C701, CEHv11-CEH 12 Study Guide Flashcards Quizlet

C701, CEHv11-CEH 12 Study Guide Flashcards | Quizlet https://quizlet.com/726316111/c701-cehv11-ceh-12-st...
Social Science Sociology
C701, CEHv11-CEH 12 Study Guide

Terms in this set (403)
Which of the following B

information security
elements guarantees that the
sender of a message cannot
later deny having sent the
message and the recipient
cannot deny having received
the message?
A Confidentiality
B Non-repudiation
C Availability
D Integrity
1 of 62 5/21/23, 09:08
A phase of the cyber kill C

chain methodology triggers
the adversary's malicious
code, which utilizes a
vulnerability in the operating
system, application, or
server on a target system. At
this stage, the organization
may face threats such as
authentication and
authorization attacks,
arbitrary code execution,
physical security threats, and
security misconfiguration.
Which is this phase of the

cyber kill chain
methodology?
A Reconnaissance
B Weaponization
C Exploitation
D Installation
Which of the following is a A

category of hackers who are
also known as crackers, use
their extraordinary
computing skills for illegal or
malicious purposes, and are
often involved in criminal
activities?
A Black hats
B White hats
C Suicide hackers
D Script kiddies
2 of 62 5/21/23, 09:08
John, a professional hacker, C

has launched an attack on a
target organization to
extract sensitive information.
He was successful in
launching the attack and
gathering the required
information. He is now
attempting to hide the
malicious acts by overwriting
the server, system, and
application logs to avoid
suspicion.
Which of the following

phases of hacking is John
currently in?
A Maintaining access
B Scanning
C Clearing tracks
D Gaining access
Which of the following risk C

management phases
involves selecting and
implementing appropriate
controls for the identified
risks to modify them?
A Risk tracking and review

B Risk identification
C Risk treatment
D Risk assessment
3 of 62 5/21/23, 09:08
In which of the following B

incident handling and
response phases are the
identified security incidents
analyzed, validated,
categorized, and prioritized?
A Incident recording and

assignment
B Incident triage
C Containment
D Eradication
Which of the following D

phases of risk management
is an ongoing iterative
process that assigns
priorities for risk mitigation
and implementation plans to
help determine the
quantitative and qualitative
value of risk?
A Risk identification
B Risk treatment
C Risk tracking and review
D Risk assessment
4 of 62 5/21/23, 09:08
Jack, a security professional, D

was instructed to introduce a
security standard to handle
cardholder information for
major debit, credit, prepaid,
e-purse, ATM, and POS
cards. In the process, Jack
has employed a standard
that offers robust and
comprehensive standards as
well as supporting materials
to enhance payment-card
data security.
What is the security standard

that Jack has employed?
A HIPAA
B SOX
C DMCA
D PCI DSS
5 of 62 5/21/23, 09:08
Morris, an attacker, has B

targeted an organization's
network. To know the
structure of the target
network, he combined
footprinting techniques with
a network utility that helped
him create diagrammatic
representations of the target
network.
What is the network utility

employed by Morris in the
above scenario?
A Netcraft
B Tracert
C Shodan
D BuzzSumo

Google advanced search
operators displays similar
websites to the specified
URL?
A [site:]
B [info:]
C [inurl:]
D [related:]
6 of 62 5/21/23, 09:08
Which of the following A

techniques is used by an
attacker to perform
automated searches on the
target website and collect
specified information, such
as employee names and
email addresses?
A Web spidering
B Website mirroring
C Monitoring of web
updates
D Website link extraction
7 of 62 5/21/23, 09:08
Jude, an attacker, has A

targeted an organization's
communication network.
While conducting initial
footprinting, he used a
Google dork to find the
VoIP login portals of the
organization.
What is the Google dork that

helped Jude find the VoIP
login portals?
A inurl:8080 intitle:"login"
intext:"UserLogin" "English"
B inurl:/voice/advanced/
intitle:Linksys SPA
configuration
C inurl:/remote
/login?lang=en
D !Host=.
intext:enc_UserPassword=*
ext:pcf
8 of 62 5/21/23, 09:08
Stokes, an attacker, decided C

to find vulnerable IoT
devices installed in the
target organization. In this
process, he used an online
tool that helped him gather
information such as a
device's manufacturer
details, its IP address, and
the location where it is
installed.
What is the online tool that

