7/14/23, 7:26 AM 312-50: EC-Council Certified Ethical Hacker (CEH v12) - Full | EDUSUM

312-50: EC-Council Certified Ethical Hacker (CEH v12) - Full

You got 0 of 125 possible points.

Your score: 0 %

Question Results

Question: Score 0 of 1
(skipped)
An ethical hacker has already received all the necessary information and is now
considering further actions. For example, infect a system with malware and use phishing to gain
credentials to a system or web application. What phase of ethical hacking methodology is the
hacker currently in?

Response:

Reconnaissance

Gaining access

Scanning

Maintaining access

Question: Score 0 of 1
(skipped)
With which of the following SQL injection attacks can an attacker deface a web page,
modify or add data stored in a database and compromised data integrity?

Response:

Information Disclosure.

Loss of data availability.

Unauthorized access to an application.

file:///C:/Users/Mihail/Desktop/312-50_ EC-Council Certified Ethical Hacker (CEH v12) - Full _ EDUSUM.mhtml 1/53
7/14/23, 7:26 AM 312-50: EC-Council Certified Ethical Hacker (CEH v12) - Full | EDUSUM

Compromised Data Integrity.

Question: Score 0 of 1
(skipped)
When reviewing the Windows core design, which of the following corresponds to user
mode and is the level of least privilege?

Response:

Ring 0

Ring 1

Ring 2

Ring 3

Question: Score 0 of 1
(skipped)
Lachelle is working to analyze suspected malware on a system. She has found code
that breaches via a known security vulnerability. What is the proper term for this?

Response:

Injector

Payload

Malicious code

Exploit

Question: Score 0 of 1
(skipped)
Clark is a professional hacker. He created and configured multiple domains pointing
to the same host to switch quickly between the domains and avoid detection.

Identify the behavior of the adversary in the above scenario.

file:///C:/Users/Mihail/Desktop/312-50_ EC-Council Certified Ethical Hacker (CEH v12) - Full _ EDUSUM.mhtml 2/53
7/14/23, 7:26 AM 312-50: EC-Council Certified Ethical Hacker (CEH v12) - Full | EDUSUM

Response:

Unspecified proxy activities

Use of command-line interface

Data staging

Use of DNS tunneling

Question: Score 0 of 1
(skipped)
What is the basis of a CRIME attack?

Response:

Flaws in TLS compression

Flaws in gzip compression

Flaws in TLS authentication nonces

Flaws in cryptographic key generation

Question: Score 0 of 1
(skipped)
Scammers can query the DNS server to determine whether a specific DNS record is
cached, thereby determining your organization’s browsing habits. This can disclose sensitive
information such as financial institutions visited recently or other sensitive websites that a
company might not want to be public knowledge of. Which of the proposed attacks fits this
description?

Response:

DNS zone walking

DNS cache poisoning

DNSSEC zone walking

file:///C:/Users/Mihail/Desktop/312-50_ EC-Council Certified Ethical Hacker (CEH v12) - Full _ EDUSUM.mhtml 3/53
7/14/23, 7:26 AM 312-50: EC-Council Certified Ethical Hacker (CEH v12) - Full | EDUSUM

DNS cache snooping

Question: Score 0 of 1
(skipped)
Identify the security model by description: In this security model, every user in the
network maintains a ring of public keys. Also, a user needs to encrypt a message using the
receiver’s public key, and only the receiver can decrypt the message using their private key.

Response:

Web of trust

Secure Socket Layer

Zero trust security model

Transport Layer Security

Question: Score 0 of 1
(skipped)
Which of the following is a rootkit that adds additional code or replaces portions of
the core operating system to obscure a backdoor on a system?

Response:

User-mode rootkit.

Hypervisor-level rootkit.

Kernel-level rootkit.

Application-level Rootkit.

Question: Score 0 of 1
(skipped)
____ can use AES-256 in Galois Counter Mode with SHA-384 as an HMAC.

Response:

file:///C:/Users/Mihail/Desktop/312-50_ EC-Council Certified Ethical Hacker (CEH v12) - Full _ EDUSUM.mhtml 4/53
7/14/23, 7:26 AM 312-50: EC-Council Certified Ethical Hacker (CEH v12) - Full | EDUSUM

WEP

WPA

WPA2

WPA3

Question: Score 0 of 1
(skipped)
What is the primary purpose of using digital signatures?

Response:

Ensuring the confidentiality of the message

Ensuring the integrity of the message

Confirming the sender’s identity

Establishing a shared key

Question: Score 0 of 1
(skipped)
All the industrial control systems of your organization are connected to the Internet.
Your management wants to empower the manufacturing process, ensure the reliability of industrial
networks, and reduce downtime and service disruption.

You have been assigned to find and install an OT security tool that further protects against security
incidents such as cyber espionage, zero-day attacks, and malware. Which of the following tools will
you use to accomplish this task?

Response:

Flowmon

BalenaCloud

IntentFuzzer

file:///C:/Users/Mihail/Desktop/312-50_ EC-Council Certified Ethical Hacker (CEH v12) - Full _ EDUSUM.mhtml 5/53
7/14/23, 7:26 AM 312-50: EC-Council Certified Ethical Hacker (CEH v12) - Full | EDUSUM

Robotium

Question: Score 0 of 1
(skipped)
Lisandro was hired to steal critical business documents of a competitor company.
Using a vulnerability in over-the-air programming (OTA programming) on Android smartphones, he
sends messages to company employees on behalf of the network operator, asking them to enter a
PIN code and accept new updates for the phone.

