Special Limited Time 65% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: suredis

ECCouncil 312-50v11 Certified Ethical Hacker Exam - C|EH v11 Exam Practice Test

Page: 1 / 53
Total 528 questions

Certified Ethical Hacker Exam - C|EH v11 Questions and Answers

Testing Engine

  • Product Type: Testing Engine
$40.25  $114.99

PDF Study Guide

  • Product Type: PDF Study Guide
$35  $99.99
Question 1

What would be the purpose of running "wget 192.168.0.15 -q -S" against a web server?

Options:

A.

Performing content enumeration on the web server to discover hidden folders

B.

Using wget to perform banner grabbing on the webserver

C.

Flooding the web server with requests to perform a DoS attack

D.

Downloading all the contents of the web page locally for further examination

Question 2

Elliot is in the process of exploiting a web application that uses SQL as a back-end database. He’s determined that the application is vulnerable to SQL injection, and has introduced conditional timing delays into injected queries to determine whether they are successful. What type of SQL injection is Elliot most likely performing?

Options:

A.

Error-based SQL injection

B.

Blind SQL injection

C.

Union-based SQL injection

D.

NoSQL injection

Question 3

Stephen, an attacker, targeted the industrial control systems of an organization. He generated a fraudulent email with a malicious attachment and sent it to employees of the target organization. An employee who manages the sales software of the operational plant opened the fraudulent email and clicked on the malicious attachment. This resulted in the malicious attachment being downloaded and malware being injected into the sales software maintained in the victim's system. Further, the malware propagated itself to other networked systems, finally damaging the industrial automation components. What is the attack technique used by Stephen to damage the industrial systems?

Options:

A.

Spear-phishing attack

B.

SMishing attack

C.

Reconnaissance attack

D.

HMI-based attack

Question 4

Which file is a rich target to discover the structure of a website during web-server footprinting?

Options:

A.

Document root

B.

Robots.txt

C.

domain.txt

D.

index.html

Question 5

env x=’(){ :;};echo exploit’ bash –c ‘cat/etc/passwd’

What is the Shellshock bash vulnerability attempting to do on a vulnerable Linux host?

Options:

A.

Removes the passwd file

B.

Changes all passwords in passwd

C.

Add new user to the passwd file

D.

Display passwd content to prompt

Question 6

Which type of security feature stops vehicles from crashing through the doors of a building?

Options:

A.

Bollards

B.

Receptionist

C.

Mantrap

D.

Turnstile

Question 7

An attacker identified that a user and an access point are both compatible with WPA2 and WPA3 encryption. The attacker installed a rogue access point with only WPA2 compatibility in the vicinity and forced the victim to go through the WPA2 four-way handshake to get connected. After the connection was established, the attacker used automated tools to crack WPA2-encrypted messages. What is the attack performed in the above scenario?

Options:

A.

Timing-based attack

B.

Side-channel attack

C.

Downgrade security attack

D.

Cache-based attack

Question 8

Morris, an attacker, wanted to check whether the target AP is in a locked state. He attempted using different utilities to identify WPS-enabled APs in the target wireless network. Ultimately, he succeeded with one special command-line utility. Which of the following command-line utilities allowed Morris to discover the WPS-enabled APs?

Options:

A.

wash

B.

ntptrace

C.

macof

D.

net View

Question 9

Why should the security analyst disable/remove unnecessary ISAPI filters?

Options:

A.

To defend against social engineering attacks

B.

To defend against webserver attacks

C.

To defend against jailbreaking

D.

To defend against wireless attacks

Question 10

PGP, SSL, and IKE are all examples of which type of cryptography?

Options:

A.

Digest

B.

Secret Key

C.

Public Key

D.

Hash Algorithm

Question 11

Jane is working as a security professional at CyberSol Inc. She was tasked with ensuring the authentication and integrity of messages being transmitted in the corporate network. To encrypt the messages, she implemented a security model in which every user in the network maintains a ring of public keys. In this model, a user needs to encrypt a message using the receiver's public key, and only the receiver can decrypt the message using their private key. What is the security model implemented by Jane to secure corporate messages?

Options:

A.

Zero trust network

B.

Transport Layer Security (TLS)

C.

Secure Socket Layer (SSL)

D.

Web of trust (WOT)

Question 12

Which of the following tools performs comprehensive tests against web servers, including dangerous files and CGIs?

