Options:

A.

Vulnerability Scanning

B.

Penetration Testing

C.

Security Policy Implementation

D.

Designing Network Security

Question 95

Daniel Is a professional hacker who Is attempting to perform an SQL injection attack on a target website. www.movlescope.com. During this process, he encountered an IDS that detects SQL Injection attempts based on predefined signatures. To evade any comparison statement, he attempted placing characters such as ‘ 'or '1'='1" In any bask injection statement such as "or 1=1." Identify the evasion technique used by Daniel in the above scenario.

Options:

A.

Null byte

B.

IP fragmentation

C.

Char encoding

D.

Variation

Question 96

Why containers are less secure that virtual machines?

Options:

A.

Host OS on containers has a larger surface attack.

B.

Containers may full fill disk space of the host.

C.

A compromise container may cause a CPU starvation of the host.

D.

Containers are attached to the same virtual network.

Question 97

This wireless security protocol allows 192-bit minimum-strength security protocols and cryptographic tools to protect sensitive data, such as GCMP-2S6. MMAC-SHA384, and ECDSA using a 384-bit elliptic curve. Which is this wireless security protocol?

Options:

A.

WPA2 Personal

B.

WPA3-Personal

C.

WPA2-Enterprise

D.

WPA3-Enterprise

Question 98

Harry. a professional hacker, targets the IT infrastructure of an organization. After preparing for the attack, he attempts to enter the target network using techniques such as sending spear-phishing emails and exploiting vulnerabilities on publicly available servers. Using these techniques, he successfully deployed malware on the target system to establish an outbound connection. What is the APT lifecycle phase that Harry is currently executing?

Options:

A.

Preparation

B.

Cleanup

C.

Persistence

D.

initial intrusion

Question 99

You have retrieved the raw hash values from a Windows 2000 Domain Controller. Using social engineering, you come to know that they are enforcing strong passwords. You understand that all users are required to use passwords that are at least 8 characters in length. All passwords must also use 3 of the 4 following categories: lower case letters, capital letters, numbers and special characters. With your existing knowledge of users, likely user account names and the possibility that they will choose the easiest passwords possible, what would be the fastest type of password cracking attack you can run against these hash values and still get results?

Options:

A.

Online Attack

B.

Dictionary Attack

C.

Brute Force Attack

D.

Hybrid Attack

Question 100

Within the context of Computer Security, which of the following statements describes Social Engineering best?

Options:

A.

Social Engineering is the act of publicly disclosing information

B.

Social Engineering is the means put in place by human resource to perform time accounting

C.

Social Engineering is the act of getting needed information from a person rather than breaking into a system

D.

Social Engineering is a training program within sociology studies

Question 101

E-mail scams and mail fraud are regulated by which of the following?

Options:

A.

18 U.S.C. par. 1030 Fraud and Related activity in connection with Computers

B.

18 U.S.C. par. 1029 Fraud and Related activity in connection with Access Devices

C.

18 U.S.C. par. 1362 Communication Lines, Stations, or Systems

D.

18 U.S.C. par. 2510 Wire and Electronic Communications Interception and Interception of Oral Communication

Question 102

Nathan is testing some of his network devices. Nathan is using Macof to try and flood the ARP cache of these switches.

If these switches' ARP cache is successfully flooded, what will be the result?

Options:

A.

The switches will drop into hub mode if the ARP cache is successfully flooded.

B.

If the ARP cache is flooded, the switches will drop into pix mode making it less susceptible to attacks.

C.

Depending on the switch manufacturer, the device will either delete every entry in its ARP cache or reroute packets to the nearest switch.

D.

The switches will route all traffic to the broadcast address created collisions.

Question 103

An attacker redirects the victim to malicious websites by sending them a malicious link by email. The link appears authentic but redirects the victim to a malicious web page, which allows the attacker to steal the victim's data. What type of attack is this?

Options:

A.

Phishing

B.

Vlishing

C.

Spoofing

D.

DDoS

Question 104

John, a disgruntled ex-employee of an organization, contacted a professional hacker to exploit the organization. In the attack process, the professional hacker Installed a scanner on a machine belonging to one of the vktims and scanned several machines on the same network to Identify vulnerabilities to perform further exploitation. What is the type of vulnerability assessment tool employed by John in the above scenario?

Options:

A.

Proxy scanner

B.

Agent-based scanner

C.

