CEH DUMPS PDF_084504.pdf

Full Transcript

Question #:46
Your company was hired by a small healthcare provider to perform a technical assessment on the
network. What is the best approach for discovering vulnerabilities on a Windows-based
computer?
A. Use the built-in Windows Update tool
B. Use a scan tool like Nessus
C. Check MITRE.org for the latest list of CVE findings
D. Create a disk image of a clean Windows installation

Question #:53
When analyzing the IDS logs, the system administrator noticed an alert was logged when the
external router was accessed from the administrator's Computer to update the router
configuration. What type of an alert is this?
A. False negative
B. True negative
C. True positive
D. False positive

Question #:103
Hackers often raise the trust level of a phishing message by modeling the email to look similar
to the internal email used by the target company. This includes using logos, formatting, and
names of the target company. The phishing message will often use the name of the company
CEO, President, or Managers. The time a hacker spends performing research to locate this
information about a company is known as?
A. Exploration
B. Investigation
C. Reconnaissance
D. Enumeration

Question #:4
what are common files on a web server that can be misconfigured and provide useful Information
for a hacker such as verbose error messages?
A. httpd.conf
B. administration.config
C. idq.dll
D. php.ini

Question #:7
During the enumeration phase. Lawrence performs banner grabbing to obtain information such
as OS details and versions of services running. The service that he enumerated runs directly on
TCP port 445. Which of the following services is enumerated by Lawrence in this scenario?
A. Server Message Block (SMB)
B. Network File System (NFS)
C. Remote procedure call (RPC)
D. Telnet
Question #:9
Daniel Is a professional hacker who Is attempting to perform an SQL injection attack on a target
website. www.movlescope.com. During this process, he encountered an IDS that detects SQL
Injection attempts based on predefined signatures. To evade any comparison statement, he
attempted placing characters such as "or T="1" In any bask injection statement such as "or 1=1."
Identify the evasion technique used by Daniel in the above scenario.
A. Null byte
B. IP fragmentation
C. Char encoding
D. Variation

Question #:10
An organization is performing a vulnerability assessment tor mitigating threats.
James, a pen tester, scanned the organization by building an inventory of the protocols found on
the organization's machines to detect which ports are attached to services such as an email server,
a web server or a database server. After identifying the services, he selected the vulnerabilities
on each machine and started executing only the relevant tests. What is the type of vulnerability
assessment solution that James employed in the above scenario?
A. Product-based solutions
B. Tree-based assessment
C. Service-based solutions
D. inference-based assessment

Question #:13
Steve, an attacker, created a fake profile on a social media website and sent a request to Stella.
Stella was enthralled by Steve's profile picture and the description given for his profile, and she
initiated a conversation with him soon after accepting the request. After a few days. Sieve started
asking about her company details and eventually gathered all the essential information regarding
her company. What is the social engineering technique Steve employed in the above scenario?
A. Diversion theft
B. Baiting
C. Honey trap
D. Piggybacking

Question #:16 :
Samuel a security administrator, is assessing the configuration of a web server. He noticed that
the server permits SSLv2 connections, and the same private key certificate is used on a different
server that allows SSLv2 connections. This vulnerability makes the web server vulnerable to
attacks as the SSLv2 server can leak key information. Which of the following attacks can be
performed by exploiting the above vulnerability?
A. DROWN attack
B. Padding oracle attack
C. Side-channel attack
D. DUHK attack
Question #:18 :
Wilson, a professional hacker, targets an organization for financial benefit and plans to
compromise its systems by sending malicious emails. For this purpose, he uses a tool to track the
emails of the target and extracts information such as sender identities, mall servers, sender IP
addresses, and sender locations from different public sources. He also checks if an email address
was leaked using the havebeenpwned.com API. Which of the following tools is used by Wilson
in the above scenario?
A. Factiva
B. Netcraft
C. infoga
D. Zoominfo

Question #:20 :
Morris, a professional hacker, performed a vulnerability scan on a target organization by sniffing
the traffic on the network to identify the active systems, network services, applications, and
vulnerabilities. He also obtained the list of the users who are currently accessing the network.
What is the type of vulnerability assessment that Morris performed on the target organization?
A. internal assessment
B. Passive assessment
C. External assessment
D. Credentialed assessment

Question #:23 :
This wireless security protocol allows 192-bit minimum-strength security protocols and
cryptographic tools to protect sensitive data, such as GCMP-256. MMAC-SHA384, and ECDSA
using a 384-bit elliptic curve. Which is this wireless security protocol?
A. WPA2 Personal
B. WPA3-Personal
C. WPA2-Enterprise
D. WPA3-Enterprise

Question #:26 :
Clark is a professional hacker. He created and configured multiple domains pointing to the same
host to switch quickly between the domains and avoid detection. Identify the behavior of the
adversary In the above scenario.
A. use of command-line interface
B. Data staging
C. Unspecified proxy activities
D. Use of DNS tunneling
Question #:27 :
While testing a web application in development, you notice that the web server does not properly
ignore the "dot dot slash" (../) character string and instead returns the file listing of a folder
structure of the server.What kind of attack is possible in this scenario?
A. Cross-site scripting
B. Denial of service
C. SQL injection
D. Directory traversal