Options:

A.

Nikto

B.

John the Ripper

C.

Dsniff

D.

Snort

Question 13

Attempting an injection attack on a web server based on responses to True/False QUESTION NO:s is called which of the following?

Options:

A.

Compound SQLi

B.

Blind SQLi

C.

Classic SQLi

D.

DMS-specific SQLi

Question 14

Which of the following is assured by the use of a hash?

Options:

A.

Authentication

B.

Confidentiality

C.

Availability

D.

Integrity

Question 15

which of the following protocols can be used to secure an LDAP service against anonymous queries?

Options:

A.

SSO

B.

RADIUS

C.

WPA

D.

NTLM

Question 16

What two conditions must a digital signature meet?

Options:

A.

Has to be the same number of characters as a physical signature and must be unique.

B.

Has to be unforgeable, and has to be authentic.

C.

Must be unique and have special characters.

D.

Has to be legible and neat.

Question 17

Which of the following is the structure designed to verify and authenticate the identity of individuals within the enterprise taking part in a data exchange?

Options:

A.

SOA

B.

biometrics

C.

single sign on

D.

PKI

Question 18

This type of injection attack does not show any error message. It is difficult to exploit as it returns information when the application is given SQL payloads that elicit a true or false response from the server. By observing the response, an attacker can extract sensitive information. What type of attack is this?

Options:

A.

Time-based SQL injection

B.

Union SQL injection

C.

Error-based SQL injection

D.

Blind SQL injection

Question 19

Clark is a professional hacker. He created and configured multiple domains pointing to the same host to switch quickly between the domains and avoid detection.

Identify the behavior of the adversary In the above scenario.

Options:

A.

use of command-line interface

B.

Data staging

C.

Unspecified proxy activities

D.

Use of DNS tunneling

Question 20

You are the Network Admin, and you get a complaint that some of the websites are no longer accessible. You try to ping the servers and find them to be reachable. Then you type the IP address and then you try on the browser, and find it to be accessible. But they are not accessible when you try using the URL.

What may be the problem?

Options:

A.

Traffic is Blocked on UDP Port 53

B.

Traffic is Blocked on TCP Port 80

C.

Traffic is Blocked on TCP Port 54

D.

Traffic is Blocked on UDP Port 80

Question 21

What is a “Collision attack” in cryptography?

Options:

A.

Collision attacks try to get the public key

B.

Collision attacks try to break the hash into three parts to get the plaintext value

C.

Collision attacks try to break the hash into two parts, with the same bytes in each part to get the private key

D.

Collision attacks try to find two inputs producing the same hash

Question 22

Jude, a pen tester, examined a network from a hacker's perspective to identify exploits and vulnerabilities accessible to the outside world by using devices such as firewalls, routers, and servers. In this process, he also estimated the threat of network security attacks and determined the level of security of the corporate network.

What is the type of vulnerability assessment that Jude performed on the organization?

Options:

A.

External assessment

B.

Passive assessment

C.

Host-based assessment

D.

Application assessment

Question 23

Which of the following Metasploit post-exploitation modules can be used to escalate privileges on Windows systems?

Options:

A.

getsystem

B.

getuid

C.

keylogrecorder

D.

autoroute

Question 24

You are using a public Wi-Fi network inside a coffee shop. Before surfing the web, you use your VPN to prevent intruders from sniffing your traffic. If you did not have a VPN, how would you identify whether someone is performing an ARP spoofing attack on your laptop?

Options:

A.

You should check your ARP table and see if there is one IP address with two different MAC addresses.

B.

You should scan the network using Nmap to check the MAC addresses of all the hosts and look for duplicates.

C.

You should use netstat to check for any suspicious connections with another IP address within the LAN.

D.

You cannot identify such an attack and must use a VPN to protect your traffic, r

Question 25

Fingerprinting an Operating System helps a cracker because:

Options:

A.

It defines exactly what software you have installed

B.

It opens a security-delayed window based on the port being scanned

C.

It doesn't depend on the patches that have been applied to fix existing security holes

D.

It informs the cracker of which vulnerabilities he may be able to exploit on your system

Question 26

A group of hackers were roaming around a bank office building in a city, driving a luxury car. They were using hacking tools on their laptop with the intention to find a free-access wireless network. What is this hacking process known as?