After the employee enters the PIN code, Lisandro gets the opportunity to intercept all Internet
traffic from the phone. What type of attack did Lisandro use?

Response:

Bypass SSL pinning.

Social engineering.

Advanced SMS phishing.

Tap 'n ghost attack.

Question: Score 0 of 1
(skipped)
You notice a sudden egress of data. What does this most accurately describe?

Response:

File intrusion

Network intrusion

System intrusion

Malware intrusion

Question: Score 0 of 1
(skipped)

file:///C:/Users/Mihail/Desktop/312-50_ EC-Council Certified Ethical Hacker (CEH v12) - Full _ EDUSUM.mhtml 6/53
7/14/23, 7:26 AM 312-50: EC-Council Certified Ethical Hacker (CEH v12) - Full | EDUSUM

Which of the following tools is packet sniffer, network detector and IDS for 802.11(a, b, g, n)
wireless LANs?

Response:

Kismet

Nessus

Abel

Nmap

Question: Score 0 of 1
(skipped)
Which of the following is a tool that passively maps and visually displays an
ICS/SCADA network topology while safely conducting device discovery, accounting, and reporting
on these critical cyber-physical systems?

Response:

SearchDiggity

GRASSMARLIN

Radare2

Fritzing

Question: Score 0 of 1
(skipped)
What type of session hijacking begins with the attacker attempting to get the user to
authenticate to the target server, using a session ID prechosen by the attacker?

Response:

Man-in-the-browser

Session fixation

Session replay

file:///C:/Users/Mihail/Desktop/312-50_ EC-Council Certified Ethical Hacker (CEH v12) - Full _ EDUSUM.mhtml 7/53
7/14/23, 7:26 AM 312-50: EC-Council Certified Ethical Hacker (CEH v12) - Full | EDUSUM

Man-in-the-middle

Question: Score 0 of 1
(skipped)
Harper, a software engineer, is developing an email application. To ensure the confidentiality
of email messages, Harper uses a symmetric-key block cipher having a classical 12- or 16-round Feistel
network with a block size of 64 bits for encryption, which includes large 8 x 32-bit S-boxes (S1, S2, S3, S4)
based on bent functions, modular addition and subtraction, key-dependent rotation, and XOR operations.
This cipher also uses a masking key (Km1) and a rotation key (Kr1) for performing its functions.

What is the algorithm employed by Harper to secure the email messages?

Response:

CAST-128

AES

GOST block cipher

DES

Question: Score 0 of 1
(skipped)
Which of the following is the fastest way to perform content enumeration on a web
server using the Gobuster tool?

Response:

Skipping SSL certificate verification.

Performing content enumeration using the brute-force mode and 10 threads.

Performing content enumeration using a wordlist.

Performing content enumeration using the brute-force mode and random file extensions.

Question: Score 0 of 1

file:///C:/Users/Mihail/Desktop/312-50_ EC-Council Certified Ethical Hacker (CEH v12) - Full _ EDUSUM.mhtml 8/53
7/14/23, 7:26 AM 312-50: EC-Council Certified Ethical Hacker (CEH v12) - Full | EDUSUM

What is GINA? (skipped)

Response:

Gateway Interface Network Application

GUI Installed Network Application CLASS

Global Internet National Authority (G-USA)

Graphical Identification and Authentication DLL

Question: Score 0 of 1
(skipped)
John is simply trying every possible password. What is this called?

Response:

Brute force

Rainbow attack

Dictionary attack

Password guessing

Question: Score 0 of 1
(skipped)
Identify the encryption algorithm by the description: Symmetric-key block cipher
having a classical 12- or 16-round Feistel network with a block size of 64 bits for encryption, which
includes large 8 × 32-bit S-boxes based on bent functions, modular addition and subtraction, key-
dependent rotation, and XOR operations. This cipher also uses a "masking" key and a "rotation"
key for performing its functions.

Response:

DES

AES

file:///C:/Users/Mihail/Desktop/312-50_ EC-Council Certified Ethical Hacker (CEH v12) - Full _ EDUSUM.mhtml 9/53
7/14/23, 7:26 AM 312-50: EC-Council Certified Ethical Hacker (CEH v12) - Full | EDUSUM

CAST-128

GOST

Question: Score 0 of 1
(skipped)
Identify the web application attack where the attacker injects carriage return ( ) and
line feed ( ) characters into the user’s input to trick the web server, web application, or user into
believing that the current object is terminated and a new object has been initiated?

Response:

HTML Injection

CRLF Injection

Log Injection

Server-Side JS Injection

Question: Score 0 of 1
(skipped)
Which algorithm is based on the difficulty of factoring large integers into their prime
factors?

Response:

AES

RSA

Blowfish

Diffie-Hellman

Question: Score 0 of 1
(skipped)
What program could be used to perform spoofing attacks and also supports plug-ins?

file:///C:/Users/Mihail/Desktop/312-50_ EC-Council Certified Ethical Hacker (CEH v12) - Full _ EDUSUM.mhtml 10/53
7/14/23, 7:26 AM 312-50: EC-Council Certified Ethical Hacker (CEH v12) - Full | EDUSUM

Response:

arpspoof

fragroute

Ettercap

sslstrip

Question: Score 0 of 1
(skipped)
Alice, a professional hacker, targeted an organization’s cloud services. She infiltrated
the target’s MSP provider by sending spear-phishing emails and distributed custom-made malware
to compromise user accounts and gain remote access to the cloud service.

