New Year Special Limited Time 70% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: 70special

ECCouncil 312-50v11 Certified Ethical Hacker Exam (CEH v11) Exam Practice Test

Page: 1 / 53
Total 528 questions

Certified Ethical Hacker Exam (CEH v11) Questions and Answers

Testing Engine

  • Product Type: Testing Engine
$37.5  $124.99

PDF Study Guide

  • Product Type: PDF Study Guide
$33  $109.99
Question 1

Which of the following steps for risk assessment methodology refers to vulnerability identification?

Options:

A.

Determines if any flaws exist in systems, policies, or procedures

B.

Assigns values to risk probabilities; Impact values.

C.

Determines risk probability that vulnerability will be exploited (High. Medium, Low)

D.

Identifies sources of harm to an IT system. (Natural, Human. Environmental)

Question 2

You receive an e-mail like the one shown below. When you click on the link contained in the mail, you are redirected to a website seeking you to download free Anti-Virus software.

Dear valued customers,

We are pleased to announce the newest version of Antivirus 2010 for Windows which will probe you with total security against the latest spyware, malware, viruses, Trojans and other online threats. Simply visit the link below and enter your antivirus code:

or you may contact us at the following address:

Media Internet Consultants, Edif. Neptuno, Planta

Baja, Ave. Ricardo J. Alfaro, Tumba Muerto, n/a Panama

How will you determine if this is Real Anti-Virus or Fake Anti-Virus website?

Options:

A.

Look at the website design, if it looks professional then it is a Real Anti-Virus website

B.

Connect to the site using SSL, if you are successful then the website is genuine

C.

Search using the URL and Anti-Virus product name into Google and lookout for suspicious warnings against this site

D.

Download and install Anti-Virus software from this suspicious looking site, your Windows 7 will prompt you and stop the installation if the downloaded file is a malware

E.

Download and install Anti-Virus software from this suspicious looking site, your Windows 7 will prompt you and stop the installation if the downloaded file is a malware

Question 3

Wilson, a professional hacker, targets an organization for financial benefit and plans to compromise its systems by sending malicious emails. For this purpose, he uses a tool to track the emails of the target and extracts information such as sender identities, mall servers, sender IP addresses, and sender locations from different public sources. He also checks if an email address was leaked using the haveibeenpwned.com API. Which of the following tools is used by Wilson in the above scenario?

Options:

A.

Factiva

B.

Netcraft

C.

infoga

D.

Zoominfo

Question 4

Ron, a security professional, was pen testing web applications and SaaS platforms used by his company. While testing, he found a vulnerability that allows hackers to gain unauthorized access to API objects and perform actions such as view, update, and delete sensitive data of the company. What is the API vulnerability revealed in the above scenario?

Options:

A.

Code injections

B.

Improper use of CORS

C.

No ABAC validation

D.

Business logic flaws

Question 5

Bella, a security professional working at an it firm, finds that a security breach has occurred while transferring important files. Sensitive data, employee usernames. and passwords are shared In plaintext, paving the way for hackers 10 perform successful session hijacking. To address this situation. Bella Implemented a protocol that sends data using encryption and digital certificates. Which of the following protocols Is used by Bella?

Options:

A.

FTP

B.

HTTPS

C.

FTPS

D.

IP

Question 6

Susan has attached to her company's network. She has managed to synchronize her boss's sessions with that of the file server. She then intercepted his traffic destined for the server, changed it the way she wanted to and then placed it on the server in his home directory.

What kind of attack is Susan carrying on?

Options:

A.

A sniffing attack

B.

A spoofing attack

C.

A man in the middle attack

D.

A denial of service attack

Question 7

jane invites her friends Alice and John over for a LAN party. Alice and John access Jane's wireless network without a password. However. Jane has a long, complex password on her router. What attack has likely occurred?

Options:

A.

Wireless sniffing

B.

Piggybacking

C.

Evil twin

D.