Network-based scanner

D.

Cluster scanner

Question 105

Nicolas just found a vulnerability on a public-facing system that is considered a zero-day vulnerability. He sent an email to the owner of the public system describing the problem and how the owner can protect themselves from that vulnerability. He also sent an email to Microsoft informing them of the problem that their systems are exposed to. What type of hacker is Nicolas?

Options:

A.

Red hat

B.

white hat

C.

Black hat

D.

Gray hat

Question 106

Scenario: Joe turns on his home computer to access personal online banking. When he enters the URL www.bank.com. the website is displayed, but it prompts him to re-enter his credentials as if he has never visited the site before. When he examines the website URL closer, he finds that the site is not secure and the web address appears different. What type of attack he is experiencing?.

Options:

A.

Dos attack

B.

DHCP spoofing

C.

ARP cache poisoning

D.

DNS hijacking

Question 107

Bob, an attacker, has managed to access a target loT device. He employed an online tool to gather information related to the model of the loT device and the certifications granted to it. Which of the following tools did Bob employ to gather the above Information?

Options:

A.

search.com

B.

EarthExplorer

C.

Google image search

D.

FCC ID search

Question 108

Samuel a security administrator, is assessing the configuration of a web server. He noticed that the server permits SSlv2 connections, and the same private key certificate is used on a different server that allows SSLv2 connections. This vulnerability makes the web server vulnerable to attacks as the SSLv2 server can leak key information.

Which of the following attacks can be performed by exploiting the above vulnerability?

Options:

A.

DROWN attack

B.

Padding oracle attack

C.

Side-channel attack

D.

DUHK attack

Question 109

In the context of password security, a simple dictionary attack involves loading a dictionary file (a text file full of dictionary words) into a cracking application such as L0phtCrack or John the Ripper, and running it against user accounts located by the application. The larger the word and word fragment selection, the more effective the dictionary attack is. The brute force method is the most inclusive, although slow. It usually tries every possible letter and number combination in its automated exploration. If you would use both brute force and dictionary methods combined together to have variation of words, what would you call such an attack?

Options:

A.

Full Blown

B.

Thorough

C.

Hybrid

D.

BruteDics

Question 110

Which utility will tell you in real time which ports are listening or in another state?

Options:

A.

Netstat

B.

TCPView

C.

Nmap

D.

Loki

Question 111

Ricardo has discovered the username for an application in his targets environment. As he has a limited amount of time, he decides to attempt to use a list of common passwords he found on the Internet. He compiles them into a list and then feeds that list as an argument into his password-cracking application, what type of attack is Ricardo performing?

Options:

A.

Known plaintext

B.

Password spraying

C.

Brute force

D.

Dictionary

Question 112

Gavin owns a white-hat firm and is performing a website security audit for one of his clients. He begins by running a scan which looks for common misconfigurations and outdated software versions. Which of the following tools is he most likely using?

Options:

A.

Nikto

B.

Nmap

C.

Metasploit

D.

Armitage

Question 113

What type of analysis is performed when an attacker has partial knowledge of inner-workings of the application?

Options:

A.

Black-box

B.

Announced

C.

White-box

D.

Grey-box

Question 114

Switches maintain a CAM Table that maps individual MAC addresses on the network to physical ports on the switch.

In MAC flooding attack, a switch is fed with many Ethernet frames, each containing different source MAC addresses, by the attacker. Switches have a limited memory for mapping various MAC addresses to physical ports. What happens when the CAM table becomes full?

Options:

A.

Switch then acts as hub by broadcasting packets to all machines on the network

B.

The CAM overflow table will cause the switch to crash causing Denial of Service

C.

The switch replaces outgoing frame switch factory default MAC address of FF:FF:FF:FF:FF:FF

D.

Every packet is dropped and the switch sends out SNMP alerts to the IDS port

Question 115

Clark, a professional hacker, attempted to perform a Btlejacking attack using an automated tool, Btlejack, and hardware tool, micro:bit. This attack allowed Clark to hijack, read, and export sensitive information shared between connected devices. To perform this attack, Clark executed various btlejack commands. Which of the following commands was used by Clark to hijack the connections?

Options:

A.

btlejack-f 0x129f3244-j

B.

btlejack -c any

C.

btlejack -d /dev/ttyACM0 -d /dev/ttyACM2 -s

D.

btlejack -f 0x9c68fd30 -t -m 0x1 fffffffff

Question 116

Which Nmap switch helps evade IDS or firewalls?