Further, she accessed the target customer profiles with her MSP account, compressed the
customer data, and stored them in the MSP. Then, she used this information to launch further
attacks on the target organization.

Which of the following cloud attacks did Alice perform in the above scenario?

Response:

Cloud cryptojacking

Man-in-the-cloud (MITC) attack

Cloud hopper attack

Cloudborne attack

Question: Score 0 of 1
(skipped)
____ is a Trojan that attacks sensitive data from 40 Android applications, including
WeChat, Facebook, WhatsApp, Skype, Line, and Viber.

Response:

Spydealer

file:///C:/Users/Mihail/Desktop/312-50_ EC-Council Certified Ethical Hacker (CEH v12) - Full _ EDUSUM.mhtml 11/53
7/14/23, 7:26 AM 312-50: EC-Council Certified Ethical Hacker (CEH v12) - Full | EDUSUM

DroidSheep

AceDeceiver

Zanti

Question: Score 0 of 1
(skipped)
In order to compromise or to breach a system or network, hackers go through various
phases of hacking. What is the first hacking phase that hackers perform to gather information
about a target prior to launching an attack?

Response:

Reconnaissance

Scanning

Gaining Access

Maintaining Access

Clearing Track

Question: Score 0 of 1
(skipped)
Alex, a cybersecurity specialist, received a task from the head to scan open ports.
One of the main conditions was to use the most reliable type of TCP scanning. Which of the
following types of scanning should Alex use?

Response:

Xmas Scan.

TCP Connect/Full Open Scan.

NULL Scan.

Half-open Scan.

file:///C:/Users/Mihail/Desktop/312-50_ EC-Council Certified Ethical Hacker (CEH v12) - Full _ EDUSUM.mhtml 12/53
7/14/23, 7:26 AM 312-50: EC-Council Certified Ethical Hacker (CEH v12) - Full | EDUSUM

Question: Score 0 of 1
(skipped)
Which of the following command-line flags set a stealth scan for Nmap?

Response:

-sU

-sT

-sM

-sS

Question: Score 0 of 1
(skipped)
An organization is performing a vulnerability assessment for mitigating threats.
James, a pen tester, scanned the organization by building an inventory of the protocols found on
the organization’s machines to detect which ports are attached to services such as an email server,
a web server, or a database server.

After identifying the services, he selected the vulnerabilities on each machine and started
executing only the relevant tests. What is the type of vulnerability assessment solution that James
employed in the above scenario?

Response:

Service-based solutions

Product-based solutions

Tree-based assessment

Inference-based assessment

Question: Score 0 of 1
(skipped)
Which mode of a NIC (interface) allows you to intercept and read each network packet
that arrives in its entirety?

file:///C:/Users/Mihail/Desktop/312-50_ EC-Council Certified Ethical Hacker (CEH v12) - Full _ EDUSUM.mhtml 13/53
7/14/23, 7:26 AM 312-50: EC-Council Certified Ethical Hacker (CEH v12) - Full | EDUSUM

Response:

Port forwarding

Promiscuous mode

Simplex Mode

Multicast

Question: Score 0 of 1
(skipped)
How would you ensure that confidentiality is implemented in an organization?

Response:

Watchdog processes

Encryption

Cryptographic hashes

Web servers

Question: Score 0 of 1
(skipped)
The tool RFCrack is most useful for what type of attack?

Response:

Password cracking

Rolling code attack

Brute-force attack

Radio-frequency cracking

file:///C:/Users/Mihail/Desktop/312-50_ EC-Council Certified Ethical Hacker (CEH v12) - Full _ EDUSUM.mhtml 14/53
7/14/23, 7:26 AM 312-50: EC-Council Certified Ethical Hacker (CEH v12) - Full | EDUSUM

Question: Score 0 of 1
(skipped)
Tyrell is using Telnet to try to find out what web server software is running on a target
web server. What is Tyrell doing?

Response:

Banner grabbing

Scanning

Command injection

CSRF

Question: Score 0 of 1
(skipped)
Farah has found a file in the system directory that she cannot identify. What term best
describes this?

Response:

File intrusion

Systems intrusion

Network intrusion

OS intrusion

Question: Score 0 of 1
(skipped)
You want to do an ICMP scan on a remote computer using hping2. What is the proper
syntax?

Response:

hping2 -1 host.domain.com

file:///C:/Users/Mihail/Desktop/312-50_ EC-Council Certified Ethical Hacker (CEH v12) - Full _ EDUSUM.mhtml 15/53
7/14/23, 7:26 AM 312-50: EC-Council Certified Ethical Hacker (CEH v12) - Full | EDUSUM

hping2 host.domain.com

hping2 -l host.domain.com

hping2 –set-ICMP host.domain.com

Question: Score 0 of 1
(skipped)
Identify the correct syntax for ICMP scan on a remote computer using hping2.

Response:

hping2 -1 target.domain.com

hping2 --set-ICMP target.domain.com

hping2 target.domain.com

hping2 --l target.domain.com

Question: Score 0 of 1
(skipped)
You have compromised a server on a network and successfully opened a shell. You
aimed to identify all operating systems running on the network. However, as you attempt to
fingerprint all machines in the network using the nmap syntax below, it is not going through.

invictus@victim_server.~$ nmap -T4 -O 10.10.0.0/24 TCP/IP fingerprinting (for OS scan) xxxxxxx

xxxxxx xxxxxxxxx. QUITTING! What seems to be wrong?