Wardriving

Question 8

“........is an attack type for a rogue Wi-Fi access point that appears to be a legitimate one offered on the premises, but actually has been set up to eavesdrop on wireless communications. It is the wireless version of the phishing scam. An attacker fools wireless users into connecting a laptop or mobile phone to a tainted hot-spot by posing as a legitimate provider. This type of attack may be used to steal the passwords of

unsuspecting users by either snooping the communication link or by phishing, which involves setting up a fraudulent web site and luring people there.”

Fill in the blank with appropriate choice.

Options:

A.

Evil Twin Attack

B.

Sinkhole Attack

C.

Collision Attack

D.

Signal Jamming Attack

Question 9

Which of the following tools performs comprehensive tests against web servers, including dangerous files and CGIs?

Options:

A.

Nikto

B.

John the Ripper

C.

Dsniff

D.

Snort

Question 10

Ethical backer jane Doe is attempting to crack the password of the head of the it department of ABC company. She Is utilizing a rainbow table and notices upon entering a password that extra characters are added to the password after submitting. What countermeasure is the company using to protect against rainbow tables?

Options:

A.

Password key hashing

B.

Password salting

C.

Password hashing

D.

Account lockout

Question 11

Which of the following are well known password-cracking programs?

Options:

A.

L0phtcrack

B.

NetCat

C.

Jack the Ripper

D.

Netbus

E.

John the Ripper

Question 12

Fred is the network administrator for his company. Fred is testing an internal switch.

From an external IP address, Fred wants to try and trick this switch into thinking it already has established a session with his computer. How can Fred accomplish this?

Options:

A.

Fred can accomplish this by sending an IP packet with the RST/SIN bit and the source address of his computer.

B.

He can send an IP packet with the SYN bit and the source address of his computer.

C.

Fred can send an IP packet with the ACK bit set to zero and the source address of the switch.

D.

Fred can send an IP packet to the switch with the ACK bit and the source address of his machine.

Question 13

Mirai malware targets loT devices. After infiltration, it uses them to propagate and create botnets that then used to launch which types of attack?

Options:

A.

MITM attack

B.

Birthday attack

C.

DDoS attack

D.

Password attack

Question 14

How does a denial-of-service attack work?

Options:

A.

A hacker prevents a legitimate user (or group of users) from accessing a service

B.

A hacker uses every character, word, or letter he or she can think of to defeat authentication

C.

A hacker tries to decipher a password by using a system, which subsequently crashes the network

D.

A hacker attempts to imitate a legitimate user by confusing a computer or even another person

Question 15

An attacker identified that a user and an access point are both compatible with WPA2 and WPA3 encryption. The attacker installed a rogue access point with only WPA2 compatibility in the vicinity and forced the victim to go through the WPA2 four-way handshake to get connected. After the connection was established, the attacker used automated tools to crack WPA2-encrypted messages. What is the attack performed in the above scenario?

Options:

A.

Timing-based attack

B.

Side-channel attack

C.

Downgrade security attack

D.

Cache-based attack

Question 16

You have compromised a server and successfully gained a root access. You want to pivot and pass traffic undetected over the network and evade any possible Intrusion Detection System. What is the best approach?

Options:

A.

Use Alternate Data Streams to hide the outgoing packets from this server.

B.

Use HTTP so that all traffic can be routed vis a browser, thus evading the internal Intrusion Detection Systems.

C.

Install Cryptcat and encrypt outgoing packets from this server.

D.

Install and use Telnet to encrypt all outgoing traffic from this server.

Question 17

Which Intrusion Detection System is the best applicable for large environments where critical assets on the network need extra scrutiny and is ideal for observing sensitive network segments?

Options:

A.

Honeypots

B.

Firewalls

C.

Network-based intrusion detection system (NIDS)

D.

Host-based intrusion detection system (HIDS)

Question 18

What information security law or standard aims at protecting stakeholders and the general public from accounting errors and fraudulent activities within organizations?

Options:

A.

PCI-DSS

B.

FISMA

C.

SOX

D.

