Summer Special Flat 65% Limited Time Discount offer - Ends in 0d 00h 00m 00s - Coupon code: netdisc

ECCouncil 312-50v13 Certified Ethical Hacker Exam (CEHv13) Exam Practice Test

Page: 1 / 57
Total 572 questions

Certified Ethical Hacker Exam (CEHv13) Questions and Answers

Testing Engine

  • Product Type: Testing Engine
$43.75  $124.99

PDF Study Guide

  • Product Type: PDF Study Guide
$38.5  $109.99
Question 1

Your company, Encryptor Corp, is developing a new application that will handle highly sensitive user information. As a cybersecurity specialist, you want to ensure this data is securely stored. The development team proposes a method where data is hashed and then encrypted before storage. However, you want an added layer of security to verify the integrity of the data upon retrieval. Which of the following cryptographic concepts should you propose to the team?

Options:

A.

Implement a block cipher mode of operation.

B.

a digital signature mechanism.

C.

Suggest using salt with hashing.

D.

Switch to elliptic curve cryptography.

Question 2

which of the following information security controls creates an appealing isolated environment for hackers to prevent them from compromising critical targets while simultaneously gathering information about the hacker?

Options:

A.

intrusion detection system

B.

Honeypot

C.

BotnetD Firewall

Question 3

Josh has finished scanning a network and has discovered multiple vulnerable services. He knows that several of these usually have protections against external sources but are frequently susceptible to internal users. He decides to draft an email, spoof the sender as the internal IT team, and attach a malicious file disguised as a financial spreadsheet. Before Josh sends the email, he decides to investigate other methods of getting the file onto the system. For this particular attempt, what was the last stage of the cyber kill chain that Josh performed?

Options:

A.

Exploitation

B.

Weaponization

C.

Delivery

D.

Reconnaissance

Question 4

Password cracking programs reverse the hashing process to recover passwords. (True/False.)

Options:

A.

True

B.

False

Question 5

You are the chief security officer at AlphaTech, a tech company that specializes in data storage solutions. Your company is developing a new cloud storage platform where users can store their personal files. To ensure data security, the development team is proposing to use symmetric encryption for data at rest. However, they are unsure of how to securely manage and distribute the symmetric keys to users. Which of the following strategies

would you recommend to them?

Options:

A.

Use hash functions to distribute the keys.

B.

implement the Diffie-Hellman protocol for secure key exchange.

C.

Use HTTPS protocol for secure key transfer.

D.

Use digital signatures to encrypt the symmetric keys.

Question 6

Steve, an attacker, created a fake profile on a social media website and sent a request to Stella. Stella was enthralled by Steve's profile picture and the description given for his profile, and she initiated a conversation with him soon after accepting the request. After a few days. Sieve started asking about her company details and eventually gathered all the essential information regarding her company. What is the social engineering technique Steve employed in the above scenario?

Options:

A.

Diversion theft

B.

Baiting

C.

Honey trap

D.

Piggybacking

Question 7

Miley, a professional hacker, decided to attack a target organization's network. To perform the attack, she used a tool to send fake ARP messages over the target network to link her MAC address with the target system's IP address. By performing this, Miley received messages directed to the victim's MAC address and further used the tool to intercept, steal, modify, and block sensitive communication to the target system.

What is the tool employed by Miley to perform the above attack?

Options:

A.

Gobbler

B.

KDerpNSpoof

C.

BetterCAP

D.

Wireshark

Question 8

You went to great lengths to install all the necessary technologies to prevent hacking attacks, such as expensive firewalls, antivirus software, anti-spam systems, and intrusion detection/prevention tools in your company's network. You are confident that hackers will never be able to gain access. Your peer, Peter Smith, disagrees and says the presence of a “weakest link” still exposes the network.

What is Peter Smith talking about?

Options:

A.

Untrained staff or ignorant computer users who inadvertently become the weakest link in your security chain

B.

"Zero-day" exploits are the weakest link in the security chain since IDS will not be able to detect these attacks

C.

"Polymorphic viruses" are the weakest link in the security chain since antivirus scanners will not be able to detect these attacks

D.

Continuous spam emails cannot be blocked by your security system since spammers use different techniques to bypass filters

Question 9

You want to do an ICMP scan on a remote computer using hping2. What is the proper syntax?

Options:

A.

hping2 host.domain.com

B.

hping2 --set-ICMP host.domain.com

C.

hping2 -i host.domain.com

D.

hping2 -1 host.domain.com

Question 10

Which among the following is the best example of the third step (delivery) in the cyber kill chain?

Options:

A.

An intruder sends a malicious attachment via email to a target.

B.

An intruder creates malware to be used as a malicious attachment to an email.

C.

An intruder's malware is triggered when a target opens a malicious email attachment.

D.

An intruder's malware is installed on a target's machine.

Question 11

As a budding cybersecurity enthusiast, you have set up a small lab at home to learn more about wireless

network security. While experimenting with your home Wi-Fi network, you decide to use a well-known

hacking tool to capture network traffic and attempt to crack the Wi-Fi password. However, despite many

attempts, you have been unsuccessful. Your home Wi-Fi network uses WPA2 Personal with AES encryption.

Why are you finding it difficult to crack the Wi-Fi password?

Options:

A.

The Wi-Fi password is too complex and long

B.

Your hacking tool is outdated

C.

The network is using an uncrackable encryption method

D.

The network is using MAC address filtering.

Question 12

A computer science student needs to fill some information into a secured Adobe PDF job application that was received from a prospective employer. Instead of requesting a new document that allowed the forms to be completed, the student decides to write a script that pulls passwords from a list of commonly used passwords to try against the secured PDF until the correct password is found or the list is exhausted.

Which cryptography attack is the student attempting?

Options:

A.

Man-in-the-middle attack

B.

Brute-force attack

C.

Dictionary attack

D.

Session hijacking

Question 13

Samuel, a professional hacker, monitored and Intercepted already established traffic between Bob and a host machine to predict Bob's ISN. Using this ISN, Samuel sent spoofed packets with Bob's IP address to the host machine. The host machine responded with <| packet having an Incremented ISN. Consequently. Bob's connection got hung, and Samuel was able to communicate with the host machine on behalf of Bob. What is the type of attack performed by Samuel in the above scenario?

Options:

A.

UDP hijacking

B.

Blind hijacking

C.

TCP/IP hacking

D.

Forbidden attack

Question 14

When analyzing the IDS logs, the system administrator noticed an alert was logged when the external router was accessed from the administrator’s Computer to update the router configuration. What type of an alert is this?

Options:

A.

False negative

B.

True negative

C.

True positive

D.

False positive

Question 15

A hacker has successfully infected an internet-facing server which he will then use to send junk mail, take part in coordinated attacks, or host junk email content. Which sort of trojan infects this server?

Options:

A.

Botnet Trojan

B.

Banking Trojans

C.

Turtle Trojans

D.

Ransomware Trojans

Question 16

What is correct about digital signatures?

Options:

A.

A digital signature cannot be moved from one signed document to another because it is the hash of the original document encrypted with the private key of the signing party.

B.

Digital signatures may be used in different documents of the same type.

C.

A digital signature cannot be moved from one signed document to another because it is a plain hash of the document content.

D.

Digital signatures are issued once for each user and can be used everywhere until they expire.

Question 17

What information security law or standard aims at protecting stakeholders and the general public from accounting errors and fraudulent activities within organizations?

Options:

A.

PCI-DSS

B.

FISMA

C.

SOX

D.

ISO/IEC 27001:2013

Question 18

Thomas, a cloud security professional, is performing security assessment on cloud services to identify any loopholes. He detects a vulnerability in a bare-metal cloud server that can enable hackers to implant malicious backdoors in its firmware. He also identified that an installed backdoor can persist even if the server is reallocated to new clients or businesses that use it as an IaaS.

What is the type of cloud attack that can be performed by exploiting the vulnerability discussed in the above scenario?

Options:

A.

Man-in-the-cloud (MITC) attack

B.

Cloud cryptojacking

C.

Cloudborne attack

D.

Metadata spoofing attack

Question 19

Scenario: Joe turns on his home computer to access personal online banking. When he enters the URL the website is displayed, but it prompts him to re-enter his credentials as if he has never visited the site before. When he examines the website URL closer, he finds that the site is not secure and the web address appears different. What type of attack he is experiencing?.

Options:

A.

Dos attack

B.