Stokes used in the above
scenario?
A DuckDuckGo
B Baidu
C Shodan
D Bing
9 of 62 5/21/23, 09:08
CenSys Solutions hired C

Clark, a security
professional, to enhance the
Internet security of the
organization. To achieve the
goal, Clark employed a tool
that provides various
Internet security services,
including anti-fraud and anti-
phishing services,
application testing, and PCI
scanning.
What is the tool used by

Clark to perform the above
activities?
A Blisqy
B OmniPeek
C Netcraft
D BTCrawler
10 of 62 5/21/23, 09:08
Clark is a professional B
hacker. He targeted an
organization for financial
benefit and used various
footprinting techniques to
gather information about the
target network. In this
process, he employed a
protocol used for querying
databases that store the
registered users or assignees
of an Internet resource, such
as a domain name, an IP
address block, or an
autonomous system.
What is the protocol

employed by Clark in the
above scenario?
A SMB
B Whois
C SNMP
D FTP
Which of the following tools A

in OSRFramework is used by
attackers to check for a user
profile on up to 290 different
platforms?
A usufy.py
B phonefy.py
C entify.py
D searchfy.py
11 of 62 5/21/23, 09:08
What is the feature in FOCA B

that checks each domain to
ascertain the host names
configured in NS, MX, and
SPF servers to discover the
new host and domain
names?
A Common names
B DNS search
C Web search
D Bing IP
Which of the following C

countermeasures should be
followed to safeguard the
privacy, data, and reputation
of an organization and to
prevent information
disclosure?
A Keeping the domain name

profile public
B Enabling directory listings
in the web servers
C Avoiding domain-level
cross-linking for critical
assets
D Turning on geolocation
access on all mobile devices
12 of 62 5/21/23, 09:08
Which of the following TCP B

communication flags notifies
the transmission of a new
sequence number and
represents the establishment
of a connection between
two hosts?
A FIN flag
B SYN flag
C PSH flag
D RST flag
Which of the following hping C

commands is used by an
attacker to scan the entire
subnet to detect live hosts in
a target network?
A hping3 -8 50-60 -S
10.0.0.25 -V
B hping3 -F -P -U 10.0.0.25 -p
80
C hping3 -1 10.0.1.x --rand-
dest -I eth0
D hping3 -9 HTTP -I eth0
13 of 62 5/21/23, 09:08

attacker to perform an ICMP
ECHO ping sweep that can
determine the live hosts
from a range of IP addresses
by sending ICMP ECHO
requests to multiple hosts?
A nmap -sn -PR 10.10.10.10

B nmap -sn -PU 10.10.10.10
C nmap -sn -PE 10.10.10.10
D nmap -sn -PE 10.10.10.5-15

scanning techniques is used
by an attacker to send a TCP
frame to a remote device
with the FIN, URG, and PUSH
flags set?
A Xmas scan
B TCP Maimon scan
C ACK flag probe scan
D IDLE/IPID header scan
14 of 62 5/21/23, 09:08
A certain scanning technique D

has no three-way handshake,
and the system does not
respond when the port is
open; when the port is
closed, the system responds
with an ICMP port
unreachable message.
Which of the following is this

scanning technique?
A List scanning
B SCTP COOKIE ECHO
scanning
C IPv6 scanning
D UDP scanning
15 of 62 5/21/23, 09:08
A certain type of port D

scanning technique is similar
to the TCP SYN scan and
can be performed quickly by
scanning thousands of ports
per second on a fast
network that is not
obstructed by a firewall,
offering a strong sense of
security.
Which of the following is this

type of port scanning
technique?
A IDLE/IPID header
scanning
B SCTP COOKIE ECHO
scanning
C SSDP scanning
D SCTP INIT scanning
16 of 62 5/21/23, 09:08
An attacker performed OS D
banner grabbing on a target
host. They analyzed the
packets received from the
target system and identified
that the values of time to live
(TTL) and TCP window size
as 255 and 4128,
respectively.
What is the operating system

of the target host on which
the attacker performed
banner grabbing?
A Linux (Kernel 2.4 and 2.6)