Options:

A.

-n/-R

B.

-0N/-0X/-0G

C.

-T

D.

-D

Question 117

Mason, a professional hacker, targets an organization and spreads Emotet malware through malicious script. After infecting the victim's device. Mason further used Emotet to spread the infection across local networks and beyond to compromise as many machines as possible. In this process, he used a tool, which is a self-extracting RAR file, to retrieve information related to network resources such as writable share drives. What is the tool employed by Mason in the above scenario?

Options:

A.

NetPass.exe

B.

Outlook scraper

C.

WebBrowserPassView

D.

Credential enumerator

Question 118

Cross-site request forgery involves:

Options:

A.

A request sent by a malicious user from a browser to a server

B.

Modification of a request by a proxy between client and server

C.

A browser making a request to a server without the user’s knowledge

D.

A server making a request to another server without the user’s knowledge

Question 119

Jane is working as a security professional at CyberSol Inc. She was tasked with ensuring the authentication and integrity of messages being transmitted in the corporate network. To encrypt the messages, she implemented a security model in which every user in the network maintains a ring of public keys. In this model, a user needs to encrypt a message using the receiver's public key, and only the receiver can decrypt the message using their private key. What is the security model implemented by Jane to secure corporate messages?

Options:

A.

Zero trust network

B.

Transport Layer Security (TLS)

C.

Secure Socket Layer (SSL)

D.

Web of trust (WOT)

Question 120

The security administrator of ABC needs to permit Internet traffic in the host 10.0.0.2 and UDP traffic in the host

10.0.0.3. He also needs to permit all FTP traffic to the rest of the network and deny all other traffic. After he

applied his ACL configuration in the router, nobody can access the ftp, and the permitted hosts cannot access

the Internet. According to the next configuration, what is happening in the network?

access-list 102 deny tcp any any

access-list 104 permit udp host 10.0.0.3 any

access-list 110 permit tcp host 10.0.0.2 eq www any

access-list 108 permit tcp any eq ftp any

Options:

A.

The ACL 104 needs to be first because is UDP

B.

The first ACL is denying all TCP traffic and the other ACLs are being ignored by the router

C.

The ACL for FTP must be before the ACL 110

D.

The ACL 110 needs to be changed to port 80

Question 121

Joel, a professional hacker, targeted a company and identified the types of websites frequently visited by its employees. Using this information, he searched for possible loopholes in these websites and injected a malicious script that can redirect users from the web page and download malware onto a victim's machine. Joel waits for the victim to access the infected web application so as to compromise the victim's machine. Which of the following techniques is used by Joel in the above scenario?

Options:

A.

DNS rebinding attack

B.

Clickjacking attack

C.

MarioNet attack

D.

Watering hole attack

Question 122

You are a cybersecurlty consultant for a smart city project. The project involves deploying a vast network of loT devices for public utilities like traffic control, water supply, and power grid management The city administration is concerned about the possibility of a Distributed Denial of Service (DDoS) attack crippling these critical services. They have asked you for advice on how to prevent such an attack. What would be your primary recommendation?

Options:

A.

Implement regular firmware updates for all loT devices.

B.

A Deploy network intrusion detection systems (IDS) across the loT network.

C.

Establish strong, unique passwords for each loT device.

D.

Implement IP address whitelisting for all loT devices.

Question 123

Bill has been hired as a penetration tester and cyber security auditor for a major credit card company. Which information security standard is most applicable to his role?

Options:

A.

FISMA

B.

HITECH

C.

PCI-DSS

D.

Sarbanes-OxleyAct

Question 124

Stephen, an attacker, targeted the industrial control systems of an organization. He generated a fraudulent email with a malicious attachment and sent it to employees of the target organization. An employee who manages the sales software of the operational plant opened the fraudulent email and clicked on the malicious attachment. This resulted in the malicious attachment being downloaded and malware being injected into the sales software maintained in the victim's system. Further, the malware propagated itself to other networked systems, finally damaging the industrial automation components. What is the attack technique used by Stephen to damage the industrial systems?

Options:

A.

Spear-phishing attack

B.

SMishing attack

C.

Reconnaissance attack

D.