DHCP spoofing

C.

ARP cache poisoning

D.

DNS hijacking

Question 20

What is a NULL scan?

Options:

A.

A scan in which all flags are turned off

B.

A scan in which certain flags are off

C.

A scan in which all flags are on

D.

A scan in which the packet size is set to zero

E.

A scan with an illegal packet size

Question 21

You have been authorized to perform a penetration test against a website. You want to use Google dorks to footprint the site but only want results that show file extensions. What Google dork operator would you use?

Options:

A.

filetype

B.

ext

C.

inurl

D.

site

Question 22

Why would you consider sending an email to an address that you know does not exist within the company you are performing a Penetration Test for?

Options:

A.

To determine who is the holder of the root account

B.

To perform a DoS

C.

To create needless SPAM

D.

To illicit a response back that will reveal information about email servers and how they treat undeliverable mail

E.

To test for virus protection

Question 23

Which Metasploit Framework tool can help penetration tester for evading Anti-virus Systems?

Options:

A.

msfpayload

B.

msfcli

C.

msfd

D.

msfencode

Question 24

You need to deploy a new web-based software package for your organization. The package requires three separate servers and needs to be available on the Internet. What is the recommended architecture in terms of server placement?

Options:

A.

All three servers need to be placed internally

B.

A web server facing the Internet, an application server on the internal network, a database server on the internal network

C.

A web server and the database server facing the Internet, an application server on the internal network

D.

All three servers need to face the Internet so that they can communicate between themselves

Question 25

Peter, a Network Administrator, has come to you looking for advice on a tool that would help him perform SNMP inquiries over the network.

Which of these tools would do the SNMP enumeration he is looking for? Select the best answers.

Options:

A.

SNMPUtil

B.

SNScan

C.

SNMPScan

D.

SolarWinds IP Network Browser

E.

NMap

Question 26

Jack, a professional hacker, targets an organization and performs vulnerability scanning on the target web server to identify any possible weaknesses, vulnerabilities, and misconfigurations. In this process, Jack uses an automated tool that eases his work and performs vulnerability scanning to find hosts, services, and other vulnerabilities in the target server.

Which of the following tools is used by Jack to perform vulnerability scanning?

Options:

A.

Infoga

B.

WebCopier Pro

C.

Netsparker

D.

NCollector Studio

Question 27

What do Trinoo, TFN2k, WinTrinoo, T-Sight, and Stacheldraht have in common?

Options:

A.

All are hacking tools developed by the Legion of Doom

B.

All are tools that can be used not only by hackers, but also security personnel

C.

All are DDOS tools

D.

All are tools that are only effective against Windows

E.

All are tools that are only effective against Linux

Question 28

Abel, a security professional, conducts penetration testing in his client organization to check for any security loopholes. He launched an attack on the DHCP servers by broadcasting forged DHCP requests and leased all the DHCP addresses available in the DHCP scope until the server could not issue any more IP addresses. This led to a Dos attack, and as a result, legitimate employees were unable to access the clients network. Which of the following attacks did Abel perform in the above scenario?

Options:

A.

VLAN hopping

B.

DHCP starvation

C.

Rogue DHCP server attack

D.

STP attack

Question 29

In the process of footprinting a target website, an ethical hacker utilized various tools to gather critical information. The hacker encountered a target site where standard web spiders were ineffective due to a specific file in its root directory. However, they managed to uncover all the files and web pages on the target site, monitoring the resulting incoming and outgoing traffic while browsing the website manually. What technique did the hacker likely employ to achieve this?

Options:

A.

Using Photon to retrieve archived URLs of the target website from archive.org

B.

Using the Netcraft tool to gather website information

C.

Examining HTML source code and cookies

D.

User-directed spidering with tools like Burp Suite and WebScarab

Question 30

A penetration tester was assigned to scan a large network range to find live hosts. The network is known for using strict TCP filtering rules on its firewall, which may obstruct common host discovery techniques. The tester needs a method that can bypass these firewall restrictions and accurately identify live systems. What host discovery technique should the tester use?

Options:

A.

UDP Ping Scan

B.

lCMP ECHO Ping Scan

C.

ICMP Timestamp Ping Scan

D.

TCP SYN Ping Scan

Question 31

what are common files on a web server that can be misconfigured and provide useful Information for a hacker such as verbose error messages?

Options:

A.

httpd.conf

B.

administration.config

C.

idq.dll

D.

php.ini

Question 32

Which of the following commands checks for valid users on an SMTP server?

Options:

A.

RCPT

B.

CHK

C.

VRFY

D.

EXPN

Question 33

Rebecca, a security professional, wants to authenticate employees who use web services for safe and secure communication. In this process, she employs a component of the Web Service Architecture, which is an extension of SOAP, and it can maintain the integrity and confidentiality of SOAP messages.

Which of the following components of the Web Service Architecture is used by Rebecca for securing the communication?

Options:

A.

WSDL

B.

WS Work Processes

C.

WS-Policy

D.

WS-Security

Question 34

Which definition among those given below best describes a covert channel?

Options:

A.

A server program using a port that is not well known.

B.

Making use of a protocol in a way it is not intended to be used.

C.

It is the multiplexing taking place on a communication link.

D.

It is one of the weak channels used by WEP which makes it insecure

Question 35

Which system consists of a publicly available set of databases that contain domain name registration contact information?

Options:

A.

WHOIS

B.

CAPTCHA

C.

IANA

D.

IETF

Question 36

Which of the following viruses tries to hide from anti-virus programs by actively altering and corrupting the chosen service call interruptions when they are being run?

Options:

A.

Macro virus

B.

Stealth/Tunneling virus

C.

Cavity virus

D.

Polymorphic virus

Question 37

While performing an Nmap scan against a host, Paola determines the existence of a firewall. In an attempt to determine whether the firewall is stateful or stateless, which of the following options would be best to use?

Options:

A.

-sA

B.

-sX

C.

-sT

D.

-sF

Question 38

A security analyst is performing an audit on the network to determine if there are any deviations from the security policies in place. The analyst discovers that a user from the IT department had a dial-out modem installed.

Which security policy must the security analyst check to see if dial-out modems are allowed?

Options:

A.

Firewall-management policy

B.

Acceptable-use policy

C.

Permissive policy

D.

Remote-access policy

Question 39

Which of the following tools can be used for passive OS fingerprinting?

Options:

A.

nmap

B.

tcpdump

C.

tracert

D.

ping

Question 40

A friend of yours tells you that he downloaded and executed a file that was sent to him by a coworker. Since the file did nothing when executed, he asks you for help because he suspects that he may have installed a Trojan on his computer.

What tests would you perform to determine whether his computer is infected?

Options:

A.

Use ExifTool and check for malicious content.

B.

You do not check; rather, you immediately restore a previous snapshot of the operating system.

C.

Upload the file to VirusTotal.

D.

Use netstat and check for outgoing connections to strange IP addresses or domains.

Question 41

Juliet, a security researcher in an organization, was tasked with checking for the authenticity of images to be used in the organization's magazines. She used these images as a search query and tracked the original source and details of the images, which included photographs, profile pictures, and memes. Which of the following footprinting techniques did Rachel use to finish her task?

Options:

A.

Reverse image search

B.

Meta search engines

C.

Advanced image search

D.

Google advanced search

Question 42

Steve, a scientist who works in a governmental security agency, developed a technological solution to identify people based on walking patterns and implemented this approach to a physical control access.

A camera captures people walking and identifies the individuals using Steve’s approach.

After that, people must approximate their RFID badges. Both the identifications are required to open the door. In this case, we can say:

Options:

A.

Although the approach has two phases, it actually implements just one authentication factor

B.

The solution implements the two authentication factors: physical object and physical characteristic

C.

The solution will have a high level of false positives

D.

Biological motion cannot be used to identify people

Question 43

During a recent vulnerability assessment of a major corporation's IT systems, the security team identified several potential risks. They want to use a vulnerability scoring system to quantify and prioritize these vulnerabilities. They decide to use the Common Vulnerability Scoring System (CVSS). Given the characteristics of the identified vulnerabilities, which of the following statements is the most accurate regarding the metric

types used by CVSS to measure these vulnerabilities?

Options:

A.

Temporal metric represents the inherent qualities of a vulnerability

B.

Base metric represents the inherent qualities of a vulnerability

C.

Environmental metric involves the features that change during the lifetime of the vulnerability

D.

