New Year Special 70% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: best70

312-50v12 Certified Ethical Hacker Exam (CEHv12) Questions and Answers

Questions 4

You are tasked to configure the DHCP server to lease the last 100 usable IP addresses in subnet to. 1.4.0/23. Which of the following IP addresses could be teased as a result of the new configuration?

Options:

A.

210.1.55.200

B.

10.1.4.254

C.

10.1.5.200

D.

10.1.4.156

Buy Now
Questions 5

Gregory, a professional penetration tester working at Sys Security Ltd., is tasked with performing a security test of web applications used in the company. For this purpose, Gregory uses a tool to test for any security loopholes by hijacking a session between a client and server. This tool has a feature of intercepting proxy that can be used to inspect and modify the traffic between the browser and target application. This tool can also perform customized attacks and can be used to test the randomness of session tokens. Which of the following tools is used by Gregory in the above scenario?

Options:

A.

Nmap

B.

Burp Suite

C.

CxSAST

D.

Wireshark

Buy Now
Questions 6

A network security analyst, while conducting penetration testing, is aiming to identify a service account password using the Kerberos authentication protocol. They have a valid user authentication ticket (TGT) and decided to carry out a Kerberoasting attack. In the scenario described, which of the following steps should the analyst take next?

Options:

A.

Carry out a passive wire sniffing operation using Internet packet sniffers

B.

Extract plaintext passwords, hashes, PIN codes, and Kerberos tickets using a tool like Mimikatz

C.

Perform a PRobability INfinite Chained Elements (PRINCE) attack

D.

Request a service ticket for the service principal name of the target service account

Buy Now
Questions 7

Geena, a cloud architect, uses a master component in the Kubernetes cluster architecture that scans newly generated pods and allocates a node to them. This component can also assign nodes based on factors such as the overall resource requirement, data locality, software/hardware/policy restrictions, and internal workload interventions.

Which of the following master components is explained in the above scenario?

Options:

A.

Kube-controller-manager

B.

Kube-scheduler

C.

Kube-apiserver

D.

Etcd cluster

Buy Now
Questions 8

A penetration tester is conducting an assessment of a web application for a financial institution. The application uses form-based authentication and does not implement account lockout policies after multiple failed login attempts. Interestingly, the application displays detailed error messages that disclose whether the username or password entered is incorrect. The tester also notices that the application uses HTTP headers to prevent clickjacking attacks but does not implement Content Security Policy (CSP). With these observations, which of the following attack methods would likely be the most effective for the penetration tester to exploit these vulnerabilities and attempt unauthorized access?

Options:

A.

The tester could execute a Brute Force attack, leveraging the lack of account lockout policy and the verbose error messages to guess the correct credentials

B.

The tester could exploit a potential SQL Injection vulnerability to manipulate the application's database

C.

The tester could launch a Cross-Site Scripting (XSS) attack to steal authenticated session cookies, potentially bypassing the clickjacking protection

D.

The tester could execute a Man-in-the-Middle (MitM) attack to intercept and modify the HTTP headers for a Clickjacking attack

Buy Now
Questions 9

This type of injection attack does not show any error message. It is difficult to exploit as it returns information when the application is given SQL payloads that elicit a true or false response from the server. By observing the response, an attacker can extract sensitive information. What type of attack is this?

Options:

A.

Time-based SQL injection

B.

Union SQL injection

C.

Error-based SQL injection

D.

Blind SQL injection

Buy Now
Questions 10

The security administrator of ABC needs to permit Internet traffic in the host 10.0.0.2 and UDP traffic in the host

10.0.0.3. He also needs to permit all FTP traffic to the rest of the network and deny all other traffic. After he

applied his ACL configuration in the router, nobody can access the ftp, and the permitted hosts cannot access

the Internet. According to the next configuration, what is happening in the network?

access-list 102 deny tcp any any

access-list 104 permit udp host 10.0.0.3 any

access-list 110 permit tcp host 10.0.0.2 eq www any

access-list 108 permit tcp any eq ftp any

Options:

A.

The ACL 104 needs to be first because is UDP

B.

The first ACL is denying all TCP traffic and the other ACLs are being ignored by the router

C.

The ACL for FTP must be before the ACL 110

D.

The ACL 110 needs to be changed to port 80

Buy Now
Questions 11

The network in ABC company is using the network address 192.168.1.64 with mask 255.255.255.192. In the network the servers are in the addresses 192.168.1.122, 192.168.1.123 and 192.168.1.124. An attacker is trying to find those servers but he cannot see them in his scanning. The command he is using is: nmap 192.168.1.64/28.

Why he cannot see the servers?

Options:

A.

He needs to add the command ““ip address”” just before the IP address

B.

He needs to change the address to 192.168.1.0 with the same mask

C.

He is scanning from 192.168.1.64 to 192.168.1.78 because of the mask /28 and the servers are not in that range

D.

The network must be dawn and the nmap command and IP address are ok

Buy Now
Questions 12

In both pharming and phishing attacks, an attacker can create websites that look similar to legitimate sites with the intent of collecting personal identifiable information from its victims.

What is the difference between pharming and phishing attacks?

Options:

A.

In a pharming attack, a victim is redirected to a fake website by modifying their host configuration file or by exploiting vulnerabilities in DNS. In a phishing attack, an attacker provides the victim with a URL that is either misspelled or looks similar to the actual websites domain name

B.

In a phishing attack, a victim is redirected to a fake website by modifying their host configuration file or by exploiting vulnerabilities in DNS. In a pharming attack, an attacker provides the victim with a URL that is either misspelled or looks very similar to the actual websites domain name

C.

Both pharming and phishing attacks are purely technical and are not considered forms of social engineering

D.

Both pharming and phishing attacks are identical

Buy Now
Questions 13

Which among the following is the best example of the hacking concept called "clearing tracks"?

Options:

A.

After a system is breached, a hacker creates a backdoor to allow re-entry into a system.

B.

During a cyberattack, a hacker injects a rootkit into a server.

C.

An attacker gains access to a server through an exploitable vulnerability.

D.

During a cyberattack, a hacker corrupts the event logs on all machines.

Buy Now
Questions 14

#!/usr/bin/python import socket buffer=[““A””] counter=50 while len(buffer)<=100: buffer.append (““A””*counter)

counter=counter+50 commands= [““HELP””,““STATS .””,““RTIME .””,““LTIME. ””,““SRUN .”’,““TRUN .””,““GMON

.””,““GDOG .””,““KSTET .”,““GTER .””,““HTER .””, ““LTER .”,““KSTAN .””] for command in commands: for

buffstring in buffer: print ““Exploiting”” +command +““:””+str(len(buffstring)) s=socket.socket(socket.AF_INET,

socket.SOCK_STREAM) s.connect((‘127.0.0.1’, 9999)) s.recv(50) s.send(command+buffstring) s.close()

What is the code written for?

Options:

A.

Denial-of-service (DOS)

B.

Buffer Overflow

C.

Bruteforce

D.

Encryption

Buy Now
Questions 15

Richard, an attacker, targets an MNC. in this process, he uses a footprinting technique to gather as much information as possible. Using this technique, he gathers domain information such as the target domain name, contact details of its owner, expiry date, and creation date. With this information, he creates a map of the organization's network and misleads domain owners with social engineering to obtain internal details of its network. What type of footprinting technique is employed by Richard?

Options:

A.

VoIP footprinting

B.

VPN footprinting

C.

Whois footprinting

D.

Email footprinting

Buy Now
Questions 16

Which Metasploit Framework tool can help penetration tester for evading Anti-virus Systems?

Options:

A.

msfpayload

B.

msfcli

C.

msfd

D.

msfencode

Buy Now
Questions 17

You are the lead cybersecurity analyst at a multinational corporation that uses a hybrid encryption system to secure inter-departmental communications. The system uses RSA encryption for key exchange and AES for data encryption, taking advantage of the strengths of both asymmetric and symmetric encryption. Each RSA key pair has a size of 'n' bits, with larger keys providing more security at the cost of slower performance. The

time complexity of generating an RSA key pair is O(n*2), and AES encryption has a time complexity of O(n). An attacker has developed a quantum algorithm with time complexity O((log n)*2) to crack RSA encryption. Given *n=4000' and variable ‘AES key size’, which scenario is likely to provide the best balance of security and

performance? which scenario would provide the best balance of security and performance?

Options:

A.

Data encryption with 3DES using a 168-bit key: Offers high security but slower performance due to 3DES's inherent inefficiencies.

B.

Data encryption with Blowfish using a 448-bit key: Offers high security but potential compatibility issues due to Blowfish's less widespread use.

C.

Data encryption with AES-128: Provides moderate security and fast encryption, offering a balance between the two.

D.

Data encryption with AES-256: Provides high security with better performance than 3DES, but not as fast as other AES key sizes.

Buy Now
Questions 18

Kevin, an encryption specialist, implemented a technique that enhances the security of keys used for encryption and authentication. Using this technique, Kevin input an initial key to an algorithm that generated an enhanced key that is resistant to brute-force attacks. What is the technique employed by Kevin to improve the security of encryption keys?

Options:

A.

