CEHv12 Questions and Answers 2024 PDF
Document Details
Uploaded by StylizedRabbit1003
Jamhuriya
2024
Tags
Summary
This document contains a set of cybersecurity exam questions, focused on ethical hacking and information security fundamentals. It includes questions concerning network security, attacks, and security protocols.
Full Transcript
QUESTION NO: 1 Elante company has recently hired James as a penetration tester. He was tasked with performing enumeration on an organization's network. In the process of enumeration, James discovered a service that is accessible to external sources. This service runs directly on port 21. What is the...
QUESTION NO: 1 Elante company has recently hired James as a penetration tester. He was tasked with performing enumeration on an organization's network. In the process of enumeration, James discovered a service that is accessible to external sources. This service runs directly on port 21. What is the service enumerated byjames in the above scenario? A. Remote procedure call (RPC) B. Border Gateway Protocol (BGP) C. Network File System (NFS) D. File Transfer Protocol (FTP) QUESTION NO: 2 If a token and 4-digit personal identification number (PIN) are used to access a computer system and the token performs off-line checking for the correct PIN, what type of attack is possible? A. Birthday B. Man-in-the-middle C. Brute force D. Smurf QUESTION NO: 3 A large enterprise has been experiencing sporadic system crashes and instability, resulting in limited access to its web services. The security team suspects it could be a result of a Denial of Service (DoS) attack. A significant increase in traffic was noticed in the network logs, with patterns suggesting packet sizes exceeding the prescribed size limit. Which among the following DoS attack techniques best describes this scenario? A. UDP flood attack B. Smurf attack C. Pulse wave attack D. Ping of Death attack QUESTION NO: 4 Identify the UDP port that Network Time Protocol (NTP) uses as its primary means of communication? A. 113 B. 69 C. 123 D. 161 QUESTION NO: 5 Rebecca, a security professional, wants to authenticate employees who use web services for safe and secure communication. In this process, she employs a component of the Web Service Architecture, which is an extension of SOAP, and it can maintain the integrity and confidentiality of SOAP messages. Which of the following components of the Web Service Architecture is used by Rebecca for securing the communication? A. WSDL B. WS-Security C. WS-Policy D. WS Work Processes QUESTION NO: 6 Yancey is a network security administrator for a large electric company. This company provides power for over 100,000 people in Las Vegas. Yancey has worked for his company for over 15 years and has become very successful. One day, Yancey comes in to work and finds out that the company will be downsizing and he will be out of a job in two weeks. Yancey is very angry and decides to place logic bombs, viruses, Trojans, and backdoors all over the network to take down the company once he has left. Yancey does not care if his actions land him in jail for 30 or more years, he just wants the company to pay for what they are doing to him. What would Yancey be considered? A. Since he does not care about going to jail, he would be considered a Black Hat B. Because Yancey works for the company currently; he would be a White Hat C. Yancey would be considered a Suicide Hacker D. Yancey is a Hacktivist Hacker since he is standing up to a company that is downsizing QUESTION NO: 7 is a set of extensions to DNS that provide the origin authentication of DNS data to DNS clients (resolvers) so as to reduce the threat of DNS poisoning, spoofing, and similar types of attacks. A. DNSSEC B. Resource records C. Resource transfer D. Zone transfer QUESTION NO: 8 An organization has automated the operation of critical infrastructure from a remote location. For this purpose, all the industrial control systems are connected to the Internet. To empower the manufacturing process, ensure the reliability of industrial networks, and reduce downtime and service disruption, the organization deckled to install an OT security tool that further protects against security incidents such as cyber espionage, zero-day attacks, and malware. Which of the following tools must the organization employ to protect its critical infrastructure? O A. Robotium B. BalenaCloud C. Flowmon D. IntentFuzzer QUESTION NO: 9 Which DNS resource record can indicate how long any "DNS poisoning" could last? A. MX B. SOA C. TIMEOUT D. NS QUESTION NO: 10 You are analysing traffic on the network with Wireshark. You want to routinely run a cron job which will run the capture against a specific set of IPs - 192.168.8.0/24. What command you would use? A. wireshark --fetch "192.168.8*" B. wireshark --capture --local masked 192.168.8.0-range 24 C. sudo tshark -f''net 192.68.8.0/24" D. tshark -net 192.255.255.255 mask 192.168.8.0 QUESTION NO: 11 What port number is used by LDAP protocol? A. 445 B. 110 C. 464 D. 389 QUESTION NO: 12 A company's Web development team has become aware of a certain type of security vulnerability in their Web software. To mitigate the possibility of this vulnerability being exploited, the team wants to modify the software requirements to disallow users from entering HTML as input into their Web application. What kind of Web application vulnerability likely exists in their software? A. Cross-site scripting vulnerability B. SQL injection vulnerability C. Web site defacement vulnerability D. Gross-site Request Forgery vulnerability QUESTION NO: 13 Which of the following antennas is commonly used in communications for a frequency band of 10 MHz to VHF and UHF? A. Omnidirectional antenna B. Parabolic grid antenna C. Yagi antenna D. Dipole antenna QUESTION NO: 14 What is the first step for a hacker conducting a DNS cache poisoning (DNS spoofing) attack against an organization? A. The attacker queries a nameserver using the DNS resolver. B. The attacker makes a request to the DNS resolver. C. The attacker forges a reply from the DNS resolver. D. The attacker uses TCP to poison the ONS resofver. QUESTION NO: 15 Which of the following options represents a conceptual characteristic of an anomaly-based IDS over a signature-based IDS? A. Produces less false positives B. Can identify unknown attacks C. Requires vendor updates for a new threat D. Cannot deal with encrypted network traffic QUESTION NO: 16 Nathan is testing some of his network devices. Nathan is using Macof to try and flood the ARP cache of these switches. If these switches' ARP cache is successfully flooded, what will be the result? A. The switches will route all traffic to the broadcast address created collisions. B. If the ARP cache is flooded, the switches will drop into pix mode making it less susceptible to attacks. C. The switches will drop into hub mode if the ARP cache is successfully flooded. D. Depending on the switch manufacturer, the device will either delete every entry in its ARP cache or reroute packets to the nearest switch. QUESTION NO: 17 During a recent security assessment, you discover the organization has one Domain Name Server (DNS) in a Demilitarized Zone (DMZ) and a second DNS server on the internal network. What is this type of DNS configuration commonly called? A. DNSSEC B. DynDNS C. DNS Scheme D. Split DNS QUESTION NO: 18 What do Trinoo, TFN2k, WinTrinoo, T-Sight, and Stracheldraht have in common? A. All are tools that are only effective against Linux B. All are hacking tools developed by the legion of doom C. All are tools that can be used not only by hackers, but also security personnel D. All are tools that are only effective against Windows E. All are DDOS tools QUESTION NO: 19 What is one of the advantages of using both symmetric and asymmetric cryptography in SSL/TLS? A. Symmetric algorithms such as AES provide a failsafe when asymmetric methods fail. B. Asymmetric cryptography is computationally expensive in comparison. However, it is well-suited to securely negotiate keys for use with symmetric cryptography. C. Supporting both types of algorithms allows less-powerful devices such as mobile phones to use symmetric encryption instead. D. Symmetric encryption allows the server to security transmit the session keys out-of-band. QUESTION NO: 20 During a red team engagement, an ethical hacker is tasked with testing the security measures of an organization's wireless network. The hacker needs to select an appropriate tool to carry out a session hijacking attack. Which of the following tools should the hacker use to effectively perform session hijacking and subsequent security analysis, given that the target wireless network has the Wi-Fi Protected Access- preshared key (WPA-PSK) security protocol in place? A. FaceNiff B. Hetty C. Droidsheep D. bettercap QUESTION NO: 21 What does a firewall check to prevent particular ports and applications from getting packets into an organization? A. Transport layer port numbers and application layer headers B. Presentation layer headers and the session layer port numbers C. Application layer port numbers and the transport layer headers D. Network layer headers and the session layer port numbers QUESTION NO: 22 In the context of password security, a simple dictionary attack involves loading a dictionary file (a text file full of dictionary words) into a cracking application such as LophtCrack or John the Ripper, and running it against user accounts located by the application. The larger the word and word fragment selection, the more effective the dictionary attack is. The brute force method is the