9

312-50: EC-Council Certified Ethical Hacker (CEH v12) - Mini
You got 51 of 62 possible points.

Your score: 82 %
Question Results
Question: Score 1 of 1
What is the first step for a hacker conducting a DNS cache poisoning (DNS spoofing) attack against an organization?
Response:
The attacker makes a request to the DNS resolver
The attacker uses TCP to poison the DNS resolver
The attacker forges a reply from the DNS resolver
The attacker queries a nameserver using the DNS resolver
Which of the following nmap options can be used for very fast scanning?
Response:
-T5
-T0
-O
-T4
To compromise or to hack a system or network, the hackers go through various phases. What is the first hacking phase that hackers perform to
gather information about a target before launching an attack?
Response:
Maintaining Access
Reconnaissance
Gaining Access
Scanning
Clearing Track
Which of the following SQL injection attack does an attacker usually bypassing user authentication and extract data by using a conditional OR
clause so that the condition of the WHERE clause will always be true?
Response:
Tautology
Error-Based SQLi
UNION SQLi
End-of-Line Comment
You need to send an email containing confidential information. Your colleague advises you to use PGP to be sure that the data will be safe. What
should you use to communicate correctly using this type of encryption?
Response:
Use your own public key to encrypt the message.
Use your colleague's private key to encrypt the message.
Use your own private key to encrypt the message.
Use your colleague's public key to encrypt the message.
What type of database uses multiple tables linked together in complex relationships?
Response:
Hierarchical
Relational
Distributed
Flat
A(n) _____ attack begins with interception and monitoring of network traffic that is being sent between two cloud nodes. The attacker uses packet
sniffers to capture sensitive data such as passwords, session cookies, and other web service–related security configurations, such as UDDI
(Universal Description Discovery and Integrity), SOAP (Simple Object Access Protocol), and WSDL (Web Service Description Language) files.
Response:
command injection
XML Injection
service hijacking
XAML injection
Lewis, a professional hacker, targeted the loT cameras and devices used by a target venture-capital firm. He used an information-gathering tool to collect
information about the loT devices connected to a network, open ports and services, and the attack surface area. Using this tool, he also generated statistical
reports on broad usage patterns and trends. This tool helped Lewis continually monitor every reachable server and device on the Internet, further allowing him
to exploit these devices in the network.
Which of the following tools was employed by Lewis in the above scenario?
Response:
NeuVector
Censys
Lacework
Wapiti
Identify the security model by description: In this security model, every user in the network maintains a ring of public keys. Also, a user needs to
encrypt a message using the receiver’s public key, and only the receiver can decrypt the message using their private key.
Response:
Secure Socket Layer
Web of trust
Zero trust security model
Transport Layer Security
A friend of yours tells you that he downloaded and executed a file that was sent to him by a coworker. Since the file did nothing when executed, he
asks you for help because he suspects that he may have installed a trojan on his computer.
What tests would you perform to determine whether his computer is infected?
Response:
Use ExifTool and check for malicious content
You do not check; rather, you immediately restore a previous snapshot of the operating system
Use netstat and check for outgoing connections to strange IP addresses or domains
Upload the file to VirusTotal
____ is a known plaintext attack invented by Mitsuru Matsui.
Response:
Linear cryptanalysis
Differential cryptanalysis
Birthday attack
Related key attack
George is implementing a WAP with 8 MIMO antennas. What was the first standard to use 8 MIMO?
Response:
IEEE 802.11-2012
802.11n
802.11n 2009
IEEE 802.11ac
You need to increase the security of keys used for encryption and authentication. For these purposes, you decide to use a technique to enter an
initial key to an algorithm that generates an enhanced key resistant to brute-force attacks. Which of the following techniques will you use?
Response:
Key reinstallation
Key stretching
KDF
PKI
Ivan, an evil hacker, is preparing to attack the network of a financial company. To do this, he wants to collect information about the operating
systems used on the company's computers. Which of the following techniques will Ivan use to achieve the desired result?
Response:
UDP Scanning.
IDLE/IPID Scanning.
SSDP Scanning.
Banner Grabbing.
Leverox Solutions hired Arnold, a security professional, for the threat intelligence process. Arnold collected information about specific threats against the
organization. From this information, he retrieved contextual information about security events and incidents that helped him disclose potential risks and gain
insight into attacker methodologies.
He collected the information from sources such as humans, social media, and chat rooms as well as from events that resulted in cyberattacks. In this process,
he also prepared a report that includes identified malicious activities, recommended courses of action, and warnings for emerging attacks.
What is the type of threat intelligence collected by Arnold in the above scenario?
Response:
Technical threat intelligence
Tactical threat intelligence
Operational threat intelligence
Strategic threat intelligence
Ivan, a black hat hacker, tries to call numerous random numbers inside the company, claiming he is from the technical support service. It offers
company employee services in exchange for confidential data or login credentials. What method of social engineering does Ivan use?
Response:
Elicitation
Reverse Social Engineering
Tailgating
Quid Pro Quo