Key derivation function

B.

Key reinstallation

C.

A Public key infrastructure

D.

Key stretching

Buy Now
Questions 19

Elante company has recently hired James as a penetration tester. He was tasked with performing enumeration on an organization's network. In the process of enumeration, James discovered a service that is accessible to external sources. This service runs directly on port 21. What is the service enumerated byjames in the above scenario?

Options:

A.

Border Gateway Protocol (BGP)

B.

File Transfer Protocol (FTP)

C.

Network File System (NFS)

D.

Remote procedure call (RPC)

Buy Now
Questions 20

Henry is a penetration tester who works for XYZ organization. While performing enumeration on a client organization, he queries the DNS server for a specific cached DNS record. Further, by using this cached record, he determines the sites recently visited by the organization's user. What is the enumeration technique used by Henry on the organization?

Options:

A.

DNS zone walking

B.

DNS cache snooping

C.

DNS SEC zone walking

D.

DNS cache poisoning

Buy Now
Questions 21

You have successfully comprised a server having an IP address of 10.10.0.5. You would like to enumerate all machines in the same network quickly.

What is the best Nmap command you will use?

Options:

A.

nmap -T4 -q 10.10.0.0/24

B.

nmap -T4 -F 10.10.0.0/24

C.

nmap -T4 -r 10.10.1.0/24

D.

nmap -T4 -O 10.10.0.0/24

Buy Now
Questions 22

What is the minimum number of network connections in a multihomed firewall?

Options:

A.

3

B.

5

C.

4

D.

2

Buy Now
Questions 23

You have the SOA presented below in your Zone.

Your secondary servers have not been able to contact your primary server to synchronize information. How long will the secondary servers attempt to contact the primary server before it considers that zone is dead and stops responding to queries?

collegae.edu.SOA, cikkye.edu ipad.college.edu. (200302028 3600 3600 604800 3600)

Options:

A.

One day

B.

One hour

C.

One week

D.

One month

Buy Now
Questions 24

The change of a hard drive failure is once every three years. The cost to buy a new hard drive is $300. It will require 10 hours to restore the OS and software to the new hard disk. It will require a further 4 hours to restore the database from the last backup to the new hard disk. The recovery person earns $10/hour. Calculate the SLE, ARO, and ALE. Assume the EF = 1(100%). What is the closest approximate cost of this replacement and recovery operation per year?

Options:

A.

$1320

B.

$440

C.

$100

D.

$146

Buy Now
Questions 25

Your company performs penetration tests and security assessments for small and medium-sized business in the local area. During a routine security assessment, you discover information that suggests your client is involved with human trafficking.

What should you do?

Options:

A.

Confront the client in a respectful manner and ask her about the data.

B.

Copy the data to removable media and keep it in case you need it.

C.

Ignore the data and continue the assessment until completed as agreed.

D.

Immediately stop work and contact the proper legal authorities.

Buy Now
Questions 26

Which of the following viruses tries to hide from anti-virus programs by actively altering and corrupting the chosen service call interruptions when they are being run?

Options:

A.

Macro virus

B.

Stealth/Tunneling virus

C.

Cavity virus

D.

Polymorphic virus

Buy Now
Questions 27

An attacker with access to the inside network of a small company launches a successful STP manipulation attack. What will he do next?

Options:

A.

He will create a SPAN entry on the spoofed root bridge and redirect traffic to his computer.

B.

He will activate OSPF on the spoofed root bridge.

C.

He will repeat this action so that it escalates to a DoS attack.

D.

He will repeat the same attack against all L2 switches of the network.

Buy Now
Questions 28

What is correct about digital signatures?

Options:

A.

A digital signature cannot be moved from one signed document to another because it is the hash of the original document encrypted with the private key of the signing party.

B.

Digital signatures may be used in different documents of the same type.

C.

A digital signature cannot be moved from one signed document to another because it is a plain hash of the document content.

D.

Digital signatures are issued once for each user and can be used everywhere until they expire.

Buy Now
Questions 29

Which of the following statements about a zone transfer is correct? (Choose three.)

Options:

A.

A zone transfer is accomplished with the DNS

B.

A zone transfer is accomplished with the nslookup service

C.

A zone transfer passes all zone information that a DNS server maintains

D.

A zone transfer passes all zone information that a nslookup server maintains

E.

A zone transfer can be prevented by blocking all inbound TCP port 53 connections

F.

Zone transfers cannot occur on the Internet

Buy Now
Questions 30

The “Gray-box testing” methodology enforces what kind of restriction?

Options:

A.

Only the external operation of a system is accessible to the tester.

B.

The internal operation of a system in only partly accessible to the tester.

C.

Only the internal operation of a system is known to the tester.

D.

The internal operation of a system is completely known to the tester.

Buy Now
Questions 31

Session splicing is an IDS evasion technique in which an attacker delivers data in multiple, small sized packets to the target computer, making it very difficult for an IDS to detect the attack signatures. Which tool can be used to perform session splicing attacks?

Options:

A.

tcpsplice

B.

Burp

C.

Hydra

D.

Whisker

Buy Now
Questions 32

What is a NULL scan?

Options:

A.

A scan in which all flags are turned off

B.

A scan in which certain flags are off

C.

A scan in which all flags are on

D.

A scan in which the packet size is set to zero

E.

A scan with an illegal packet size

Buy Now
Questions 33

Which of the following is a component of a risk assessment?

Options:

A.

Administrative safeguards

B.

Physical security

C.

DMZ

D.

Logical interface

Buy Now
Questions 34

The Heartbleed bug was discovered in 2014 and is widely referred to under MITRE’s Common Vulnerabilities and Exposures (CVE) as CVE-2014-0160. This bug affects the OpenSSL implementation of the Transport Layer Security (TLS) protocols defined in RFC6520.

What type of key does this bug leave exposed to the Internet making exploitation of any compromised system very easy?

Options:

A.

Public

B.

Private

C.

Shared

D.

Root

Buy Now
Questions 35

What is the purpose of a demilitarized zone on a network?

Options:

A.

To scan all traffic coming through the DMZ to the internal network

B.

To only provide direct access to the nodes within the DMZ and protect the network behind it

C.

To provide a place to put the honeypot

D.

To contain the network devices you wish to protect

Buy Now
Questions 36

A network admin contacts you. He is concerned that ARP spoofing or poisoning might occur on his network. What are some things he can do to prevent it? Select the best answers.

Options:

A.

Use port security on his switches.

B.

Use a tool like ARPwatch to monitor for strange ARP activity.

C.

Use a firewall between all LAN segments.

D.

If you have a small network, use static ARP entries.

E.

Use only static IP addresses on all PC's.

Buy Now
Questions 37

Which of the following tools is used to detect wireless LANs using the 802.11a/b/g/n WLAN standards on a linux platform?

Options:

A.

Kismet

B.

Abel

C.

Netstumbler

D.

Nessus

Buy Now
Questions 38

What ports should be blocked on the firewall to prevent NetBIOS traffic from not coming through the firewall if your network is comprised of Windows NT, 2000, and XP?

Options:

A.

110

B.

135

C.

139

D.

161

E.

445

F.

1024

Buy Now
Questions 39

In the field of cryptanalysis, what is meant by a “rubber-hose” attack?

Options:

A.

Forcing the targeted keystream through a hardware-accelerated device such as an ASIC.

B.

A backdoor placed into a cryptographic algorithm by its creator.

C.

Extraction of cryptographic secrets through coercion or torture.

D.

Attempting to decrypt ciphertext by making logical assumptions about the contents of the original plaintext.

Buy Now
Questions 40

Which of the following tools can be used for passive OS fingerprinting?

Options:

A.

nmap

B.

tcpdump

C.

tracert

D.

ping

Buy Now
Questions 41

Which of the following is not a Bluetooth attack?

Options:

A.

Bluedriving

B.

Bluesmacking

C.

Bluejacking

D.

Bluesnarfing

Buy Now
Questions 42

Peter extracts the SIDs list from Windows 2000 Server machine using the hacking tool "SIDExtractor". Here is the output of the SIDs:

From the above list identify the user account with System Administrator privileges.

Options:

A.

John

B.

Rebecca

C.

Sheela

D.

Shawn

E.

Somia

F.

Chang

G.

Micah

Buy Now
Questions 43

Bob, a network administrator at BigUniversity, realized that some students are connecting their notebooks in the wired network to have Internet access. In the university campus, there are many Ethernet ports available for professors and authorized visitors but not for students.

He identified this when the IDS alerted for malware activities in the network. What should Bob do to avoid this problem?

Options:

A.

Disable unused ports in the switches

B.

Separate students in a different VLAN

C.

Use the 802.1x protocol

D.

Ask students to use the wireless network

Buy Now
Questions 44

A new wireless client is configured to join a 802.11 network. This client uses the same hardware and software as many of the other clients on the network. The client can see the network, but cannot connect. A wireless packet sniffer shows that the Wireless Access Point (WAP) is not responding to the association requests being sent by the wireless client. What is a possible source of this problem?

Options:

A.

The WAP does not recognize the client’s MAC address

B.

The client cannot see the SSID of the wireless network

C.