ISO/I EC 27001:2013

Question 19

Scenario1:

1.Victim opens the attacker's web site.

2.Attacker sets up a web site which contains interesting and attractive content like 'Do you want to make

$1000 in a day?'.

3.Victim clicks to the interesting and attractive content URL.

4.Attacker creates a transparent 'iframe' in front of the URL which victim attempts to click, so victim thinks that he/she clicks to the 'Do you want to make $1000 in a day?' URL but actually he/she clicks to the content or URL that exists in the transparent 'iframe' which is setup by the attacker.

What is the name of the attack which is mentioned in the scenario?

Options:

A.

Session Fixation

B.

HTML Injection

C.

HTTP Parameter Pollution

D.

Clickjacking Attack

Question 20

If a tester is attempting to ping a target that exists but receives no response or a response that states the destination is unreachable, ICMP may be disabled and the network may be using TCP. Which other option could the tester use to get a response from a host using TCP?

Options:

A.

Traceroute

B.

Hping

C.

TCP ping

D.

Broadcast ping

Question 21

Rebecca, a security professional, wants to authenticate employees who use web services for safe and secure communication. In this process, she employs a component of the Web Service Architecture, which is an extension of SOAP, and it can maintain the integrity and confidentiality of SOAP messages.

Which of the following components of the Web Service Architecture is used by Rebecca for securing the communication?

Options:

A.

WSDL

B.

WS Work Processes

C.

WS-Policy

D.

WS-Security

Question 22

During the enumeration phase. Lawrence performs banner grabbing to obtain information such as OS details and versions of services running. The service that he enumerated runs directly on TCP port 445.

Which of the following services is enumerated by Lawrence in this scenario?

Options:

A.

Server Message Block (SMB)

B.

Network File System (NFS)

C.

Remote procedure call (RPC)

D.

Telnet

Question 23

You have compromised a server on a network and successfully opened a shell. You aimed to identify all operating systems running on the network. However, as you attempt to fingerprint all machines in the network using the nmap syntax below, it is not going through.

invictus@victim_server.~$ nmap -T4 -O 10.10.0.0/24 TCP/IP fingerprinting (for OS scan) xxxxxxx xxxxxx xxxxxxxxx. QUITTING!

What seems to be wrong?

Options:

A.

The nmap syntax is wrong.

B.

This is a common behavior for a corrupted nmap application.

C.

The outgoing TCP/IP fingerprinting is blocked by the host firewall.

D.

OS Scan requires root privileges.

Question 24

Peter is surfing the internet looking for information about DX Company. Which hacking process is Peter doing?

Options:

A.

Scanning

B.

Footprinting

C.

Enumeration

D.

System Hacking

Question 25

To determine if a software program properly handles a wide range of invalid input, a form of automated testing can be used to randomly generate invalid input in an attempt to crash the program.

What term is commonly used when referring to this type of testing?

Options:

A.

Randomizing

B.

Bounding

C.

Mutating

D.

Fuzzing

Question 26

A penetration tester is conducting a port scan on a specific host. The tester found several ports opened that were confusing in concluding the Operating System (OS) version installed. Considering that NMAP result below, which of the following is likely to be installed on the target machine by the OS? Starting NMAP 5.21 at 2011-03-15 11:06 NMAP scan report for 172.16.40.65 Host is up (1.00s latency). Not shown: 993 closed ports PORT STATE SERVICE 21/tcp open ftp 23/tcp open telnet 80/tcp open http 139/tcp open netbios-ssn 515/tcp open 631/tcp open ipp 9100/tcp open MAC Address: 00:00:48:0D:EE:8

Options:

A.

The host is likely a Linux machine.

B.

The host is likely a printer.

C.

The host is likely a router.

D.

The host is likely a Windows machine.

Question 27

John the Ripper is a technical assessment tool used to test the weakness of which of the following?

Options:

A.

Passwords

B.

File permissions

C.

Firewall rulesets

D.