Options:

A.

GPS mapping

B.

Spectrum analysis

C.

Wardriving

D.

Wireless sniffing

Question 27

Which Metasploit Framework tool can help penetration tester for evading Anti-virus Systems?

Options:

A.

msfpayload

B.

msfcli

C.

msfd

D.

msfencode

Question 28

Ralph, a professional hacker, targeted Jane, who had recently bought new systems for her company. After a few days, Ralph contacted Jane while masquerading as a legitimate customer support executive, informing that her systems need to be serviced for proper functioning and that customer support will send a computer technician. Jane promptly replied positively. Ralph entered Jane's company using this opportunity and gathered sensitive information by scanning terminals for passwords, searching for important documents in desks, and rummaging bins. What is the type of attack technique Ralph used on jane?

Options:

A.

Dumpster diving

B.

Eavesdropping

C.

Shoulder surfing

D.

impersonation

Question 29

which type of virus can change its own code and then cipher itself multiple times as it replicates?

Options:

A.

Stealth virus

B.

Tunneling virus

C.

Cavity virus

D.

Encryption virus

Question 30

Your company was hired by a small healthcare provider to perform a technical assessment on the network.

What is the best approach for discovering vulnerabilities on a Windows-based computer?

Options:

A.

Use the built-in Windows Update tool

B.

Use a scan tool like Nessus

C.

Check MITRE.org for the latest list of CVE findings

D.

Create a disk image of a clean Windows installation

Question 31

Which of the following allows attackers to draw a map or outline the target organization's network infrastructure to know about the actual environment that they are going to hack.

Options:

A.

Enumeration

B.

Vulnerability analysis

C.

Malware analysis

D.

Scanning networks

Question 32

A friend of yours tells you that he downloaded and executed a file that was sent to him by a coworker. Since the file did nothing when executed, he asks you for help because he suspects that he may have installed a trojan on his computer.

what tests would you perform to determine whether his computer Is Infected?

Options:

A.

Use ExifTool and check for malicious content.

B.

You do not check; rather, you immediately restore a previous snapshot of the operating system.

C.

Upload the file to VirusTotal.

D.

Use netstat and check for outgoing connections to strange IP addresses or domains.

Question 33

Stella, a professional hacker, performs an attack on web services by exploiting a vulnerability that provides additional routing information in the SOAP header to support asynchronous communication. This further allows the transmission of web-service requests and response messages using different TCP connections. Which of the following attack techniques is used by Stella to compromise the web services?

Options:

A.

XML injection

B.

WS-Address spoofing

C.

SOAPAction spoofing

D.

Web services parsing attacks

Question 34

Bob was recently hired by a medical company after it experienced a major cyber security breach. Many patients are complaining that their personal medical records are fully exposed on the Internet and someone can find them with a simple Google search. Bob's boss is very worried because of regulations that protect those data. Which of the following regulations is mostly violated?

Options:

A.

HIPPA/PHl

B.

Pll

C.

PCIDSS

D.

ISO 2002

Question 35

A network admin contacts you. He is concerned that ARP spoofing or poisoning might occur on his network. What are some things he can do to prevent it? Select the best answers.

Options:

A.

Use port security on his switches.

B.

Use a tool like ARPwatch to monitor for strange ARP activity.

C.

Use a firewall between all LAN segments.

D.

If you have a small network, use static ARP entries.

E.

Use only static IP addresses on all PC's.

Question 36

What does the following command in netcat do?

nc -l -u -p55555 < /etc/passwd

Options:

A.

logs the incoming connections to /etc/passwd file

B.

loads the /etc/passwd file to the UDP port 55555

C.

grabs the /etc/passwd file when connected to UDP port 55555

D.

deletes the /etc/passwd file when connected to the UDP port 55555

Question 37

Susan, a software developer, wants her web API to update other applications with the latest information. For this purpose, she uses a user-defined HTTP tailback or push APIs that are raised based on trigger events: when invoked, this feature supplies data to other applications so that users can instantly receive real-time Information.

Which of the following techniques is employed by Susan?

Options:

A.

web shells

B.

Webhooks

C.

REST API

D.

SOAP API

Question 38

Samuel a security administrator, is assessing the configuration of a web server. He noticed that the server permits SSlv2 connections, and the same private key certificate is used on a different server that allows SSLv2 connections. This vulnerability makes the web server vulnerable to attacks as the SSLv2 server can leak key information.