Client is configured for the wrong channel

D.

The wireless client is not configured to use DHCP

Buy Now
Questions 45

Which of the following incident handling process phases is responsible for defining rules, collaborating human workforce, creating a back-up plan, and testing the plans for an organization?

Options:

A.

Preparation phase

B.

Containment phase

C.

Identification phase

D.

Recovery phase

Buy Now
Questions 46

During a black-box pen test you attempt to pass IRC traffic over port 80/TCP from a compromised web enabled host. The traffic gets blocked; however, outbound HTTP traffic is unimpeded. What type of firewall is inspecting outbound traffic?

Options:

A.

Circuit

B.

Stateful

C.

Application

D.

Packet Filtering

Buy Now
Questions 47

What is one of the advantages of using both symmetric and asymmetric cryptography in SSL/TLS?

Options:

A.

Supporting both types of algorithms allows less-powerful devices such as mobile phones to use symmetric encryption instead.

B.

Symmetric algorithms such as AES provide a failsafe when asymmetric methods fail.

C.

Symmetric encryption allows the server to security transmit the session keys out-of-band.

D.

Asymmetric cryptography is computationally expensive in comparison. However, it is well-suited to securely negotiate keys for use with symmetric cryptography.

Buy Now
Questions 48

What is the role of test automation in security testing?

Options:

A.

It is an option but it tends to be very expensive.

B.

It should be used exclusively. Manual testing is outdated because of low speed and possible test setup inconsistencies.

C.

Test automation is not usable in security due to the complexity of the tests.

D.

It can accelerate benchmark tests and repeat them with a consistent test setup. But it cannot replace manual testing completely.

Buy Now
Questions 49

What is the known plaintext attack used against DES which gives the result that encrypting plaintext with one DES key followed by encrypting it with a second DES key is no more secure than using a single key?

Options:

A.

Man-in-the-middle attack

B.

Meet-in-the-middle attack

C.

Replay attack

D.

Traffic analysis attack

Buy Now
Questions 50

A large mobile telephony and data network operator has a data center that houses network elements. These are essentially large computers running on Linux. The perimeter of the data center is secured with firewalls and IPS systems.

What is the best security policy concerning this setup?

Options:

A.

Network elements must be hardened with user ids and strong passwords. Regular security tests and audits should be performed.

B.

As long as the physical access to the network elements is restricted, there is no need for additional measures.

C.

There is no need for specific security measures on the network elements as long as firewalls and IPS systems exist.

D.

The operator knows that attacks and down time are inevitable and should have a backup site.

Buy Now
Questions 51

Which of the following algorithms can be used to guarantee the integrity of messages being sent, in transit, or stored?

Options:

A.

symmetric algorithms

B.

asymmetric algorithms

C.

hashing algorithms

D.

integrity algorithms

Buy Now
Questions 52

Study the following log extract and identify the attack.

Options:

A.

Hexcode Attack

B.

Cross Site Scripting

C.

Multiple Domain Traversal Attack

D.

Unicode Directory Traversal Attack

Buy Now
Questions 53

Tess King is using the nslookup command to craft queries to list all DNS information (such as Name Servers, host names, MX records, CNAME records, glue records (delegation for child Domains), zone serial number, TimeToLive (TTL) records, etc) for a Domain.

What do you think Tess King is trying to accomplish? Select the best answer.

Options:

A.

A zone harvesting

B.

A zone transfer

C.

A zone update

D.

A zone estimate

Buy Now
Questions 54

Which of the following tools is used to analyze the files produced by several packet-capture programs such as tcpdump, WinDump, Wireshark, and EtherPeek?

Options:

A.

tcptrace

B.

Nessus

C.

OpenVAS

D.

tcptraceroute

Buy Now
Questions 55

PGP, SSL, and IKE are all examples of which type of cryptography?

Options:

A.

Digest

B.

Secret Key

C.

Public Key

D.

Hash Algorithm

Buy Now
Questions 56

Susan has attached to her company's network. She has managed to synchronize her boss's sessions with that of the file server. She then intercepted his traffic destined for the server, changed it the way she wanted to and then placed it on the server in his home directory.

What kind of attack is Susan carrying on?

Options:

A.

A sniffing attack

B.

A spoofing attack

C.

A man in the middle attack

D.

A denial of service attack

Buy Now
Questions 57

Which Intrusion Detection System is the best applicable for large environments where critical assets on the network need extra scrutiny and is ideal for observing sensitive network segments?

Options:

A.

Honeypots

B.

Firewalls

C.

Network-based intrusion detection system (NIDS)

D.

Host-based intrusion detection system (HIDS)

Buy Now
Questions 58

To determine if a software program properly handles a wide range of invalid input, a form of automated testing can be used to randomly generate invalid input in an attempt to crash the program.

What term is commonly used when referring to this type of testing?

Options:

A.

Randomizing

B.

Bounding

C.

Mutating

D.

Fuzzing

Buy Now
Questions 59

Which of the following programs is usually targeted at Microsoft Office products?

Options:

A.

Polymorphic virus

B.

Multipart virus

C.

Macro virus

D.

Stealth virus

Buy Now
Questions 60

Hackers often raise the trust level of a phishing message by modeling the email to look similar to the internal email used by the target company. This includes using logos, formatting, and names of the target company. The phishing message will often use the name of the company CEO, President, or Managers. The time a hacker spends performing research to locate this information about a company is known as?

Options:

A.

Exploration

B.

Investigation

C.

Reconnaissance

D.

Enumeration

Buy Now
Questions 61

Which of the following tools can be used to perform a zone transfer?

Options:

A.

NSLookup

B.

Finger

C.

Dig

D.

Sam Spade

E.

Host

F.

Netcat

G.

Neotrace

Buy Now
Questions 62

A technician is resolving an issue where a computer is unable to connect to the Internet using a wireless access point. The computer is able to transfer files locally to other machines, but cannot successfully reach the Internet. When the technician examines the IP address and default gateway they are both on the 192.168.1.0/24. Which of the following has occurred?

Options:

A.

The computer is not using a private IP address.

B.

The gateway is not routing to a public IP address.

C.

The gateway and the computer are not on the same network.

D.

The computer is using an invalid IP address.

Buy Now
Questions 63

Which system consists of a publicly available set of databases that contain domain name registration contact information?

Options:

A.

WHOIS

B.

CAPTCHA

C.

IANA

D.

IETF

Buy Now
Questions 64

Your company was hired by a small healthcare provider to perform a technical assessment on the network.

What is the best approach for discovering vulnerabilities on a Windows-based computer?

Options:

A.

Use the built-in Windows Update tool

B.

Use a scan tool like Nessus

C.

Check MITRE.org for the latest list of CVE findings

D.

Create a disk image of a clean Windows installation

Buy Now
Questions 65

Which regulation defines security and privacy controls for Federal information systems and organizations?

Options:

A.

HIPAA

B.

EU Safe Harbor

C.

PCI-DSS

D.

NIST-800-53

Buy Now
Questions 66

What tool can crack Windows SMB passwords simply by listening to network traffic?

Options:

A.

This is not possible

B.

Netbus

C.

NTFSDOS

D.

L0phtcrack

Buy Now
Questions 67

Which definition among those given below best describes a covert channel?

Options:

A.

A server program using a port that is not well known.

B.

Making use of a protocol in a way it is not intended to be used.

C.

It is the multiplexing taking place on a communication link.

D.

It is one of the weak channels used by WEP which makes it insecure

Buy Now
Questions 68

What term describes the amount of risk that remains after the vulnerabilities are classified and the countermeasures have been deployed?

Options:

A.

Residual risk

B.

Impact risk

C.

Deferred risk

D.

Inherent risk

Buy Now
Questions 69

A hacker is an intelligent individual with excellent computer skills and the ability to explore a computer’s software and hardware without the owner’s permission. Their intention can either be to simply gain knowledge or to illegally make changes.

Which of the following class of hacker refers to an individual who works both offensively and defensively at various times?

Options:

A.

White Hat

B.

Suicide Hacker

C.

Gray Hat

D.

Black Hat

Buy Now
Questions 70

When you are getting information about a web server, it is very important to know the HTTP Methods (GET, POST, HEAD, PUT, DELETE, TRACE) that are available because there are two critical methods (PUT and DELETE). PUT can upload a file to the server and DELETE can delete a file from the server. You can detect all these methods (GET, POST, HEAD, DELETE, PUT, TRACE) using NMAP script engine. What Nmap script will help you with this task?

Options:

A.

http-methods

B.

http enum

C.

http-headers

D.

http-git

Buy Now
Questions 71

Under what conditions does a secondary name server request a zone transfer from a primary name server?

Options:

A.

When a primary SOA is higher that a secondary SOA

B.

When a secondary SOA is higher that a primary SOA

C.

When a primary name server has had its service restarted

D.

When a secondary name server has had its service restarted

E.

When the TTL falls to zero

Buy Now
Questions 72

What two conditions must a digital signature meet?

Options:

A.

Has to be the same number of characters as a physical signature and must be unique.

B.

Has to be unforgeable, and has to be authentic.

C.

Must be unique and have special characters.

D.