most inclusive, although slow. It usually tries every possible letter and number combination in its automated exploration. If you would use both brute force and dictionary methods combined together to have variation of words, what would you call such an attack? A. Thorough B. BruteDics C. Full Blown D. Hybrid QUESTION NO: 23 Alice, a professional hacker, targeted an organization's cloud services. She infiltrated the targets MSP provider by sending spear-phishing emails and distributed custom-made malware to compromise user accounts and gain remote access to the cloud service. Further, she accessed the target customer profiles with her MSP account, compressed the customer data, and stored them in the MSP. Then, she used this information to launch further attacks on the target organization. Which of the following cloud attacks did Alice perform in the above scenario? A. Cloud hopper attack B. Cloud cryptojacking C. Cloudborne attack D. Man-in-the-cloud (MITC) attack QUESTION NO: 24 Which of the following tools is used to detect wireless LANs using the 802.11a/b/g/n WLAN standards on a linux platform? A. Kismet B. Abel C. Netstumbler D. Nessus QUESTION NO: 25 During a recent vulnerability assessment of a major corporation's IT systems, the security team identified several potential risks. They want to use a vulnerability scoring system to quantify and prioritize these vulnerabilities. They decide to use the Common Vulnerability Scoring System (CVSS). Given the characteristics of the identified vulnerabilities, which of the following statements is the most accurate regarding the metric types used by CVSS to measure these vulnerabilities? A. Temporal metric represents the inherent qualities of a vulnerability B. Base metric represents the inherent qualities of a vulnerability C. Environmental metric involves the features that change during the lifetime of the vulnerability D. Temporal metric involves measuring vulnerabilities based on a specific environment or implementation QUESTION NO: 26 Robert, a professional hacker, is attempting to execute a fault injection attack on a target loT device. In this process, he injects faults into the power supply that can be used for remote execution, also causing the skipping of key instructions. He also injects faults into the clock network used for delivering a synchronized signal across the chip. Which of the following types of fault injection attack is performed by Robert in the above scenario? A. Frequency/voltage tampering B. Optical, electromagnetic fault injection (EMFI) C. Temperature attack D. Power/clock/reset glitching QUESTION NO: 27 In a large organization, a network security analyst discovered a series of packet captures that seem unusual. The network operates on a switched Ethernet environment. The security team suspects that an attacker might be using a sniffer tool. Which technique could the attacker be using to successfully carry out this attack, considering the switched nature of the network? A. The attacker might be compromising physical security to plug into the network directly B. The attacker might be implementing MAC flooding to overwhelm the switch's memory C. The attacker is probably using a Trojan horse with in-built sniffing capability D. The attacker might be using passive sniffing, as it provides significant stealth advantages QUESTION NO: 28 When a normal TCP connection starts, a destination host receives a SYN (synchronize/start) packet from a source host and sends back a SYN/ACK (synchronize acknowledge). The destination host must then hear an ACK (acknowledge) of the SYN/ACK before the connection is established. This is referred to as the "TCP three-way handshake." While waiting for the ACK to the SYN ACK, a connection queue of finite size on the destination host keeps track of connections waiting to be completed. This queue typically empties quickly since the ACK is expected to arrive a few milliseconds after the SYN ACK. How would an attacker exploit this design by launching TCP SYN attack? A. Attacker generates TCP RST packets with random source addresses towards a victim host B. Attacker generates TCP SYN packets with random destination addresses towards a victim host C. Attacker generates TCP ACK packets with random source addresses towards a victim host D. Attacker floods TCP SYN packets with random source addresses towards a victim host QUESTION NO: 29 What is the least important information when you analyze a public IP address in a security alert? A. Whois B. DNS C. Geolocation D. ARP QUESTION NO: 30 E-mail scams and mail fraud are regulated by which of the following? A. 18 U.S.C. par. 1030 Fraud and Related activity in connection with Computers B. 18 U.S.C. par. 1362 Communication Lines, Stations, or Systems C. 18 U.S.C. par. 2510 Wire and Electronic Communications