B Google Linux
C Windows 98, Vista, and 7
(Server 2008)
D iOS 12.4 (Cisco Routers)
Which of the following OS B

discovery techniques is used
by an attacker to identify a
target machine's OS by
observing the TTL values in
the acquired scan result?
A OS discovery using Nmap

B OS discovery using
Unicornscan
C OS discovery using Nmap
Script Engine
D OS discovery using IPv6
fingerprinting
17 of 62 5/21/23, 09:08

IDS/firewall evasion
techniques is used by an
attacker to bypass Internet
censors and evade certain
IDS and firewall rules?
A IP address decoy
B Sending bad checksums
C Source port manipulation
D Anonymizers
Through which of the D

following techniques can an
attacker obtain a computer's
IP address, alter the packet
headers, and send request
packets to a target machine
while pretending to be a
legitimate host?
A IP address decoy
B Source port manipulation
C Packet fragmentation
D IP address spoofing
18 of 62 5/21/23, 09:08
Larry, a professional hacker, B

was hired to launch a few
attacks on an organization.
In the process, he identified
that FTP server ports are
open and performed
enumeration on FTP to find
the software version and
state of existing
vulnerabilities for performing
further exploitations.
What is the FTP port number

that Larry has targeted?
A TCP 25
B TCP 20/21
C TCP/UDP 5060, 5061
D TCP 179
Which of the following Net C

View commands is used by
an attacker to view all the
available shares in a domain?
A net view
\<computername> /ALL
B net view /domain:<domain
name>
C net view /domain
D net view
\<computername>
19 of 62 5/21/23, 09:08

commands is used by the
SNMP manager continuously
to retrieve all the data
stored in an array or table?
A GetResponse
B GetNextRequest
C GetRequest
D SetRequest
George hired an attacker B

named Joan to perform a
few attacks on a competitor
organization and gather
sensitive information. In this
process, Joan performed
enumeration activities on the
target organization's systems
to access the directory
listings within Active
Directory.
What is the type of

enumeration that Joan has
performed in the above
scenario?
A SNMP enumeration
B LDAP enumeration
C NTP enumeration
D NetBIOS enumeration
20 of 62 5/21/23, 09:08
Sam, an ethical hacker, is C

launching an attack on a
target company. He
performed various
enumeration activities to
detect any existing
vulnerabilities on the target
network and systems. In this
process, he performed NTP
enumeration and executed
some commands to acquire
the list of hosts connected
to the NTP server.
Which of the following NTP

enumeration commands
helps Sam in collecting
system information such as
the number of time samples
from several time sources?
A ntptrace
B ntpdc
C ntpdate
D ntpq
21 of 62 5/21/23, 09:08
Jim, a professional hacker, C

was hired to perform an
attack on an organization. In
the attack process, Jim
targeted the SMTP server of
the target organization and
performed SMTP
enumeration using the smtp-
user-enum tool. He used
some options in the tool to
gather the usernames of the
target organization's
employees.

options did Jim use in the
SMTP command for
guessing the username from
among EXPN, VRFY, and
RCPT TO?
A -m n
B -u user
C -M mode
D -p port
22 of 62 5/21/23, 09:08
Given below are the C

different phases of the
vulnerability management
lifecycle.
1) Monitor
2) Vulnerability scan
3) Identify assets and create
a baseline
4) Risk assessment
5) Verification
6) Remediation
What is the correct

sequence of phases involved
in the vulnerability
management lifecycle?
A1→2→3→4→5→6
B2→1→5→3→6→4
C3→2→4→6→5→1
D3→1→4→5→6→2
23 of 62 5/21/23, 09:08
Jaden, a security B
professional in an
organization, introduced
new tools and services into
the organization. Before
introducing the tools, he had
to evaluate whether the
tools are effective and
appropriate for the
organization. He used a
publicly available and free-
to-use list of standardized
identifiers for software
vulnerabilities and exposures
to evaluate the tools.