Has to be legible and neat.

Buy Now
Questions 73

What is not a PCI compliance recommendation?

Options:

A.

Use a firewall between the public network and the payment card data.

B.

Use encryption to protect all transmission of card holder data over any public network.

C.

Rotate employees handling credit card transactions on a yearly basis to different departments.

D.

Limit access to card holder data to as few individuals as possible.

Buy Now
Questions 74

One of your team members has asked you to analyze the following SOA record.

What is the TTL? Rutgers.edu.SOA NS1.Rutgers.edu ipad.college.edu (200302028 3600 3600 604800 2400.)

Options:

A.

200303028

B.

3600

C.

604800

D.

2400

E.

60

F.

4800

Buy Now
Questions 75

Peter, a Network Administrator, has come to you looking for advice on a tool that would help him perform SNMP enquires over the network.

Which of these tools would do the SNMP enumeration he is looking for? Select the best answers.

Options:

A.

SNMPUtil

B.

SNScan

C.

SNMPScan

D.

Solarwinds IP Network Browser

E.

NMap

Buy Now
Questions 76

A user on your Windows 2000 network has discovered that he can use L0phtcrack to sniff the SMB exchanges which carry user logons. The user is plugged into a hub with 23 other systems.

However, he is unable to capture any logons though he knows that other users are logging in.

What do you think is the most likely reason behind this?

Options:

A.

There is a NIDS present on that segment.

B.

Kerberos is preventing it.

C.

Windows logons cannot be sniffed.

D.

L0phtcrack only sniffs logons to web servers.

Buy Now
Questions 77

What is the way to decide how a packet will move from an untrusted outside host to a protected inside that is behind a firewall, which permits the hacker to determine which ports are open and if the packets can pass through the packet-filtering of the firewall?

Options:

A.

Session hijacking

B.

Firewalking

C.

Man-in-the middle attack

D.

Network sniffing

Buy Now
Questions 78

When a security analyst prepares for the formal security assessment - what of the following should be done in order to determine inconsistencies in the secure assets database and verify that system is compliant to the minimum security baseline?

Options:

A.

Data items and vulnerability scanning

B.

Interviewing employees and network engineers

C.

Reviewing the firewalls configuration

D.

Source code review

Buy Now
Questions 79

When discussing passwords, what is considered a brute force attack?

Options:

A.

You attempt every single possibility until you exhaust all possible combinations or discover the password

B.

You threaten to use the rubber hose on someone unless they reveal their password

C.

You load a dictionary of words into your cracking program

D.

You create hashes of a large number of words and compare it with the encrypted passwords

E.

You wait until the password expires

Buy Now
Questions 80

This is an attack that takes advantage of a web site vulnerability in which the site displays content that includes un-sanitized user-provided data.

What is this attack?

Options:

A.

Cross-site-scripting attack

B.

SQL Injection

C.

URL Traversal attack

D.

Buffer Overflow attack

Buy Now
Questions 81

You went to great lengths to install all the necessary technologies to prevent hacking attacks, such as expensive firewalls, antivirus software, anti-spam systems and intrusion detection/prevention tools in your company's network. You have configured the most secure policies and tightened every device on your network. You are confident that hackers will never be able to gain access to your network with complex security system in place.

Your peer, Peter Smith who works at the same department disagrees with you.

He says even the best network security technologies cannot prevent hackers gaining access to the network because of presence of "weakest link" in the security chain.

What is Peter Smith talking about?

Options:

A.

Untrained staff or ignorant computer users who inadvertently become the weakest link in your security chain

B.

"zero-day" exploits are the weakest link in the security chain since the IDS will not be able to detect these attacks

C.

"Polymorphic viruses" are the weakest link in the security chain since the Anti-Virus scanners will not be able to detect these attacks

D.

Continuous Spam e-mails cannot be blocked by your security system since spammers use different techniques to bypass the filters in your gateway

Buy Now
Questions 82

During an Xmas scan what indicates a port is closed?

Options:

A.

No return response

B.

RST

C.

ACK

D.

SYN

Buy Now
Questions 83

How can you determine if an LM hash you extracted contains a password that is less than 8 characters long?

Options:

A.

There is no way to tell because a hash cannot be reversed

B.

The right most portion of the hash is always the same

C.

The hash always starts with AB923D

D.

The left most portion of the hash is always the same

E.

A portion of the hash will be all 0's

Buy Now
Questions 84

Richard, an attacker, aimed to hack loT devices connected to a target network. In this process. Richard recorded the frequency required to share information between connected devices. After obtaining the frequency, he captured the original data when commands were initiated by the connected devices. Once the original data were collected, he used free tools such as URH to segregate the command sequence. Subsequently, he started injecting the segregated command sequence on the same frequency into the loT network, which repeats the captured signals of the devices. What Is the type of attack performed by Richard In the above scenario?

Options:

A.

Side-channel attack

B.

Replay attack

C.

CrypTanalysis attack

D.

Reconnaissance attack

Buy Now
Questions 85

Which file is a rich target to discover the structure of a website during web-server footprinting?

Options:

A.

Document root

B.

Robots.txt

C.

domain.txt

D.

index.html

Buy Now
Questions 86

Andrew is an Ethical Hacker who was assigned the task of discovering all the active devices hidden by a restrictive firewall in the IPv4 range in a given target network.

Which of the following host discovery techniques must he use to perform the given task?

Options:

A.

UDP scan

B.

TCP Maimon scan

C.

arp ping scan

D.

ACK flag probe scan

Buy Now
Questions 87

Robin, an attacker, is attempting to bypass the firewalls of an organization through the DNS tunneling method in order to exfiltrate data. He is using the NSTX tool for bypassing the firewalls. On which of the following ports should Robin run the NSTX tool?

Options:

A.

Port 53

B.

Port 23

C.

Port 50

D.

Port 80

Buy Now
Questions 88

A pen tester is configuring a Windows laptop for a test. In setting up Wireshark, what river and library

are required to allow the NIC to work in promiscuous mode?

Options:

A.

Libpcap

B.

Awinpcap

C.

Winprom

D.

Winpcap

Buy Now
Questions 89

jane, an ethical hacker. Is testing a target organization's web server and website to identity security loopholes. In this process, she copied the entire website and its content on a local drive to view the complete profile of the site's directory structure, file structure, external links, images, web pages, and so on. This information helps jane map the website's directories and gain valuable information. What is the attack technique employed by Jane in the above scenario?

Options:

A.

website mirroring

B.

Session hijacking

C.

Web cache poisoning

D.

Website defacement

Buy Now
Questions 90

How does a denial-of-service attack work?

Options:

A.

A hacker prevents a legitimate user (or group of users) from accessing a service

B.

A hacker uses every character, word, or letter he or she can think of to defeat authentication

C.

A hacker tries to decipher a password by using a system, which subsequently crashes the network

D.

A hacker attempts to imitate a legitimate user by confusing a computer or even another person

Buy Now
Questions 91

You are a penetration tester working to test the user awareness of the employees of the client xyz. You harvested two employees' emails from some public sources and are creating a client-side backdoor to send it to the employees via email. Which stage of the cyber kill chain are you at?

Options:

A.

Reconnaissance

B.

Command and control

C.

Weaponization

D.

Exploitation

Buy Now
Questions 92

in the Common Vulnerability Scoring System (CVSS) v3.1 severity ratings, what range does medium vulnerability fall in?

Options:

A.

3.0-6.9

B.

40-6.0

C.

4.0-6.9

D.

3.9-6.9

Buy Now
Questions 93

Boney, a professional hacker, targets an organization for financial benefits. He performs an attack by sending his session ID using an MITM attack technique. Boney first obtains a valid session ID by logging into a service and later feeds the same session 10 to the target employee. The session ID links the target employee to Boneys account page without disclosing any information to the victim. When the target employee clicks on the link, all the sensitive payment details entered in a form are linked to Boneys account. What is the attack performed by Boney in the above scenario?

Options:

A.

Session donation attack

B.

Session fixation attack

C.

Forbidden attack

D.

CRIME attack

Buy Now
Questions 94

John, a professional hacker, targeted an organization that uses LDAP for accessing distributed directory services. He used an automated tool to anonymously query the IDAP service for sensitive information such as usernames. addresses, departmental details, and server names to launch further attacks on the target organization.

What is the tool employed by John to gather information from the IDAP service?

Options:

A.

jxplorer

B.

Zabasearch

C.

EarthExplorer

D.

Ike-scan

Buy Now
Questions 95

Jim, a professional hacker, targeted an organization that is operating critical Industrial Infrastructure. Jim used Nmap to scan open pons and running services on systems connected to the organization's OT network. He used an Nmap command to identify Ethernet/IP devices connected to the Internet and further gathered Information such as the vendor name, product code and name, device name, and IP address. Which of the following Nmap commands helped Jim retrieve the required information?

Options:

A.

nmap -Pn -sT --scan-delay 1s --max-parallelism 1 -p < Port List > < Target IP >

B.

nmap -Pn -sU -p 44818 --script enip-info < Target IP >

C.

nmap -Pn -sT -p 46824 < Target IP >

D.

nmap -Pn -sT -p 102 --script s7-info < Target IP >

Buy Now
Questions 96

You are tasked to configure the DHCP server to lease the last 100 usable IP addresses in subnet to. 1.4.0/23. Which of the following IP addresses could be teased as a result of the new configuration?