Usernames

Question 28

Attacker Simon targeted the communication network of an organization and disabled the security controls of NetNTLMvl by modifying the values of LMCompatibilityLevel, NTLMMinClientSec, and RestrictSendingNTLMTraffic. He then extracted all the non-network logon tokens from all the active processes to masquerade as a legitimate user to launch further attacks. What is the type of attack performed by Simon?

Options:

A.

Internal monologue attack

B.

Combinator attack

C.

Rainbow table attack

D.

Dictionary attack

Question 29

Which of the following is not a Bluetooth attack?

Options:

A.

Bluedriving

B.

Bluesmacking

C.

Bluejacking

D.

Bluesnarfing

Question 30

Switches maintain a CAM Table that maps individual MAC addresses on the network to physical ports on the switch.

In MAC flooding attack, a switch is fed with many Ethernet frames, each containing different source MAC addresses, by the attacker. Switches have a limited memory for mapping various MAC addresses to physical ports. What happens when the CAM table becomes full?

Options:

A.

Switch then acts as hub by broadcasting packets to all machines on the network

B.

The CAM overflow table will cause the switch to crash causing Denial of Service

C.

The switch replaces outgoing frame switch factory default MAC address of FF:FF:FF:FF:FF:FF

D.

Every packet is dropped and the switch sends out SNMP alerts to the IDS port

Question 31

What is one of the advantages of using both symmetric and asymmetric cryptography in SSL/TLS?

Options:

A.

Supporting both types of algorithms allows less-powerful devices such as mobile phones to use symmetric encryption instead.

B.

Symmetric algorithms such as AES provide a failsafe when asymmetric methods fail.

C.

Symmetric encryption allows the server to security transmit the session keys out-of-band.

D.

Asymmetric cryptography is computationally expensive in comparison. However, it is well-suited to securely negotiate keys for use with symmetric cryptography.

Question 32

Joseph was the Web site administrator for the Mason Insurance in New York, who's main Web site was located at Joseph uses his laptop computer regularly to administer the Web site. One night, Joseph received an urgent phone call from his friend, Smith. According to Smith, the main Mason Insurance web site had been vandalized! All of its normal content was removed and replaced with an attacker 's message ''Hacker Message: You are dead! Freaks!” From his office, which was directly connected to Mason Insurance's internal network, Joseph surfed to the Web site using his laptop. In his browser, the Web site looked completely intact.

No changes were apparent. Joseph called a friend of his at his home to help troubleshoot the problem. The Web site appeared defaced when his friend visited using his DSL connection. So, while Smith and his friend could see the defaced page, Joseph saw the intact Mason Insurance web site. To help make sense of this problem, Joseph decided to access the Web site using hisdial-up ISP. He disconnected his laptop from the corporate internal network and used his modem to dial up the same ISP used by Smith. After his modem connected, he quickly typed in his browser to reveal the following web page:

After seeing the defaced Web site, he disconnected his dial-up line, reconnected to the internal network, and used Secure Shell (SSH) to log in directly to the Web server. He ran Tripwire against the entire Web site, and determined that every system file and all the Web content on the server were intact. How did the attacker accomplish this hack?

Options:

A.

ARP spoofing

B.

SQL injection

C.

DNS poisoning

D.

Routing table injection

Question 33

A bank stores and processes sensitive privacy information related to home loans. However, auditing has never been enabled on the system. What is the first step that the bank should take before enabling the audit feature?

Options:

A.

Perform a vulnerability scan of the system.

B.

Determine the impact of enabling the audit feature.

C.

Perform a cost/benefit analysis of the audit feature.

D.

Allocate funds for staffing of audit log review.

Question 34

You are tasked to perform a penetration test. While you are performing information gathering, you find an employee list in Google. You find the receptionist’s email, and you send her an email changing the source email to her boss’s email (boss@company). In this email, you ask for a pdf with information. She reads your email and sends back a pdf with links. You exchange the pdf links with your malicious links (these links contain malware) and send back the modified pdf, saying that the links don’t work. She reads your email, opens the links, and her machine gets infected. You now have access to the company network. What testing method did you use?