Temporal metric involves measuring vulnerabilities based on a_ specific environment or implementation

Question 44

Which DNS resource record can indicate how long any "DNS poisoning" could last?

Options:

A.

MX

B.

SOA

C.

NS

D.

TIMEOUT

Question 45

Which of the following scanning method splits the TCP header into several packets and makes it difficult for packet filters to detect the purpose of the packet?

Options:

A.

ACK flag probe scanning

B.

ICMP Echo scanning

C.

SYN/FIN scanning using IP fragments

D.

IPID scanning

Question 46

Kevin, a professional hacker, wants to penetrate CyberTech Inc.’s network. He employed a technique, using which he encoded packets with Unicode characters. The company’s IDS cannot recognize the packet, but the target web server can decode them.

What is the technique used by Kevin to evade the IDS system?

Options:

A.

Desynchronization

B.

Obfuscating

C.

Session splicing

D.

Urgency flag

Question 47

Henry Is a cyber security specialist hired by BlackEye - Cyber security solutions. He was tasked with discovering the operating system (OS) of a host. He used the Unkornscan tool to discover the OS of the target system. As a result, he obtained a TTL value, which Indicates that the target system is running a Windows OS. Identify the TTL value Henry obtained, which indicates that the target OS is Windows.

Options:

A.

64

B.

128

C.

255

D.

138

Question 48

Which of the following steps for risk assessment methodology refers to vulnerability identification?

Options:

A.

Determines if any flaws exist in systems, policies, or procedures

B.

Assigns values to risk probabilities; Impact values

C.

Determines risk probability that vulnerability will be exploited (High, Medium, Low)

D.

Identifies sources of harm to an IT system (Natural, Human, Environmental)

Question 49

A network security analyst, while conducting penetration testing, is aiming to identify a service account password using the Kerberos authentication protocol. They have a valid user authentication ticket (TGT) and decided to carry out a Kerberoasting attack. In the scenario described, which of the following steps should the analyst take next?

Options:

A.

Carry out a passive wire sniffing operation using Internet packet sniffers

B.

Extract plaintext passwords, hashes, PIN codes, and Kerberos tickets using a tool like Mimikatz

C.

Perform a PRobability INfinite Chained Elements (PRINCE) attack

D.

Request a service ticket for the service principal name of the target service account

Question 50

Fred is the network administrator for his company. Fred is testing an internal switch. From an external IP address, Fred wants to try and trick this switch into thinking it already has established a session with his computer. How can Fred accomplish this?

Options:

A.

Fred can accomplish this by sending an IP packet with the RST/SIN bit and the source address of his computer.

B.

He can send an IP packet with the SYN bit and the source address of his computer.

C.

Fred can send an IP packet with the ACK bit set to zero and the source address of the switch.

D.

Fred can send an IP packet to the switch with the ACK bit and the source address of his machine.

Question 51

A large corporate network is being subjected to repeated sniffing attacks. To increase security, the company’s IT department decides to implement a combination of several security measures. They permanently add theMAC address of the gateway to the ARP cache, switch to using IPv6 instead of IPv4, implement the use of encrypted sessions such as SSH instead of Telnet, and use Secure File Transfer Protocol instead of FTP.

However, they are still faced with the threat of sniffing. Considering the countermeasures, what should be their next step to enhance network security?

Options:

A.

Use HTTP instead of HTTPS for protecting usernames and passwords

B.

Implement network scanning and monitoring tools

C.

Enable network identification broadcasts

D.

Retrieve MAC addresses from the OS

Question 52

Which of the following statements is FALSE with respect to Intrusion Detection Systems?

Options:

A.

Intrusion Detection Systems can be configured to distinguish specific content in network packets

B.

Intrusion Detection Systems can easily distinguish a malicious payload in encrypted traffic

C.

Intrusion Detection Systems require constant update of the signature library

D.

Intrusion Detection Systems can examine the contents of the data in context of the network protocol

Question 53

A DDOS attack is performed at layer 7 to take down web infrastructure. Partial HTTP requests are sent to the web infrastructure or applications. Upon receiving a partial request, the target servers opens multiple connections and keeps waiting for the requests to complete.

Which attack is being described here?

Options:

A.

Desynchronization

B.

Slowloris attack

C.

Session splicing

D.

Phlashing

Question 54

Garry is a network administrator in an organization. He uses SNMP to manage networked devices from a remote location. To manage nodes in the network, he uses MIB. which contains formal descriptions of all network objects managed by SNMP. He accesses the contents of MIB by using a web browser either by entering the IP address and Lseries.mlb or by entering the DNS library name and Lseries.mlb. He is currently retrieving information from an MIB that contains object types for workstations and server services. Which of the following types of MIB is accessed by Garry in the above scenario?

Options:

A.

LNMIB2.MIB

B.

WINS.MIB

C.

DHCP.MIS

D.

MIB_II.MIB

Question 55

An ethical hacker is testing a web application of a financial firm. During the test, a 'Contact Us' form's input field is found to lack proper user input validation, indicating a potential Cross-Site Scripting (XSS) vulnerability. However, the application has a stringent Content Security Policy (CSP) disallowing inline scripts and scripts from external domains but permitting scripts from its own domain. What would be the hacker's next step to confirm the XSS vulnerability?

Options:

A.

Try to disable the CSP to bypass script restrictions

B.

Inject a benign script inline to the form to see if it executes

C.

Utilize a script hosted on the application's domain to test the form

D.

Load a script from an external domain to test the vulnerability

Question 56

Which rootkit is characterized by its function of adding code and/or replacing some of the operating-system kernel code to obscure a backdoor on a system?

Options:

A.

User-mode rootkit

B.

Library-level rootkit

C.

Kernel-level rootkit

D.

Hypervisor-level rootkit

Question 57

Dorian Is sending a digitally signed email to Polly, with which key is Dorian signing this message and how is Poly validating It?

Options:

A.

Dorian is signing the message with his public key. and Poly will verify that the message came from Dorian by using Dorian's private key.

B.

Dorian Is signing the message with Polys public key. and Poly will verify that the message came from Dorian by using Dorian's public key.

C.

Dorian is signing the message with his private key. and Poly will verify that the message came from Dorian by using Dorian's public key.

D.

Dorian is signing the message with Polys private key. and Poly will verify mat the message came from Dorian by using Dorian's public key.

Question 58

Bob wants to ensure that Alice can check whether his message has been tampered with. He creates a checksum of the message and encrypts it using asymmetric cryptography. What key does Bob use to encrypt the checksum for accomplishing this goal?

Options:

A.

Alice's private key

B.

Alice's public key

C.

His own private key

D.

His own public key

Question 59

When a normal TCP connection starts, a destination host receives a SYN (synchronize/start) packet from a source host and sends back a SYN/ACK (synchronize acknowledge). The destination host must then hear an ACK (acknowledge) of the SYN/ACK before the connection is established. This is referred to as the "TCP three-way handshake." While waiting for the ACK to the SYN ACK, a connection queue of finite size on the destination host keeps track of connections waiting to be completed. This queue typically empties quickly since the ACK is expected to arrive a few milliseconds after the SYN ACK.

How would an attacker exploit this design by launching TCP SYN attack?

Options:

A.

Attacker generates TCP SYN packets with random destination addresses towards a victim host

B.

Attacker floods TCP SYN packets with random source addresses towards a victim host

C.

Attacker generates TCP ACK packets with random source addresses towards a victim host

D.

Attacker generates TCP RST packets with random source addresses towards a victim host

Question 60

Nathan is testing some of his network devices. Nathan is using Macof to try and flood the ARP cache of these switches.

If these switches' ARP cache is successfully flooded, what will be the result?

Options:

A.

The switches will drop into hub mode if the ARP cache is successfully flooded.

B.

If the ARP cache is flooded, the switches will drop into pix mode making it less susceptible to attacks.

C.

Depending on the switch manufacturer, the device will either delete every entry in its ARP cache or reroute packets to the nearest switch.

D.

The switches will route all traffic to the broadcast address created collisions.

Question 61

Susan has attached to her company's network. She has managed to synchronize her boss's sessions with that of the file server. She then intercepted his traffic destined for the server, changed it the way she wanted to and then placed it on the server in his home directory.

What kind of attack is Susan carrying on?

Options:

A.

A sniffing attack

B.

A spoofing attack

C.

A man-in-the-middle attack

D.