Interception and Interception of Oral Communication D. 18 U.S.C. par. 1029 Fraud and Related activity in connection with Access Devices QUESTION NO: 31 While testing a web application in development, you notice that the web server does not properly ignore the "dot dot slash" (../) character string and instead returns the file listing of a folder structure of the server. What kind of attack is possible in this scenario? A. Cross-site scripting B. Denial of service C. SQL injection D. Directory traversal QUESTION NO: 32 Jude, a pen tester working in Keiltech Ltd., performs sophisticated security testing on his company's network infrastructure to identify security loopholes. In this process, he started to circumvent the network protection tools and firewalls used in the company. He employed a technique that can create forged TCP sessions by carrying out multiple SYN, ACK, and RST or FIN packets. Further, this process allowed Jude to execute DDoS attacks that can exhaust the network resources. What is the attack technique used by Jude for finding loopholes in the above scenario? A. UDP flood attack B. Ping-of-death attack C. Spoofed session flood attack D. Peer-to-peer attack QUESTION NO: 33 An attacker changes the profile information of a particular user (victim) on the target website. The attacker uses this string to update the victim's profile to a text file and then submit the data to the attacker's database. < iframe src=""http://www.vulnweb.com/updateif.php"" style="""display:none"" > What is this type of attack (that can use either HTTP GET or HTTP POST) called? A. Browser Hacking B. Cross-Site Scripting C. SQL Injection D. Cross-Site Request Forgery QUESTION NO: 34 Given below are different steps involved in the vulnerability-management life cycle. 1) Remediation 2) Identify assets and create a baseline 3) Verification 4) Monitor 5) Vulnerability scan 6) Risk assessment Identify the correct sequence of steps involved in vulnerability management. A. 2--5--6--1--3-->4 B. 2--1--5--6-->4-->3 C. 1--2--3-->4-->5-->6 D. 2-->4-->5--3--6--> 1 QUESTION NO: 35 Which system consists of a publicly available set of databases that contain domain name registration contact information? A. CAPTCHA B. IANA C. WHOIS D. IETF QUESTION NO: 35 Which system consists of a publicly available set of databases that contain domain name registration contact information? A. CAPTCHA B. IANA C. WHOIS D. IETF QUESTION NO: 37 When a security analyst prepares for the formal security assessment - what of the following should be done in order to determine inconsistencies in the secure assets database and verify that system is compliant to the minimum security baseline? A. Reviewing the firewalls configuration B. Interviewing employees and network engineers C. Data items and vulnerability scanning D. Source code review QUESTION NO: 38 Nedved is an IT Security Manager of a bank in his country. One day. he found out that there is a security breach to his company's email server based on analysis of a suspicious connection from the email server to an unknown IP Address. What is the first thing that Nedved needs to do before contacting the incident response team? O A. Block the connection to the suspicious IP Address from the firewall B. Leave it as it Is and contact the incident response te3m right away C. Disconnect the email server from the network D. Migrate the connection to the backup email server QUESTION NO: 39 Jason, an attacker, targeted an organization to perform an attack on its Internet-facing web server with the intention of gaining access to backend servers, which are protected by a firewall. In this process, he used a URL https://xyz.com/feed.php?url:externalsile.com/feed/to to obtain a remote feed and altered the URL input to the local host to view all the local resources on the target server. What is the type of attack Jason performed In the above scenario? A. website defacement B. Server-side request forgery (SSRF) attack C. Web server misconfiguration D. web cache poisoning attack QUESTION NO: 40 in this form of encryption algorithm, every Individual block contains 64-bit data, and three keys are used, where each key consists of 56 bits. Which is this encryption algorithm? A. IDEA B. Triple Data Encryption standard C. MDS encryption algorithm D. AES QUESTION NO: 41 A malicious user has acquired a Ticket Granting Service from the domain controller using a valid user's Ticket Granting Ticket in a Kerberoasting attack. He exhorted the TGS tickets from memory for offline cracking. But the attacker was stopped before he could complete his attack. The system administrator needs to investigate and remediate the potential breach. What should be the immediate step the system administrator takes? A. Perform a system reboot to clear the memory B. Delete the compromised