Options:

A.

Social engineering

B.

Piggybacking

C.

Tailgating

D.

Eavesdropping

Question 35

There are multiple cloud deployment options depending on how isolated a customer's resources are from those of other customers. Shared environments share the costs and allow each customer to enjoy lower operations expenses. One solution Is for a customer to Join with a group of users or organizations to share a cloud environment. What is this cloud deployment option called?

Options:

A.

Hybrid

B.

Community

C.

Public

D.

Private

Question 36

A company’s policy requires employees to perform file transfers using protocols which encrypt traffic. You suspect some employees are still performing file transfers using unencrypted protocols because the employees do not like changes. You have positioned a network sniffer to capture traffic from the laptops used by employees in the data ingest department. Using Wireshark to examine the captured traffic, which command can be used as display filter to find unencrypted file transfers?

Options:

A.

tcp.port = = 21

B.

tcp.port = 23

C.

tcp.port = = 21 | | tcp.port = =22

D.

tcp.port ! = 21

Question 37

Which address translation scheme would allow a single public IP address to always correspond to a single machine on an internal network, allowing "server publishing"?

Options:

A.

Overloading Port Address Translation

B.

Dynamic Port Address Translation

C.

Dynamic Network Address Translation

D.

Static Network Address Translation

Question 38

What tool can crack Windows SMB passwords simply by listening to network traffic?

Options:

A.

This is not possible

B.

Netbus

C.

NTFSDOS

D.

L0phtcrack

Question 39

This TCP flag instructs the sending system to transmit all buffered data immediately.

Options:

A.

SYN

B.

RST

C.

PSH

D.

URG

E.

FIN

Question 40

Windows LAN Manager (LM) hashes are known to be weak.

Which of the following are known weaknesses of LM? (Choose three.)

Options:

A.

Converts passwords to uppercase.

B.

Hashes are sent in clear text over the network.

C.

Makes use of only 32-bit encryption.

D.

Effective length is 7 characters.

Question 41

In Trojan terminology, what is a covert channel?

Options:

A.

A channel that transfers information within a computer system or network in a way that violates the security policy

B.

A legitimate communication path within a computer system or network for transfer of data

C.

It is a kernel operation that hides boot processes and services to mask detection

D.

It is Reverse tunneling technique that uses HTTPS protocol instead of HTTP protocol to establish connections

Question 42

In the context of Windows Security, what is a 'null' user?

Options:

A.

A user that has no skills

B.

An account that has been suspended by the admin

C.

A pseudo account that has no username and password

D.

A pseudo account that was created for security administration purpose

Question 43

Null sessions are un-authenticated connections (not using a username or password.) to an NT or 2000 system. Which TCP and UDP ports must you filter to check null sessions on your network?

Options:

A.

137 and 139

B.

137 and 443

C.

139 and 443

D.

139 and 445

Question 44

This type of injection attack does not show any error message. It is difficult to exploit as it returns information when the application is given SQL payloads that elicit a true or false response from the server. By observing the response, an attacker can extract sensitive information. What type of attack is this?

Options:

A.

Time-based SQL injection

B.

Union SQL injection

C.

Error-based SQL injection

D.

Blind SQL injection

Question 45

Due to a slowdown of normal network operations, the IT department decided to monitor internet traffic for all of the employees. From a legal standpoint, what would be troublesome to take this kind of measure?

Options:

A.

All of the employees would stop normal work activities

B.

IT department would be telling employees who the boss is

C.

Not informing the employees that they are going to be monitored could be an invasion of privacy.

D.

The network could still experience traffic slow down.

Question 46

Eric, a cloud security engineer, implements a technique for securing the cloud resources used by his organization. This technique assumes by default that a user attempting to access the network is not an authentic entity and verifies every incoming connection before allowing access to the network. Using this technique, he also imposed conditions such that employees can access only the resources required for their role.

What is the technique employed by Eric to secure cloud resources?

Options:

A.

Serverless computing

B.