Options:

A.

210.1.55.200

B.

10.1.4.254

C.

10..1.5.200

D.

10.1.4.156

Buy Now
Questions 97

what are common files on a web server that can be misconfigured and provide useful Information for a hacker such as verbose error messages?

Options:

A.

httpd.conf

B.

administration.config

C.

idq.dll

D.

php.ini

Buy Now
Questions 98

You are performing a penetration test for a client and have gained shell access to a Windows machine on the internal network. You intend to retrieve all DNS records for the internal domain, if the DNS server is at 192.168.10.2 and the domain name is abccorp.local, what command would you type at the nslookup prompt to attempt a zone transfer?

Options:

A.

list server=192.168.10.2 type=all

B.

is-d abccorp.local

C.

Iserver 192.168.10.2-t all

D.

List domain=Abccorp.local type=zone

Buy Now
Questions 99

You are trying to break into a highly classified top-secret mainframe computer with highest security system in place at Merclyn Barley Bank located in Los Angeles.

You know that conventional hacking doesn't work in this case, because organizations such as banks are generally tight and secure when it comes to protecting their systems.

In other words, you are trying to penetrate an otherwise impenetrable system.

How would you proceed?

Options:

A.

Look for "zero-day" exploits at various underground hacker websites in Russia and China and buy the necessary exploits from these hackers and target the bank's network

B.

Try to hang around the local pubs or restaurants near the bank, get talking to a poorly-paid or disgruntled employee, and offer them money if they'll abuse their access privileges by providing you with sensitive information

C.

Launch DDOS attacks against Merclyn Barley Bank's routers and firewall systems using 100, 000 or more "zombies" and "bots"

D.

Try to conduct Man-in-the-Middle (MiTM) attack and divert the network traffic going to the Merclyn Barley Bank's Webserver to that of your machine using DNS Cache Poisoning techniques

Buy Now
Questions 100

Alice, a professional hacker, targeted an organization's cloud services. She infiltrated the targets MSP provider by sending spear-phishing emails and distributed custom-made malware to compromise user accounts and gain remote access to the cloud service. Further, she accessed the target customer profiles with her MSP account, compressed the customer data, and stored them in the MSP. Then, she used this information to launch further attacks on the target organization. Which of the following cloud attacks did Alice perform in the above scenario?

Options:

A.

Cloud hopper attack

B.

Cloud cryptojacking

C.

Cloudborne attack

D.

Man-in-the-cloud (MITC) attack

Buy Now
Questions 101

Harry. a professional hacker, targets the IT infrastructure of an organization. After preparing for the attack, he attempts to enter the target network using techniques such as sending spear-phishing emails and exploiting vulnerabilities on publicly available servers. Using these techniques, he successfully deployed malware on the target system to establish an outbound connection. What is the APT lifecycle phase that Harry is currently executing?

Options:

A.

Preparation

B.

Cleanup

C.

Persistence

D.

initial intrusion

Buy Now
Questions 102

There are multiple cloud deployment options depending on how isolated a customer's resources are from those of other customers. Shared environments share the costs and allow each customer to enjoy lower operations expenses. One solution Is for a customer to Join with a group of users or organizations to share a cloud environment. What is this cloud deployment option called?

Options:

A.

Hybrid

B.

Community

C.

Public

D.

Private

Buy Now
Questions 103

Which of the following are well known password-cracking programs?

Options:

A.

L0phtcrack

B.

NetCat

C.

Jack the Ripper

D.

Netbus

E.

John the Ripper

Buy Now
Questions 104

An LDAP directory can be used to store information similar to a SQL database. LDAP uses a _____ database structure instead of SQL’s _____ structure. Because of this, LDAP has difficulty representing many-to-one relationships.

Options:

A.

Relational, Hierarchical

B.

Strict, Abstract

C.

Hierarchical, Relational

D.

Simple, Complex

Buy Now
Questions 105

Switches maintain a CAM Table that maps individual MAC addresses on the network to physical ports on the switch.

In MAC flooding attack, a switch is fed with many Ethernet frames, each containing different source MAC addresses, by the attacker. Switches have a limited memory for mapping various MAC addresses to physical ports. What happens when the CAM table becomes full?

Options:

A.

Switch then acts as hub by broadcasting packets to all machines on the network

B.

The CAM overflow table will cause the switch to crash causing Denial of Service

C.

The switch replaces outgoing frame switch factory default MAC address of FF:FF:FF:FF:FF:FF

D.

Every packet is dropped and the switch sends out SNMP alerts to the IDS port

Buy Now
Questions 106

Gilbert, a web developer, uses a centralized web API to reduce complexity and increase the Integrity of updating and changing data. For this purpose, he uses a web service that uses HTTP methods such as PUT. POST. GET. and DELETE and can improve the overall performance, visibility, scalability, reliability, and portability of an application. What is the type of web-service API mentioned in the above scenario?

Options:

A.

JSON-RPC

B.

SOAP API

C.

RESTful API

D.

REST API

Buy Now
Questions 107

Attacker Lauren has gained the credentials of an organization's internal server system, and she was often logging in during irregular times to monitor the network activities. The organization was skeptical about the login times and appointed security professional Robert to determine the issue. Robert analyzed the compromised device to find incident details such as the type of attack, its severity, target, impact, method of propagation, and vulnerabilities exploited. What is the incident handling and response (IH&R) phase, in which Robert has determined these issues?

Options:

A.

Preparation

B.

Eradication

C.

Incident recording and assignment

D.

Incident triage

Buy Now
Questions 108

which type of virus can change its own code and then cipher itself multiple times as it replicates?

Options:

A.

Stealth virus

B.

Tunneling virus

C.

Cavity virus

D.

Encryption virus

Buy Now
Questions 109

ViruXine.W32 virus hides their presence by changing the underlying executable code.

This Virus code mutates while keeping the original algorithm intact, the code changes itself each time it runs, but the function of the code (its semantics) will not change at all.

Here is a section of the Virus code:

What is this technique called?

Options:

A.

Polymorphic Virus

B.

Metamorphic Virus

C.

Dravidic Virus

D.

Stealth Virus

Buy Now
Questions 110

John wants to send Marie an email that includes sensitive information, and he does not trust the network that he is connected to. Marie gives him the idea of using PGP. What should John do to communicate correctly using this type of encryption?

Options:

A.

Use his own public key to encrypt the message.

B.

Use Marie's public key to encrypt the message.

C.

Use his own private key to encrypt the message.

D.

Use Marie's private key to encrypt the message.

Buy Now
Questions 111

Bobby, an attacker, targeted a user and decided to hijack and intercept all their wireless communications. He installed a fake communication tower between two authentic endpoints to mislead the victim. Bobby used this virtual tower to interrupt the data transmission between the user and real tower, attempting to hijack an active session, upon receiving the users request. Bobby manipulated the traffic with the virtual tower and redirected the victim to a malicious website. What is the attack performed by Bobby in the above scenario?

Options:

A.

Wardriving

B.

KRACK attack

C.

jamming signal attack

D.

aLTEr attack

Buy Now
Questions 112

Every company needs a formal written document which spells out to employees precisely what they are allowed to use the company's systems for, what is prohibited, and what will happen to them if they break the rules. Two printed copies of the policy should be given to every employee as soon as possible after they join the organization. The employee should be asked to sign one copy, which should be safely filed by the company. No one should be allowed to use the company's computer systems until they have signed the policy in acceptance of its terms.

What is this document called?

Options:

A.

Information Audit Policy (IAP)

B.

Information Security Policy (ISP)

C.

Penetration Testing Policy (PTP)

D.

Company Compliance Policy (CCP)

Buy Now
Questions 113

While examining audit logs, you discover that people are able to telnet into the SMTP server on port 25. You would like to block this, though you do not see any evidence of an attack or other wrong doing. However, you are concerned about affecting the normal functionality of the email server. From the following options choose how best you can achieve this objective?

Options:

A.

Block port 25 at the firewall.

B.

Shut off the SMTP service on the server.

C.

Force all connections to use a username and password.

D.

Switch from Windows Exchange to UNIX Sendmail.

E.

None of the above.

Buy Now
Questions 114

What kind of detection techniques is being used in antivirus softwares that identifies malware by collecting data from multiple protected systems and instead of analyzing files locally it's made on the premiers environment-

Options:

A.

VCloud based

B.

Honypot based

C.

Behaviour based

D.

Heuristics based

Buy Now
Questions 115

Which of the following steps for risk assessment methodology refers to vulnerability identification?

Options:

A.

Determines if any flaws exist in systems, policies, or procedures

B.

Assigns values to risk probabilities; Impact values.

C.

Determines risk probability that vulnerability will be exploited (High. Medium, Low)

D.