databases did Jaden use to
evaluate the tools and
services?
A LACNIC
B CVE
C Whois
D ARIN
24 of 62 5/21/23, 09:08
Edward, a security C
professional in an
organization, was instructed
by higher officials to
calculate the severity of the
organization' s systems.In the
process, he used CVSS, a
published standard that
provides an open framework
for communicating the
characteristics and impacts
of IT vulnerabilities. He used
three metrics provided by
CVSS for measuring
vulnerabilities.
Which of the following CVSS

metrics represents the
features that continue to
change during the lifetime of
the vulnerability?
A Base metric
B Environmental metric
C Temporal metric
D Overall score
25 of 62 5/21/23, 09:08
Which of the following types B

of vulnerability assessment
sniffs the traffic present on
the network to identify the
active systems, network
services, applications, and
vulnerabilities?
A Active assessment
B Passive assessment
C Credentialed assessment
D Distributed assessment
Ben, an ethical hacker, was C

hired by an organization to
check its security levels. In
the process, Ben examined
the network from a hacker's
perspective to identify
exploits and vulnerabilities
accessible to the outside
world by using devices such
as firewalls, routers, and
servers.
Which of the following types

did Ben perform on the
organization?
A Active assessment
B Passive assessment
C External assessment
D Internal assessment
26 of 62 5/21/23, 09:08
Clark, an ethical hacker, is D

performing vulnerability
assessment on an
organization's network.
Instead of performing
footprinting and network
scanning, he used tools such
as Nessus and Qualys for the
assessment.

did Clark perform on the
organization?
A Manual assessment
B Credentialed assessment
C Distributed assessment
D Automated assessment
27 of 62 5/21/23, 09:08
Ray, a security professional B

in an organization, was
instructed to identify all
potential security
weaknesses in the
organization and fix them
before an attacker can
exploit them. In the process,
he consulted a third-party
consulting firm to run a
security audit of the

of solutions did Ray
implement in the above
scenario?
A Product-based solution
B Service-based solution
C Tree-based assessment
D Inference-based
assessment
28 of 62 5/21/23, 09:08
Karen, a security B
professional in an
organization, performed a
vulnerability assessment on
the organization's network to
check for vulnerabilities. In
this process, she used a type
of location data examination
scanner that resides on a
single machine but can scan
several machines on the
same network.

of location and data
examination tools did Karen
use?
A Network-based scanner
B Agent-based scanner
C Proxy scanner
D Cluster scanner
29 of 62 5/21/23, 09:08
Rick, an ethical hacker, is D

performing a vulnerability
assessment on an
organization and a security
audit on the organization's
network. In this process, he
used a tool for identifying
vulnerabilities, configuration
issues, and malware that
attackers use to penetrate
networks.
Which of the following tools

did Rick use to perform
vulnerability assessment?
A Metagoofil
B Infoga
C Immunity Debugger
D Nessus
Which of the following types C

of password attacks does
not require any technical
knowledge about hacking or
system exploitation and
includes techniques such as
shoulder surfing, social
engineering, and dumpster
diving?
A Active online attacks

B Passive online attacks
C Non-electronic attacks
D Offline attacks
30 of 62 5/21/23, 09:08
Given below are the D

different steps involved in
exploiting vulnerabilities.
1) Develop the exploit.

2) Determine the risk
associated with the
vulnerability.
3) Determine the capability
of the vulnerability.
4) Identify the vulnerability.
5) Gain remote access.
6) Select the method for
delivering: local or remote.
7) Generate and deliver the
payload.
What is the correct

sequence of steps involved
in exploiting vulnerabilities?
A1→2→3→4→5→6→7
B3→6→7→4→2→1→5
C2→3→6→4→5→1→7
D4→2→3→1→6→7→5
31 of 62 5/21/23, 09:08
Which of the following is a A

shim that runs in the user
mode and is used by
attackers to bypass UAC and
perform different attacks
including the disabling of
Windows Defender and
backdoor installation?
A RedirectEXE
B Schtasks
C launchd
D WinRM
Joan, a professional hacker, D

was hired to retrieve
sensitive information from a
target organization. In this
process, she used a post-
exploitation tool to check
common misconfigurations
and find a way to escalate
privileges.

helps Joan in escalating
privileges?
A ShellPhish
B GFI LanGuard
C Netcraft
D BeRoot
32 of 62 5/21/23, 09:08

steganography techniques is
used by attackers for hiding
the message with a large
amount of useless data and
mixing the original data with
the unused data in any
order?
A Null ciphers
B Grille ciphers
C Jargon codes
D Semagrams

attacker to delete only the
history of the current shell
and retain the command
history of other shells?
A cat /dev/null>
~.bash_history && history -c
&& exit
B history -w
C export HISTSIZE=0
D history -c
33 of 62 5/21/23, 09:08
David, a content writer, was C

searching online for a
specific topic. He visited a
web page that appears
legitimate and downloaded
a file. As soon as he
downloaded the file, his
laptop started to behave in a
weird manner. Out of
suspicion, he scanned the
laptop for viruses but found
nothing.