Demilitarized zone

C.

Container technology

D.

Zero trust network

Question 47

Alice needs to send a confidential document to her coworker. Bryan. Their company has public key infrastructure set up. Therefore. Alice both encrypts the message and digitally signs it. Alice uses_______to encrypt the message, and Bryan uses__________to confirm the digital signature.

Options:

A.

Bryan’s public key; Bryan’s public key

B.

Alice’s public key; Alice’s public key

C.

Bryan’s private key; Alice’s public key

D.

Bryan’s public key; Alice’s public key

Question 48

Based on the following extract from the log of a compromised machine, what is the hacker really trying to steal?

Options:

A.

har.txt

B.

SAM file

C.

wwwroot

D.

Repair file

Question 49

Mike, a security engineer, was recently hired by BigFox Ltd. The company recently experienced disastrous DoS attacks. The management had instructed Mike to build defensive strategies for the company's IT infrastructure to thwart DoS/DDoS attacks. Mike deployed some countermeasures to handle jamming and scrambling attacks. What is the countermeasure Mike applied to defend against jamming and scrambling attacks?

Options:

A.

Allow the usage of functions such as gets and strcpy

B.

Allow the transmission of all types of addressed packets at the ISP level

C.

Implement cognitive radios in the physical layer

D.

A Disable TCP SYN cookie protection

Question 50

What is the first step for a hacker conducting a DNS cache poisoning (DNS spoofing) attack against an organization?

Options:

A.

The attacker queries a nameserver using the DNS resolver.

B.

The attacker makes a request to the DNS resolver.

C.

The attacker forges a reply from the DNS resolver.

D.

The attacker uses TCP to poison the ONS resofver.

Question 51

How can you determine if an LM hash you extracted contains a password that is less than 8 characters long?

Options:

A.

There is no way to tell because a hash cannot be reversed

B.

The right most portion of the hash is always the same

C.

The hash always starts with AB923D

D.

The left most portion of the hash is always the same

E.

A portion of the hash will be all 0's

Question 52

What is GINA?

Options:

A.

Gateway Interface Network Application

B.

GUI Installed Network Application CLASS

C.

Global Internet National Authority (G-USA)

D.

Graphical Identification and Authentication DLL

Question 53

George is a security professional working for iTech Solutions. He was tasked with securely transferring sensitive data of the organization between industrial systems. In this process, he used a short-range communication protocol based on the IEEE 203.15.4 standard. This protocol is used in devices that transfer data infrequently at a low rate in a restricted area, within a range of 10-100 m. What is the short-range wireless communication technology George employed in the above scenario?

Options:

A.

MQTT

B.

LPWAN

C.

Zigbee

D.

NB-IoT

Question 54

An attacker with access to the inside network of a small company launches a successful STP manipulation attack. What will he do next?

Options:

A.

He will create a SPAN entry on the spoofed root bridge and redirect traffic to his computer.

B.

He will activate OSPF on the spoofed root bridge.

C.

He will repeat this action so that it escalates to a DoS attack.

D.

He will repeat the same attack against all L2 switches of the network.

Question 55

Joel, a professional hacker, targeted a company and identified the types of websites frequently visited by its employees. Using this information, he searched for possible loopholes in these websites and injected a malicious script that can redirect users from the web page and download malware onto a victim's machine. Joel waits for the victim to access the infected web application so as to compromise the victim's machine. Which of the following techniques is used by Joel in the above scenario?

Options:

A.

DNS rebinding attack

B.

Clickjacking attack

C.

MarioNet attack

D.

Watering hole attack

Question 56

Which of the following is a passive wireless packet analyzer that works on Linux-based systems?

Options:

A.

Burp Suite

B.

OpenVAS

C.

tshark

D.

Kismet

Question 57

You need a tool that can do network intrusion prevention and intrusion detection, function as a network sniffer, and record network activity, what tool would you most likely select?

Options:

A.

Nmap

B.

Cain & Abel

C.

Nessus

D.