Jerome is performing a scan on a target server. He is sending a SYN scan. If the port is open, what will Jerome receive back?
Response:
SYN-ACK
Nothing
RST
ACK
Identify the attack used in the scenario below: The victim connected his iPhone to a public computer that the attacker had previously infected. After
establishing the connection with this computer, the victim enabled iTunes Wi-Fi sync so that the device could continue communication with that
computer even after being physically disconnected.
Now the attacker who infected the computer can access the victim's iPhone and monitor all of the victim's activity on the iPhone, even after the
device is out of the communication zone.
Response:
Exploiting SS7 vulnerability
Man-in-the-disk attack
iOS trustjacking
iOS jailbreaking
Alex, the penetration tester, performs a server scan. To do this, he uses the method where the TCP Header is split into many packets so that it
becomes difficult to determine what packages are used for. Determine the scanning technique that Alex uses?
Response:
TCP Scanning
Inverse TCP flag scanning
IP Fragmentation Scan
ACK flag scanning
You have detected an abnormally large amount of traffic coming from local computers at night. You decide to find out the reason, do a few checks
and find that an attacker has exfiltrated user data. Also, you noticed that AV tools could not find any malicious software, and the IDS/IPS has not
reported on any non-whitelisted programs.
Which of the following type of malware did the attacker use to bypass your company’s application whitelisting?
Response:
Fileless malware
Zero-day malware
Logic bomb malware
Phishing malware
You want to make your life easier and automate the process of updating applications. You decide to use a user-defined HTTP callback or push APIs
that are raised based on trigger events. When this feature invokes, data is supplied to other applications so that users can instantly receive real-time
information. What is the name of this technique?
Response:
Webhooks
REST API
SOAP API
Web shells
Gaining Access: Which of the following is a password cracking tool?