programs conceals the
malicious code of malware
via various techniques,
making it difficult for security
mechanisms to detect or
remove it?
A Exploit
B Downloader
C Obfuscator
D Payload
34 of 62 5/21/23, 09:08
Given below are the B

different phases of the APT
lifecycle.
1) Initial intrusion
2) Persistence
3) Preparation
4) Cleanup
5) Expansion
6) Search and exfiltration
What is the correct

sequence of phases in the
APT lifecycle?
A1→2→3→4→5→6
B3→1→5→2→6→4
C5→3→2→6→4→1
D2→4→6→1→5→3

of malware remains dormant
until the user performs an
online financial transaction,
replicates itself on the
computer, and edits the
registry entries each time the
computer starts?
A TAN grabber
B Covert credential grabber
C HTML injection
D Form grabber
35 of 62 5/21/23, 09:08

of viruses infects Microsoft
Word or similar applications
by automatically performing
a sequence of actions after
triggering an application?
A Multipartite viruses
B Macro viruses
C Encryption viruses
D Sparse infector viruses
Identify the fileless malware B

obfuscation technique in
which an attacker uses the
below command to bypass
antivirus software.
cmd.exe /c ((echo
command1)&&(echo
command2))
A Inserting characters
B Inserting parentheses
C Inserting double quotes
D Custom environment
variables
36 of 62 5/21/23, 09:08
Victor, an employee in an C
organization, received an
executable file as an email
attachment. Out of suspicion,
he reached out to the
organization's IT team. The
team used a tool to
dismantle the executable file
into a binary program to find
harmful or malicious
processes.

did the IT team employ to
analyze the application?
A Splunk
B Spam Mimic
C IDA Pro
D CCleaner
37 of 62 5/21/23, 09:08
John, an attacker, performed A

sniffing on a target
organization's network and
found that one of the
protocols used by the target
organization is vulnerable as
it allows a client to access
and manipulate the emails
on a server. John exploited
that protocol to obtain the
data and employee
credentials that are
transmitted in cleartext.

protocols was exploited by
John in the above scenario?
A IMAP
B HTTPS
C IPsec
D DTLS
Which of the following DNS C

poisoning techniques is used
by an attacker to infect a
victim's machine with a
Trojan and remotely change
their DNS IP address to that
of the attacker's?
A DNS cache poisoning

B Proxy server DNS
poisoning
C Internet DNS spoofing
D Intranet DNS spoofing
38 of 62 5/21/23, 09:08
Which of the following filters A

in Wireshark displays only
the traffic in a LAN
(192.168.x.x) between
workstations and servers
with no Internet?
A ip.src==192.168.0.0/16 and
ip.dst==192.168.0.0/16
B ip.src!= xxx.xxx.xxx.xxx &&
ip.dst != xxx.xxx.xxx.xxx &&
sip
C ip.addr==192.168.1.100 &&
tcp.port=23
D ip.addr == 10.0.0.4 or
ip.addr == 10.0.0.5
In which of the following D

phases of social engineering
attacks does an attacker
collect sensitive information
about the organization's
accounts, finance,
technologies in use, and
upcoming plans?
A Research the target

company
B Select a target
C Develop a relationship
D Exploit the relationship
39 of 62 5/21/23, 09:08
In one of the following C

social engineering
techniques, an attacker
assumes the role of a
knowledgeable professional
so that the organization's
employees ask them for
information. The attacker
then manipulates questions
to draw out the required
information.
Which is this technique?
A Baiting
B Quid pro quo
C Reverse social
engineering
D Dumpster diving
40 of 62 5/21/23, 09:08
When Jake, a software B

engineer, was using social
media, he abruptly received
a friend request from an
unknown lady. Out of
curiosity, he accepted it. She
pretended to be nice and
tricked Jake into revealing
sensitive information about
his organization. Once she
obtained the information,
she deactivated her account.