Snort

Question 58

Heather’s company has decided to use a new customer relationship management tool. After performing the appropriate research, they decided to purchase a subscription to a cloud-hosted solution. The only administrative task that Heather will need to perform is the management of user accounts. The provider will take care of the hardware, operating system, and software administration including patching and monitoring. Which of the following is this type of solution?

Options:

A.

SaaS

B.

IaaS

C.

CaaS

D.

PasS

Question 59

An attacker decided to crack the passwords used by industrial control systems. In this process, he employed a loop strategy to recover these passwords. He used one character at a time to check whether the first character entered is correct; if so, he continued the loop for consecutive characters. If not, he terminated the loop. Furthermore, the attacker checked how much time the device took to finish one complete password authentication process, through which he deduced how many characters entered are correct.

What is the attack technique employed by the attacker to crack the passwords of the industrial control systems?

Options:

A.

Side-channel attack

B.

Denial-of-service attack

C.

HMI-based attack

D.

Buffer overflow attack

Question 60

Judy created a forum, one day. she discovers that a user is posting strange images without writing comments.

She immediately calls a security expert, who discovers that the following code is hidden behind those images:

What issue occurred for the users who clicked on the image?

Options:

A.

The code inject a new cookie to the browser.

B.

The code redirects the user to another site.

C.

The code is a virus that is attempting to gather the users username and password.

D.

This php file silently executes the code and grabs the users session cookie and session ID.

Question 61

Nedved is an IT Security Manager of a bank in his country. One day. he found out that there is a security breach to his company's email server based on analysis of a suspicious connection from the email server to an unknown IP Address.

What is the first thing that Nedved needs to do before contacting the incident response team?

Options:

A.

Leave it as it Is and contact the incident response te3m right away

B.

Block the connection to the suspicious IP Address from the firewall

C.

Disconnect the email server from the network

D.

Migrate the connection to the backup email server

Question 62

Gavin owns a white-hat firm and is performing a website security audit for one of his clients. He begins by running a scan which looks for common misconfigurations and outdated software versions. Which of the following tools is he most likely using?

Options:

A.

Nikto

B.

Nmap

C.

Metasploit

D.

Armitage

Question 63

Your organization has signed an agreement with a web hosting provider that requires you to take full responsibility of the maintenance of the cloud-based resources. Which of the following models covers this?

Options:

A.

Platform as a service

B.

Software as a service

C.

Functions as a

D.

service Infrastructure as a service

Question 64

What is the proper response for a NULL scan if the port is closed?

Options:

A.

SYN

B.

ACK

C.

FIN

D.

PSH

E.

RST

F.

No response

Question 65

The establishment of a TCP connection involves a negotiation called three-way handshake. What type of message does the client send to the server in order to begin this negotiation?

Options:

A.

ACK

B.

SYN

C.

RST

D.

SYN-ACK

Question 66

Which Metasploit Framework tool can help penetration tester for evading Anti-virus Systems?

Options:

A.

msfpayload

B.

msfcli

C.

msfd

D.

msfencode

Question 67

You are tasked to configure the DHCP server to lease the last 100 usable IP addresses in subnet to. 1.4.0/23. Which of the following IP addresses could be teased as a result of the new configuration?

Options:

A.

210.1.55.200

B.

10.1.4.254

C.

10.1.5.200

D.

10.1.4.156

Question 68

Which of the following types of SQL injection attacks extends the results returned by the original query, enabling attackers to run two or more statements if they have the same structure as the original one?

Options:

A.

Error-based injection

B.

Boolean-based blind SQL injection

C.

Blind SQL injection

D.

Union SQL injection

Question 69

A company’s security policy states that all Web browsers must automatically delete their HTTP browser cookies upon terminating. What sort of security breach is this policy attempting to mitigate?

Options:

A.

Attempts by attackers to access the user and password information stored in the company’s SQL database.

B.

Attempts by attackers to access Web sites that trust the Web browser user by stealing the user’s authentication credentials.

C.