HMI-based attack

Question 125

BitLocker encryption has been implemented for all the Windows-based computers in an organization. You are concerned that someone might lose their cryptographic key. Therefore, a mechanism was implemented to recover the keys from Active Directory. What is this mechanism called in cryptography?

Options:

A.

Key archival

B.

Key escrow.

C.

Certificate rollover

D.

Key renewal

Question 126

Bob wants to ensure that Alice can check whether his message has been tampered with. He creates a checksum of the message and encrypts it using asymmetric cryptography. What key does Bob use to encrypt the checksum for accomplishing this goal?

Options:

A.

Alice's private key

B.

Alice's public key

C.

His own private key

D.

His own public key

Question 127

You are tasked to configure the DHCP server to lease the last 100 usable IP addresses in subnet to. 1.4.0/23. Which of the following IP addresses could be teased as a result of the new configuration?

Options:

A.

210.1.55.200

B.

10.1.4.254

C.

10.1.5.200

D.

10.1.4.156

Question 128

A DDOS attack is performed at layer 7 to take down web infrastructure. Partial HTTP requests are sent to the web infrastructure or applications. Upon receiving a partial request, the target servers opens multiple connections and keeps waiting for the requests to complete.

Which attack is being described here?

Options:

A.

Desynchronization

B.

Slowloris attack

C.

Session splicing

D.

Phlashing

Question 129

Based on the below log, which of the following sentences are true?

Mar 1, 2016, 7:33:28 AM 10.240.250.23 - 54373 10.249.253.15 - 22 tcp_ip

Options:

A.

Application is FTP and 10.240.250.23 is the client and 10.249.253.15 is the server.

B.

Application is SSH and 10.240.250.23 is the server and 10.249.253.15 is the client.

C.

SSH communications are encrypted; it’s impossible to know who is the client or the server.

D.

Application is SSH and 10.240.250.23 is the client and 10.249.253.15 is the server.

Question 130

Which rootkit is characterized by its function of adding code and/or replacing some of the operating-system kernel code to obscure a backdoor on a system?

Options:

A.

User-mode rootkit

B.

Library-level rootkit

C.

Kernel-level rootkit

D.

Hypervisor-level rootkit

Question 131

Being a Certified Ethical Hacker (CEH), a company has brought you on board to evaluate the safety measures in place for their network system. The company uses a network time protocol server in the demilitarized zone.

During your enumeration, you decide to run a ntptrace command. Given the syntax: ntptrace [-n] [-m maxhosts] [servername/IP_address], which command usage would best serve your objective to find where the NTP server obtains the time from and to trace the list of NTP servers connected to the network?

Options:

A.

ntptrace -m 5 192.168.1.1

B.

tptrace 192.1681.

C.

ntptrace -n localhost

D.

ntptrace -n -m 5 192.168.1.1

Question 132

Juliet, a security researcher in an organization, was tasked with checking for the authenticity of images to be used in the organization's magazines. She used these images as a search query and tracked the original source and details of the images, which included photographs, profile pictures, and memes. Which of the following footprinting techniques did Rachel use to finish her task?

Options:

A.

Reverse image search

B.

Meta search engines

C.

Advanced image search

D.

Google advanced search

Question 133

A large enterprise has been experiencing sporadic system crashes and instability, resulting in limited access to its web services. The security team suspects it could be a result of a Denial of Service (DoS) attack. A significant increase in traffic was noticed in the network logs, with patterns suggesting packet sizes exceeding the prescribed size limit. Which among the following DoS attack techniques best describes this scenario?

Options:

A.

UDP flood attack

B.

Smurf attack

C.

Pulse wave attack

D.

Ping of Death attack

Question 134

On performing a risk assessment, you need to determine the potential impacts when some of the critical business processes of the company interrupt its service.

What is the name of the process by which you can determine those critical businesses?

Options:

A.

Emergency Plan Response (EPR)

B.

Business Impact Analysis (BIA)

C.

Risk Mitigation

D.

Disaster Recovery Planning (DRP)

Question 135

You are an ethical hacker contracted to conduct a security audit for a company. During the audit, you discover that the company's wireless network is using WEP encryption. You understand the vulnerabilities associated with WEP and plan to recommend a more secure encryption method. Which of the following would you recommend as a Suitable replacement to enhance the security of the company's wireless network?

Options:

A.

MAC address filtering

B.

WPA2-PSK with AES encryption

C.

Open System authentication

D.