Question #:29 :
which of the following information security controls creates an appealing isolated environment
for hackers to prevent them from compromising critical targets while simultaneously gathering
information about the hacker?
A. intrusion detection system
B. Honeypot
C. Botnet
D Firewall

Question #:30 :
In order to tailor your tests during a web-application scan, you decide to determine which web-
server version is hosting the application. On using the SV flag with Nmap. you obtain the
following response: 80/tcp open http-proxy Apache Server 7.1.6 what Information-gathering
technique does this best describe?
A. Whois lookup
B. Banner grabbing
C. Dictionary attack
D. Brute forcing

Question #:32 :
Scenario: Joe turns on his home computer to access personal online banking. When he enters the
URL www.bank.com. The website is displayed, but it prompts him to re-enter his credentials as
if he has never visited the site before. When he examines the website URL closer, he finds that
the site is not secure and the web address appears different. What type of attack he is
experiencing?.
A. Dos attack
B. DHCP spoofing
C. ARP cache poisoning
D. DNS hijacking

Question #:34 :
what firewall evasion scanning technique make use of a zombie system that has low network
activity as well as its fragment identification numbers?
A. Decoy scanning
B. Packet fragmentation scanning
C. Spoof source address scanning
D. Idle scanning
Question #:35 :
Susan, a software developer, wants her web API to update other applications with the latest
information. For this purpose, she uses a user-defined HTTP tailback or push APIs that are raised
based on trigger events: when invoked, this feature supplies data to other applications so that
users can instantly receive real-time Information. Which of the following techniques is employed
by Susan?
A. web shells
B. Webhooks
C. REST API
D. SOAP API

Question #:38 :
There are multiple cloud deployment options depending on how isolated a customer's resources
are from those of other customers. Shared environments share the costs and allow each customer
to enjoy lower operations expenses. One solution Is for a customer to Join with a group of users
or organizations to share a cloud environment. What is this cloud deployment option called?
A. Hybrid
B. Community
C. Public
D. Private

Question #:40 :
jane, an ethical hacker. Is testing a target organization's web server and website to identity
security loopholes. In this process, she copied the entire website and its content on a local drive
to view the complete profile of the site's directory structure, file structure, external links, images,
web pages, and so on. This information helps jane map the website's directories and gain valuable
information. What is the attack technique employed by Jane in the above scenario?
A. website mirroring
B. Session hijacking
C. Web cache poisoning
D. Website defacement

Question #:42 :
Abel, a cloud architect, uses container technology to deploy applications/software including all
its dependencies, such as libraries and configuration files, binaries, and other resources that run
independently from other processes in the cloud environment. For the containerization of
applications, he follows the five-tier container technology architecture. Currently. Abel is
verifying and validating image contents, signing images, and sending them to the registries.
Which of the following tiers of the container technology architecture is Abel currently working
in?
A. Tier-1: Developer machines
B. Tier-4: Orchestrators
C. Tier-3: Registries
D. Tier-2: Testing and accreditation systems
Question #:44 :
Bob, an attacker, has managed to access a target loT device. He employed an online tool to gather
information related to the model of the loT device and the certifications granted to it. Which of
the following tools did Bob employ to gather the above Information?
A. search.com
B. EarthExplorer
C. Google image search
D. FCC ID search

Question #:49 :
Johnson, an attacker, performed online research for the contact details of reputed cybersecurity
firms. He found the contact number of sibertech.org and dialed the number, claiming himself to
represent a technical support team from a vendor. He warned that a specific server is about to be
compromised and requested sibertech.org to follow the provided instructions. Consequently, he
prompted the victim to execute unusual commands and install malicious files, which were then
used to collect and pass critical Information to Johnson's machine. What is the social engineering
technique Steve employed in the above scenario?
A. Quid pro quo
B. Diversion theft
C. Elicitation
D. Phishing

Question #:51 :
Widespread fraud ac Enron. WorldCom, and Tyco led to the creation of a law that was designed
to improve the accuracy and accountability of corporate disclosures. It covers accounting firms
and third parties that provide financial services to some organizations and came into effect in
2002. This law is known by what acronym?
A. Fed RAMP
B. PCIDSS
C. SOX
D. HIPAA

Question #:54 :
Robin, an attacker, is attempting to bypass the firewalls of an organization through the DNS
tunneling method in order to exfiltrate data. He is using the NSTX tool for bypassing the
firewalls. On which of the following ports should Robin run the NSTX tool?
A. Port 53
B. Port 23
C. Port 50
D. Port 80
Question #:57 :
Gerard, a disgruntled ex-employee of Sunglass IT Solutions, targets this organization to perform
sophisticated attacks and bring down its reputation in the market. To launch the attacks process,
he performed DNS footprinting to gather information about ONS servers and to identify the hosts
connected in the target network. He used an automated tool that can retrieve
Information about DNS zone data including DNS domain names, computer names. IP addresses.
DNS records, and network who is records. He further exploited this information to launch other
sophisticated attacks. What is the tool employed by Gerard in the above scenario?
A. Knative
B. ZANTI
C. Towelroot
D. Bluto