Identifies sources of harm to an IT system. (Natural, Human. Environmental)

Buy Now
Questions 116

Johnson, an attacker, performed online research for the contact details of reputed cybersecurity firms. He found the contact number of sibertech.org and dialed the number, claiming himself to represent a technical support team from a vendor. He warned that a specific server is about to be compromised and requested sibertech.org to follow the provided instructions. Consequently, he prompted the victim to execute unusual commands and install malicious files, which were then used to collect and pass critical Information to Johnson's machine. What is the social engineering technique Steve employed in the above scenario?

Options:

A.

Quid pro quo

B.

Diversion theft

C.

Elicitation

D.

Phishing

Buy Now
Questions 117

This form of encryption algorithm is asymmetric key block cipher that is characterized by a 128-bit block size, and its key size can be up to 256 bits. Which among the following is this encryption algorithm?

Options:

A.

Twofish encryption algorithm

B.

HMAC encryption algorithm

C.

IDEA

D.

Blowfish encryption algorithm

Buy Now
Questions 118

The network team has well-established procedures to follow for creating new rules on the firewall. This includes having approval from a manager prior to implementing any new rules. While reviewing the firewall configuration, you notice a recently implemented rule but cannot locate manager approval for it. What would be a good step to have in the procedures for a situation like this?

Options:

A.

Have the network team document the reason why the rule was implemented without prior manager approval.

B.

Monitor all traffic using the firewall rule until a manager can approve it.

C.

Do not roll back the firewall rule as the business may be relying upon it, but try to get manager approval as soon as possible.

D.

Immediately roll back the firewall rule until a manager can approve it

Buy Now
Questions 119

This kind of password cracking method uses word lists in combination with numbers and special characters:

Options:

A.

Hybrid

B.

Linear

C.

Symmetric

D.

Brute Force

Buy Now
Questions 120

John, a disgruntled ex-employee of an organization, contacted a professional hacker to exploit the organization. In the attack process, the professional hacker Installed a scanner on a machine belonging to one of the vktims and scanned several machines on the same network to Identify vulnerabilities to perform further exploitation. What is the type of vulnerability assessment tool employed by John in the above scenario?

Options:

A.

Proxy scanner

B.

Agent-based scanner

C.

Network-based scanner

D.

Cluster scanner

Buy Now
Questions 121

You receive an e-mail like the one shown below. When you click on the link contained in the mail, you are redirected to a website seeking you to download free Anti-Virus software.

Dear valued customers,

We are pleased to announce the newest version of Antivirus 2010 for Windows which will probe you with total security against the latest spyware, malware, viruses, Trojans and other online threats. Simply visit the link below and enter your antivirus code:

or you may contact us at the following address:

Media Internet Consultants, Edif. Neptuno, Planta

Baja, Ave. Ricardo J. Alfaro, Tumba Muerto, n/a Panama

How will you determine if this is Real Anti-Virus or Fake Anti-Virus website?

Options:

A.

Look at the website design, if it looks professional then it is a Real Anti-Virus website

B.

Connect to the site using SSL, if you are successful then the website is genuine

C.

Search using the URL and Anti-Virus product name into Google and lookout for suspicious warnings against this site

D.

Download and install Anti-Virus software from this suspicious looking site, your Windows 7 will prompt you and stop the installation if the downloaded file is a malware

E.

Download and install Anti-Virus software from this suspicious looking site, your Windows 7 will prompt you and stop the installation if the downloaded file is a malware

Buy Now
Questions 122

Larry, a security professional in an organization, has noticed some abnormalities In the user accounts on a web server. To thwart evolving attacks, he decided to harden the security of the web server by adopting a countermeasures to secure the accounts on the web server.

Which of the following countermeasures must Larry implement to secure the user accounts on the web server?

Options:

A.

Enable unused default user accounts created during the installation of an OS

B.

Enable all non-interactive accounts that should exist but do not require interactive login

C.

Limit the administrator or toot-level access to the minimum number of users

D.

Retain all unused modules and application extensions

Buy Now
Questions 123

John is an incident handler at a financial institution. His steps in a recent incident are not up to the standards of the company. John frequently forgets some steps and procedures while handling responses as they are very stressful to perform. Which of the following actions should John take to overcome this problem with the least administrative effort?

Options:

A.

Create an incident checklist.

B.

Select someone else to check the procedures.

C.

Increase his technical skills.

D.

Read the incident manual every time it occurs.

Buy Now
Questions 124

This TCP flag instructs the sending system to transmit all buffered data immediately.

Options:

A.

SYN

B.

RST

C.

PSH

D.

URG

E.

FIN

Buy Now
Questions 125

Which utility will tell you in real time which ports are listening or in another state?

Options:

A.

Netstat

B.

TCPView

C.

Nmap

D.

Loki

Buy Now
Questions 126

Vlady works in a fishing company where the majority of the employees have very little understanding of IT let alone IT Security. Several information security issues that Vlady often found includes, employees sharing password, writing his/her password on a post it note and stick it to his/her desk, leaving the computer unlocked, didn’t log out from emails or other social media accounts, and etc.

After discussing with his boss, Vlady decided to make some changes to improve the security environment in his company. The first thing that Vlady wanted to do is to make the employees understand the importance of keeping confidential information, such as password, a secret and they should not share it with other persons.

Which of the following steps should be the first thing that Vlady should do to make the employees in his company understand to importance of keeping confidential information a secret?

Options:

A.

Warning to those who write password on a post it note and put it on his/her desk

B.

Developing a strict information security policy

C.

Information security awareness training

D.

Conducting a one to one discussion with the other employees about the importance of information security

Buy Now
Questions 127

Bella, a security professional working at an it firm, finds that a security breach has occurred while transferring important files. Sensitive data, employee usernames. and passwords are shared In plaintext, paving the way for hackers 10 perform successful session hijacking. To address this situation. Bella Implemented a protocol that sends data using encryption and digital certificates. Which of the following protocols Is used by Bella?

Options:

A.

FTP

B.

HTTPS

C.

FTPS

D.

IP

Buy Now
Questions 128

While testing a web application in development, you notice that the web server does not properly ignore the “dot dot slash” (../) character string and instead returns the file listing of a folder structure of the server.

What kind of attack is possible in this scenario?

Options:

A.

Cross-site scripting

B.

Denial of service

C.

SQL injection

D.

Directory traversal

Buy Now
Questions 129

What piece of hardware on a computer's motherboard generates encryption keys and only releases a part of the key so that decrypting a disk on a new piece of hardware is not possible?

Options:

A.

CPU

B.

GPU

C.

UEFI

D.

TPM

Buy Now
Questions 130

During the enumeration phase. Lawrence performs banner grabbing to obtain information such as OS details and versions of services running. The service that he enumerated runs directly on TCP port 445.

Which of the following services is enumerated by Lawrence in this scenario?

Options:

A.

Server Message Block (SMB)

B.

Network File System (NFS)

C.

Remote procedure call (RPC)

D.

Telnet

Buy Now
Questions 131

Widespread fraud ac Enron. WorldCom, and Tyco led to the creation of a law that was designed to improve the accuracy and accountability of corporate disclosures. It covers accounting firms and third parties that provide financial services to some organizations and came into effect in 2002. This law is known by what acronym?

Options:

A.

Fed RAMP

B.

PCIDSS

C.

SOX

D.

HIPAA

Buy Now
Questions 132

Ethical hacker jane Smith is attempting to perform an SQL injection attach. She wants to test the response time of a true or false response and wants to use a second command to determine whether the database will return true or false results for user IDs. which two SQL Injection types would give her the results she is looking for?

Options:

A.

Out of band and boolean-based

B.

Time-based and union-based

C.

union-based and error-based

D.

Time-based and boolean-based

Buy Now
Questions 133

You have successfully logged on a Linux system. You want to now cover your trade Your login attempt may be logged on several files located in /var/log. Which file does NOT belongs to the list:

Options:

A.

user.log

B.

auth.fesg

C.

wtmp

D.

btmp

Buy Now
Questions 134

Ralph, a professional hacker, targeted Jane, who had recently bought new systems for her company. After a few days, Ralph contacted Jane while masquerading as a legitimate customer support executive, informing that her systems need to be serviced for proper functioning and that customer support will send a computer technician. Jane promptly replied positively. Ralph entered Jane's company using this opportunity and gathered sensitive information by scanning terminals for passwords, searching for important documents in desks, and rummaging bins. What is the type of attack technique Ralph used on jane?

Options:

A.

Dumpster diving

B.

Eavesdropping

C.

Shoulder surfing

D.

impersonation

Buy Now
Questions 135

As a budding cybersecurity enthusiast, you have set up a small lab at home to learn more about wireless

network security. While experimenting with your home Wi-Fi network, you decide to use a well-known

hacking tool to capture network traffic and attempt to crack the Wi-Fi password. However, despite many

attempts, you have been unsuccessful. Your home Wi-Fi network uses WPA2 Personal with AES encryption.

Why are you finding it difficult to crack the Wi-Fi password?

Options:

A.

The Wi-Fi password is too complex and long

B.

Your hacking tool is outdated

C.

The network is using an uncrackable encryption method

D.

The network is using MAC address filtering.

Buy Now
Questions 136

What type of virus is most likely to remain undetected by antivirus software?

Options:

A.

Cavity virus

B.