user's account C. Change the NTLM password hash used to encrypt the ST OD. invalidate the TGS the attacker acquired QUESTION NO: 42 A large corporate network is being subjected to repeated sniffing attacks. To increase security, the company's IT department decides to implement a combination of several security measures. They permanently add theMAC address of the gateway to the ARP cache, switch to using IPv6 instead of IPv4, implement the use of encrypted sessions such as SSH instead of Telnet, and use Secure File Transfer Protocol instead of FTP. However, they are still faced with the threat of sniffing. Considering the countermeasures, what should be their next step to enhance network security? A. Use HTTP instead of HTTPS for protecting usernames and passwords B. Implement network scanning and monitoring tools C. Enable network identification broadcasts D. Retrieve MAC addresses from the OS QUESTION NO: 43 A "Server-Side Includes" attack refers to the exploitation of a web application by injecting scripts in HTML pages or executing arbitrary code remotely. Which web-page file type, if it exists on the web server, is a strong indication that the server is vulnerable to this kind of attack? A..stm B..html C..rss D..cms QUESTION NO: 44 Which of the following steps for risk assessment methodology refers to vulnerability identification? A. Assigns values to risk probabilities; Impact values. B. Determines if any flaws exist in systems, policies, or procedures C. Determines risk probability that vulnerability will be exploited (High. Medium, Low) D. Identifies sources of harm to an IT system. (Natural, Human. Environmental) QUESTION NO: 45 Which access control mechanism allows for multiple systems to use a central authentication server (CAS) that permits users to authenticate once and gain access to multiple systems? A. Windows authentication B. Single sign-on C. Discretionary Access Control (DAC) D. Role Based Access Control (RBAC) QUESTION NO: 46 Bob is doing a password assessment for one of his clients. Bob suspects that security policies are not in place. He also suspects that weak passwords are probably the norm throughout the company he is evaluating. Bob is familiar with password weaknesses and key loggers. Which of the following options best represents the means that Bob can adopt to retrieve passwords from his clients hosts and servers? A. Hardware and Software Keyloggers. B. Passwords are always best obtained using Hardware key loggers. C. Hardware, Software, and Sniffing. D. Software only, they are the most effective. QUESTION NO: 47 John, a professional hacker, targeted an organization that uses LDAP for accessing distributed directory services. He used an automated tool to anonymously query the IDAP service for sensitive information such as usernames. addresses, departmental details, and server names to launch further attacks on the target organization. What is the tool employed by John to gather information from the IDAP service? A. jxplorer B. Zabasearch C. EarthExplorer D. Ike-scan QUESTION NO: 46 Bob is doing a password assessment for one of his clients. Bob suspects that security policies are not in place. He also suspects that weak passwords are probably the norm throughout the company he is evaluating. Bob is familiar with password weaknesses and key loggers. Which of the following options best represents the means that Bob can adopt to retrieve passwords from his clients hosts and servers? A. Hardware and Software Keyloggers. B. Passwords are always best obtained using Hardware key loggers. C. Hardware, Software, and Sniffing. D. Software only, they are the most effective. QUESTION NO: 47 John, a professional hacker, targeted an organization that uses LDAP for accessing distributed directory services. He used an automated tool to anonymously query the IDAP service for sensitive information such as usernames. addresses, departmental details, and server names to launch further attacks on the target organization. What is the tool employed by John to gather information from the IDAP service? A. jxplorer B. Zabasearch C. EarthExplorer D. Ike-scan QUESTION NO: 48 Tony is a penetration tester tasked with performing a penetration test. After gaining initial access to a target system, he finds a list of hashed passwords. Which of the following tools would not be useful for cracking the hashed passwords? A. THC-Hydra B. John the Ripper C. Hashcat D. netcat QUESTION NO: 49 A network administrator discovers several unknown files in the root directory of his Linux FTP server. One of the files is a tarball, two are shell script files, and the third is a binary file is named "nc." The FTP server's access logs show that the anonymous user account logged in to the server, uploaded the files, and extracted the contents of the tarball