Question #:59 :
Attacker Steve targeted an organization's network with the aim of redirecting the company's web
traffic to another malicious website. To achieve this goal, Steve performed DNS cache poisoning
by exploiting the vulnerabilities In the DNS server software and modified the original IP address
of the target website to that of a fake website. What is the technique employed by Steve to gather
information for identity theft?
A. Pretexting
B. Pharming
C. Wardriving
D. Skimming

Question #:60 :
Alice needs to send a confidential document to her coworker. Bryan. Their company has public
key infrastructure set up. Therefore. Alice both encrypts the message and digitally signs it. Alice
uses encrypt the message, and Bryan uses
A. Bryan's public key; Bryan's public key
B. Alice's public key; Alice's public key
C. Bryan's private key; Alice's public key
D. Bryan's public key; Alice's public key

Question #:64 :
Ethical hacker jane Smith is attempting to perform an SQL injection attach. She wants to test the
response time of a true or false response and wants to use a second command to determine
whether the database will return true or false results for user IDs. which two SQL Injection types
would give her the results she is looking for?
A. Out of band and boolean-based
B. Time-based and union-based
C. union-based and error-based
D. Time-based and boolean-based
Question #:66 :
Nicolas just found a vulnerability on a public-facing system that is considered a zero-day
vulnerability. He sent an email to the owner of the public system describing the problem and how
the owner can protect themselves from that vulnerability. He also sent an email to Microsoft
informing them of the problem that their systems are exposed to. What type of hacker is Nicolas?
A. Red hat
B. white hat
C. Black hat
D. Gray hat

Question #:67 :
Attacker Rony Installed a rogue access point within an organization's perimeter and attempted to
Intrude into its internal network. Johnson, a security auditor, identified some unusual traffic in
the internal network that is aimed at cracking the authentication mechanism. He immediately
turned off the targeted network and tested for any weak and outdated security mechanisms that
are open to attack. What is the type of vulnerability assessment performed by Johnson in the
above scenario?
A. Distributed assessment
B. Wireless network assessment
C. Host-based assessment
D. Application assessment

Question #:70 :
Boney, a professional hacker, targets an organization for financial benefits. He performs an attack
by sending his session ID using an MITM attack technique. Boney first obtains a valid session
ID by logging into a service and later feeds the same session 10 to the target employee.
The session ID links the target employee to Boneys account page without disclosing any
information to the victim. When the target employee clicks on the link, all the sensitive payment
details entered in a form are linked to Boneys account. What is the attack performed by Boney in
the above scenario?
A. Session donation attack
B. Session fixation attack
C. Forbidden attack
D. CRIME attack

Question #:71 :
While browsing his Facebook teed, Matt sees a picture one of his friends posted with the caption.
"Learn more about your friends!", as well as a number of personal questions. Matt is suspicious
and texts his friend, who confirms that he did indeed post it. With assurance that the post is
legitimate. Matt responds to the questions on the post, a few days later. Mates bank account has
been accessed, and the password has been changed. What most likely happened?
A. Matt inadvertently provided the answers to his security questions when responding to the post.
B. Matt's bank-account login information was brute forced.
C. Matt Inadvertently provided his password when responding to the post.
D. Matt's computer was infected with a keylogger.
Question #:72 :
Attacker Lauren has gained the credentials of an organization's internal server system, and she
was often logging in during irregular times to monitor the network activities. The organization
was skeptical about the login times and appointed security professional Robert to determine the
issue. Robert analyzed the compromised device to find incident details such as the type of attack,
its severity, target, impact, method of propagation, and vulnerabilities exploited. What is the
incident handling and response (IH&R) phase, in which Robert has determined these issues?
A. Preparation
B. Eradication
C. Incident recording and assignment
D. Incident triage

Question #:74 :
Richard, an attacker, aimed to hack loT devices connected to a target network. In this process.
Richard recorded the frequency required to share information between connected devices. After
obtaining the frequency, he captured the original data when commands were initiated by the
connected devices. Once the original data were collected, he used free tools such as URH to
segregate the command sequence. Subsequently, he started injecting the segregated command
sequence on the same frequency into the lot network, which repeats the captured signals of the
devices. What Is the type of attack performed by Richard In the above scenario?
A. Side-channel attack
B. Replay attack
C. CrypTanalysis attack
D. Reconnaissance attack