Stealth virus

C.

File-extension virus

D.

Macro virus

Buy Now
Questions 137

Attacker Rony installed a rogue access point within an organization's perimeter and attempted to intrude into its internal network. Johnson, a security auditor, identified some unusual traffic in the internal network that is aimed at cracking the authentication mechanism. He immediately turned off the targeted network and tested for any weak and outdated security mechanisms that are open to attack. What is the type of vulnerability assessment performed by johnson in the above scenario?

Options:

A.

Host-based assessment

B.

Wireless network assessment

C.

Application assessment

D.

Distributed assessment

Buy Now
Questions 138

An attacker decided to crack the passwords used by industrial control systems. In this process, he employed a loop strategy to recover these passwords. He used one character at a time to check whether the first character entered is correct; if so, he continued the loop for consecutive characters. If not, he terminated the loop. Furthermore, the attacker checked how much time the device took to finish one complete password authentication process, through which he deduced how many characters entered are correct.

What is the attack technique employed by the attacker to crack the passwords of the industrial control systems?

Options:

A.

Side-channel attack

B.

Denial-of-service attack

C.

HMI-based attack

D.

Buffer overflow attack

Buy Now
Questions 139

Kate dropped her phone and subsequently encountered an issue with the phone's internal speaker. Thus, she is using the phone's loudspeaker for phone calls and other activities. Bob, an attacker, takes advantage of this vulnerability and secretly exploits the hardware of Kate's phone so that he can monitor the loudspeaker's output from data sources such as voice assistants, multimedia messages, and audio files by using a malicious app to breach speech privacy. What is the type of attack Bob performed on Kate in the above scenario?

Options:

A.

Man-in-the-disk attack

B.

aLTEr attack

C.

SIM card attack

D.

Spearphone attack

Buy Now
Questions 140

John, a professional hacker, decided to use DNS to perform data exfiltration on a target network, in this process, he embedded malicious data into the DNS protocol packets that even DNSSEC cannot detect. Using this technique. John successfully injected malware to bypass a firewall and maintained communication with the victim machine and C&C server. What is the technique employed by John to bypass the firewall?

Options:

A.

DNS cache snooping

B.

DNSSEC zone walking

C.

DNS tunneling method

D.

DNS enumeration

Buy Now
Questions 141

A security analyst is preparing to analyze a potentially malicious program believed to have infiltrated an organization's network. To ensure the safety and integrity of the production environment, the analyst decided to use a sheep dip computer for the analysis. Before initiating the analysis, what key step should the analyst

take?

Options:

A.

Run the potentially malicious program on the sheep dip computer to determine its behavior

B.

Store the potentially malicious program on an external medium, such as a CD-ROM

C.

Connect the sheep dip computer to the organization's internal network

D.

install the potentially malicious program on the sheep dip computer

Buy Now
Questions 142

Attempting an injection attack on a web server based on responses to True/False QUESTION NO:s is called which of the following?

Options:

A.

Compound SQLi

B.

Blind SQLi

C.

Classic SQLi

D.

DMS-specific SQLi

Buy Now
Questions 143

You are a cybersecurity consultant for a healthcare organization that utilizes Internet of Medical Things (loMT) devices, such as connected insulin pumps and heart rate monitors, to provide improved patientcare. Recently, the organization has been targeted by ransomware attacks. While the IT infrastructure was unaffected due to robust security measures, they are worried that the loMT devices could be potential entry points for future

attacks. What would be your main recommendation to protect these devices from such threats?

Options:

A.

Implement multi-factor authentication for all loMT devices.

B.

Disable all wireless connectivity on loMT devices.

C.

Use network segmentation to isolate loMT devices from the main network.

D.

Regularly change the IP addresses of all loMT devices.

Buy Now
Questions 144

When considering how an attacker may exploit a web server, what is web server footprinting?

Options:

A.

When an attacker implements a vulnerability scanner to identify weaknesses

B.

When an attacker creates a complete profile of the site's external links and file structures

C.

When an attacker gathers system-level data, including account details and server names

D.

When an attacker uses a brute-force attack to crack a web-server password

Buy Now
Questions 145

You are the lead cybersecurity analyst at a multinational corporation that uses a hybrid encryption system to secure inter-departmental communications. The system uses RSA encryption for key exchange and AES for data encryption, taking advantage of the strengths of both asymmetric and symmetric encryption. Each RSA

key pair has a size of 'n' bits, with larger keys providing more security at the cost of slower performance. The time complexity of generating an RSA key pair is O(n*2), and AES encryption has a time complexity of O(n). An attacker has developed a quantum algorithm with time complexity O((log n)*2) to crack RSA encryption. Given *n=4000' and variable ‘AES key size’, which scenario is likely to provide the best balance of security and

performance?

Options:

A.

AES key size=128 bits: This configuration provides less security than option A, but RSA key generation and AES encryption will be faster.

B.

AES key size=256 bits: This configuration provides a high level of security, but RSA key generation may be slow.

C.

AES key size=192 bits: This configuration is a balance between options A and B, providing moderate security and performance.

D.

AES key size=512 bits: This configuration provides the highest level of security but at a significant performance cost due to the large AES key size.

Buy Now
Questions 146

In the process of footprinting a target website, an ethical hacker utilized various tools to gather critical information. The hacker encountered a target site where standard web spiders were ineffective due to a specific file in its root directory. However, they managed to uncover all the files and web pages on the target site, monitoring the resulting incoming and outgoing traffic while browsing the website manually. What technique did the hacker likely employ to achieve this?

Options:

A.

Using Photon to retrieve archived URLs of the target website from archive.org

B.

Using the Netcraft tool to gather website information

C.

Examining HTML source code and cookies

D.

User-directed spidering with tools like Burp Suite and WebScarab

Buy Now
Questions 147

As a part of an ethical hacking exercise, an attacker is probing a target network that is suspected to employ various honeypot systems for security. The attacker needs to detect and bypass these honeypots without alerting the target. The attacker decides to utilize a suite of techniques. Which of the following techniques would NOT assist in detecting a honeypot?

Options:

A.

Probing system services and observing the three-way handshake

B.

Using honeypot detection tools like Send-Safe Honeypot Hunter

C.

Implementing a brute force attack to verify system vulnerability

D.

Analyzing the MAC address to detect instances running on VMware

Buy Now
Questions 148

in this attack, an adversary tricks a victim into reinstalling an already-in-use key. This is achieved by manipulating and replaying cryptographic handshake messages. When the victim reinstall the key, associated parameters such as the incremental transmit packet number and receive packet number are reset to their initial values. What is this attack called?

Options:

A.

Chop chop attack

B.

KRACK

C.

Evil twin

D.

Wardriving

Buy Now
Questions 149

An ethical hacker is hired to conduct a comprehensive network scan of a large organization that strongly suspects potential intrusions into their internal systems. The hacker decides to employ a combination of scanning tools to obtain a detailed understanding of the network. Which sequence of actions would provide the most comprehensive information about the network's status?

Options:

A.

Initiate with Nmap for a ping sweep, then use Metasploit to scan for open ports and services, and finally use Hping3 to perform remote OS fingerprinting

B.

Use Hping3 for an ICMP ping scan on the entire subnet, then use Nmap for a SYN scan on identified active hosts, and finally use Metasploit to exploit identified vulnerabilities

C.

Start with Hping3 for a UDP scan on random ports, then use Nmap for a version detection scan, and finally use Metasploit to exploit detected vulnerabilities

D.

Begin with NetScanTools Pro for a general network scan, then use Nmap for OS detection and version detection, and finally perform an SYN flooding with Hping3

Buy Now
Questions 150

In an intricate web application architecture using an Oracle database, you, as a security analyst, have identified a potential SQL Injection attack surface. The database consists of 'x' tables, each with y columns. Each table contains z1 records. An attacker, well-versed in SQLi techniques, crafts 'u' SQL payloads, each attempting to extract maximum data from the database. The payloads include UNION SELECT' statements and 'DBMS_XSLPPOCESSOR.READ2CLOB' to read sensitive files. The attacker aims to maximize the total data extracted E=xyz'u'. Assuming 'x=4\ y=2\ and varying z' and 'u\ which situation is likely to result in the highest extracted data volume?

Options:

A.

z=400. u=4: The attacker constructs A SQLpayloads, each focusing on tables with 400 records, influencing all columns of all tables

B.

z=550, u=Z Here, the attacker formulates 2 SQL payloads and directs them towards tables containing 550 records, impacting all columns and tables

C.

z=600. u=2: The attacker devises 2 SQL payloads. each aimed at tables holding 600 records, affecting all columns across all tables

D.

Az=500. u=3: The attacker creates 3 SQL payloads and targets tables with 500 records each, exploiting all columns and tables

Buy Now
Questions 151

Attacker Simon targeted the communication network of an organization and disabled the security controls of NetNTLMvl by modifying the values of LMCompatibilityLevel, NTLMMinClientSec, and RestrictSendingNTLMTraffic. He then extracted all the non-network logon tokens from all the active processes to masquerade as a legitimate user to launch further attacks. What is the type of attack performed by Simon?

Options:

A.