of attack was performed on
Jake in the above scenario?
A Shoulder surfing
B Honey trap
C Diversion theft
D Tailgating
41 of 62 5/21/23, 09:08
Kate, a disgruntled ex- B

employee of an
organization, decided to
hinder the operations of the
sensitive information by
injecting malware into the

categories of insiders does
Kate belong to?
A Negligent insider
B Malicious insider
C Compromised insider
D Professional insider
42 of 62 5/21/23, 09:08
In one of the following types B

of identity theft, the
perpetrator obtains
information from different
victims to create a new
identity by stealing a social
security number and uses it
with a combination of fake
names, date of birth,
address, and other details
required for creating a new
identity.
Which is this type of identity

theft?
A Social identity theft

B Synthetic identity theft
C Child identity theft
D Medical identity theft
43 of 62 5/21/23, 09:08
Santa, an attacker, targeted A

an organization's web
infrastructure and sent
partial HTTP requests to the
target web server. When the
partial requests were
received, the web server
opened multiple
connections and waited for
the requests to complete;
however, these requests
remained incomplete,
causing the target server's
maximum concurrent
connection pool to be
exhausted and additional
connection attempts to be
denied.

attack techniques was
employed by Santa?
A Slowloris attack
B Ping-of-death (PoD) attack
C Multi-vector attack
D Smurf attack
44 of 62 5/21/23, 09:08

techniques scans the
headers of IP packets
leaving a network and
ensures that unauthorized or
malicious traffic never leaves
the internal network?
A Ingress filtering
B TCP intercept
C Rate limiting
D Egress filtering

techniques is also called a
one-click attack or session
riding and is used by an
attacker to exploit a victim's
active session with a trusted
site to perform malicious
activities?
A Cross-site request forgery

attack
B Cross-site script attack
C Session replay attacks
D Session fixation
45 of 62 5/21/23, 09:08
An attacker aims to hack an D

sensitive information. In this
process, they lure an
employee of the
organization into clicking on
a fake link, which appears
legitimate but redirects the
user to the attacker's server.
The attacker then forwards
the request to the legitimate
server on behalf of the
victim.

of attack is performed by
the attacker in the above
scenario?
A Man-in-the-middle attack
B Cross-site script attack
C Session replay attack
D Session hijacking using
proxy servers
46 of 62 5/21/23, 09:08

types of hijacking can an
attacker inject malicious data
or commands into
intercepted communications
in a TCP session, even if the
victim disables source
routing?
A RST hijacking
B Blind hijacking
C UDP hijacking
D Session fixation

of IDS alerts is an alarm
raised when no actual attack
is in progress?
A True positive
B False positive
C True negative
D False negative
47 of 62 5/21/23, 09:08

firewalls works at the session
layer of the OSI model or
TCP layer of TCP/IP,
forwards data between
networks without
verification, and blocks
incoming packets from the
host but allows traffic to
pass through?
A Packet filtering firewall

B Circuit-level gateway
firewall
C Application-level firewall
D Application proxy
Which of the following is an C

IDS evasion technique used
by attackers to encode an
attack packet payload in
such a manner that the
destination host can decode
the packet but not the IDS?
A Evasion
B Session splicing
C Obfuscating
D Fragmentation
48 of 62 5/21/23, 09:08
In which of the following C

techniques does an attacker
use a combination of upper-
and lower-case letters in an
XSS payload to bypass the
WAF?
A Using hex encoding to

bypass the WAF
B Using ASCII values to
bypass the WAF
C Using obfuscation to
bypass the WAF
D Using ICMP tunneling
One of the following D

techniques redirects all
malicious network traffic to a
honeypot after any intrusion
attempt is detected.
Attackers can identify such
honeypots by examining
specific TCP/IP parameters
such as the round-trip time
(RTT), time to live (TTL), and
TCP timestamp.
Which is this technique?
A Fake AP
B Snort_inline
C User-Mode Linux (UML)
D Bait and switch
49 of 62 5/21/23, 09:08
Which of the following web- B

server components is
located between the web
client and web server to
pass all the requests and is
also used to prevent IP
blocking and maintain
anonymity?
A Server root
B Web proxy
C Virtual document tree
D Virtual hosting

attack types does an
attacker use compromised
PCs with spoofed IP
addresses to intensify DDoS
attacks on the victims' DNS
server by exploiting the DNS
recursive method?
A DoS/DDoS attack
B DNS server hijacking
C DNS amplification attack
D Directory traversal attack
50 of 62 5/21/23, 09:08

attacker exploit
vulnerabilities that evolve
from the unsafe use of
functions in an application in
public web servers to send
crafted requests to internal
or backend servers?
A SSH brute forcing