and ran the script using a function provided by the FTP server's software. The "ps" command shows that the "nc" file is running as process, and the netstat command shows the "nc" process is listening on a network port. What kind of vulnerability must be present to make this remote attack possible? A. File system permissions B. Privilege escalation C. Directory traversal D. Brute force login QUESTION NO: 50 An ethical hacker is testing a web application of a financial firm. During the test, a 'Contact Us' form's input field is found to lack proper user input validation, indicating a potential Cross-Site Scripting (XSS) vulnerability. However, the application has a stringent Content Security Policy (CSP) disallowing inline scripts and scripts from external domains but permitting scripts from its own domain. What would be the hacker's next step to confirm the XSS vulnerability? A. Try to disable the CSP to bypass script restrictions B. Inject a benign script inline to the form to see if it executes C. Utilize a script hosted on the application's domain to test the form D. Load a script from an external domain to test the vulnerability QUESTION NO: 51 Which tier in the N-tier application architecture is responsible for moving and processing data between the tiers? A. Logic tier B. Application Layer C. Presentation tier D. Data tier QUESTION NO: 52 Jack, a professional hacker, targets an organization and performs vulnerability scanning on the target web server to identify any possible weaknesses, vulnerabilities, and misconfigurations. In this process, Jack uses an automated tool that eases his work and performs vulnerability scanning to find hosts, services, and other vulnerabilities in the target server. Which of the following tools is used by Jack to perform vulnerability scanning? A. NCollector Studio B. Netsparker C. Infoga D. WebCopier Pro QUESTION NO: 53 You are tasked to configure the DHCP server to lease the last 100 usable IP addresses in subnet to. 1.4.0/23. Which of the following IP addresses could be teased as a result of the new configuration? A. 10.1.4.156 B. 210.1.55.200 C. 10.1.4.254 D. 10..1.5.200 QUESTION NO: 54 Your company, SecureTech Inc., is planning to transmit some sensitive data over an unsecured communication channel. As a cyber security expert, you decide to use symmetric key encryption to protect the data. However, you must also ensure the secure exchange of the symmetric key. Which of the following protocols would you recommend to the team to achieve this? A. Implementing SSL certificates on your company's web servers. B. Applying the Diffie-Hellman protocol to exchange the symmetric key. C. Switching all data transmission to the HTTPS protocol. D. Utilizing SSH for secure remote logins to the servers. QUESTION NO: 55 John, a security analyst working for an organization, found a critical vulnerability on the organization's LAN that allows him to view financial and personal information about the rest of the employees. Before reporting the vulnerability, he examines the information shown by the vulnerability for two days without disclosing any information to third parties or other internal employees. He does so out of curiosity about the other employees and may take advantage of this information later. What would John be considered as? A. White hat B. Cybercriminal C. Black hat D. Gray hat QUESTION NO: 56 When conducting a penetration test, it is crucial to use all means to get all available information about the target network. One of the ways to do that is by sniffing the network. Which of the following cannot be performed by the passive network sniffing? A. Identifying operating systems, services, protocols and devices B. Modifying and replaying captured network traffic C. Capturing a network traffic for further analysis D. Collecting unencrypted information about usernames and passwords QUESTION NO: 57 Sarah, a system administrator, was alerted of potential malicious activity on the network of her company. She discovered a malicious program spread through the instant messenger application used by her team. The attacker had obtained access to one of her teammate's messenger accounts and started sending files across the contact list. Which best describes the attack scenario and what measure could have prevented it? A. Instant Messenger Applications; verifying the sender's identity before opening any files B. Insecure Patch Management; updating application software regularly C. Rogue/Decoy Applications; ensuring software is labeled as TRUSTED D. Portable Hardware Media/Removable Devices; disabling Autorun functionality QUESTION NO: 58 User A is writing a sensitive email message to user B outside the local network. User A has chosen to use PKI to secure his message and ensure only user B can read the sensitive email. At