SSID broadcast disabling

Question 136

Dayn, an attacker, wanted to detect if any honeypots are installed in a target network. For this purpose, he used a time-based TCP fingerprinting method to validate the response to a normal computer and the response of a honeypot to a manual SYN request. Which of the following techniques is employed by Dayn to detect honeypots?

Options:

A.

Detecting honeypots running on VMware

B.

Detecting the presence of Honeyd honeypots

C.

Detecting the presence of Snort_inline honeypots

D.

Detecting the presence of Sebek-based honeypots

Question 137

In an attempt to damage the reputation of a competitor organization, Hailey, a professional hacker, gathers a list of employee and client email addresses and other related information by using various search engines, social networking sites, and web spidering tools. In this process, she also uses an automated tool to gather a list of words from the target website to further perform a brute-force attack on the previously gathered email addresses.

What is the tool used by Hailey for gathering a list of words from the target website?

Options:

A.

Shadowsocks

B.

CeWL

C.

Psiphon

D.

Orbot

Question 138

Peter, a system administrator working at a reputed IT firm, decided to work from his home and login remotely. Later, he anticipated that the remote connection could be exposed to session hijacking. To curb this possibility, he implemented a technique that creates a safe and encrypted tunnel over a public network to securely send and receive sensitive information and prevent hackers from decrypting the data flow between the endpoints. What is the technique followed by Peter to send files securely through a remote connection?

Options:

A.

DMZ

B.

SMB signing

C.

VPN

D.

Switch network

Question 139

As a security analyst for Sky Secure Inc., you are working with a client that uses a multi-cloud strategy, utilizing services from several cloud providers. The client wants to implement a system that will provide unified security management across all their cloud platforms. They need a solution that allows them to consistently enforce security policies, identify and respond to threats, and maintain visibility of all their cloud resources. Which of the following should you recommend as the best solution?

Options:

A.

Use a hardware-based firewall to secure all cloud resources.

B.

implement separate security management tools for each cloud platform.

C.

Use a Cloud Access Security Broker (CASB).

D.

Rely on the built-in security features of each cloud platform.

Question 140

A group of hackers were roaming around a bank office building in a city, driving a luxury car. They were using hacking tools on their laptop with the intention to find a free-access wireless network. What is this hacking process known as?

Options:

A.

GPS mapping

B.

Spectrum analysis

C.

Wardriving

D.

Wireless sniffing

Question 141

As part of a college project, you have set up a web server for hosting your team's application. Given your interest in cybersecurity, you have taken the lead in securing the server. You are aware that hackers often attempt to exploit server misconfigurations. Which of the following actions would best protect your web server from potential misconfiguration-based attacks?

Options:

A.

Performing regular server configuration audits

B.

Enabling multi-factor authentication for users

C.

Implementing a firewall to filter traffic

D.

Regularly backing up server data

Question 142

As a cybersecurity analyst for SecureNet, you are performing a security assessment of a new mobile payment application. One of your primary concerns is the secure storage of customer data on the device. The application

stores sensitive information such as credit card details and personal identification numbers (PINs) on the device. Which of the following measures would best ensure the security of this data?

Options:

A.

Implement biometric authentication for app access.

B.

Encrypt all sensitive data stored on the device.

C.

Enable GPS tracking for all devices using the app.

D.

Regularly update the app to the latest version.

Question 143

Calvin, a software developer, uses a feature that helps him auto-generate the content of a web page without manual involvement and is integrated with SSI directives. This leads to a vulnerability in the developed web application as this feature accepts remote user inputs and uses them on the page. Hackers can exploit this feature and pass malicious SSI directives as input values to perform malicious activities such as modifying and erasing server files. What is the type of injection attack Calvin's web application is susceptible to?

Options:

A.

Server-side template injection

B.

Server-side JS injection

C.

CRLF injection

D.

Server-side includes injection

Question 144

An experienced cyber attacker has created a fake Linkedin profile, successfully impersonating a high-ranking official from a well-established company, to execute a social engineering attack. The attacker then connected with other employees within the organization, receiving invitations to exclusive corporate events and gaining

access to proprietary project details shared within the network. What advanced social engineering technique has the attacker primarily used to exploit the system and what is the most likely immediate threat to the organization?

Options:

A.

Pretexting and Network Vulnerability

B.

Spear Phishing and Spam

C.

Whaling and Targeted Attacks

D.