Question #:75-(Exam Topic 2)
What would be the fastest way to perform content enumeration on a given web server by using
the Gobuster tool?
A. Performing content enumeration using the bruteforce mode and 10 threads
B. Shipping SSL certificate verification
C. Performing content enumeration using a wordlist
D. Performing content enumeration using the bruteforce mode and random file extensions

Question #:76 :
which of the following Bluetooth hacking techniques refers to the theft of information from a
wireless device through Bluetooth?
A. Bluesmacking
B. Bluebugging
C. Bluejacking
D. Bluesnarfing
Question #:78 :
jane invites her friends Alice and John over for a LAN party. Alice and John access Jane's
wireless network without a password. However. Jane has a long, complex password on her router.
What attack has likely occurred?
A. Wireless sniffing
B. Piggybacking
C. Evil twin
D. Wardriving

Question #:81 :
Ethical backer jane Doe is attempting to crack the password of the head of the it department of
ABC company. She Is utilizing a rainbow table and notices upon entering a password that extra
characters are added to the password after submitting. What countermeasure is the company using
to protect against rainbow tables?
A. Password key hashing
B. Password salting
C. Password hashing
D. Account lockout

Question #:84 :
Which file is a rich target to discover the structure of a website during web-server footprinting?
A. Document root
B. Robots.txt
C. domain.txt
D. index.html

Question #:87 :
Garry is a network administrator in an organization. He uses SNMP to manage networked devices
from a remote location. To manage nodes in the network, he uses MIB. which contains formal
descriptions of all network objects managed by SNMP. He accesses the contents of MIB by using
a web browser either by entering the IP address and Lseries.mlb or by entering the DNS library
name and Lseries.mlb. He is currently retrieving information from an MIB that contains object
types for workstations and server services. Which of the following types of MIB is accessed by
Garry in the above scenario?
A. LNMIB2.MIB
B. WINS.MIB
C. DHCP.MIS
D. MIB II.MIB
Question #:89 :
Bobby, an attacker, targeted a user and decided to hijack and intercept all their wireless
communications. He installed a fake communication tower between two authentic endpoints to
mislead the victim. Bobby used this virtual tower to interrupt the data transmission between the
user and real tower, attempting to hijack an active session, upon receiving the users request.
Bobby manipulated the traffic with the virtual tower and redirected the victim to a malicious
website. What is the attack performed by Bobby in the above scenario?
A. Wardriving
B. KRACK attack
C. jamming signal attack
D. alter attack

Question #:91 :
To invisibly maintain access to a machine, an attacker utilizes a toolkit that sits undetected In the
core components of the operating system. What is this type of rootkit an example of?
A. Mypervisor rootkit
B. Kernel toolkit
C. Hardware rootkit
D. Firmware rootkit

Question #:93 :
Taylor, a security professional, uses a tool to monitor her company's website, analyze the
website's traffic, and track the geographical location of the users visiting the company's website.
Which of the following tools did Taylor employ in the above scenario?
A. WebSite Watcher
B. web-Stat
C. Webroot
D. WAFWOOF

Question #:94-(Exam Topic 2)
A newly joined employee. Janet, has been allocated an existing system used by a previous
employee. Before issuing the system to Janet, it was assessed by Martin, the administrator. Martin
found that there were possibilities of compromise through user directories, registries, and other
system parameters. He also Identified vulnerabilities such as native configuration tables,
incorrect registry or file permissions, and software configuration errors. What is the type of
vulnerability assessment performed by Martin?
A. Credentialed assessment
B. Database assessment
C. Host-based assessment
D. Distributed assessment
Question #:95-(Exam Topic 2)
At what stage of the cyber kill chain theory model does data exfiltration occur?
A. Actions on objectives
B. Weaponization
C. installation
D. Command and control

Question #:96 :
Bella, a security professional working at an it firm, finds that a security breach has occurred while
transferring important files. Sensitive data, employee usernames. and passwords are shared In
plaintext, paving the way for hackers 10 perform successful session hijacking. To address this
situation. Bella Implemented a protocol that sends data using encryption and digital certificates.
Which of the following protocols Is used by Bella?
A. FTP
B. HTTPS
C. FTPS
D. IP

Question #:101 :
This form of encryption algorithm is asymmetric key block cipher that is characterized by a 128-
bit block size, and its key size can be up to 256 bits. Which among the following is this encryption
algorithm?
A. Twofish encryption algorithm
B. HMAC encryption algorithm
C. IDEA
D. Blowfish encryption algorithm

Question #:108 :
Harry. a professional hacker, targets the IT infrastructure of an organization. After preparing for
the attack, he attempts to enter the target network using techniques such as sending spear-phishing
emails and exploiting vulnerabilities on publicly available servers. Using these techniques, he
successfully deployed malware on the target system to establish an outbound connection. What
is the APT lifecycle phase that Harry is currently executing?
A. Preparation
B. Cleanup
C. Persistence
D. initial intrusion
Question #:112 :
Correct version
Annie, a cloud security engineer, uses the Docker architecture to employ a client/server model in
the application she is working on. She utilizes a component that can process API requests and
handle various Docker objects, such as containers, volumes. Images, and networks. What is the
component of the Docker architecture used by Annie in the above scenario?
A. Docker client
B. Docker objects
C. Docker daemon
D. Docker registries