Attempts by attackers to access password stored on the user’s computer without the user’s knowledge.

D.

Attempts by attackers to determine the user’s Web browser usage patterns, including when sites were visited and for how long.

Question 70

Stephen, an attacker, targeted the industrial control systems of an organization. He generated a fraudulent email with a malicious attachment and sent it to employees of the target organization. An employee who manages the sales software of the operational plant opened the fraudulent email and clicked on the malicious attachment. This resulted in the malicious attachment being downloaded and malware being injected into the sales software maintained in the victim's system. Further, the malware propagated itself to other networked systems, finally damaging the industrial automation components. What is the attack technique used by Stephen to damage the industrial systems?

Options:

A.

Spear-phishing attack

B.

SMishing attack

C.

Reconnaissance attack

D.

HMI-based attack

Question 71

Bob received this text message on his mobile phone: “Hello, this is Scott Smelby from the Yahoo Bank. Kindly contact me for a vital transaction on: scottsmelby@yahoo.com”. Which statement below is true?

Options:

A.

This is a scam as everybody can get a @yahoo address, not the Yahoo customer service employees.

B.

This is a scam because Bob does not know Scott.

C.

Bob should write to scottmelby@yahoo.com to verify the identity of Scott.

D.

This is probably a legitimate message as it comes from a respectable organization.

Question 72

Ralph, a professional hacker, targeted Jane, who had recently bought new systems for her company. After a few days, Ralph contacted Jane while masquerading as a legitimate customer support executive, informing that her systems need to be serviced for proper functioning and that customer support will send a computer technician. Jane promptly replied positively. Ralph entered Jane's company using this opportunity and gathered sensitive information by scanning terminals for passwords, searching for important documents in desks, and rummaging bins. What is the type of attack technique Ralph used on jane?

Options:

A.

Dumpster diving

B.

Eavesdropping

C.

Shoulder surfing

D.

impersonation

Question 73

Which among the following is the best example of the hacking concept called "clearing tracks"?

Options:

A.

After a system is breached, a hacker creates a backdoor to allow re-entry into a system.

B.

During a cyberattack, a hacker injects a rootkit into a server.

C.

An attacker gains access to a server through an exploitable vulnerability.

D.

During a cyberattack, a hacker corrupts the event logs on all machines.

Question 74

You are attempting to run an Nmap port scan on a web server. Which of the following commands would result in a scan of common ports with the least amount of noise in order to evade IDS?

Options:

A.

nmap -A - Pn

B.

nmap -sP -p-65535 -T5

C.

nmap -sT -O -T0

D.

nmap -A --host-timeout 99 -T1

Question 75

You are logged in as a local admin on a Windows 7 system and you need to launch the Computer Management Console from command line.

Which command would you use?

Options:

A.

c:\compmgmt.msc

B.

c:\services.msc

C.

c:\ncpa.cp

D.

c:\gpedit

Question 76

Password cracking programs reverse the hashing process to recover passwords. (True/False.)

Options:

A.

True

B.

False

Question 77

You just set up a security system in your network. In what kind of system would you find the following string of characters used as a rule within its configuration? alert tcp any any -> 192.168.100.0/24 21 (msg: ““FTP on the network!””;)

Options:

A.

A firewall IPTable

B.

FTP Server rule

C.

A Router IPTable

D.

An Intrusion Detection System

Question 78

Emily, an extrovert obsessed with social media, posts a large amount of private information, photographs, and location tags of recently visited places. Realizing this. James, a professional hacker, targets Emily and her acquaintances, conducts a location search to detect their geolocation by using an automated tool, and gathers information to perform other sophisticated attacks. What is the tool employed by James in the above scenario?

Options:

A.

ophcrack

B.

Hootsuite

C.

VisualRoute

D.

HULK

Question 79

Which type of sniffing technique is generally referred as MiTM attack?

Options:

A.

Password Sniffing

B.

ARP Poisoning

C.

Mac Flooding

D.

DHCP Sniffing

Page: 1 / 53
Total 528 questions