A denial of service attack

Question 62

During a recent security assessment, you discover the organization has one Domain Name Server (DNS) in a Demilitarized Zone (DMZ) and a second DNS server on the internal network.

What is this type of DNS configuration commonly called?

Options:

A.

DynDNS

B.

DNS Scheme

C.

DNSSEC

D.

Split DNS

Question 63

While testing a web application in development, you notice that the web server does not properly ignore the “dot dot slash” (../) character string and instead returns the file listing of a folder structure of the server.

What kind of attack is possible in this scenario?

Options:

A.

Cross-site scripting

B.

Denial of service

C.

SQL injection

D.

Directory traversal

Question 64

Kate dropped her phone and subsequently encountered an issue with the phone's internal speaker. Thus, she is using the phone's loudspeaker for phone calls and other activities. Bob, an attacker, takes advantage of this vulnerability and secretly exploits the hardware of Kate's phone so that he can monitor the loudspeaker's output from data sources such as voice assistants, multimedia messages, and audio files by using a malicious app to breach speech privacy.

What is the type of attack Bob performed on Kate in the above scenario?

Options:

A.

Man-in-the-disk attack

B.

aLTEr attack

C.

SIM card attack

D.

Spearphone attack

Question 65

Becky has been hired by a client from Dubai to perform a penetration test against one of their remote offices. Working from her location in Columbus, Ohio, Becky runs her usual reconnaissance scans to obtain basic information about their network. When analyzing the results of her Whois search, Becky notices that the IP was allocated to a location in Le Havre, France. Which regional Internet registry should Becky go to for detailed information?

Options:

A.

ARIN

B.

APNIC

C.

RIPE

D.

LACNIC

Question 66

The Payment Card Industry Data Security Standard (PCI DSS) contains six different categories of control objectives. Each objective contains one or more requirements, which must be followed in order to achieve compliance. Which of the following requirements would best fit under the objective, "Implement strong access control measures"?

Options:

A.

Regularly test security systems and processes.

B.

Encrypt transmission of cardholder data across open, public networks.

C.

Assign a unique ID to each person with computer access.

D.

Use and regularly update anti-virus software on all systems commonly affected by malware.

Question 67

You have the SOA presented below in your Zone.

Your secondary servers have not been able to contact your primary server to synchronize information.

How long will the secondary servers attempt to contact the primary server before it considers that zone is dead and stops responding to queries?

collegae.edu. SOA, cikkye.edu ipad.college.edu. (200302028 3600 3600 604800 3600)

Options:

A.

One day

B.

One hour

C.

One week

D.

One month

Question 68

An attacker utilizes a Wi-Fi Pineapple to run an access point with a legitimate-looking SSID for a nearby business in order to capture the wireless password. What kind of attack is this?

Options:

A.

MAC spoofing attack

B.

Evil-twin attack

C.

War driving attack

D.

Phishing attack

Question 69

Calvin, a grey-hat hacker, targets a web application that has design flaws in its authentication mechanism. He enumerates usernames from the login form of the web application, which requests users to feed data and specifies the incorrect field in case of invalid credentials. Later, Calvin uses this information to perform social engineering.

Which of the following design flaws in the authentication mechanism is exploited by Calvin?

Options:

A.

Insecure transmission of credentials

B.

Verbose failure messages

C.

User impersonation

D.

Password reset mechanism

Question 70

A network admin contacts you. He is concerned that ARP spoofing or poisoning might occur on his network. What are some things he can do to prevent it? Select the best answers.

Options:

A.

Use port security on his switches.

B.

Use a tool like ARPwatch to monitor for strange ARP activity.

C.

Use a firewall between all LAN segments.

D.

If you have a small network, use static ARP entries.

E.

Use only static IP addresses on all PC's.

Question 71

What does a firewall check to prevent particular ports and applications from getting packets into an organization?

Options:

A.

Transport layer port numbers and application layer headers

B.

Presentation layer headers and the session layer port numbers

C.

Network layer headers and the session layer port numbers

D.

Application layer port numbers and the transport layer headers

Question 72

Within the context of Computer Security, which of the following statements describes Social Engineering best?

Options:

A.

Social Engineering is the act of publicly disclosing information

B.

Social Engineering is the means put in place by human resource to perform time accounting

C.

Social Engineering is the act of getting needed information from a person rather than breaking into a system

D.

Social Engineering is a training program within sociology studies

Question 73

Which tier in the N-tier application architecture is responsible for moving and processing data between the tiers?

Options:

A.

Presentation tier

B.

Application Layer

C.

Logic tier

D.

Data tier

Question 74

SQL injection (SQLi) attacks attempt to inject SQL syntax into web requests, which may Bypass authentication and allow attackers to access and/or modify data attached to a web application.

Which of the following SQLI types leverages a database server's ability to make DNS requests to pass data to an attacker?

Options:

A.

Union-based SQLI

B.

Out-of-band SQLI

C.

ln-band SQLI

D.

Time-based blind SQLI

Question 75

During a red team engagement, an ethical hacker is tasked with testing the security measures of an organization's wireless network. The hacker needs to select an appropriate tool to carry out a session hijacking attack. Which of the following tools should the hacker use to effectively perform session hijacking and subsequent security analysis, given that the target wireless network has the Wi-Fi Protected Access-preshared key (WPA-PSK) security protocol in place?

Options:

A.

FaceNiff

B.

Hetty

C.

Droidsheep

D.

bettercap

Question 76

CompanyXYZ has asked you to assess the security of their perimeter email gateway. From your office in New York, you craft a specially formatted email message and send it across the Internet to an employee of CompanyXYZ. The employee of CompanyXYZ is aware of your test. Your email message looks like this:

From: jim_miller@companyxyz.com

To: michelle_saunders@companyxyz.com Subject: Test message

Date: 4/3/2017 14:37

The employee of CompanyXYZ receives your email message.

This proves that CompanyXYZ’s email gateway doesn’t prevent what?

Options:

A.

Email Masquerading

B.

Email Harvesting

C.

Email Phishing

D.

Email Spoofing

Question 77

You receive an email prompting you to download “Antivirus 2010” software using a suspicious link. The software claims to provide protection but redirects you to an unknown site.

How will you determine if this is a Real or Fake Antivirus website?

Options:

A.

Look at the website design, if it looks professional then it is a Real Antivirus website

B.

Connect to the site using SSL, if you are successful then the website is genuine

C.

Search using the URL and Antivirus product name into Google and look out for suspicious warnings against this site

D.

Download and install Antivirus software from this suspicious looking site, your Windows 7 will prompt you and stop the installation if the downloaded file is a malware

E.

Same as D (duplicated)

Question 78

Which type of malware spreads from one system to another or from one network to another and causes similar types of damage as viruses do to the infected system?

Options:

A.

Rootkit

B.

Trojan

C.

Worm

D.

Adware

Question 79

Hackers often raise the trust level of a phishing message by modeling the email to look similar to the internal email used by the target company. This includes using logos, formatting, and names of the target company. The phishing message will often use the name of the company CEO, President, or Managers. The time a hacker spends performing research to locate this information about a company is known as?

Options:

A.

Exploration

B.

Investigation

C.

Reconnaissance

D.

Enumeration

Question 80

John, a disgruntled ex-employee of an organization, contacted a professional hacker to exploit the organization. In the attack process, the professional hacker Installed a scanner on a machine belonging to one of the vktims and scanned several machines on the same network to Identify vulnerabilities to perform further exploitation. What is the type of vulnerability assessment tool employed by John in the above scenario?

Options:

A.

Proxy scanner

B.

Agent-based scanner

C.

Network-based scanner

D.

Cluster scanner

Question 81

A network administrator discovers several unknown files in the root directory of his Linux FTP server. One of the files is a tarball, two are shell script files, and the third is a binary file is named "nc." The FTP server's access logs show that the anonymous user account logged in to the server, uploaded the files, and extracted the contents of the tarball and ran the script using a function provided by the FTP server's software. The “ps” command shows that the “nc” file is running as process, and the netstat command shows the “nc” process is listening on a network port.

What kind of vulnerability must be present to make this remote attack possible?

Options:

A.

File system permissions

B.

Privilege escalation

C.

Directory traversal

D.

Brute force login

Question 82

What is the known plaintext attack used against DES which gives the result that encrypting plaintext with one DES key followed by encrypting it with a second DES key is no more secure than using a single key?

Options:

A.