Question #:113 :
SQL injection (SQLi) attacks attempt to inject SQL syntax into web requests, which may Bypass
authentication and allow attackers to access and/or modify data attached to a web application.
Which of the following SQLI types leverages a database server's ability to make DNS requests
to pass data to an attacker?
A. Union-based SQLI
B. Out-of-band SQLI
C. In-band SQLI
D. Time-based blind SQLI

Question #:116 :
You are a penetration tester working to test the user awareness of the employees of the client xyz.
You harvested two employees' emails from some public sources and are creating a client-side
backdoor to send it to the employees via email. Which stage of the cyber kill chain are you at?
A. Reconnaissance
B. Command and control
C. Weaponization
D. Exploitation

Question #:119 :
Ricardo has discovered the username for an application in his targets environment. As he has a
limited amount of time, he decides to attempt to use a list of common passwords he found on the
Internet. He compiles them into a list and then feeds that list as an argument into his password-
cracking application, what type of attack is Ricardo performing?
A. Known plaintext
B. Password spraying
C. Brute force
D. Dictionary
Question #:121 :
You are a penetration tester tasked with testing the wireless network of your client Brakeme SA.
You are attempting to break into the wireless network with the SSID "Brakeme-Internal." You
realize that this network uses WPA3 encryption, which of the following vulnerabilities is the
promising to exploit?
A. Dragonblood
B. Cross-site request forgery
C. Key reinstallation attack
D. AP Myconfiguration

Question #:123 :
joe works as an it administrator in an organization and has recently set up a cloud computing
service for the organization. To implement this service, he reached out to a telecom company for
providing Internet connectivity and transport services between the organization and the cloud
service provider, in the NIST cloud deployment reference architecture, under which category
does the telecom company fall in the above scenario?
A. Cloud booker
B. Cloud consumer
C. Cloud carrier
D. Cloud auditor

Question #:128 :
An attacker redirects the victim to malicious websites by sending them a malicious link by email.
The link appears authentic but redirects the victim to a malicious web page, which allows the
attacker to steal the victim's data. What type of attack is this?
A. Phishing
B. Vlishing
C. Spoofing
D. DDoS

Question #:129 :
Consider the following Nmap output:
Starting Nmap XXX (http://nmap.org) at xxx-xx-xx-xx:xx EDT Nmap scan report for
192.168.1.42 Host is up (0.00023s latency, Not shown: 932 filtered ports, 56 closed ports
PORT STATE SERVICE
21/tcp open ftp 995/tcp open
22/tcp open ssh Nmap done: 1 IP address (1 host up) scanned 3.90
25/tcp open smtp seco
53/tcp open domain
80/tcp open http
110/tcp open pop3 A. -sv
143/tcp open imap B. -Pn
443/tcp open https C. -V
465/tcp open smtps D. -ss
587/tcp open submission
993/tcp open imaps
Question #:130 :
Techno Security Inc. recently hired John as a penetration tester. He was tasked with identifying
open ports in the target network and determining whether the ports are online and any firewall
rule sets are encountered. John decided to perform a TCP SYN ping scan on the target network.
Which of the following Nmap commands must John use to perform the TCP SYN ping scan?
A. nmap-sn-pp
B. nmap-sn-PO
C. nmap-sn-PS
D. nmap-sn-PA

Question #:131 :
which type of virus can change its own code and then cipher itself multiple times as it replicates?
A. Stealth virus
B. Tunneling virus
C. Cavity virus
D. Encryption virus

Question #:132 :
Clark, a professional hacker, was hired by an organization to gather sensitive Information about
its competitors secretly. Clark gathers the server IP address of the target organization using Whole
footprinting. Further, he entered the server IP address as an input to an online tool to retrieve
information such as the network range of the target organization and to identify the network
topology and operating system used in the network. What is the online tool employed by Clark
in the above scenario?
A. AOL
B. ARIN
C. DuckDuckGo
D. Baidu

Question #:133-(Exam Topic 2)
Henry Is a cyber security specialist hired by BlackEye - Cyber security solutions. He was tasked
with discovering the operating system (OS) of a host. He used the Unkornscan tool to discover
the OS of the target system. As a result, he obtained a TTL value, which Indicates that the target
system is running a Windows OS. Identify the TTL value Henry obtained, which indicates that
the target OS is Windows.
A. 64
B. 128
C. 255
D. 138
Question #:134 :
Larry, a security professional in an organization, has noticed some abnormalities In the user
accounts on a web server. To thwart evolving attacks, he decided to harden the security of the
web server by adopting a countermeasures to secure the accounts on the web server.
Which of the following countermeasures must Larry implement to secure the user accounts on
the web server?
A. Enable unused default user accounts created during the installation of an OS
B. Enable all non-interactive accounts that should exist but do not require interactive login
C. Limit the administrator or toot-level access to the minimum number of users
D. Retain all unused modules and application extensions