Response:

The nmap syntax is wrong

This is a common behavior for a corrupted nmap application

The outgoing TCP/IP fingerprinting is blocked by the host firewall

OS Scan requires root privileges

file:///C:/Users/Mihail/Desktop/312-50_ EC-Council Certified Ethical Hacker (CEH v12) - Full _ EDUSUM.mhtml 16/53
7/14/23, 7:26 AM 312-50: EC-Council Certified Ethical Hacker (CEH v12) - Full | EDUSUM

Question: Score 0 of 1
(skipped)
Modern security mechanisms can stop various types of DDoS attacks, but if they only
check incoming traffic and mostly ignore return traffic, attackers can bypass them under the
disguise of a valid TCP session by carrying an SYN, multiple ACK, and one or more RST or FIN
packets. What is the name of such an attack?

Response:

Peer-to-peer attack.

Spoofed session flood attack.

UDP flood attack.

Ping-of-death attac k.

Question: Score 0 of 1
(skipped)
After gaining access to a system, what is the hacker’s next step?

Response:

Scanning

Covering of tracks

Escalation of privilege

Denial of service

Question: Score 0 of 1
(skipped)
TLS, also known as SSL, is a protocol for encrypting communications over a network.
Which of the following statements is correct?

Response:

SSL/TLS uses do not uses asymmetric or symmetric encryption.

file:///C:/Users/Mihail/Desktop/312-50_ EC-Council Certified Ethical Hacker (CEH v12) - Full _ EDUSUM.mhtml 17/53
7/14/23, 7:26 AM 312-50: EC-Council Certified Ethical Hacker (CEH v12) - Full | EDUSUM

SSL/TLS uses only asymmetric encryption.

SSL/TLS uses both asymmetric and symmetric encryption.

SSL/TLS uses only symmetric encryption.

Question: Score 0 of 1
(skipped)
You have been assigned the task of defending the company from network sniffing.
Which of the following is the best option for this task?

Response:

Using encryption protocols to secure network communications.

Restrict Physical Access to Server Rooms hosting Critical Servers.

Register all machines MAC Address in a Centralized Database.

Use Static IP Address.

Question: Score 0 of 1
(skipped)
In a(n) ___ jailbreak, if the user turns the device off and back on, the device will start
up completely. It will no longer have a patched kernel, but it will still be usable for normal functions.

Response:

semi-tethered

untethered

tethered

free-tethered

Question: Score 0 of 1

file:///C:/Users/Mihail/Desktop/312-50_ EC-Council Certified Ethical Hacker (CEH v12) - Full _ EDUSUM.mhtml 18/53
7/14/23, 7:26 AM 312-50: EC-Council Certified Ethical Hacker (CEH v12) - Full | EDUSUM

What is the name of the technique in which attackers move around the territory in a (skipped)
moving vehicle and use special equipment and software to search for vulnerable and
accessible WiFi networks?

Response:

Wireless sniffing

Spectrum analysis

Wardriving

Rogue access point

Question: Score 0 of 1
(skipped)
Suppose that you test an application for the SQL injection vulnerability. You know that
the backend database is based on Microsoft SQL Server. In the login/ password form, you enter the
following credentials:

- Username: attack’ or 1=1 –

- Password: 123456

Based on the above credentials, which of the following SQL commands are you expecting to be
executed by the server, if there is indeed an SQL injection vulnerability?

Response:

select * from Users where UserName = ‘attack’ ‘ or 1=1 — and UserPassword = ‘123456’

select * from Users where UserName = ‘attack’ or 1=1 — and UserPassword = ‘123456’

select * from Users where UserName = ‘attack or 1=1 — and UserPassword = ‘123456’

select * from Users where UserName = ‘attack’ or 1=1 –‘ and UserPassword = ‘123456’

Question: Score 0 of 1
(skipped)
When choosing a biometric system for your company, you should take into account
the factors of system performance and whether they are suitable for you or not. What determines
such a factor as the throughput rate?

Response:
file:///C:/Users/Mihail/Desktop/312-50_ EC-Council Certified Ethical Hacker (CEH v12) - Full _ EDUSUM.mhtml 19/53
7/14/23, 7:26 AM 312-50: EC-Council Certified Ethical Hacker (CEH v12) - Full | EDUSUM

The data collection speeds, data processing speed, or enrolment time.

The probability that the system incorrectly matches the input pattern to a non-matching template in
the database.

The maximum number of sets of data that can be stored in the system.

The probability that the system fails to detect a biometric input when presented correctly.

Question: Score 0 of 1
(skipped)
Which of the following is defined as ensuring that the enforcement of organizational
security policy does not rely on voluntary user compliance by assigning sensitivity labels on
information and comparing this to the level of security a user is operating at?

Response:

Mandatory access control

Authorized access control

Role-based access control

Discretionary access control

Question: Score 0 of 1
(skipped)
Which of the following types of keys does the Heartbleed bug expose to the Internet,
making exploiting any compromised system very easy?

Response:

Public

Root

Shared

Private

file:///C:/Users/Mihail/Desktop/312-50_ EC-Council Certified Ethical Hacker (CEH v12) - Full _ EDUSUM.mhtml 20/53
7/14/23, 7:26 AM 312-50: EC-Council Certified Ethical Hacker (CEH v12) - Full | EDUSUM

Question: Score 0 of 1
(skipped)
During a port scan on the target host, your colleague sends FIN/ACK probes and
finds that an RST packet is sent in response by the target host, indicating that the port is closed.
Which of the following port scanning techniques did your colleague use?