Which of the following attacks can be performed by exploiting the above vulnerability?

Options:

A.

DROWN attack

B.

Padding oracle attack

C.

Side-channel attack

D.

DUHK attack

Question 39

You are working as a Security Analyst in a company XYZ that owns the whole subnet range of 23.0.0.0/8 and 192.168.0.0/8.

While monitoring the data, you find a high number of outbound connections. You see that IP’s owned by XYZ (Internal) and private IP’s are communicating to a Single Public IP. Therefore, the Internal IP’s are sending data to the Public IP.

After further analysis, you find out that this Public IP is a blacklisted IP, and the internal communicating devices are compromised.

What kind of attack does the above scenario depict?

Options:

A.

Botnet Attack

B.

Spear Phishing Attack

C.

Advanced Persistent Threats

D.

Rootkit Attack

Question 40

Which tier in the N-tier application architecture is responsible for moving and processing data between the tiers?

Options:

A.

Presentation tier

B.

Application Layer

C.

Logic tier

D.

Data tier

Question 41

Switches maintain a CAM Table that maps individual MAC addresses on the network to physical ports on the switch.

In MAC flooding attack, a switch is fed with many Ethernet frames, each containing different source MAC addresses, by the attacker. Switches have a limited memory for mapping various MAC addresses to physical ports. What happens when the CAM table becomes full?

Options:

A.

Switch then acts as hub by broadcasting packets to all machines on the network

B.

The CAM overflow table will cause the switch to crash causing Denial of Service

C.

The switch replaces outgoing frame switch factory default MAC address of FF:FF:FF:FF:FF:FF

D.

Every packet is dropped and the switch sends out SNMP alerts to the IDS port

Question 42

Attacker Rony Installed a rogue access point within an organization's perimeter and attempted to Intrude into its internal network. Johnson, a security auditor, identified some unusual traffic in the internal network that is aimed at cracking the authentication mechanism. He immediately turned off the targeted network and tested for any weak and outdated security mechanisms that are open to attack. What is the type of vulnerability assessment performed by Johnson in the above scenario?

Options:

A.

Distributed assessment

B.

Wireless network assessment

C.

Most-based assessment

D.

Application assessment

Question 43

Upon establishing his new startup, Tom hired a cloud service provider (CSP) but was dissatisfied with their service and wanted to move to another CSP.

What part of the contract might prevent him from doing so?

Options:

A.

Virtualization

B.

Lock-in

C.

Lock-down

D.

Lock-up

Question 44

What is the known plaintext attack used against DES which gives the result that encrypting plaintext with one DES key followed by encrypting it with a second DES key is no more secure than using a single key?

Options:

A.

Man-in-the-middle attack

B.

Meet-in-the-middle attack

C.

Replay attack

D.

Traffic analysis attack

Question 45

Which rootkit is characterized by its function of adding code and/or replacing some of the operating-system kernel code to obscure a backdoor on a system?

Options:

A.

User-mode rootkit

B.

Library-level rootkit

C.

Kernel-level rootkit

D.

Hypervisor-level rootkit

Question 46

Attacker Steve targeted an organization's network with the aim of redirecting the company's web traffic to another malicious website. To achieve this goal, Steve performed DNS cache poisoning by exploiting the vulnerabilities In the DNS server software and modified the original IP address of the target website to that of a fake website. What is the technique employed by Steve to gather information for identity theft?

Options:

A.

Pretexting

B.

Pharming

C.

Wardriving

D.

Skimming

Question 47

An attacker decided to crack the passwords used by industrial control systems. In this process, he employed a loop strategy to recover these passwords. He used one character at a time to check whether the first character entered is correct; if so, he continued the loop for consecutive characters. If not, he terminated the loop. Furthermore, the attacker checked how much time the device took to finish one complete password authentication process, through which he deduced how many characters entered are correct.

What is the attack technique employed by the attacker to crack the passwords of the industrial control systems?

Options:

A.

Side-channel attack

B.

Denial-of-service attack

C.

HMI-based attack

D.