Man-in-the-middle attack

B.

Meet-in-the-middle attack

C.

Replay attack

D.

Traffic analysis attack

Question 83

Andrew is an Ethical Hacker who was assigned the task of discovering all the active devices hidden by a restrictive firewall in the IPv4 range in a given target network.

Which of the following host discovery techniques must he use to perform the given task?

Options:

A.

UDP scan

B.

TCP Maimon scan

C.

arp ping scan

D.

ACK flag probe scan

Question 84

Ron, a security professional, was pen testing web applications and SaaS platforms used by his company. While testing, he found a vulnerability that allows hackers to gain unauthorized access to API objects and perform actions such as view, update, and delete sensitive data of the company. What is the API vulnerability revealed in the above scenario?

Options:

A.

Code injections

B.

Improper use of CORS

C.

No ABAC validation

D.

Business logic flaws

Question 85

What is the purpose of a DNS AAAA record?

Options:

A.

Authorization, Authentication and Auditing record

B.

Address prefix record

C.

Address database record

D.

IPv6 address resolution record

Question 86

Ben purchased a new smartphone and received some updates on it through the OTA method. He received two messages: one with a PIN from the network operator and another asking him to enter the PIN received from the operator. As soon as he entered the PIN, the smartphone started functioning in an abnormal manner.

What is the type of attack performed on Ben in the above scenario?

Options:

A.

Advanced SMS phishing

B.

Bypass SSL pinning

C.

Phishing

D.

Tap 'n ghost attack

Question 87

Don, a student, came across a gaming app in a third-party app store and Installed it. Subsequently, all the legitimate apps in his smartphone were replaced by deceptive applications that appeared legitimate. He also received many advertisements on his smartphone after Installing the app. What is the attack performed on Don in the above scenario?

Options:

A.

SMS phishing attack

B.

SIM card attack

C.

Agent Smith attack

D.

Clickjacking

Question 88

Options:

A.

Vulnerability Scanning

B.

Penetration Testing

C.

Security Policy Implementation

D.

Designing Network Security

Question 89

The configuration allows a wired or wireless network interface controller to pass all traffic it receives to the Central Processing Unit (CPU), rather than passing only the frames that the controller is intended to receive. Which of the following is being described?

Options:

A.

Multi-cast mode

B.

Promiscuous mode

C.

WEM

D.

Port forwarding

Question 90

What is the following command used for?

net use \target\ipc$ "" /u:""

Options:

A.

Grabbing the etc/passwd file

B.

Grabbing the SAM

C.

Connecting to a Linux computer through Samba.

D.

This command is used to connect as a null session

E.

Enumeration of Cisco routers

Question 91

This type of injection attack does not show any error message. It is difficult to exploit as it returns information when the application is given SQL payloads that elicit a true or false response from the server. By observing the response, an attacker can extract sensitive information. What type of attack is this?

Options:

A.

Time-based SQL injection

B.

Union SQL injection

C.

Error-based SQL injection

D.

Blind SQL injection

Question 92

During the enumeration phase. Lawrence performs banner grabbing to obtain information such as OS details and versions of services running. The service that he enumerated runs directly on TCP port 445.

Which of the following services is enumerated by Lawrence in this scenario?

Options:

A.

Server Message Block (SMB)

B.

Network File System (NFS)

C.

Remote procedure call (RPC)

D.

Telnet

Question 93

Which Nmap option would you use if you were not concerned about being detected and wanted to perform a very fast scan?

Options:

A.

-T5

B.

-O

C.

-T0

D.

-A

Question 94

The company ABC recently contracts a new accountant. The accountant will be working with the financial statements. Those financial statements need to be approved by the CFO and then they will be sent to the accountant but the CFO is worried because he wants to be sure that the information sent to the accountant was not modified once he approved it. Which of the following options can be useful to ensure the integrity of the data?

Options:

A.

The CFO can use a hash algorithm in the document once he approved the financial statements

B.

The CFO can use an excel file with a password

C.

The financial statements can be sent twice, one by email and the other delivered in USB and the accountant can compare both to be sure is the same document

D.

The document can be sent to the accountant using an exclusive USB for that document

Question 95

You are attempting to crack LM Manager hashes from a Windows 2000 SAM file. You will be using an LM brute-force hacking tool for decryption.

What encryption algorithm will you be decrypting?

Options:

A.

MD4

B.

DES

C.

SHA

D.

SSL

Question 96

When discussing passwords, what is considered a brute force attack?

Options:

A.

You attempt every single possibility until you exhaust all possible combinations or discover the password

B.

You threaten to use the rubber hose on someone unless they reveal their password

C.

You load a dictionary of words into your cracking program

D.

You create hashes of a large number of words and compare it with the encrypted passwords

E.

You wait until the password expires

Question 97

What is the algorithm used by LM for Windows 2000 SAM?

Options:

A.

MD4

B.

DES

C.

SHA

D.

SSL

Question 98

In the process of implementing a network vulnerability assessment strategy for a tech company, the security

analyst is confronted with the following scenarios:

1) A legacy application is discovered on the network, which no longer receives updates from the vendor.

2) Several systems in the network are found running outdated versions of web browsers prone to distributed

attacks.

3) The network firewall has been configured using default settings and passwords.

4) Certain TCP/IP protocols used in the organization are inherently insecure.

The security analyst decides to use vulnerability scanning software. Which of the following limitations of vulnerability assessment should the analyst be most cautious about in this context?

Options:

A.

Vulnerability scanning software is limited in its ability to perform live tests on web applications to detect errors or unexpected behavior

B.

Vulnerability scanning software cannot define the impact of an identified vulnerability on different business operations

C.

Vulnerability scanning software is limited in its ability to detect vulnerabilities at a given point in time

D.

Vulnerability scanning software is not immune to software engineering flaws that might lead to serious vulnerabilities being missed

Question 99

When you are getting information about a web server, it is very important to know the HTTP Methods (GET, POST, HEAD, PUT, DELETE, TRACE) that are available because there are two critical methods (PUT and DELETE). PUT can upload a file to the server and DELETE can delete a file from the server. You can detect all these methods (GET, POST, HEAD, DELETE, PUT, TRACE) using NMAP script engine. What Nmap script will help you with this task?

Options:

A.

http-methods

B.

http enum

C.

http-headers

D.

http-git

Question 100

Which type of sniffing technique is generally referred as MiTM attack?

Options:

A.

Password Sniffing

B.

ARP Poisoning

C.

MAC Flooding

D.

DHCP Sniffing

Question 101

What is a “Collision attack” in cryptography?

Options:

A.

Collision attacks try to get the public key

B.

Collision attacks try to break the hash into three parts to get the plaintext value

C.

Collision attacks try to break the hash into two parts, with the same bytes in each part to get the private key

D.

Collision attacks try to find two inputs producing the same hash

Question 102

Which of the following tools performs comprehensive tests against web servers, including dangerous files and CGIs?

Options:

A.

Nikto

B.

John the Ripper

C.

Dsniff

D.

Snort

Question 103

What does the following command in netcat do?

nc -l -u -p 55555 < /etc/passwd

Options:

A.

Logs the incoming connections to /etc/passwd file

B.

Loads the /etc/passwd file to the UDP port 55555

C.

Grabs the /etc/passwd file when connected to UDP port 55555

D.

Deletes the /etc/passwd file when connected to the UDP port 55555

Question 104

How can you determine if an LM hash you extracted contains a password that is less than 8 characters long?

Options:

A.

There is no way to tell because a hash cannot be reversed

B.

The rightmost portion of the hash is always the same

C.

The hash always starts with AB923D

D.

The leftmost portion of the hash is always the same

E.

A portion of the hash will be all 0's

Question 105

A "Server-Side Includes" attack refers to the exploitation of a web application by injecting scripts in HTML pages or executing arbitrary code remotely.

Which web-page file type, if it exists on the web server, is a strong indication that the server is vulnerable to this kind of attack?

Options:

A.

.stm

B.

.html

C.

.rss

D.

.cms

Question 106

If a token and 4-digit personal identification number (PIN) are used to access a computer system and the token performs off-line checking for the correct PIN, what type of attack is possible?

Options:

A.

Birthday

B.

Brute force

C.

Man-in-the-middle

D.