Response:

IDLE/IPID header scan

ACK flag probe scan

TCP Maimon scan

Xmas scan

Question: Score 0 of 1
(skipped)
Your company regularly conducts backups of critical servers but cannot afford them
to be sent off-site vendors for long-term storage and archiving. The company found a temporary
solution in the form of storing backups in the company's safe. During the next audit, there was a
risk associated with the fact that backup storages are not stored off-site.

The company manager has a plan to take the backup storages home with him and wants to know
what two things he can do to secure the backup tapes while in transit?

Response:

Degauss the backup tapes and transport them in a lockbox.

Encrypt the backup tapes and transport them in a lockbox.

Encrypt the backup tapes and use a courier to transport them.

Hash the backup tapes and transport them in a lockbox.

Question: Score 0 of 1
(skipped)

file:///C:/Users/Mihail/Desktop/312-50_ EC-Council Certified Ethical Hacker (CEH v12) - Full _ EDUSUM.mhtml 21/53
7/14/23, 7:26 AM 312-50: EC-Council Certified Ethical Hacker (CEH v12) - Full | EDUSUM

In which of the following Logging framework was a vulnerability discovered in December 2021 that
could cause damage to millions of devices and Java applications?

Response:

SLF4J

Log4J

Logback

Apache Commons Logging

Question: Score 0 of 1
(skipped)
Johnson, an attacker, performed online research for the contact details of reputed
cybersecurity firms. He found the contact number of sibertech.org and dialed the number, claiming
himself to represent a technical support team from a vendor. He warned that a specific server is
about to be compromised and requested sibertech.org to follow the provided instructions.

Consequently, he prompted the victim to execute unusual commands and install malicious files,
which were then used to collect and pass critical information to Johnson’s machine.

What is the social engineering technique Steve employed in the above scenario?

Response:

Diversion theft

Quid pro quo

Elicitation

Phishing

Question: Score 0 of 1
(skipped)
You are a penetration tester tasked with testing the wireless network of your client
Brakeme SA. You are attempting to break into the wireless network with the SSID “Brakeme-
Internal.” You realize that this network uses WPA3 encryption.

Which of the following vulnerabilities is the promising to exploit?

file:///C:/Users/Mihail/Desktop/312-50_ EC-Council Certified Ethical Hacker (CEH v12) - Full _ EDUSUM.mhtml 22/53
7/14/23, 7:26 AM 312-50: EC-Council Certified Ethical Hacker (CEH v12) - Full | EDUSUM

Response:

Cross-site request forgery

Dragonblood

Key reinstallation attack

AP misconfiguration

Question: Score 0 of 1
(skipped)
Michael, a technical specialist, discovered that the laptop of one of the employees
connecting to a wireless point couldn't access the Internet, but at the same time, it can transfer
files locally. He checked the IP address and the default gateway. They are both on 192.168.1.0/24.
Which of the following caused the problem?

Response:

The laptop isn't using a private IP address.

The laptop is using an invalid IP address.

The laptop and the gateway are not on the same network.

The gateway is not routing to a public IP address.

Question: Score 0 of 1
(skipped)
Ivan, an evil hacker, spreads Emotet malware through the malicious script in the
organization he attacked. After infecting the device, he used Emote to spread the infection across
local networks and beyond to compromise as many machines as possible.

He reached this thanks to a tool which is a self-extracting RAR file (containing bypass and service
components) to retrieve information related to network resources such as writable share drives.
What tool did Ivan use?

Response:

Mail PassView

file:///C:/Users/Mihail/Desktop/312-50_ EC-Council Certified Ethical Hacker (CEH v12) - Full _ EDUSUM.mhtml 23/53
7/14/23, 7:26 AM 312-50: EC-Council Certified Ethical Hacker (CEH v12) - Full | EDUSUM

Credential enumerator

NetPass.exe

Outlook scraper

Question: Score 0 of 1
(skipped)
When examining an email header, what does the References section denote?

Response:

The address that should be used to reply to the message

Information about the content type

The Message ID that is being replied to

Additional addresses being copied

Question: Score 0 of 1
(skipped)
Which of the following incident handling process phases is responsible for defining
rules, employees training, creating a back-up, and preparing software and hardware resources
before an incident occurs?

Response:

Preparation

Recovery

Containment

Identification

Question: Score 0 of 1

file:///C:/Users/Mihail/Desktop/312-50_ EC-Council Certified Ethical Hacker (CEH v12) - Full _ EDUSUM.mhtml 24/53
7/14/23, 7:26 AM 312-50: EC-Council Certified Ethical Hacker (CEH v12) - Full | EDUSUM

Mohanned has discovered malware on a machine. This malware has an interface like (skipped)
a web browser library and appears to be intercepting browser calls. What type of
attack is this?

Response:

Trojan horse

Session fixation

Man-in-the-middle

Man-in-the-browser

Question: Score 0 of 1
(skipped)
Social engineering is the art of convincing people to reveal confidential information.
Which of the following social engineering techniques does not fall under the category of computer-
based social engineering?

Response:

Phishing

Tailgating

Spam Mail

Pop-up window attacks

Question: Score 0 of 1
(skipped)
Which access control mechanism allows for multiple systems to use a central
authentication server (CAS) that permits users to authenticate once and gain access to multiple
systems?