Question #:136 :
What piece of hardware on a computer's motherboard generates encryption keys and only releases
a part of the key so that decrypting a disk on a new piece of hardware is not possible?
A. CPU
B. GPU
C. UEFI
D. TPM

Question #:137 :
Andrew is an Ethical Hacker who was assigned the task of discovering all the active devices
hidden by a restrictive firewall in the IPv4 range in a given target network.
Which of the following host discovery techniques must he use to perform the given task?
A. UDP scan
B. TCP Maimon scan
C. arp ping scan
D. ACK flag probe scan

Question #:139 :
John wants to send Marie an email that includes sensitive information, and he does not trust the
network that he is connected to. Marie gives him the idea of using PGP. What should John do to
communicate correctly using this type of encryption?
A. Use his own public key to encrypt the message.
B. Use Marie's public key to encrypt the message.
C. Use his own private key to encrypt the message.
D. Use Marie's private key to encrypt the message.

Question #:140 :
Robin, a professional hacker, targeted an organization's network to sniff all the traffic. During
this process. Robin plugged in a rogue switch to an unused port in the LAN with a priority lower
than any other switch in the network so that he could make it a root bridge that will later allow
him to sniff all the traffic in the network. What is the attack performed by Robin in the above
scenario?
A. ARP spoofing attack
B. VLAN hopping attack
C. DNS poisoning attack D. STP attack
Question #:141 :
infecting a system with malware and using phishing to gain credentials to a system or web
application are examples of which phase of the ethical hacking methodology?
A. Reconnaissance
B. Maintaining access
C. Scanning
D. Gaining access

Question #:144 :
What is the file that determines the basic configuration (specifically activities, services, broadcast
receivers,etc.) in an Android application?
A. AndroidManifest.xml
B. APK.info
C. resources.asrc
D. classes.dex

Question #:145-(Exam Topic 2)
What is the common name for a vulnerability disclosure program opened by companies In
platforms such as HackerOne?
A. Vulnerability hunting program
B. Bug bounty program
C. White-hat hacking program
D. Ethical hacking program

Question #:147 :
John, a professional hacker, targeted an organization that uses LDAP for accessing distributed
directory services. He used an automated tool to anonymously query the IDAP service for
sensitive information such as usernames. addresses, departmental details, and server names to
launch further attacks on the target organization.
What is the tool employed by John to gather information from the IDAP service?
A. jxplorer
B. Zabasearch
C. EarthExplorer
D. Ike-scan

Question #:148 :
in the Common Vulnerability Scoring System (CVSS) v3.1 severity ratings, what range does
medium vulnerability fall in?
A. 3.0-6.9
B. 40-6.0
C. 4.0-6.9
D. 3.9-6.9
Question #:149 :
Bill is a network administrator. He wants to eliminate unencrypted traffic inside his company's
network. He decides to setup a SPAN port and capture all traffic to the datacenter. He
immediately discovers unencrypted traffic in port UDP 161. what protocol is this port using and
how can he secure that traffic?
A. it is not necessary to perform any actions, as SNMP is not carrying important information.
B. SNMP and he should change it to SNMP V3
C. RPC and the best practice is to disable RPC completely
D. SNMP and he should change it to SNMP v2, which is encrypted

Question #:150 :
A friend of yours tells you that he downloaded and executed a file that was sent to him by a
coworker. Since the file did nothing when executed, he asks you for help because he suspects
that he may have installed a trojan on his computer.
what tests would you perform to determine whether his computer Is Infected?
A. Use ExifTool and check for malicious content.
B. You do not check; rather, you immediately restore a previous snapshot of the operating system.
C. Upload the file to VirusTotal.
D. Use netstat and check for outgoing connections to strange IP addresses or domains.

Question #:151 :
Alice, a professional hacker, targeted an organization's cloud services. She infiltrated the targets
MSP provider by sending spear-phishing emails and distributed custom-made malware to
compromise user accounts and gain remote access to the cloud service. Further, she accessed the
target customer profiles with her MSP account, compressed the customer data, and stored them
in the MSP. Then, she used this information to launch further attacks on the target organization.
Which of the following cloud attacks did Alice perform in the above scenario?
A. Cloud hopper attack
B. Cloud cryptojacking
C. Cloudborne attack
D. Man-in-the-cloud (MITC) attack

Question #:152 - (Exam Topic 2
Emily, an extrovert obsessed with social media, posts a large amount of private information,
photographs, and location tags of recently visited places. Realizing this. James, a professional
hacker, targets Emily and her acquaintances, conducts a location search to detect their geolocation
by using an automated tool, and gathers information to perform other sophisticated attacks. What
is the tool employed by James in the above scenario?
A. ophcrack
B. Hootsuite
C. VisualRoute
D. HULK
Question #:154 :
David is a security professional working in an organization, and he is implementing a
vulnerability management program in the organization to evaluate and control the risks and
vulnerabilities in its IT infrastructure. He is currently executing the process of applying fixes on
vulnerable systems to reduce the impact and severity of vulnerabilities. Which phase of the
vulnerability-management life cycle is David currently in?
A. verification
B. Risk assessment
C. Vulnerability scan
D. Remediation