(Select all that apply)
Response:
Hydra
John the Ripper
Airmon-ng
NMAP
Rajesh, the system administrator analyzed the IDS logs and noticed that when accessing the external router from the administrator's computer to
update the router configuration, IDS registered alerts. What type of an alert is this?
Response:
True positve
True negative
False positive
False negative
Identify technique for securing the cloud resources according to describe below: This technique assumes by default that a user attempting to
access the network is not an authentic entity and verifies every incoming connection before allowing access to the network. When using this
technique imposed conditions such that employees can access only the resources required for their role.
Response:
Serverless computing
Zero trust network
Container technology
DMZ
Maintaining Access: Which of the following tools can provide the attacker with a remote shell AND allow for file transfers to and from the
compromised machine?
(Select all that apply)
Response:
Stuxnet
Tini
metasploit
netcat
The SOC analyst of the company wants to track the transfer of files over the unencrypted FTP protocol, which filter for the Wireshark sniffer should
he use?
Response:
tcp.port == 443
tcp.port == 80
tcp.port ==21
tcp.port = 23
As usual, you want to open your online banking from your home computer. You enter the URL www.yourbanksite.com into your browser. The
website is displayed and prompts you to re-enter your credentials as if you have never visited the site before.
You decide to check the URL of the website and notice that the site is not secure and the web address appears different. Which of the following
types of attacks have you been exposed to?
Response:
ARP cache poisoning
DoS attack
DNS hijacking
DHCP spoofing
Which of the following is a common IDS evasion technique?
Response:
Subnetting
Spyware
Port knocking
Unicode characters
Which of the following is not a protocol Snort can analyze?
Response:
TCP
SSH
ICMP
UDP
Ivan, the black hat hacker, plugged in a rogue switch to an unused port in the LAN with a priority lower than any other switch in the network so that
he could make it a root bridge that will later allow him to sniff all the traffic in the target's network. What attack did Ivan perform?
Response:
ARP spoofing.
VLAN hopping.
DNS poisoning.
STP attack.
Joh has placed a suspicious file on a non-networked isolated machine and will use a range of tools to test what processes it spawns, what
resources it uses, what registry settings it affects, and other activity. What best describes this process?
Response:
Air gap
Static analysis
Sheep dip
Dynamic analysis
What is the name of the risk assessment method that allows you to study how various types of negative events (violations, failures or destructions)
can affect the main activities of the company and key business processes?
Response:
Risk Mitigation
Emergency Plan Response (EPR)
Business Impact Analysis (BIA)
Disaster Recovery Planning (DRP)
You want to surf safely and anonymously on the Internet. Which of the following options will be best for you?
Response:
Use VPN.
Use Tor network with multi-node.
Use SSL sites.
Use public WiFi.

What type of cryptography is used in IKE, SSL, and PGP?
Response:
Public Key
Hash
Digest
Secret Key
_____ attempts to change a DNS server’s records so that customers are redirected to a fake site.
Response:
DNS amplification
Spoofing
DNS hijacking
DDoS
In order to prevent collisions and protect password hashes from rainbow tables, Maria, the system administrator, decides to add random data
strings to the end of passwords before hashing. What is the name of this technique?
Response:
Extra hashing
Stretching
Salting
Masking
Attackers can use this tool for launching attacks against REST-, WADL-, and WSDL-based web services.
Response:
Burp
SoapUI
Hydra
Brutus
Jennys wants to send a digitally signed message to Molly. What key will Jennys use to sign the message, and how will Molly verify it?
Response:
Jennys will sign the message with her public key, and Molly will verify that the message came from Jenny's by using Jenny's private key.
Jennys will sign the message with Molly’s public key, and Molly will verify that the message came from Jennys by using Jenny’s public key
Jennys will sign the message with Molly’s private key, and Molly will verify that the message came from Jennys by using Jenny’s public key
Jennys will sign the message with her private key, and Molly will verify that the message came from Jennys by using Jenny’s public key
Kevin, an encryption specialist, implemented a technique that enhances the security of keys used for encryption and authentication. Using this technique, Kevin
input an initial key to an algorithm that generated an enhanced key that is resistant to brute-force attacks.
What is the technique employed by Kevin to improve the security of encryption keys?
Response:
Key stretching
Public key infrastructure
Key derivation function
Key reinstallation
Which of the following is a tool that passively maps and visually displays an ICS/SCADA network topology while safely conducting device
discovery, accounting, and reporting on these critical cyber-physical systems?
Response:
GRASSMARLIN
Radare2
Fritzing
SearchDiggity
You know that an attacker can create websites similar to legitimate sites in pharming and phishing attacks. Which of the following is the difference
between them?
Response:
Both pharming and phishing attacks are identical.
Both pharming and phishing attacks are purely technical.
Pharming attack: an attacker provides the victim with a URL that is either misspelled or looks similar to the legitimate website's domain name.
Phishing attack: a victim is redirected to a fake website by modifying their host configuration file or exploiting DNS vulnerabilities.
Phishing attack: an attacker provides the victim with a URL that is either misspelled or looks similar to the legitimate website's domain name.
Pharming attack: a victim is redirected to a fake website by modifying their host configuration file or exploiting DNS vulnerabilities.
Jerrod is the CISO of a medium-sized bank. He receives an email that appears to be from an old college roommate, which is trying to get him to click
on a link. What is the best description of this attack?
Response:
Phishing
Whaling
Spimming
Spear phishing
Which of the following services is running on port 21 by default?
Response:
File Transfer Protocol
Domain Name System
Service Location Protocol
Border Gateway Protocol
During the pentest, Maria, the head of the blue team, discovered that the new online service has problems with the authentication mechanism. The
old password can be reset by correctly answering the secret question, and the sending form does not have protection using a CAPTCHA, which
allows a potential attacker to use a brute force attack.
What is the name of such an attack in the Enumeration of Common Disadvantages (CWE)?
Response:
Insecure transmission of credentials.
Weak password recovery mechanism.