Response:

Role Based Access Control (RBAC)

Discretionary Access Control (DAC)

file:///C:/Users/Mihail/Desktop/312-50_ EC-Council Certified Ethical Hacker (CEH v12) - Full _ EDUSUM.mhtml 25/53
7/14/23, 7:26 AM 312-50: EC-Council Certified Ethical Hacker (CEH v12) - Full | EDUSUM

Single sign-on

Windows authentication

Question: Score 0 of 1
(skipped)
Ethical hacker Jane Smith is attempting to perform an SQL injection attack. She wants
to test the response time of a true or false response and wants to use a second command to
determine whether the database will return true or false results for user IDs.

Which two SQL injection types would give her the results she is looking for?

Response:

Out of band and boolean-based

Union-based and error-based

Time-based and union-based

Time-based and boolean-based

Question: Score 0 of 1
(skipped)
Miguel is using AES to encrypt files and drives. He wants to improve his file and drive
encryption. What should he implement?

Response:

ECB (electronic code book) mode

DES

CBC (cipher block chaining) mode

Twofish

Question: Score 0 of 1

file:///C:/Users/Mihail/Desktop/312-50_ EC-Council Certified Ethical Hacker (CEH v12) - Full _ EDUSUM.mhtml 26/53
7/14/23, 7:26 AM 312-50: EC-Council Certified Ethical Hacker (CEH v12) - Full | EDUSUM

Carlos is a web server administrator. He needs to remotely connect to his web server. (skipped)
What is the best method for him to use?

Response:

RDP

SSH

Telnet

Rlogin

Question: Score 0 of 1
(skipped)
Buffer overflow mainly occurs when a created memory partition (or buffer) is written
beyond its intended boundaries. If an attacker manages to do this from outside the program, this
can cause security problems since it can potentially allow them to manipulate arbitrary memory
cells, although many modern operating systems protect against the worst cases of this.

What programming language is this example in?

Response:

HTML

SQL

Java

Question: Score 0 of 1
(skipped)

file:///C:/Users/Mihail/Desktop/312-50_ EC-Council Certified Ethical Hacker (CEH v12) - Full _ EDUSUM.mhtml 27/53
7/14/23, 7:26 AM 312-50: EC-Council Certified Ethical Hacker (CEH v12) - Full | EDUSUM

A honeypot is an information system resource set up to attract and trap people who attempt to
penetrate an organization’s network. Which of the following type of honeypots emulate the real
production network of a target organization?

Response:

Low-interaction Honeypots

Medium-interaction Honeypots

High-interaction Honeypots

Pure Honeypots

Question: Score 0 of 1
(skipped)
Identify a security policy that defines using of a VPN for gaining access to an internal
corporate network?

Response:

Information protection policy

Access control policy

Network security policy

Remote access policy

Question: Score 0 of 1
(skipped)
Alice needs to send a confidential document to her coworker, Bryan. Their company
has public key infrastructure set up. Therefore, Alice both encrypts the message and digitally signs
it. Alice uses _______________ to encrypt the message, and Bryan uses _______________ to
confirm the digital signature.

Response:

Bryan’s public key; Bryan’s public key

Alice’s public key; Alice’s public key

file:///C:/Users/Mihail/Desktop/312-50_ EC-Council Certified Ethical Hacker (CEH v12) - Full _ EDUSUM.mhtml 28/53
7/14/23, 7:26 AM 312-50: EC-Council Certified Ethical Hacker (CEH v12) - Full | EDUSUM

Bryan’s private key; Alice’s public key

Bryan’s public key; Alice’s public key

Question: Score 0 of 1
(skipped)
Which of the following online tools allows attackers to gather information related to
the model of the IoT device and the certifications granted to it?

Response:

EarthExplorer

search.com

FCC ID search

Google image search

Question: Score 0 of 1
(skipped)
Justin, the evil hacker, wants to steal Joanna's data. He sends Joanna an email with a
malicious link that looks legitimate. Joanna unknowingly clicks on the link, and it redirects her to a
malicious web page, and John steals Joanna's data. Which of the following attacks is described in
this scenario?

Response:

DDoS

Vishing

Spoofing

Phishing

Question: Score 0 of 1

file:///C:/Users/Mihail/Desktop/312-50_ EC-Council Certified Ethical Hacker (CEH v12) - Full _ EDUSUM.mhtml 29/53
7/14/23, 7:26 AM 312-50: EC-Council Certified Ethical Hacker (CEH v12) - Full | EDUSUM

You know that an attacker can create websites similar to legitimate sites in pharming (skipped)
and phishing attacks. Which of the following is the difference between them?

Response:

Pharming attack: an attacker provides the victim with a URL that is either misspelled or looks
similar to the legitimate website's domain name.
Phishing attack: a victim is redirected to a fake website by modifying their host configuration file or
exploiting DNS vulnerabilities.

Both pharming and phishing attacks are identical.

Both pharming and phishing attacks are purely technical.

Phishing attack: an attacker provides the victim with a URL that is either misspelled or looks similar
to the legitimate website's domain name.
Pharming attack: a victim is redirected to a fake website by modifying their host configuration file or
exploiting DNS vulnerabilities.

Question: Score 0 of 1
(skipped)
Bob, an attacker, has managed to access a target IoT device. He employed an online
tool to gather information related to the model of the IoT device and the certifications granted to it.

Which of the following tools did Bob employ to gather the above information?