Internal monologue attack

B.

Combinator attack

C.

Rainbow table attack

D.

Dictionary attack

Buy Now
Questions 152

What would be the purpose of running "wget 192.168.0.15 -q -S" against a web server?

Options:

A.

Performing content enumeration on the web server to discover hidden folders

B.

Using wget to perform banner grabbing on the webserver

C.

Flooding the web server with requests to perform a DoS attack

D.

Downloading all the contents of the web page locally for further examination

Buy Now
Questions 153

If executives are found liable for not properly protecting their company’s assets and information systems, what type of law would apply in this situation?

Options:

A.

Criminal

B.

International

C.

Common

D.

Civil

Buy Now
Questions 154

You want to do an ICMP scan on a remote computer using hping2. What is the proper syntax?

Options:

A.

hping2 host.domain.com

B.

hping2 --set-ICMP host.domain.com

C.

hping2 -i host.domain.com

D.

hping2 -1 host.domain.com

Buy Now
Questions 155

Peter, a system administrator working at a reputed IT firm, decided to work from his home and login remotely. Later, he anticipated that the remote connection could be exposed to session hijacking. To curb this possibility, he implemented a technique that creates a safe and encrypted tunnel over a public network to securely send and receive sensitive information and prevent hackers from decrypting the data flow between the endpoints. What is the technique followed by Peter to send files securely through a remote connection?

Options:

A.

DMZ

B.

SMB signing

C.

VPN

D.

Switch network

Buy Now
Questions 156

An audacious attacker is targeting a web server you oversee. He intends to perform a Slow HTTP POST attack, by manipulating 'a' HTTP connection. Each connection sends a byte of data every 'b' second, effectively holding up the connections for an extended period. Your server is designed to manage 'm' connections per second, but any connections exceeding this number tend to overwhelm the system. Given ‘a=100' and variable 'm', along with the attacker's intention of maximizing the attack duration 'D=a*b', consider the following scenarios. Which is most likely to result in the longest duration of server unavailability?

Options:

A.

m=110, b=20: Despite the attacker sending 100 connections, the server can handle 110 connections per

second, therefore likely staying operative, regardless of the hold-up time per connection

B.

m=90, b=15: The server can manage 90 connections per second, but the attacker's 100 connections

exceed this, and with each connection held up for 15 seconds, the attack duration could be significant

C.

95, b=10: Here, the server can handle 95 connections per second, but it falls short against the

attacker's 100 connections, albeit the hold-up time per connection is lower

D.

m=105, b=12: The server can manage 105 connections per second, more than the attacker's 100

connections, likely maintaining operation despite a moderate hold-up time

Buy Now
Questions 157

In an attempt to damage the reputation of a competitor organization, Hailey, a professional hacker, gathers a list of employee and client email addresses and other related information by using various search engines, social networking sites, and web spidering tools. In this process, she also uses an automated tool to gather a list of words from the target website to further perform a brute-force attack on the previously gathered email addresses.

What is the tool used by Hailey for gathering a list of words from the target website?

Options:

A.

Shadowsocks

B.

CeWL

C.

Psiphon

D.

Orbot

Buy Now
Questions 158

Becky has been hired by a client from Dubai to perform a penetration test against one of their remote offices. Working from her location in Columbus, Ohio, Becky runs her usual reconnaissance scans to obtain basic information about their network. When analyzing the results of her Whois search, Becky notices that the IP was allocated to a location in Le Havre, France. Which regional Internet registry should Becky go to for detailed information?

Options:

A.

ARIN

B.

APNIC

C.

RIPE

D.

LACNIC

Buy Now
Questions 159

A penetration tester is performing the footprinting process and is reviewing publicly available information about an organization by using the Google search engine.

Which of the following advanced operators would allow the pen tester to restrict the search to the organization’s web domain?

Options:

A.

[allinurl:]

B.

[location:]

C.

[site:]

D.

[link:]

Buy Now
Questions 160

Websites and web portals that provide web services commonly use the Simple Object Access Protocol (SOAP).

Which of the following is an incorrect definition or characteristics of the protocol?

Options:

A.

Exchanges data between web services

B.

Only compatible with the application protocol HTTP

C.

Provides a structured model for messaging

D.

Based on XML

Buy Now
Questions 161

Dayn, an attacker, wanted to detect if any honeypots are installed in a target network. For this purpose, he used a time-based TCP fingerprinting method to validate the response to a normal computer and the response of a honeypot to a manual SYN request. Which of the following techniques is employed by Dayn to detect honeypots?

Options:

A.

Detecting honeypots running on VMware

B.

Detecting the presence of Honeyd honeypots

C.

Detecting the presence of Snort_inline honeypots

D.

Detecting the presence of Sebek-based honeypots

Buy Now
Questions 162

While performing a security audit of a web application, an ethical hacker discovers a potential vulnerability.

The application responds to logically incorrect queries with detailed error messages that divulge the underlying database's structure. The ethical hacker decides to exploit this vulnerability further. Which type of SQL Injection attack is the ethical hacker likely to use?

Options:

A.

UNION SQL Injection

B.

Blind/inferential SQL Injection

C.

In-band SQL Injection

D.

Error-based SOL Injection

Buy Now
Questions 163

Which Nmap option would you use if you were not concerned about being detected and wanted to perform a very fast scan?

Options:

A.

-T5

B.

-O

C.

-T0

D.

-A

Buy Now
Questions 164

Don, a student, came across a gaming app in a third-party app store and Installed it. Subsequently, all the legitimate apps in his smartphone were replaced by deceptive applications that appeared legitimate. He also received many advertisements on his smartphone after Installing the app. What is the attack performed on Don in the above scenario?

Options:

A.

SMS phishing attack

B.

SIM card attack

C.

Agent Smith attack

D.

Clickjacking

Buy Now
Questions 165

Jude, a pen tester, examined a network from a hacker's perspective to identify exploits and vulnerabilities accessible to the outside world by using devices such as firewalls, routers, and servers. In this process, he also estimated the threat of network security attacks and determined the level of security of the corporate network.

What is the type of vulnerability assessment that Jude performed on the organization?

Options:

A.

External assessment

B.

Passive assessment

C.

Host-based assessment

D.

Application assessment

Buy Now
Questions 166

You are a penetration tester and are about to perform a scan on a specific server. The agreement that you signed with the client contains the following specific condition for the scan: “The attacker must scan every port on the server several times using a set of spoofed sources IP addresses. ” Suppose that you are using Nmap to perform this scan. What flag will you use to satisfy this requirement?

Options:

A.

The -A flag

B.

The -g flag

C.

The -f flag

D.

The -D flag

Buy Now
Questions 167

What is the most common method to exploit the “Bash Bug” or “Shellshock” vulnerability?

Options:

A.

SYN Flood

B.

SSH

C.

Through Web servers utilizing CGI (Common Gateway Interface) to send a malformed environment variable to a vulnerable Web server

D.

Manipulate format strings in text fields

Buy Now
Questions 168

An IT security team is conducting an internal review of security protocols in their organization to identify

potential vulnerabilities. During their investigation, they encounter a suspicious program running on several

computers. Further examination reveals that the program has been logging all user keystrokes. How can the

security team confirm the type of program and what countermeasures should be taken to ensure the same

attack does not occur in the future?

Options:

A.

The program is a Trojan; the tearm should regularly update antivirus software and install a reliable firewall

B.

The program is spyware; the team should use password managers and encrypt sensitive data

C.

The program is a keylogger; the team should employ intrusion detection systems and regularly update the system software

D.

The program is a keylogger; the team should educate employees about phishing attacks and maintain regular backups

Buy Now
Questions 169

The network users are complaining because their system are slowing down. Further, every time they attempt to go a website, they receive a series of pop-ups with advertisements. What types of malware have the system been infected with?

Options:

A.

Virus

B.

Spyware

C.

Trojan

D.

Adware

Buy Now
Questions 170

An ethical hacker is scanning a target network. They initiate a TCP connection by sending an SYN packet to a target machine and receiving a SYN/ACK packet in response. But instead of completing the three-way handshake with an ACK packet, they send an RST packet. What kind of scan is the ethical hacker likely performing and what is their goal?

Options:

A.

They are performing an SYN scan to stealthily identify open ports without fully establishing a connection

B.

They are performing a TCP connect scan to identify open ports on the target machine

C.

They are performing a vulnerability scan to identify any weaknesses in the target system

D.

They are performing a network scan to identify live hosts and their IP addresses

Buy Now
Questions 171

Heather’s company has decided to use a new customer relationship management tool. After performing the appropriate research, they decided to purchase a subscription to a cloud-hosted solution. The only administrative task that Heather will need to perform is the management of user accounts. The provider will take care of the hardware, operating system, and software administration including patching and monitoring. Which of the following is this type of solution?

Options:

A.

SaaS

B.

IaaS

C.

CaaS

D.

PasS

Buy Now
Exam Code: 312-50v12
Exam Name: Certified Ethical Hacker Exam (CEHv12)
Last Update: Dec 21, 2024
Questions: 572

PDF + Testing Engine

$134.99

Testing Engine

$99.99

PDF (Q&A)

$84.99