Verbose failure messages.
User impersonation.
Carol is trying to find information about a specific IP address in Belgium. Which registry should she check?
Response:
LACNIC
APNIC
RIPE NCC
ARIN
There have been concerns in your network that the wireless network component is not sufficiently secure. You perform a vulnerability scan of the
wireless network and find that it is using an old encryption protocol that was designed to mimic wired encryption. What encryption protocol is being
used?
Response:
RADIUS
WPA3
WEP
WPA
What is the basis of a CRIME attack?
Response:
Flaws in TLS authentication nonces
Flaws in gzip compression
Flaws in TLS compression
Flaws in cryptographic key generation
Clark, a professional hacker, attempted to perform a Btlejacking attack using an automated tool, Btlejack, and hardware tool, micro:bit. This attack allowed Clark
to hijack, read, and export sensitive information shared between connected devices. To perform this attack, Clark executed various btlejack commands.
Which of the following commands was used by Clark to hijack the connections?
Response:
btlejack -f 0x129f3244 -j
btlejack -c any
btlejack -d /dev/ttyACMO -d /dev/ttyACM2 -s
btlejack -f 0x9c68fd30 -t -m 0x1 fffffffff

Scenario: Joe turns on his home computer to access personal online banking. When he enters the URL www.bank.com, the website is displayed,
but it prompts him to re-enter his credentials as if he has never visited the site before. When he examines the website URL closer, he finds that the
site is not secure and the web address appears different.
What type of attack he is experiencing?
Response:
DoS attack
ARP cache poisoning
DNS hijacking
DHCP spoofing
Scanning: Which of the following is NOT an example of a scanning tool?
Response:
OpenVAS
BeEF
NMAP
HPING
Cookie Cadger is an example of which of the following?
Response:
Botnet
Sniffing tool
DoS tool
Session hijacking tool
Gunter has been performing testing of a Linux server. He is trying to erase his tracks. He wants to get rid of the history of all shell commands for
only the current shell. Which of the following is the best way to accomplish this?
Response:
shred ~/.bash_history
export HISTSIZE=0
history -w
ClearLogs
WPS is a rather troubled wireless network security standard. While it can make your life easier, it is also vulnerable to attacks. An attacker within
radio range can brute-force the WPS PIN for a vulnerable access point, obtain WEP or WPA passwords, and likely gain access to the Wi-Fi network.
However, first, the attacker needs to find a vulnerable point. Which of the following tools is capable of determining WPS-enabled access points?
Response:
ntptrace
net view
wash
macof
Which of the following attacks can you perform if you know that the web server handles the "(../)" (character string) incorrectly and returns the file
listing of a folder structure of the server?
Response:
Cross-site scripting.
Directory traversal.
SQL injection.
Denial of service.
What are the two main conditions for a digital signature?