what layer of the OSI layer does the encryption and decryption of the message take place? A. Application B. Transport C. Session D. Presentation QUESTION NO: 59 DHCP snooping is a great solution to prevent rogue DHCP servers on your network. Which security feature on switchers leverages the DHCP snooping database to help prevent man-in-the-middle attacks? A. Spanning tree B. Dynamic ARP Inspection (DAI) C. Port security D. Layer 2 Attack Prevention Protocol (LAPP) QUESTION NO: 60 As part of a college project, you have set up a web server for hosting your team's application. Given your interest in cybersecurity, you have taken the lead in securing the server. You are aware that hackers often attempt to exploit server misconfigurations. Which of the following actions would best protect your web server from potential misconfiguration-based attacks? O A. Performing regular server configuration audits B. Enabling multi-factor authentication for users C. Implementing a firewall to filter traffic D. Regularly backing up server data QUESTION NO: 61 After an audit, the auditors Inform you that there is a critical finding that you must tackle Immediately. You read the audit report, and the problem is the service running on port 389. Which service Is this and how can you tackle the problem? A. The service is LDAP. and you must change it to 636. which is LDPAPS. B. The service is NTP. and you have to change It from UDP to TCP in order to encrypt it C. The findings do not require immediate actions and are only suggestions. D. The service is SMTP, and you must change it to SMIME. which is an encrypted way to send emails. QUESTION NO: 62 Techno Security Inc. recently hired John as a penetration tester. He was tasked with identifying open ports in the target network and determining whether the ports are online and any firewall rule sets are encountered. John decided to perform a TCP SYN ping scan on the target network. Which of the following Nmap commands must John use to perform the TCP SYN ping scan? A. nmap -sn-pp < target ip address > B. nmap -sn -PO < target IP address> C. nmap -sn-PS < target IP address > D. nmap -sn -PA < target IP address > QUESTION NO: 63 Ricardo has discovered the username for an application in his targets environment. As he has a limited amount of time, he decides to attempt to use a list of common passwords he found on the Internet. He compiles them into a list and then feeds that list as an argument into his password-cracking application, what type of attack is Ricardo performing? A. Known plaintext B. Password spraying C. Brute force D. Dictionary QUESTION NO: 64 When considering how an attacker may exploit a web server, what is web server footprinting? A. When an attacker creates a complete profile of the site's external links and file structures B. When an attacker implements a vulnerability scanner to identify weaknesses C. When an attacker gathers system-level data, including account details and server names D. When an attacker uses a brute-force attack to crack a web-server password QUESTION NO: 65 A network admin contacts you. He is concerned that ARP spoofing or poisoning might occur on his network. What are some things he can do to prevent it? Select the best answers. A. Use port security on his switches. B. If you have a small network, use static ARP entries. C. Use a tool like ARPwatch to monitor for strange ARP activity. D. Use only static IP addresses on all PC's. E. Use a firewall between all LAN segments. QUESTION NO: 66 Don, a student, came across a gaming app in a third-party app store and Installed it. Subsequently, all the legitimate apps in his smartphone were replaced by deceptive applications that appeared legitimate. He also received many advertisements on his smartphone after Installing the app. What is the attack performed on Don in the above scenario? A. SMS phishing attack B. SIM card attack C. Agent Smith attack D. Clickjacking QUESTION NO: 67 Sophia is a shopping enthusiast who spends significant time searching for trendy outfits online. Clark, an attacker, noticed her activities several times and sent a fake email containing a deceptive page link to her social media page displaying all-new and trendy outfits. In excitement, Sophia clicked on the malicious link and logged in to that page using her valid credentials. Which of the following tools is employed by Clark to create the spoofed email? A. PyLoris B. Slowloris C. Evilginx D. PLCinject QUESTION NO: 68 As a security analyst for Sky Secure Inc., you are working with a client that uses a multi-cloud strategy, utilizing services from several cloud providers. The client wants to implement a system that will provide unified security management across all their cloud platforms. They need a solution that allows them to consistently enforce security