Question #:155 :
Jason, an attacker, targeted an organization to perform an attack on its Internet-facing web server
with the intention of gaining access to backend servers, which are protected by a firewall. In this
process, he used a URL https://xyz.com/feed.php?url:externalsile.com/feed/to to obtain a remote
feed and altered the URL input to the local host to view all the local resources on the target server.
What is the type of attack Jason performed In the above scenario?
A. website defacement
B. Server-side request forgery (SSRF) attack
C. Web server misconfiguration
D. web cache poisoning attack

Question #:156 :
Suppose that you test an application for the SQL injection vulnerability. You know that the
backend database is based on Microsoft SQL Server. In the login/password form, you enter the
following credentials: Username: attack' or 1=1-
Password: 123456
Based on the above credentials, which of the following SQL commands are you expecting to be
executed by the server, if there is indeed an SQL injection vulnerability?
A. select * from Users where UserName = 'attack" or 1-1 -- and UserPassword = '123456'
B. select * from Users where UserName = 'attack' or 1-1 -- and UserPassword = "123456'
C. select * from Users where UserName = 'attack or 1=1 -- and UserPassword = "123456'
D. select * from Users where UserName = 'attack' or 1=1 --' and UserPassword = '123456'

Question #:162 :
which of the following protocols can be used to secure an LDAP service against anonymous
queries?
A. SSO
B. RADIUS
C. WPA
D. NTLM
Question #:164 :
Sam is working as a system administrator In an organization. He captured the principal
characteristics of a vulnerability and produced a numerical score to reflect Its severity using
CVSS v3.0 to property assess and prioritize the organization's vulnerability management
processes. The base score that Sam obtained after performing cvss rating was 4.0. What is the
CVSS severity level of the vulnerability discovered by Sam in the above scenario?
A. Medium
B. Low
C. Critical
D. High

Question #:167 :
Allen, a professional pen tester, was hired by XpertTech solutions to perform an attack simulation
on the organization's network resources. To perform the attack, he took advantage of the NetBIOS
API and targeted the NetBIOS service. B/enumerating NetBIOS, he found that port 139 was open
and could see the resources that could be accessed or viewed on a remote system. He came across
many NetBIOS codes during enumeration. Identify the NetBIOS code used for obtaining the
messenger service running for the logged-in user?
A.
B.
C.
D.

Question #:171 :
What is the port to block first in case you are suspicious that an loT device has been
compromised?
A. 22
B. 443
C. 48101
D. 80

Question #:172 :
Security administrator John Smith has noticed abnormal amounts of traffic coming from local
computers at night. Upon reviewing, he finds that user data have been exfiltrated by an attacker.
AV tools are unable to find any malicious software, and the IDS/IPS has not reported on any non-
whitelisted programs, what type of malware did the attacker use to bypass the company's
application whitelisting?
A. Phishing malware
B. Zero-day malware
C. File-less malware
D. Logic bomb malware
Question #:173 :
There have been concerns in your network that the wireless network component is not sufficiently
secure. You perform a vulnerability scan of the wireless network and find that it is using an old
encryption protocol that was designed to mimic wired encryption, what encryption protocol is
being used?
A. WEP
B. RADIUS
C. WPA
D. WPA3

Question #:174 :
Which of the following commands checks for valid users on an SMTP server?
A. RCPT
B. CHK
C. VRFY
D. EXPN

Question #:175 :
Gilbert, a web developer, uses a centralized web API to reduce complexity and increase the
Integrity of updating and changing data. For this purpose, he uses a web service that uses HTTP
methods such as PUT. POST. GET. and DELETE and can improve the overall performance,
visibility, scalability, reliability, and portability of an application. What is the type of web-service
API mentioned in the above scenario?"
A. JSON-RPC
B. SOAP API
C. RESTful API
D. REST API

Question #:176 :
Abel, a security professional, conducts penetration testing in his client organization to check for
any security loopholes. He launched an attack on the DHCP servers by broadcasting forged
DHCP requests and leased all the DHCP addresses available in the DHCP scope until the server
could not issue any more IP addresses. This led to a Dos attack, and as a result, legitimate
employees were unable to access the clients network. Which of the following attacks did Abel
perform in the above scenario?
A. VLAN hopping
B. DHCP starvation
C. Rogue DHCP server attack
D. STP attack
Question #:179 :
John, a disgruntled ex-employee of an organization, contacted a professional hacker to exploit
the organization. In the attack process, the professional hacker Installed a scanner on a machine
belonging to one of the viktims and scanned several machines on the same network to Identify
vulnerabilities to perform further exploitation. What is the type of vulnerability assessment tool
employed by John in the above scenario?
A. Proxy scanner
B. Agent-based scanner
C. Network-based scanner
D. Cluster scanner