Baiting and Involuntary Data Leakage

Question 145

An organization has automated the operation of critical infrastructure from a remote location. For this purpose, all the industrial control systems are connected to the Internet. To empower the manufacturing process, ensure the reliability of industrial networks, and reduce downtime and service disruption, the organization deckled to install an OT security tool that further protects against security incidents such as cyber espionage, zero-day attacks, and malware. Which of the following tools must the organization employ to protect its critical infrastructure?

Options:

A.

Robotium

B.

BalenaCloud

C.

Flowmon

D.

IntentFuzzer

Question 146

Mike, a security engineer, was recently hired by BigFox Ltd. The company recently experienced disastrous DoS attacks. The management had instructed Mike to build defensive strategies for the company's IT infrastructure to thwart DoS/DDoS attacks. Mike deployed some countermeasures to handle jamming and scrambling attacks. What is the countermeasure Mike applied to defend against jamming and scrambling attacks?

Options:

A.

Allow the usage of functions such as gets and strcpy

B.

Allow the transmission of all types of addressed packets at the ISP level

C.

Implement cognitive radios in the physical layer

D.

A Disable TCP SYN cookie protection

Question 147

Which of the following options represents a conceptual characteristic of an anomaly-based IDS over a signature-based IDS?

Options:

A.

Produces less false positives

B.

Can identify unknown attacks

C.

Requires vendor updates for a new threat

D.

Cannot deal with encrypted network traffic

Question 148

Which of the following provides a security professional with most information about the system’s security posture?

Options:

A.

Phishing, spamming, sending trojans

B.

Social engineering, company site browsing tailgating

C.

Wardriving, warchalking, social engineering

D.

Port scanning, banner grabbing service identification

Question 149

Roma is a member of a security team. She was tasked with protecting the internal network of an organization from imminent threats. To accomplish this task, Roma fed threat intelligence into the security devices in a digital format to block and identify inbound and outbound malicious traffic entering the organization's network.

Which type of threat intelligence is used by Roma to secure the internal network?

Options:

A.

Technical threat intelligence

B.

Operational threat intelligence

C.

Tactical threat intelligence

D.

Strategic threat intelligence

Question 150

An organization decided to harden its security against web-application and web-server attacks. John, a security personnel in the organization, employed a security scanner to automate web-application security testing and to guard the organization's web infrastructure against web-application threats. Using that tool, he also wants to detect XSS, directory transversal problems, fault injection, SQL injection, attempts to execute commands, and several other attacks. Which of the following security scanners will help John perform the above task?

Options:

A.

AlienVault®OSSIM™

B.

Syhunt Hybrid

C.

Saleae Logic Analyzer

D.

Cisco ASA

Question 151

A security analyst is preparing to analyze a potentially malicious program believed to have infiltrated an organization's network. To ensure the safety and integrity of the production environment, the analyst decided to use a sheep dip computer for the analysis. Before initiating the analysis, what key step should the analyst

take?

Options:

A.

Run the potentially malicious program on the sheep dip computer to determine its behavior

B.

Store the potentially malicious program on an external medium, such as a CD-ROM

C.

Connect the sheep dip computer to the organization's internal network

D.

install the potentially malicious program on the sheep dip computer

Question 152

Kate dropped her phone and subsequently encountered an issue with the phone's internal speaker. Thus, she is using the phone's loudspeaker for phone calls and other activities. Bob, an attacker, takes advantage of this vulnerability and secretly exploits the hardware of Kate's phone so that he can monitor the loudspeaker's output from data sources such as voice assistants, multimedia messages, and audio files by using a malicious app to breach speech privacy. What is the type of attack Bob performed on Kate in the above scenario?

Options:

A.

Man-in-the-disk attack

B.

aLTEr attack

C.

SIM card attack

D.

Spearphone attack

Question 153

Richard, an attacker, targets an MNC In this process, he uses a footprinting technique to gather as much information as possible. Using this technique, he gathers domain information such as the target domain name, contact details of its owner, expiry date, and creation date. With this information, he creates a map of the organization's network and misleads domain owners with social engineering to obtain internal details of its network. What type of footprinting technique is employed by Richard?

Options:

A.

VPN footprinting

B.

Email footprinting

C.

VoIP footprinting

D.