policies, identify and respond to threats, and maintain visibility of all their cloud resources. Which of the following should you recommend as the best solution? A. Use a hardware-based firewall to secure all cloud resources. B. implement separate security management tools for each cloud platform. C. Use a Cloud Access Security Broker (CASB). D. Rely on the built-in security features of each cloud platform. QUESTION NO: 69 This form of encryption algorithm is asymmetric key block cipher that is characterized by a 128-bit block size, and its key size can be up to 256 bits. Which among the following is this encryption algorithm? A. Twofish encryption algorithm B. HMAC encryption algorithm C. IDEA D. Blowfish encryption algorithm QUESTION NO: 70 How does a denial-of-service attack work? A. A hacker tries to decipher a password by using a system, which subsequently crashes the network B. A hacker uses every character, word, or letter he or she can think of to defeat authentication C. A hacker attempts to imitate a legitimate user by confusing a computer or even another D. A hacker prevents a legitimate user (or group of users) from accessing a service Person QUESTION NO: 71 During the enumeration phase. Lawrence performs banner grabbing to obtain information such as OS details and versions of services running. The service that he enumerated runs directly on TCP port 445. Which of the following services is enumerated by Lawrence in this scenario? A. Server Message Block (SMB) B. Network File System (NFS) C. Remote procedure call (RPC) D. Telnet QUESTION NO: 72 Annie, a cloud security engineer, uses the Docker architecture to employ a client/server model in the application she is working on. She utilizes a component that can process API requests and handle various Docker objects, such as containers, volumes. Images, and networks. What is the component of the Docker architecture used by Annie in the above scenario? A. Docker client B. Docker objects C. Docker daemon D. Docker registries QUESTION NO: 73 What is the algorithm used by LM for Windows 2000 SAM? A. SHA B. SSL C. MD4 D. DES QUESTION NO: 74 What kind of detection techniques is being used in antivirus softwares that identifies malware by collecting data from multiple protected systems and instead of analyzing files locally it's made on the premiers environment- A. Behaviour based B. VCloud based C. Honypot based D. Heuristics based QUESTION NO: 75 Which tool can be used to silently copy files from USB devices? A. USB Sniffer B. Use Dumper C. USB Grabber D. USB Snoopy QUESTION NO: 76 You are a penetration tester working to test the user awareness of the employees of the client xyz. You harvested two employees' emails from some public sources and are creating a client-side backdoor to send it to the employees via email. Which stage of the cyber kill chain are you at? A. Reconnaissance B. Command and control C. Weaponization D. Exploitation QUESTION NO: 77 A cyber attacker has initiated a series of activities against a high-profile organization following the Cyber Kill Chain Methodology. The attacker is presently in the "Delivery" stage. As an Ethical Hacker, you are trying to anticipate the adversary's next move. What is the most probable subsequent action from the attacker based on the Cyber Kill Chain Methodology? A. The attacker will attempt to escalate privileges to gain complete control of the compromised system. B. The attacker will exploit the malicious payload delivered to the target organization and establish a foothold. C. The attacker will initiate an active connection to the target system to gather more data. D. The attacker will start reconnaissance to gather as much information as possible about the target. QUESTION NO: 78 Which of the following viruses tries to hide from anti-virus programs by actively altering and corrupting the chosen service call interruptions when they are being run? A. Macro virus B. Cavity virus C. Stealth/Tunneling virus D. Polymorphic virus QUESTION NO: 79 You are a security officer of a company. You had an alert from IDS that indicates that one PC on your Intranet is connected to a blacklisted IP address (C2 Server) on the Internet. The IP address was blacklisted just before the alert. You are starting an investigation to roughly analyze the severity of the situation. Which of the following is appropriate to analyze? A. Internet Firewall/Proxy log. B. IDS log C. Event logs on domain controller D. Event logs on the PC QUESTION NO: 80 What is the following command used for? sqlmap.py-u ,,http://10.10.1.20/?p=1 &forumaction=search" -dbs A. Searching database statements at the IP address given B. Retrieving SQL statements being executed on the database C. Creating backdoors using SQL injection D. A Enumerating the databases in the DBMS for the URL