Question #:180 :
Jim, a professional hacker, targeted an organization that is operating critical Industrial
Infrastructure. Jim used Nmap to scan open pons and running services on systems connected to
the organization's OT network. He used an Nmap command to identify Ethernet/IP devices
connected to the Internet and further gathered Information such as the vendor name, product code
and name, device name, and IP address. Which of the following Nmap commands helped Jim
retrieve the required information?
A. nmap -Pn -sT --scan-delay Is --max-parallelism 1 -p
B. nmap -Pn -sU -p 44818 --script enip-info
C. nmap -Pn -sT -p 46824
D. nmap -Pn -sT -p 102 --script s7-info

Question #:182 :
Bob was recently hired by a medical company after it experienced a major cyber security breach.
Many patients are complaining that their personal medical records are fully exposed on the
Internet and someone can find them with a simple Google search. Bob's boss is very worried
because of regulations that protect those data. Which of the following regulations is mostly
violated?
A. HIPPA/PHI
B. Pll
C. PCIDSS
D. ISO 2002

Question #:14 :
To create a botnet. the attacker can use several techniques to scan vulnerable machines. The
attacker first collects Information about a large number of vulnerable machines to create a list.
Subsequently, they infect the machines. The list Is divided by assigning half of the list to the
newly compromised machines. The scanning process runs simultaneously. This technique
ensures the spreading and installation of malicious code in little time.
Which technique is discussed here?
A. Hit-list-scanning technique
B. Topological scanning technique
C. Subnet scanning technique
D. Permutation scanning technique
Question #:19 :
Judy created a forum, one day. she discovers that a user is posting strange images without writing
comments. She immediately calls a security expert, who discovers that the following code is
hidden behind those images:
document.write('o] - 'a':
What type of attack is this?
A. CSRF
B. XSS
C. Buffer overflow
D. SQL injection

Question #:208 :
A penetration tester is performing the footprinting process and is reviewing publicly available
information about an organization by using the Google search engine.
Which of the following advanced operators would allow the pen tester to restrict the search to the
organization's web domain?
A. [allinurl:]
B. [location:]
C. [site:]
D. [link:]
Question #:213 :
CyberTech Inc. recently experienced SQL injection attacks on its official website. The company
appointed Bob, a security professional, to build and incorporate defensive strategies against such
attacks. Bob adopted a practice whereby only a list of entities such as the data type, range, size,
and value, which have been approved for secured access, is accepted. What is the defensive
technique employed by Bob in the above scenario?
A. Output encoding
B. Enforce least privileges
C. Whitelist validation
D. Blacklist validation

Question #:223 :
John, a professional hacker, performs a network attack on a renowned organization and gains
unauthorized access to the target network. He remains in the network without being detected for
a long time and obtains sensitive information without sabotaging the organization. Which of the
following attack techniques is used by John?
A. Advanced persistent theft
B. threat Diversion theft
C. Spear-phishing sites
D. insider threat

Question #:228 :
Don, a student, came across a gaming app in a third-party app store and Installed it. Subsequently,
all the legitimate apps in his smartphone were replaced by deceptive applications that appeared
legitimate. He also received many advertisements on his smartphone after Installing the app.
What is the attack performed on Don in the above scenario?
A. SMS phishing attack
B. SIM card attack
C. Agent Smith attack
D. Clickjacking

Question #:233 :
By performing a penetration test, you gained access under a user account. During the test, you
established a connection with your own machine via the SMB service and occasionally entered
your login and password in plaintext.
Which file do you have to clean to clear the password?
A. X session-log
B..bashrc
C..profile
D..bash_history
Question #:235 :
An organization has automated the operation of critical infrastructure from a remote location. For
this purpose, all the industrial control systems are connected to the Internet. To empower the
manufacturing process, ensure the reliability of industrial networks, and reduce downtime and
service disruption, the organization deckled to install an OT security tool that further protects
against security incidents such as cyber espionage, zero-day attacks, and malware. Which of the
following tools must the organization employ to protect its critical infrastructure?
A. Robotium
B. BalenaCloud
C. Flowmon
D. IntentFuzzer

Question #:237 :
While performing an Nmap scan against a host, Paola determines the existence of a firewall. In
an attempt to determine whether the firewall is stateful or stateless, which of the following options
would be best to use?
A. -SA
B. -sX
C. -ST
D. -sF

Question #:247 :
Juliet, a security researcher in an organization, was tasked with checking for the authenticity of
images to be used in the organization's magazines. She used these images as a search query and
tracked the original source and details of the images, which included photographs, profile
pictures, and memes. Which of the following footprinting techniques did Rachel use to finish her
task?
A. Reverse image search
B. Meta search engines
C. Advanced image search
D. Google advanced search