B Web-server password
cracking
C Server-side request
forgery
D Web-server
misconfiguration

attacker modify the content
of a web page by examining
its HTML code and
identifying form fields that
lack valid constraints?
A Directory traversal
B Buffer overflow attack
C Command injection attack
D Cross-site scripting (XSS)
attack
51 of 62 5/21/23, 09:08
Which of the following is a C

technique used by an
attacker to gather valuable
system-level data such as
account details, OS,
software version, server
names, and database
schema details?
A Whois
B Session hijacking
C Web server footprinting
D Vulnerability scanning

stages of the web server
attack methodology does an
attacker determine the web
server's remote access
capabilities, its ports and
services, and other aspects
of its security?
A Information gathering
B Web server footprinting
C Website mirroring
D Vulnerability scanning
52 of 62 5/21/23, 09:08

modules establishes a
communication channel
between the Metasploit
framework and a victim
host?
A Exploit module
B Auxiliary module
C Payload module
D NOPS module
Given below are the steps C

involved in automated patch
management.
a. Test
b. Assess
c. Detect
d. Acquire
e. Maintain
f. Deploy
What is the correct

sequence of steps involved
in automatic patch
management?
Ac→b→a→d→f→e
Bb→c→d→a→f→e
Cc→b→d→a→f→e
Da→c→b→e→f→d
53 of 62 5/21/23, 09:08
Which of the following web B

services is designed to make
services more productive
and uses many underlying
HTTP concepts to define the
services?
A SOAP
B RESTful
C XML-RPC
D JSON-RPC

web application threats does
an attacker manipulate the
variables that reference files
with "dot-dot-slash (../)"
sequences and its
variations?
A Unvalidated redirects and

forwards
B Hidden field manipulation
attack
C Directory traversal attack
D Cookie/session poisoning
54 of 62 5/21/23, 09:08
Which of the following is a B

process that can be used to
convert object data into a
linear format for
transportation to a different
system or different network?
A Deserialization
B Serialization
C Insecure deserialization
D Directory traversal

attacks runs malicious code
inside a browser and causes
an infection that persists
even after closing or
browsing away from the
malicious web page that
spread the infection?
A Clickjacking attack
B DNS rebinding attack
C MarioNet attack
D XML poisoning

information is exploited by
an attacker to perform a
buffer overflow attack on a
target web application?
A Cleartext communication
B Error message
C Application code
D Email interaction
55 of 62 5/21/23, 09:08

obtain the user session ID
and then reuse it to gain
unauthorized access to a
target user account?
A Session token prediction

B Session token tampering
C Session hijacking
D Session replay

security risks does an API
accidentally expose internal
variables or objects because
of improper binding and
filtering based on a whitelist,
allowing attackers with
unauthorized access to
modify object properties?
A Broken object-level
authorization
B Mass assignment
C Improper assets
management
D Injection
56 of 62 5/21/23, 09:08

encoding schemes
represents any binary data
using only printable ASCII
characters and is used for
encoding email attachments
for safe transmission over
SMTP?
A URL encoding
B Unicode encoding
C Base64 encoding
D Hex encoding

attacks is performed by
asking the appropriate
questions to an application
database, with multiple valid
statements evaluated as true
or false being supplied in
the affected parameter in
the HTTP request?
A Heavy query
B Error-based SQL injection
C No error message
returned
D Boolean exploitation
57 of 62 5/21/23, 09:08

elements can be extracted
using the query
http://www.certifiedhacker.com
/page.aspx?id=1 or 1=convert
(int,(select top 1 name from
sysobjects where
xtype=char(85)))-- ?
A 1st database table