Buffer overflow attack

Question 48

Leverox Solutions hired Arnold, a security professional, for the threat intelligence process. Arnold collected information about specific threats against the organization. From this information, he retrieved contextual information about security events and incidents that helped him disclose potential risks and gain insight into attacker methodologies. He collected the information from sources such as humans, social media, and chat rooms as well as from events that resulted in cyberattacks. In this process, he also prepared a report that includes identified malicious activities, recommended courses of action, and warnings for emerging attacks. What is the type of threat intelligence collected by Arnold in the above scenario?

Options:

A.

Strategic threat intelligence

B.

Tactical threat intelligence

C.

Operational threat intelligence

D.

Technical threat intelligence

Question 49

Hackers often raise the trust level of a phishing message by modeling the email to look similar to the internal email used by the target company. This includes using logos, formatting, and names of the target company. The phishing message will often use the name of the company CEO, President, or Managers. The time a hacker spends performing research to locate this information about a company is known as?

Options:

A.

Exploration

B.

Investigation

C.

Reconnaissance

D.

Enumeration

Question 50

While browsing his Facebook teed, Matt sees a picture one of his friends posted with the caption. "Learn more about your friends!", as well as a number of personal questions. Matt is suspicious and texts his friend, who confirms that he did indeed post it. With assurance that the post is legitimate. Matt responds to the questions on the post, a few days later. Mates bank account has been accessed, and the password has been changed. What most likely happened?

Options:

A.

Matt inadvertently provided the answers to his security questions when responding to the post.

B.

Matt's bank-account login information was brute forced.

C.

Matt Inadvertently provided his password when responding to the post.

D.

Matt's computer was infected with a keylogger.

Question 51

What is the algorithm used by LM for Windows2000 SAM?

Options:

A.

MD4

B.

DES

C.

SHA

D.

SSL

Question 52

A technician is resolving an issue where a computer is unable to connect to the Internet using a wireless access point. The computer is able to transfer files locally to other machines, but cannot successfully reach the Internet. When the technician examines the IP address and default gateway they are both on the 192.168.1.0/24. Which of the following has occurred?

Options:

A.

The computer is not using a private IP address.

B.

The gateway is not routing to a public IP address.

C.

The gateway and the computer are not on the same network.

D.

The computer is using an invalid IP address.

Question 53

A network administrator discovers several unknown files in the root directory of his Linux FTP server. One of the files is a tarball, two are shell script files, and the third is a binary file is named "nc." The FTP server's access logs show that the anonymous user account logged in to the server, uploaded the files, and extracted the contents of the tarball and ran the script using a function provided by the FTP server's software. The “ps” command shows that the “nc” file is running as process, and the netstat command shows the “nc” process is listening on a network port.

What kind of vulnerability must be present to make this remote attack possible?

Options:

A.

File system permissions

B.

Privilege escalation

C.

Directory traversal

D.

Brute force login

Question 54

To create a botnet. the attacker can use several techniques to scan vulnerable machines. The attacker first collects Information about a large number of vulnerable machines to create a list. Subsequently, they infect the machines. The list Is divided by assigning half of the list to the newly compromised machines. The scanning process runs simultaneously. This technique ensures the spreading and installation of malicious code in little time.

Which technique is discussed here?

Options:

A.

Hit-list-scanning technique

B.

Topological scanning technique

C.

Subnet scanning technique

D.

Permutation scanning technique

Question 55

Which method of password cracking takes the most time and effort?

Options:

A.

Dictionary attack

B.

Shoulder surfing

C.

Rainbow tables

D.

Brute force

Question 56

Identify the correct terminology that defines the above statement.

Options:

A.

Vulnerability Scanning

B.

Penetration Testing

C.

Security Policy Implementation

D.

Designing Network Security

Question 57

As a securing consultant, what are some of the things you would recommend to a company to ensure DNS security?

Options:

A.

Use the same machines for DNS and other applications

B.

Harden DNS servers

C.

Use split-horizon operation for DNS servers

D.

Restrict Zone transfers

E.

Have subnet diversity between DNS servers

Question 58

The “Gray-box testing” methodology enforces what kind of restriction?

Options:

A.

Only the external operation of a system is accessible to the tester.

B.

The internal operation of a system in only partly accessible to the tester.

C.

Only the internal operation of a system is known to the tester.

D.

The internal operation of a system is completely known to the tester.