Response:

FCC ID search

Google image search

search.com

EarthExplorer

Question: Score 0 of 1
(skipped)
A user calls with a problem. Her laptop uses the same hardware and software as
many of the other clients on the network, and she can see the wireless network but cannot connect.
You run a sniffer, and results show the WAP is not responding to the association requests being
sent by the wireless client.
file:///C:/Users/Mihail/Desktop/312-50_ EC-Council Certified Ethical Hacker (CEH v12) - Full _ EDUSUM.mhtml 30/53
7/14/23, 7:26 AM 312-50: EC-Council Certified Ethical Hacker (CEH v12) - Full | EDUSUM

Of the following choices, which is the most likely source of the problem?

Response:

The wireless client does not use DHCP.

The wireless client is on the wrong wireless channel.

The WAP has MAC filtering engaged and does not recognize the MAC.

SSID security is preventing the connection.

Question: Score 0 of 1
(skipped)
Andrew is an Ethical Hacker who was assigned the task of discovering all the active
devices hidden by a restrictive firewall in the IPv4 range in a given target network.

Which of the following host discovery techniques must he use to perform the given task?

Response:

UDP scan

ARP ping scan

ACK flag probe scan

TCP Maimon scan

Question: Score 0 of 1
(skipped)
Peter, a system administrator working at a reputed IT firm, decided to work from his home
and login remotely. Later, he anticipated that the remote connection could be exposed to session hijacking.
To curb this possibility, he implemented a technique that creates a safe and encrypted tunnel over a public
network to securely send and receive sensitive information and prevent hackers from decrypting the data
flow between the endpoints.

What is the technique followed by Peter to send files securely through a remote connection?

Response:

VPN

file:///C:/Users/Mihail/Desktop/312-50_ EC-Council Certified Ethical Hacker (CEH v12) - Full _ EDUSUM.mhtml 31/53
7/14/23, 7:26 AM 312-50: EC-Council Certified Ethical Hacker (CEH v12) - Full | EDUSUM

SMB signing

DMZ

Switch network

Question: Score 0 of 1
(skipped)
The attacker plans to compromise the systems of organizations by sending malicious
emails. He decides to use the tool to track the target's emails and collect information such as
senders' identities, mail servers, sender IP addresses, and sender locations from different public
sources.

It also checks email addresses for leaks using haveibeenpwned.com API. Which of the following
tools is used by the attacker?

Response:

ZoomInfo

Infoga

Factiva

Netcraft

Question: Score 0 of 1
(skipped)
While some attacks are equally an issue for traditional systems and cloud computing
solutions, which of the following is far less an issue for cloud solutions?

Response:

Privilege escalation

Data breach

Malicious insiders

Natural disasters

file:///C:/Users/Mihail/Desktop/312-50_ EC-Council Certified Ethical Hacker (CEH v12) - Full _ EDUSUM.mhtml 32/53
7/14/23, 7:26 AM 312-50: EC-Council Certified Ethical Hacker (CEH v12) - Full | EDUSUM

Question: Score 0 of 1
(skipped)
Konstantin is trying to exploit a Windows 10 system. He has created a malicious
dynamic linked library that he wants to use. What is this an example of?

Response:

DLL hijacking

DLL injection

DLL replacement

DLL spoofing

Question: Score 0 of 1
(skipped)
Which of the following is a network forensics analysis tool that can monitor and
extract information from network traffic and capture application data contained in the network
traffic?

Response:

Xplico

yersinia

mitm6

Hyenae NG

Question: Score 0 of 1
(skipped)
____ is designed explicitly for systems that have low power and limited memory. It is
used for street lighting, radiation monitoring, and smart cities.

Response:

RIoT

file:///C:/Users/Mihail/Desktop/312-50_ EC-Council Certified Ethical Hacker (CEH v12) - Full _ EDUSUM.mhtml 33/53
7/14/23, 7:26 AM 312-50: EC-Council Certified Ethical Hacker (CEH v12) - Full | EDUSUM

Zephyr

Contiki

RTOS

Question: Score 0 of 1
(skipped)
Josh, a security analyst, wants to choose a tool for himself to examine links between
data. One of the main requirements is to present data using graphs and link analysis. Which of the
following tools will meet John's requirements?

Response:

Maltego.

Analyst's Notebook.

Palantir.

Metasploit.

Question: Score 0 of 1
(skipped)
_____ involves stealing a cloud service provider’s domain name.

Response:

Domain sniping

Domain hijacking

Cybersquatting

DNS poisoning

Question: Score 0 of 1

file:///C:/Users/Mihail/Desktop/312-50_ EC-Council Certified Ethical Hacker (CEH v12) - Full _ EDUSUM.mhtml 34/53
7/14/23, 7:26 AM 312-50: EC-Council Certified Ethical Hacker (CEH v12) - Full | EDUSUM

John, a professional hacker, targeted CyberSol Inc., an MNC. He decided to discover the loT (skipped)
devices connected in the target network that are using default credentials and are vulnerable
to various hijacking attacks. For this purpose, he used an automated tool to scan the target network for
specific types of loT devices and detect whether they are using the default, factory-set credentials.

What is the tool employed by John in the above scenario?

Response:

loT Inspector

AT&T loT Platform

loTSeeker

Azure loT Central

Question: Score 0 of 1
(skipped)
Lisandro is a novice fraudster, he uses special software purchased in the depths of
the network for sending his malware. This program allows it to deceive pattern-based detection
mechanisms and even some behavior-based ones, disguising malwares as harmless programs.
What does Lisandro use?