Smurf

Question 107

Steven connected his iPhone to a public computer that had been infected by Clark, an attacker. After establishing the connection with the public computer, Steven enabled iTunes WI-FI sync on the computer so that the device could continue communication with that computer even after being physically disconnected. Now, Clark gains access to Steven’s iPhone through the infected computer and is able to monitor and read all of Steven’s activity on the iPhone, even after the device is out of the communication zone.

Which of the following attacks is performed by Clark in above scenario?

Options:

A.

IOS trustjacking

B.

lOS Jailbreaking

C.

Exploiting SS7 vulnerability

D.

Man-in-the-disk attack

Question 108

You want to analyze packets on your wireless network. Which program would you use?

Options:

A.

Wireshark with Airpcap

B.

Airsnort with Airpcap

C.

Wireshark with Winpcap

D.

Ethereal with Winpcap

Question 109

An attacker can employ many methods to perform social engineering against unsuspecting employees, including scareware.

What is the best example of a scareware attack?

Options:

A.

A pop-up appears to a user stating, "You have won a free cruise! Click here to claim your prize!"

B.

A banner appears to a user stating, "Your account has been locked. Click here to reset your password and unlock your account."

C.

A banner appears to a user stating, "Your Amazon order has been delayed. Click here to find out your new delivery date."

D.

A pop-up appears to a user stating, "Your computer may have been infected with spyware. Click here to install an anti-spyware tool to resolve this issue."

Question 110

Wilson, a professional hacker, targets an organization for financial benefit and plans to compromise its systems by sending malicious emails. For this purpose, he uses a tool to track the emails of the target and extracts information such as sender identities, mall servers, sender IP addresses, and sender locations from different public sources. He also checks if an email address was leaked using the haveibeenpwned.com API. Which of the following tools is used by Wilson in the above scenario?

Options:

A.

Factiva

B.

Netcraft

C.

infoga

D.

Zoominfo

Question 111

Bob received this text message on his mobile phone: “Hello, this is Scott Smelby from the Yahoo Bank. Kindly contact me for a vital transaction on: scottsmelby@yahoo.com”. Which statement below is true?

Options:

A.

This is a scam as everybody can get a @yahoo address, not the Yahoo customer service employees.

B.

This is a scam because Bob does not know Scott.

C.

Bob should write to scottsmelby@yahoo.com to verify the identity of Scott.

D.

This is probably a legitimate message as it comes from a respectable organization.

Question 112

Which of the following tactics uses malicious code to redirect users' web traffic?

Options:

A.

Spimming

B.

Pharming

C.

Phishing

D.

Spear-phishing

Question 113

Which of the following is assured by the use of a hash?

Options:

A.

Authentication

B.

Confidentiality

C.

Availability

D.

Integrity

Question 114

What is the way to decide how a packet will move from an untrusted outside host to a protected inside that is behind a firewall, which permits the hacker to determine which ports are open and if the packets can pass through the packet-filtering of the firewall?

Options:

A.

 Session hijacking

B.

 Firewalking

C.

 Man-in-the-middle attack

D.

 Network sniffing

Question 115

As a security analyst for Sky Secure Inc., you are working with a client that uses a multi-cloud strategy, utilizing services from several cloud providers. The client wants to implement a system that will provide unified security management across all their cloud platforms. They need a solution that allows them to consistently enforce security policies, identify and respond to threats, and maintain visibility of all their cloud resources. Which of the following should you recommend as the best solution?

Options:

A.

Use a hardware-based firewall to secure all cloud resources.

B.

implement separate security management tools for each cloud platform.

C.

Use a Cloud Access Security Broker (CASB).

D.

Rely on the built-in security features of each cloud platform.

Question 116

What would be the fastest way to perform content enumeration on a given web server by using the Gobuster tool?

Options:

A.

Performing content enumeration using the bruteforce mode and 10 threads

B.

Shipping SSL certificate verification

C.

Performing content enumeration using a wordlist

D.

Performing content enumeration using the bruteforce mode and random file extensions

Question 117

Which access control mechanism allows for multiple systems to use a central authentication server (CAS) that permits users to authenticate once and gain access to multiple systems?

Options:

A.

Role Based Access Control (RBAC)

B.

Discretionary Access Control (DAC)

C.

Single sign-on

D.

Windows authentication

Question 118

A security analyst is investigating a potential network-level session hijacking incident. During the investigation, the analyst finds that the attacker has been using a technique in which they injected an authentic-looking reset packet using a spoofed source IP address and a guessed acknowledgment number. As a result, the victim's connection was reset. Which of the following hijacking techniques has the attacker most likely used?

Options:

A.

TCP/IP hijacking

B.

UDP hijacking

C.

RST hijacking

D.

Blind hijacking

Question 119

Which of the following algorithms can be used to guarantee the integrity of messages being sent, in transit, or stored?

Options:

A.

Symmetric algorithms

B.

Asymmetric algorithms

C.

Hashing algorithms

D.

Integrity algorithms

Question 120

Which of the following web vulnerabilities would an attacker be attempting to exploit if they delivered the following input?

Options:

A.

XXE

B.

SQLi

C.

IDOR

D.

XSS

Question 121

Which of the following describes the characteristics of a Boot Sector Virus?

Options:

A.

Modifies directory table entries so that directory entries point to the virus code instead of the actual program.

B.

Moves the MBR to another location on the RAM and copies itself to the original location of the MBR.

C.

Moves the MBR to another location on the hard disk and copies itself to the original location of the MBR.

D.

Overwrites the original MBR and only executes the new virus code.

Question 122

Robert, a professional hacker, is attempting to execute a fault injection attack on a target IoT device. In this process, he injects faults into the power supply that can be used for remote execution, also causing the skipping of key instructions. He also injects faults into the clock network used for delivering a synchronized signal across the chip.

Which of the following types of fault injection attack is performed by Robert in the above scenario?

Options:

A.

Frequency/voltage tampering

B.

Optical, electromagnetic fault injection (EMFI)

C.

Temperature attack

D.

Power/clock/reset glitching

Question 123

As part of a college project, you have set up a web server for hosting your team's application. Given your interest in cybersecurity, you have taken the lead in securing the server. You are aware that hackers often attempt to exploit server misconfigurations. Which of the following actions would best protect your web server from potential misconfiguration-based attacks?

Options:

A.

Performing regular server configuration audits

B.

Enabling multi-factor authentication for users

C.

Implementing a firewall to filter traffic

D.

Regularly backing up server data

Question 124

Eric has discovered a fantastic package of tools named Dsniff on the Internet. He has learnt to use these tools in his lab and is now ready for real world exploitation. He was able to effectively intercept communications between the two entities and establish credentials with both sides of the connections. The two remote ends of the communication never notice that Eric is relaying the information between the two. What would you call this attack?

Options:

A.

Interceptor

B.

Man-in-the-middle

C.

ARP Proxy

D.

Poisoning Attack

Question 125

You are attempting to run an Nmap port scan on a web server. Which of the following commands would result in a scan of common ports with the least amount of noise In order to evade IDS?

Options:

A.

nmap -sP- -p-65535-T5

B.

nmap-A-host-time 99-T1

C.

nmap -A -Pn

D.

nmap -sT-O- To

Question 126

An ethical hacker is hired to conduct a comprehensive network scan of a large organization that strongly suspects potential intrusions into their internal systems. The hacker decides to employ a combination of scanning tools to obtain a detailed understanding of the network. Which sequence of actions would provide the most comprehensive information about the network's status?

Options:

A.

Initiate with Nmap for a ping sweep, then use Metasploit to scan for open ports and services, and finally use Hping3 to perform remote OS fingerprinting

B.

Use Hping3 for an ICMP ping scan on the entire subnet, then use Nmap for a SYN scan on identified active hosts, and finally use Metasploit to exploit identified vulnerabilities

C.

Start with Hping3 for a UDP scan on random ports, then use Nmap for a version detection scan, and finally use Metasploit to exploit detected vulnerabilities

D.

Begin with NetScanTools Pro for a general network scan, then use Nmap for OS detection and version detection, and finally perform an SYN flooding with Hping3

Question 127

An attacker, using a rogue wireless AP, performed an MITM attack and injected an HTML code to embed a malicious applet in all HTTP connections. When users accessed any page, the applet ran and exploited many machines. Which one of the following tools the hacker probably used to inject HTML code?

Options:

A.

Wireshark

B.

Ettercap

C.

Aircrack-ng

D.

Tcpdump

Question 128

An ethical hacker is testing the security of a website's database system against SQL Injection attacks. They discover that the IDS has a strong signature detection mechanism to detect typical SQL injection patterns.