Question 59

#!/usr/bin/python import socket buffer=[““A””] counter=50 while len(buffer)<=100: buffer.append (““A””*counter)

counter=counter+50 commands= [““HELP””,““STATS .””,““RTIME .””,““LTIME. ””,““SRUN .”’,““TRUN .””,““GMON

.””,““GDOG .””,““KSTET .”,““GTER .””,““HTER .””, ““LTER .”,““KSTAN .””] for command in commands: for

buffstring in buffer: print ““Exploiting”” +command +““:””+str(len(buffstring)) s=socket.socket(socket.AF_INET,

socket.SOCK_STREAM) s.connect((‘127.0.0.1’, 9999)) s.recv(50) s.send(command+buffstring) s.close()

What is the code written for?

Options:

A.

Denial-of-service (DOS)

B.

Buffer Overflow

C.

Bruteforce

D.

Encryption

Question 60

Attacker Lauren has gained the credentials of an organization's internal server system, and she was often logging in during irregular times to monitor the network activities. The organization was skeptical about the login times and appointed security professional Robert to determine the issue. Robert analyzed the compromised device to find incident details such as the type of attack, its severity, target, impact, method of propagation, and vulnerabilities exploited. What is the incident handling and response (IH&R) phase, in which Robert has determined these issues?

Options:

A.

Preparation

B.

Eradication

C.

Incident recording and assignment

D.

Incident triage

Question 61

Your organization has signed an agreement with a web hosting provider that requires you to take full responsibility of the maintenance of the cloud-based resources. Which of the following models covers this?

Options:

A.

Platform as a service

B.

Software as a service

C.

Functions as a

D.

service Infrastructure as a service

Question 62

Cross-site request forgery involves:

Options:

A.

A request sent by a malicious user from a browser to a server

B.

Modification of a request by a proxy between client and server

C.

A browser making a request to a server without the user’s knowledge

D.

A server making a request to another server without the user’s knowledge

Question 63

Bobby, an attacker, targeted a user and decided to hijack and intercept all their wireless communications. He installed a fake communication tower between two authentic endpoints to mislead the victim. Bobby used this virtual tower to interrupt the data transmission between the user and real tower, attempting to hijack an active session, upon receiving the users request. Bobby manipulated the traffic with the virtual tower and redirected the victim to a malicious website. What is the attack performed by Bobby in the above scenario?

Options:

A.

Wardriving

B.

KRACK attack

C.

jamming signal attack

D.

aLTEr attack

Question 64

Henry is a penetration tester who works for XYZ organization. While performing enumeration on a client organization, he queries the DNS server for a specific cached DNS record. Further, by using this cached record, he determines the sites recently visited by the organization's user. What is the enumeration technique used by Henry on the organization?

Options:

A.

DNS zone walking

B.

DNS cache snooping

C.

DNS SEC zone walking

D.

DNS cache poisoning

Question 65

What useful information is gathered during a successful Simple Mail Transfer Protocol (SMTP) enumeration?

Options:

A.

The two internal commands VRFY and EXPN provide a confirmation of valid users, email addresses, aliases, and mailing lists.

B.

Reveals the daily outgoing message limits before mailboxes are locked

C.

The internal command RCPT provides a list of ports open to message traffic.

D.

A list of all mail proxy server addresses used by the targeted host

Question 66

Abel, a cloud architect, uses container technology to deploy applications/software including all its dependencies, such as libraries and configuration files, binaries, and other resources that run independently from other processes in the cloud environment. For the containerization of applications, he follows the five-tier container technology architecture. Currently. Abel is verifying and validating image contents, signing images, and sending them to the registries. Which of the following tiers of the container technology architecture Is Abel currently working in?

Options:

A.

Tier-1: Developer machines

B.

Tier-4: Orchestrators

C.

Tier-3: Registries

D.

Tier-2: Testing and accreditation systems

Question 67

Sam is working as a system administrator In an organization. He captured the principal characteristics of a vulnerability and produced a numerical score to reflect Its severity using CVSS v3.0 to property assess and prioritize the organization's vulnerability management processes. The base score that Sam obtained after performing cvss rating was 4.0. What is the CVSS severity level of the vulnerability discovered by Sam in the above scenario?

Options:

A.

Medium

B.

Low

C.

Critical

D.

High

Question 68

Nathan is testing some of his network devices. Nathan is using Macof to try and flood the ARP cache of these switches.