B 1st table column name
C 1st field of the 1st row
D Database name
Which of the following is an A

evasion technique that
involves replacing characters
with their ASCII codes in
hexadecimal form and
prefixing each code point
with the percent sign (%)?
A URL encoding
B Sophisticated matches
C Null byte
D Case variation
58 of 62 5/21/23, 09:08

regular expressions helps
security professionals detect
zero or more alphanumeric
and underscore characters
involved in an attack?
A /(\')|(\%27)|(\-\-)|
(#)|(\%23)/ix
B /exec(\s|\+)+(s|x)p\w+/ix
C /\w*((\%27)|(\'))((\%6F)|o|
(\%4F))((\%72)|r|(\%52))/ix
D /((\%3D)|(=))[^ ]*((\%27)|
(\')|(\-\-)|(\%3B)|(;))/ix

protocols uses AES and the
Counter Mode Cipher Block
Chaining Message
Authentication Code
Protocol (CCMP) for
wireless data encryption?
A WEP
B WPA3
C WPA2
D WPA
59 of 62 5/21/23, 09:08
Which of the following is a D

mode of operation that
includes EAP or RADIUS for
centralized client
authentication using multiple
authentication methods, such
as token cards, Kerberos,
and certificates?
A WPA3-Personal
B WPA2-Personal
C WPA3-Enterprise
D WPA2-Enterprise

install a fake communication
tower between two
authentic endpoints with the
intention of misleading a
user and interrupting the
data transmission between
the user and real tower to
hijack an active session?
A Rogue AP attack
B Key reinstallation attack
C Wardriving
D aLTEr attack
60 of 62 5/21/23, 09:08

types of attack does an
attacker exploit the carrier-
sense multiple access with
collision avoidance
(CSMA/CA) clear channel
assessment (CCA)
mechanism to make a
channel appear busy?
A Beacon flood
B Denial of service
C Access point theft
D EAP failure

attacks does not directly
recover a WEP key and
requires at least one data
packet from a target AP for
initiation?
A MAC spoofing attack

B Evil twin attack
C Fragmentation attack
D De-authentication attack
61 of 62 5/21/23, 09:08

Bluetooth attacks is similar to
the ICMP ping-of-death
attack, where the attacker
sends an oversized ping
packet to a victim's device to
cause a buffer overflow?
A Bluesnarfing
B Bluesniff
C Bluejacking
D Bluesmacking

techniques involves sending
unsolicited messages over
Bluetooth to Bluetooth-
enabled devices such as
mobile phones and laptops?
A Bluejacking
B Bluesmacking
C Bluebugging
D BluePrinting
62 of 62 5/21/23, 09:08

C701, CEHv11-CEH 12 Study Guide Flashcards Quizlet

Uploaded by

Copyright:

Available Formats

C701, CEHv11-CEH 12 Study Guide Flashcards Quizlet

Uploaded by

Document Information

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

C701, CEHv11-CEH 12 Study Guide Flashcards Quizlet

Uploaded by

Copyright:

Available Formats

C701, CEHv11-CEH 12 Study Guide Flashcards | Quizlet https://quizlet.com/726316111/c701-cehv11-ceh-12-st...

Social Science Sociology

C701, CEHv11-CEH 12 Study Guide

Which of the following B

A phase of the cyber kill C

Which is this phase of the

Which of the following is a A

John, a professional hacker, C

Which of the following

Which of the following risk C

A Risk tracking and review

In which of the following B

A Incident recording and

Which of the following D

Jack, a security professional, D

What is the security standard

Morris, an attacker, has B

What is the network utility

Which of the following D

Which of the following A

Jude, an attacker, has A

What is the Google dork that

Stokes, an attacker, decided C

What is the online tool that

CenSys Solutions hired C

What is the tool used by

What is the protocol

Which of the following tools A

What is the feature in FOCA B

Which of the following C

A Keeping the domain name

Which of the following TCP B

Which of the following hping C

Which of the following D

A nmap -sn -PR 10.10.10.10

Which of the following A

A certain scanning technique D

Which of the following is this

A certain type of port D

Which of the following is this

What is the operating system

A Linux (Kernel 2.4 and 2.6)

Which of the following OS B

A OS discovery using Nmap

Which of the following D

Through which of the D

Larry, a professional hacker, B

What is the FTP port number

Which of the following Net C

Which of the following B

George hired an attacker B

What is the type of

Sam, an ethical hacker, is C

Which of the following NTP

Jim, a professional hacker, C

Which of the following

Given below are the C

What is the correct

Which of the following

Which of the following CVSS