Which evasion technique can be most effectively used to bypass the IDS signature detection while performing a SQL Injection attack?

Options:

A.

Implement case variation by altering the case of SQL statements

B.

Employ IP fragmentation to obscure the attack payload

C.

Use Hex encoding to represent the SQL query string

D.

Leverage string concatenation to break identifiable keywords

Question 129

The network in ABC company is using the network address 192.168.1.64 with mask 255.255.255.192. In the network the servers are in the addresses 192.168.1.122, 192.168.1.123 and 192.168.1.124. An attacker is trying to find those servers but he cannot see them in his scanning. The command he is using is: nmap 192.168.1.64/28.

Why he cannot see the servers?

Options:

A.

He needs to add the command ““ip address”” just before the IP address

B.

He needs to change the address to 192.168.1.0 with the same mask

C.

He is scanning from 192.168.1.64 to 192.168.1.78 because of the mask /28 and the servers are not in that range

D.

The network must be dawn and the nmap command and IP address are ok

Question 130

What useful information is gathered during a successful Simple Mail Transfer Protocol (SMTP) enumeration?

Options:

A.

The two internal commands VRFY and EXPN provide a confirmation of valid users, email addresses, aliases, and mailing lists.

B.

Reveals the daily outgoing message limits before mailboxes are locked

C.

The internal command RCPT provides a list of ports open to message traffic.

D.

A list of all mail proxy server addresses used by the targeted host

Question 131

What ports should be blocked on the firewall to prevent NetBIOS traffic from not coming through the firewall if your network is comprised of Windows NT, 2000, and XP?

Options:

A.

110

B.

135

C.

139

D.

161

E.

445

F.

1024

Question 132

is a set of extensions to DNS that provide the origin authentication of DNS data to DNS clients (resolvers) so as to reduce the threat of DNS poisoning, spoofing, and similar types of attacks.

Options:

A.

DNSSEC

B.

Resource records

C.

Resource transfer

D.

Zone transfer

Question 133

Which of the following types of SQL injection attacks extends the results returned by the original query, enabling attackers to run two or more statements if they have the same structure as the original one?

Options:

A.

Error-based injection

B.

Boolean-based blind SQL injection

C.

Blind SQL injection

D.

Union SQL injection

Question 134

Security administrator John Smith has noticed abnormal amounts of traffic coming from local computers at night. Upon reviewing, he finds that user data have been exfilltrated by an attacker. AV tools are unable to find any malicious software, and the IDS/IPS has not reported on any non-whitelisted programs, what type of malware did the attacker use to bypass the company's application whitelisting?

Options:

A.

Phishing malware

B.

Zero-day malware

C.

File-less malware

D.

Logic bomb malware

Question 135

Gilbert, a web developer, uses a centralized web API to reduce complexity and increase the Integrity of updating and changing data. For this purpose, he uses a web service that uses HTTP methods such as PUT. POST. GET. and DELETE and can improve the overall performance, visibility, scalability, reliability, and portability of an application. What is the type of web-service API mentioned in the above scenario?

Options:

A.

JSON-RPC

B.

SOAP API

C.

RESTful API

D.

REST API

Question 136

Firewalls are the software or hardware systems that are able to control and monitor the traffic coming in and out the target network based on pre-defined set of rules. Which of the following types of firewalls can protect against SQL injection attacks?

Options:

A.

Data-driven firewall

B.

Packet firewall

C.

Web application firewall

D.

Stateful firewall

Question 137

What did the following commands determine?

[Image Output of USER2SID and SID2USER showing that SID ending in -500 corresponds to user Joe on domain EARTH]

Options:

A.

That the Joe account has a SID of 500

B.

These commands demonstrate that the guest account has NOT been disabled

C.

These commands demonstrate that the guest account has been disabled

D.

That the true administrator is Joe

E.

Issued alone, these commands prove nothing

Question 138

Based on the below log, which of the following sentences are true?

Mar 1, 2016, 7:33:28 AM 10.240.250.23 - 54373 10.249.253.15 - 22 tcp_ip

Options:

A.

Application is FTP and 10.240.250.23 is the client and 10.249.253.15 is the server.

B.

Application is SSH and 10.240.250.23 is the server and 10.249.253.15 is the client.

C.

SSH communications are encrypted; it’s impossible to know who is the client or the server.

D.

Application is SSH and 10.240.250.23 is the client and 10.249.253.15 is the server.

Question 139

You have compromised a server on a network and successfully opened a shell. You aimed to identify all operating systems running on the network. However, as you attempt to fingerprint all machines in the network using the nmap syntax below, it is not going through.

invictus@victim_server:~$ nmap -T4 -O 10.10.0.0/24

TCP/IP fingerprinting (for OS scan) xxxxxxx xxxxxx xxxxxxxxx. QUITTING!

What seems to be wrong?

Options:

A.

The nmap syntax is wrong.

B.

This is a common behavior for a corrupted nmap application.

C.

The outgoing TCP/IP fingerprinting is blocked by the host firewall.

D.

OS Scan requires root privileges.

Question 141

Which of the following provides a security professional with most information about the system’s security posture?

Options:

A.

Phishing, spamming, sending trojans

B.

Social engineering, company site browsing, tailgating

C.

Wardriving, warchalking, social engineering

D.

Port scanning, banner grabbing, service identification

Question 142

Ralph, a professional hacker, targeted Jane, who had recently bought new systems for her company. After a few days, Ralph contacted Jane while masquerading as a legitimate customer support executive, informing that her systems need to be serviced for proper functioning and that customer support will send a computer technician. Jane promptly replied positively. Ralph entered Jane's company using this opportunity and gathered sensitive information by scanning terminals for passwords, searching for important documents in desks, and rummaging bins. What is the type of attack technique Ralph used on jane?

Options:

A.

Dumpster diving

B.

Eavesdropping

C.

Shoulder surfing

D.

impersonation

Question 143

Being a Certified Ethical Hacker (CEH), a company has brought you on board to evaluate the safety measures in place for their network system. The company uses a network time protocol server in the demilitarized zone.

During your enumeration, you decide to run a ntptrace command. Given the syntax: ntptrace [-n] [-m maxhosts] [servername/IP_address], which command usage would best serve your objective to find where the NTP server obtains the time from and to trace the list of NTP servers connected to the network?

Options:

A.

ntptrace -m 5 192.168.1.1

B.

tptrace 192.1681.

C.

ntptrace -n localhost

D.

ntptrace -n -m 5 192.168.1.1

Question 144

Annie, a cloud security engineer, uses the Docker architecture to employ a client/server model in the application she is working on. She utilizes a component that can process API requests and handle various Docker objects, such as containers, volumes. Images, and networks. What is the component of the Docker architecture used by Annie in the above scenario?

Options:

A.

Docker client

B.

Docker objects

C.

Docker daemon

D.

Docker registries

Question 145

in this attack, an adversary tricks a victim into reinstalling an already-in-use key. This is achieved by manipulating and replaying cryptographic handshake messages. When the victim reinstall the key, associated parameters such as the incremental transmit packet number and receive packet number are reset to their initial values. What is this attack called?

Options:

A.

Chop chop attack

B.

KRACK

C.

Evil twin

D.

Wardriving

Question 146

Stephen, an attacker, targeted the industrial control systems of an organization. He generated a fraudulent email with a malicious attachment and sent it to employees of the target organization. An employee who manages the sales software of the operational plant opened the fraudulent email and clicked on the malicious attachment. This resulted in the malicious attachment being downloaded and malware being injected into the sales software maintained in the victim's system. Further, the malware propagated itself to other networked systems, finally damaging the industrial automation components.

What is the attack technique used by Stephen to damage the industrial systems?

Options:

A.

Spear-phishing attack

B.

SMiShing attack

C.

Reconnaissance attack

D.

HMI-based attack

Question 147

On performing a risk assessment, you need to determine the potential impacts when some of the critical business processes of the company interrupt its service.

What is the name of the process by which you can determine those critical businesses?

Options:

A.

Emergency Plan Response (EPR)

B.

Business Impact Analysis (BIA)

C.

Risk Mitigation

D.

Disaster Recovery Planning (DRP)

Question 148

This form of encryption algorithm is asymmetric key block cipher that is characterized by a 128-bit block size, and its key size can be up to 256 bits. Which among the following is this encryption algorithm?