Whois footprinting

Question 154

A sophisticated attacker targets your web server with the intent to execute a Denial of Service (DoS) attack. His strategy involves a unique mixture of TCP SYN, UDP, and ICMP floods, using 'r' packets per second. Your server, reinforced with advanced security measures, can handle 'h' packets per second before it starts showing signs of strain. If 'r' surpasses 'h', it overwhelms the server, causing it to become unresponsive. In a peculiar pattern, the attacker selects 'r' as a composite number and 'h' as a prime number, making the attack detection more challenging. Considering 'r=2010' and different values for 'h', which of the following scenarios would potentially cause the server to falter?

Options:

A.

h=1999 (prime): Despite the attacker's packet flood, the server can handle these requests, remaining responsive

B.

h=2003 (prime): The server can manage more packets than the attacker is sending, hence it stays operational

C.

h=1993 (prime): Despite being less than 'r', the server's prime number capacity keeps it barely operational, but the risk of falling is imminent

D.

h=1987 (prime): The attacker's packet rate exceeds the server's capacity, causing potential unresponsiveness

Question 155

Tony is a penetration tester tasked with performing a penetration test. After gaining initial access to a target

system, he finds a list of hashed passwords.

Which of the following tools would not be useful for cracking the hashed passwords?

Options:

A.

John the Ripper

B.

Hashcat

C.

netcat

D.

THC-Hydra

Question 156

Which wireless security protocol replaces the personal pre-shared key (PSK) authentication with Simultaneous Authentication of Equals (SAE) and is therefore resistant to offline dictionary attacks?

Options:

A.

WPA3-Personal

B.

WPA2-Enterprise

C.

Bluetooth

D.

ZigBee

Question 157

Jack, a professional hacker, targets an organization and performs vulnerability scanning on the target web server to identify any possible weaknesses, vulnerabilities, and misconfigurations. In this process, Jack uses an automated tool that eases his work and performs vulnerability scanning to find hosts, services, and other vulnerabilities in the target server. Which of the following tools is used by Jack to perform vulnerability scanning?

Options:

A.

Infoga

B.

WebCopier Pro

C.

Netsparker

D.

NCollector Studio

Question 158

Jude, a pen tester working in Keiltech Ltd., performs sophisticated security testing on his company's network infrastructure to identify security loopholes. In this process, he started to circumvent the network protection tools and firewalls used in the company. He employed a technique that can create forged TCP sessions by carrying out multiple SYN, ACK, and RST or FIN packets. Further, this process allowed Jude to execute DDoS attacks that can exhaust the network resources. What is the attack technique used by Jude for finding loopholes in the above scenario?

Options:

A.

UDP flood attack

B.

Ping-of-death attack

C.

Spoofed session flood attack

D.

Peer-to-peer attack

Question 159

Henry is a penetration tester who works for XYZ organization. While performing enumeration on a client organization, he queries the DNS server for a specific cached DNS record. Further, by using this cached record, he determines the sites recently visited by the organization's user. What is the enumeration technique used by Henry on the organization?

Options:

A.

DNS zone walking

B.

DNS cache snooping

C.

DNS SEC zone walking

D.

DNS cache poisoning

Question 160

An ethical hacker is hired to evaluate the defenses of an organization's database system which is known to employ a signature-based IDS. The hacker knows that some SQL Injection evasion techniques may allow him

to bypass the system's signatures. During the operation, he successfully retrieved a list of usernames from the database without triggering an alarm by employing an advanced evasion technique. Which of the following

could he have used?

Options:

A.

Utilizing the char encoding function to convert hexadecimal and decimal values into characters that pass-through SQL engine parsing

B.

Using the URL encoding method to replace characters with their ASCII codes in hexadecimal form

C.

Implementing sophisticated matches such as “OR ‘john' = john" in place of classical matches like "OR 1-1"

D.

Manipulating white spaces in SQL queries to bypass signature detection

Question 161

Given the complexities of an organization’s network infrastructure, a threat actor has exploited an unidentified vulnerability, leading to a major data breach. As a Certified Ethical Hacker (CEH), you are tasked with enhancing

the organization's security stance. To ensure a comprehensive security defense, you recommend a certain security strategy. Which of the following best represents the strategy you would likely suggest and why?

Options:

A.

Develop an in-depth Risk Management process, involving identification, assessment, treatment, tracking, and review of risks to control the potential effects on the organization.

B.

Establish a Defense-in-Depth strategy, incorporating multiple layers of security measures to increase the complexity and decrease the likelihood of a successful attack.