Response:
Unforgeable and authentic.
It has to be the same number of characters as a physical signature and must be unique.
Unique and have special characters.
Legible and neat.
The ____ is responsible for verifying the person/entity requesting a digital certificate.
Response:
RA
CA
CRL
OCSP
Which of the following modes of IPSec should you use to assure integrity and confidentiality of data within the same LAN?
Response:
ESP transport mode.

AH tunnel mode.
AH transport mode.
ESP tunnel mode.
What order, from bottom to top, does the TCP/IP architecture use?
Response:
Physical, Network, Session, Application
Network Access, Network, Transport, Application
Data Link, Internet, Transport, Application
Link, Internet, Transport, Application
Implementing the security testing process early in the SDLC is the key to finding out and fixing the security bugs early in the SDLC lifecycle. The
security testing process can be performed in two ways, Automated or Manual web application security testing. Which of the proposed statements is
true?
Response:
Automatic and manual testing should be used together to better cover potential problems
Neural networks and artificial intelligence are already used in new tools and do not require additional actions
Manual testing is obsolete and should be completely replaced by automatic testing.
Automatic testing requires a lot of money and is still very imperfect, so it cannot be used for security
Which type of attack attempts to overflow the content-addressable memory (CAM) table in an Ethernet switch?
Response:
DNS cache flooding
MAC flooding
Evil twin attack
DDoS attack
Which of the following commands verify a user ID on an SMTP server?
Response:
VRFY
RCPT
EXPN
NOOP
Which of the following option is a security feature on switches leverages the DHCP snooping database to help prevent man-in-the-middle attacks?
Response:
DHCP relay
DAI
Port security
Spanning tree
Money Back Guarantee Testimonial FAQs Privacy Policy Terms and Conditions About Us Join Us Contact Us

9

Uploaded by

Document Informationclick to expand document information

Copyright:

Available Formats

9

Uploaded by

Document Information

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

9

Uploaded by

Copyright:

Available Formats

312-50: EC-Council Certified Ethical Hacker (CEH v12) - Mini

You got 51 of 62 possible points.

The attacker makes a request to the DNS resolver

The attacker uses TCP to poison the DNS resolver

The attacker forges a reply from the DNS resolver

The attacker queries a nameserver using the DNS resolver

Use your own public key to encrypt the message.

Use your colleague's private key to encrypt the message.

Use your own private key to encrypt the message.

Use your colleague's public key to encrypt the message.

Secure Socket Layer

Zero trust security model

Transport Layer Security

Use ExifTool and check for malicious content

____ is a known plaintext attack invented by Mitsuru Matsui.

Related key attack

Technical threat intelligence

Tactical threat intelligence

Operational threat intelligence

Strategic threat intelligence

Reverse Social Engineering

Quid Pro Quo

Exploiting SS7 vulnerability

Inverse TCP flag scanning

ACK flag scanning

Logic bomb malware

Gaining Access: Which of the following is a password cracking tool?

John the Ripper

Zero trust network

ARP cache poisoning

Which of the following is a common IDS evasion technique?

Which of the following is not a protocol Snort can analyze?

Emergency Plan Response (EPR)

Business Impact Analysis (BIA)

Disaster Recovery Planning (DRP)

Use Tor network with multi-node.

Use SSL sites.

Use public WiFi.

What type of cryptography is used in IKE, SSL, and PGP?

Public key infrastructure

Key derivation function

Both pharming and phishing attacks are identical.

Both pharming and phishing attacks are purely technical.

Which of the following services is running on port 21 by default?

File Transfer Protocol

Domain Name System

Service Location Protocol

Border Gateway Protocol

Insecure transmission of credentials.

Weak password recovery mechanism.

What is the basis of a CRIME attack?

Flaws in TLS authentication nonces

Flaws in gzip compression

Flaws in TLS compression

Flaws in cryptographic key generation

btlejack -d /dev/ttyACMO -d /dev/ttyACM2 -s

btlejack -f 0x9c68fd30 -t -m 0x1 fffffffff

What type of attack he is experiencing?

ARP cache poisoning