If these switches' ARP cache is successfully flooded, what will be the result?

Options:

A.

The switches will drop into hub mode if the ARP cache is successfully flooded.

B.

If the ARP cache is flooded, the switches will drop into pix mode making it less susceptible to attacks.

C.

Depending on the switch manufacturer, the device will either delete every entry in its ARP cache or reroute packets to the nearest switch.

D.

The switches will route all traffic to the broadcast address created collisions.

Question 69

You have been authorized to perform a penetration test against a website. You want to use Google dorks to footprint the site but only want results that show file extensions. What Google dork operator would you use?

Options:

A.

filetype

B.

ext

C.

inurl

D.

site

Question 70

in an attempt to increase the security of your network, you Implement a solution that will help keep your wireless network undiscoverable and accessible only to those that know It. How do you accomplish this?

Options:

A.

Delete the wireless network

B.

Remove all passwords

C.

Lock all users

D.

Disable SSID broadcasting

Question 71

Which of the following is not a Bluetooth attack?

Options:

A.

Bluedriving

B.

Bluesmacking

C.

Bluejacking

D.

Bluesnarfing

Question 72

Jack, a disgruntled ex-employee of Incalsol Ltd., decided to inject fileless malware into Incalsol's systems. To deliver the malware, he used the current employees' email IDs to send fraudulent emails embedded with malicious links that seem to be legitimate. When a victim employee clicks on the link, they are directed to a fraudulent website that automatically loads Flash and triggers the exploit. What is the technique used byjack to launch the fileless malware on the target systems?

Options:

A.

In-memory exploits

B.

Phishing

C.

Legitimate applications

D.

Script-based injection

Question 73

Nicolas just found a vulnerability on a public-facing system that is considered a zero-day vulnerability. He sent an email to the owner of the public system describing the problem and how the owner can protect themselves from that vulnerability. He also sent an email to Microsoft informing them of the problem that their systems are exposed to. What type of hacker is Nicolas?

Options:

A.

Red hat

B.

white hat

C.

Black hat

D.

Gray hat

Question 74

Todd has been asked by the security officer to purchase a counter-based authentication system. Which of the following best describes this type of system?

Options:

A.

A biometric system that bases authentication decisions on behavioral attributes.

B.

A biometric system that bases authentication decisions on physical attributes.

C.

An authentication system that creates one-time passwords that are encrypted with secret keys.

D.

An authentication system that uses passphrases that are converted into virtual passwords.

Question 75

_________ is a tool that can hide processes from the process list, can hide files, registry entries, and intercept keystrokes.

Options:

A.

Trojan

B.

RootKit

C.

DoS tool

D.

Scanner

E.

Backdoor

Question 76

Which Nmap option would you use if you were not concerned about being detected and wanted to perform a very fast scan?

Options:

A.

-T5

B.

-O

C.

-T0

D.

-A

Question 77

CyberTech Inc. recently experienced SQL injection attacks on its official website. The company appointed Bob, a security professional, to build and incorporate defensive strategies against such attacks. Bob adopted a practice whereby only a list of entities such as the data type, range, size, and value, which have been approved for secured access, is accepted. What is the defensive technique employed by Bob in the above scenario?

Options:

A.

Output encoding

B.

Enforce least privileges

C.

Whitelist validation

D.

Blacklist validation

Question 78

Suppose your company has just passed a security risk assessment exercise. The results display that the risk of the breach in the main company application is 50%. Security staff has taken some measures and

implemented the necessary controls. After that, another security risk assessment was performed showing that risk has decreased to 10%. The risk threshold for the application is 20%. Which of the following risk decisions will be the best for the project in terms of its successful continuation with the most business profit?

Options:

A.

Accept the risk

B.

Introduce more controls to bring risk to 0%

C.

Mitigate the risk

D.

Avoid the risk

Question 79

Steve, an attacker, created a fake profile on a social media website and sent a request to Stella. Stella was enthralled by Steve's profile picture and the description given for his profile, and she initiated a conversation with him soon after accepting the request. After a few days. Sieve started asking about her company details and eventually gathered all the essential information regarding her company. What is the social engineering technique Steve employed in the above scenario?

Options:

A.

Diversion theft

B.

Baiting

C.

Honey trap

D.

Piggybacking

Page: 1 / 53
Total 528 questions