Options:

A.

Twofish encryption algorithm

B.

HMAC encryption algorithm

C.

IDEA

D.

Blowfish encryption algorithm

Question 149

You are tasked to configure the DHCP server to lease the last 100 usable IP addresses in subnet 10.1.4.0/23. Which of the following IP addresses could be leased as a result of the new configuration?

Options:

A.

210.1.55.200

B.

10.1.4.254

C.

10.1.5.200

D.

10.1.4.156

Question 150

An ethical hacker is scanning a target network. They initiate a TCP connection by sending an SYN packet to a target machine and receiving a SYN/ACK packet in response. But instead of completing the three-way handshake with an ACK packet, they send an RST packet. What kind of scan is the ethical hacker likely performing and what is their goal?

Options:

A.

They are performing an SYN scan to stealthily identify open ports without fully establishing a connection

B.

They are performing a TCP connect scan to identify open ports on the target machine

C.

They are performing a vulnerability scan to identify any weaknesses in the target system

D.

They are performing a network scan to identify live hosts and their IP addresses

Question 151

What is the main security service a cryptographic hash provides?

Options:

A.

Integrity and ease of computation

B.

Message authentication and collision resistance

C.

Integrity and collision resistance

D.

Integrity and computational infeasibility

Question 152

In the context of Windows Security, what is a 'null' user?

Options:

A.

A user that has no skills

B.

An account that has been suspended by the admin

C.

A pseudo account that has no username and password

D.

A pseudo account that was created for security administration purpose

Question 153

Lewis, a professional hacker, targeted the IoT cameras and devices used by a target venture-capital firm. He used an information-gathering tool to collect information about the IoT devices connected to a network, open ports and services, and the attack surface area. Using this tool, he also generated statistical reports on broad usage patterns and trends. This tool helped Lewis continually monitor every reachable server and device on the Internet, further allowing him to exploit these devices in the network. Which of the following tools was employed by Lewis in the above scenario?

Options:

A.

Censys

B.

Wapiti

C.

NeuVector

D.

Lacework

Question 154

E-mail scams and mail fraud are regulated by which of the following?

Options:

A.

18 U.S.C. §1030 – Fraud and Related Activity in Connection with Computers

B.

18 U.S.C. §1029 – Fraud and Related Activity in Connection with Access Devices

C.

18 U.S.C. §1362 – Communication Lines, Stations, or Systems

D.

18 U.S.C. §2510 – Wire and Electronic Communications Interception and Interception of Oral Communication

Question 155

What is the BEST alternative if you discover that a rootkit has been installed on one of your computers?

Options:

A.

Copy the system files from a known good system

B.

Perform a trap and trace

C.

Delete the files and try to determine the source

D.

Reload from a previous backup

E.

Reload from known good media

Question 156

In the field of cryptanalysis, what is meant by a “rubber-hose" attack?

Options:

A.

Attempting to decrypt cipher text by making logical assumptions about the contents of the original plain text.

B.

Extraction of cryptographic secrets through coercion or torture.

C.

Forcing the targeted key stream through a hardware-accelerated device such as an ASIC.

D.

A backdoor placed into a cryptographic algorithm by its creator.

Question 157

This is an attack that takes advantage of a web site vulnerability in which the site displays content that includes un-sanitized user-provided data.

What is this attack?

Options:

A.

Cross-site-scripting attack

B.

SQL Injection

C.

URL Traversal attack

D.

Buffer Overflow attack

Question 158

Study the Snort rule given below:

[Image shows two Snort rules with alert messages for NETBIOS DCERPC ISystemActivator bind attempt, targeting TCP ports 135 and 445. References include CVE: CAN-2003-0352.]

Options:

A.

WebDav

B.

SQL Slammer

C.

MS Blaster

D.

MyDoom

Question 159

Gavin owns a white-hat firm and is performing a website security audit. He begins with a scan looking for misconfigurations and outdated software versions. Which tool is he most likely using?

Options:

A.

Nikto

B.

Nmap

C.

Metasploit

D.

Armitage

Question 160

The establishment of a TCP connection involves a negotiation called three-way handshake. What type of message does the client send to the server in order to begin this negotiation?

Options:

A.

ACK

B.

SYN

C.

RST

D.

SYN-ACK

Question 161

The collection of potentially actionable, overt, and publicly available information is known as

Options:

A.

Open-source intelligence

B.

Real intelligence

C.

Social intelligence

D.

Human intelligence

Question 162

Mr. Omkar performed tool-based vulnerability assessment and found two vulnerabilities. During analysis, he found that these issues are not true vulnerabilities.

What will you call these issues?

Options:

A.

False positives

B.

True negatives

C.

True positives

D.

False negatives

Question 163

Jack, a disgruntled ex-employee of Incalsol Ltd., decided to inject fileless malware into Incalsol's systems. To deliver the malware, he used the current employees' email IDs to send fraudulent emails embedded with malicious links that seem to be legitimate. When a victim employee clicks on the link, they are directed to a fraudulent website that automatically loads Flash and triggers the exploit. What is the technique used byjack to launch the fileless malware on the target systems?

Options:

A.

In-memory exploits

B.

Phishing

C.

Legitimate applications

D.

Script-based injection

Question 164

What is one of the advantages of using both symmetric and asymmetric cryptography in SSL/TLS?

Options:

A.

Supporting both types of algorithms allows less-powerful devices such as mobile phones to use symmetric encryption instead.

B.

Symmetric algorithms such as AES provide a failsafe when asymmetric methods fail.

C.

Symmetric encryption allows the server to securely transmit the session keys out-of-band.

D.

Asymmetric cryptography is computationally expensive in comparison. However, it is well-suited to securely negotiate keys for use with symmetric cryptography.

Question 165

What two conditions must a digital signature meet?

Options:

A.

Has to be the same number of characters as a physical signature and must be unique.

B.

Has to be unforgeable, and has to be authentic.

C.

Must be unique and have special characters.

D.

Has to be legible and neat.

Question 166

Which of the following Bluetooth hacking techniques does an attacker use to send messages to users without the recipient’s consent, similar to email spamming?

Options:

A.

Bluesmacking

B.

BlueSniffing

C.

Bluejacking

D.

Bluesnarfing

Question 167

Jason, an attacker, targeted an organization to perform an attack on its Internet-facing web server with the intention of gaining access to backend servers, which are protected by a firewall. In this process, he used a URL to obtain a remote feed and altered the URL input to the local host to view all the local resources on the target server. What is the type of attack Jason performed In the above scenario?

Options:

A.

website defacement

B.

Server-side request forgery (SSRF) attack

C.

Web server misconfiguration

D.

web cache poisoning attack

Question 168

An attacker scans a host with the below command. Which three flags are set?

# nmap -sX host.domain.com

Options:

A.

This is SYN scan. SYN flag is set.

B.

This is Xmas scan. URG, PUSH and FIN are set.

C.

This is ACK scan. ACK flag is set.

D.

This is Xmas scan. SYN and ACK flags are set.

Question 169

The security team of Debry Inc. decided to upgrade Wi-Fi security to thwart attacks such as dictionary attacks and key recovery attacks. For this purpose, the security team started implementing cutting-edge technology that uses a modern key establishment protocol called the simultaneous authentication of equals (SAE), also known as dragonfly key exchange, which replaces the PSK concept.

What is the Wi-Fi encryption technology implemented by Debry Inc.?

Options:

A.

WEP

B.

WPA

C.

WPA2

D.

WPA3

Question 170

You're the security manager for a tech company that uses a database to store sensitive customer data. You have implemented countermeasures against SQL injection attacks. Recently, you noticed some suspicious

activities and suspect an attacker is using SQL injection techniques. The attacker is believed to use different forms of payloads in his SQL queries. In the case of a successful SQL injection attack, which of the following

payloads would have the most significant impact?

Options:

A.

‘OR 'T="1: This payload manipulates the WHERE clause of an SQL statement, allowing the attacker to view unauthorized data

B.

‘OR username LIKE '%: This payload uses the LIKE operator to search for a specific pattern in a column

C.

OR ‘a’='a; DROP TABLE members; --: This payload combines the manipulation of the WHERE clausewith a destructive action, causing data loss

D.

UNION SELECT NULL, NULL, NULL -- : This payload manipulates the UNION SQL operator, enabling the attacker to retrieve data from different database tables

Page: 1 / 57
Total 572 questions