C.

Adopt a Continual/Adaptive Security Strategy involving ongoing prediction, prevention, detection, and response actions to ensure comprehensive computer network defense.

D.

Implement an Information Assurance (IA) policy focusing on ensuring the integrity, availability, confidentiality, and authenticity of information systems.

Question 162

Mary found a high vulnerability during a vulnerability scan and notified her server team. After analysis, they sent her proof that a fix to that issue had already been applied. The vulnerability that Marry found is called what?

Options:

A.

False-negative

B.

False-positive

C.

Brute force attack

D.

Backdoor

Question 163

A large e-commerce organization is planning to implement a vulnerability assessment solution to enhance its security posture. They require a solution that imitates the outside view of attackers, performs well-organized inference-based testing, scans automatically against continuously updated databases, and supports multiple networks. Given these requirements, which type of vulnerability assessment solution would be most appropriate?

Options:

A.

Inference-based assessment solution

B.

Service-based solution offered by an auditing firm

C.

Tree-based assessment approach

D.

Product-based solution installed on a private network

Question 164

Gregory, a professional penetration tester working at Sys Security Ltd., is tasked with performing a security test of web applications used in the company. For this purpose, Gregory uses a tool to test for any security loopholes by hijacking a session between a client and server. This tool has a feature of intercepting proxy that can be used to inspect and modify the traffic between the browser and target application. This tool can also perform customized attacks and can be used to test the randomness of session tokens. Which of the following tools is used by Gregory in the above scenario?

Options:

A.

Nmap

B.

Burp Suite

C.

CxSAST

D.

Wireshark

Question 165

Don, a student, came across a gaming app in a third-party app store and Installed it. Subsequently, all the legitimate apps in his smartphone were replaced by deceptive applications that appeared legitimate. He also received many advertisements on his smartphone after Installing the app. What is the attack performed on Don in the above scenario?

Options:

A.

SMS phishing attack

B.

SIM card attack

C.

Agent Smith attack

D.

Clickjacking

Question 166

A post-breach forensic investigation revealed that a known vulnerability in Apache Struts was to blame for the Equifax data breach that affected 143 million customers. A fix was available from the software vendor for several months prior 10 the Intrusion. This Is likely a failure in which of the following security processes?

Options:

A.

vendor risk management

B.

Security awareness training

C.

Secure deployment lifecycle

D.

Patch management

Question 167

An ethical hacker is testing the security of a website's database system against SQL Injection attacks. They discover that the IDS has a strong signature detection mechanism to detect typical SQL injection patterns.

Which evasion technique can be most effectively used to bypass the IDS signature detection while performing a SQL Injection attack?

Options:

A.

Implement case variation by altering the case of SQL statements

B.

Employ IP fragmentation to obscure the attack payload

C.

Use Hex encoding to represent the SQL query string

D.

Leverage string concatenation to break identifiable keywords

Question 168

John, a professional hacker, targeted CyberSol Inc., an MNC. He decided to discover the loT devices connected in the target network that are using default credentials and are vulnerable to various hijacking attacks. For this purpose, he used an automated tool to scan the target network for specific types of loT devices and detect whether they are using the default, factory-set credentials. What is the tool employed by John in the above scenario?

Options:

A.

loTSeeker

B.

loT Inspector

C.

AT&T loT Platform

D.

Azure loT Central

Question 169

John, a professional hacker, decided to use DNS to perform data exfiltration on a target network, in this process, he embedded malicious data into the DNS protocol packets that even DNSSEC cannot detect. Using this technique. John successfully injected malware to bypass a firewall and maintained communication with the victim machine and C&C server. What is the technique employed by John to bypass the firewall?

Options:

A.

DNS cache snooping

B.

DNSSEC zone walking

C.

DNS tunneling method

D.

DNS enumeration

Question 170

A hacker has successfully infected an internet-facing server which he will then use to send junk mail, take part in coordinated attacks, or host junk email content. Which sort of trojan infects this server?

Options:

A.

Botnet Trojan

B.

Banking Trojans

C.

Turtle Trojans

D.

Ransomware Trojans

Question 171

What type of virus is most likely to remain undetected by antivirus software?

Options:

A.

Cavity virus

B.

Stealth virus

C.

File-extension virus

D.

Macro virus

Demo: 171 questions
Total 572 questions