Response:

Crypter

Ransomware

Dropper

Payload

Question: Score 0 of 1
(skipped)
Allen, a professional pen tester, was hired by XpertTech Solutions to perform an
attack simulation on the organization’s network resources. To perform the attack, he took
advantage of the NetBIOS API and targeted the NetBIOS service.

By enumerating NetBIOS, he found that port 139 was open and could see the resources that could
be accessed or viewed on a remote system. He came across many NetBIOS codes during

file:///C:/Users/Mihail/Desktop/312-50_ EC-Council Certified Ethical Hacker (CEH v12) - Full _ EDUSUM.mhtml 35/53
7/14/23, 7:26 AM 312-50: EC-Council Certified Ethical Hacker (CEH v12) - Full | EDUSUM

enumeration.

Identify the NetBIOS code used for obtaining the messenger service running for the logged-in
user?

Response:

<00>

<20>

<03>

<1B>

Question: Score 0 of 1
(skipped)
A(n) ___ attack intercepts the redirection of HTTP to the secure HTTPS protocol and
intercepts a request from the user to the server. The attacker then establishes its own HTTPS that
is ineffective and allows all communication to be read.

Response:

SSL stripping

Smishing

MITM

Brute-force

Question: Score 0 of 1
(skipped)
Rajesh, the system administrator analyzed the IDS logs and noticed that when
accessing the external router from the administrator's computer to update the router configuration,
IDS registered alerts. What type of an alert is this?

Response:

False positive

True negative
file:///C:/Users/Mihail/Desktop/312-50_ EC-Council Certified Ethical Hacker (CEH v12) - Full _ EDUSUM.mhtml 36/53
7/14/23, 7:26 AM 312-50: EC-Council Certified Ethical Hacker (CEH v12) - Full | EDUSUM

True positve

False negative

Question: Score 0 of 1
(skipped)
You want to prevent possible SQLi attacks on your site. To do this, you decide to use
a practice whereby only a list of entities such as the data type, range, size, and value, which have
been approved for secured access, is accepted. Which of the following practices are you going to
adopt?

Response:

Whitelist validation.

Enforce least privileges.

Blacklist validation.

Output encoding.

Question: Score 0 of 1
(skipped)
The date and time of the remote host can theoretically be used against some systems
to use weak time-based random number generators in other services. Which option in Zenmap will
allow you to make ICMP Timestamp ping?

Response:

-PN

-PY

-PP

-PU

file:///C:/Users/Mihail/Desktop/312-50_ EC-Council Certified Ethical Hacker (CEH v12) - Full _ EDUSUM.mhtml 37/53
7/14/23, 7:26 AM 312-50: EC-Council Certified Ethical Hacker (CEH v12) - Full | EDUSUM

Question: Score 0 of 1
(skipped)
The firewall prevents packets from entering the organization through certain ports
and applications. What does this firewall check?

Response:

Network layer headers and the session layer port numbers.

Application layer port numbers and the transport layer headers.

Presentation layer headers and the session layer port numbers.

Application layer headers and transport layer port numbers.

Question: Score 0 of 1
(skipped)
An attacker gained access to a Linux host and stolen the password file from
/etc/passwd. Which of the following scenarios best describes what an attacker can do with this file?

Response:

The attacker can perform actions as a user because he can open it and read the user ids and
corresponding passwords.

Nothing because the password file does not contain the passwords themselves.

Nothing because he cannot read the file because it is encrypted.

The attacker can perform actions as root because the file reveals the passwords to the root user
only.

Question: Score 0 of 1
(skipped)
The CIA Triad is a security model that highlights the main goals of data security and
serves as a guide for organizations to protect their confidential data from unauthorized access and
data theft. What are the three concepts of the CIA triad?

Response:

Transference, transformation and transcendence

file:///C:/Users/Mihail/Desktop/312-50_ EC-Council Certified Ethical Hacker (CEH v12) - Full _ EDUSUM.mhtml 38/53
7/14/23, 7:26 AM 312-50: EC-Council Certified Ethical Hacker (CEH v12) - Full | EDUSUM

Comparison, reflection and abstraction

Confidentiality, integrity, and availability

Efficiency, equity and liberty

Question: Score 0 of 1
(skipped)
You are the Power BI administrator at your company which builds VR headsets. You
need to assign appropriate workspace roles to your colleagues and must use the lowest
permission necessary to accomplish the task. Which roles should you use for the below workspace
requirements?

- Update and delete workspaces

- Publish apps
- Publish content to the workspace

Response:

Member / Member / Contributor

Member / Member / Viewer

Admin / Member / Contributor

Admin / Admin / Contributor

Question: Score 0 of 1
(skipped)
Alex received an order to conduct a pentest and scan a specific server. When
receiving the technical task, he noticed the point: "The attacker must scan every port on the server
several times using a set of spoofed source IP addresses." Which of the following Nmap flags will
allow Alex to fulfill this requirement?

Response:

-A

-D

-S
file:///C:/Users/Mihail/Desktop/312-50_ EC-Council Certified Ethical Hacker (CEH v12) - Full _ EDUSUM.mhtml 39/53
7/14/23, 7:26 AM 312-50: EC-Council Certified Ethical Hacker (CEH v12) - Full | EDUSUM

-f

Question: Score 0 of 1
(skipped)
802.11 is a CSMA/CA protocol whose collision avoidance algorithms require a period
of silence before a radio is allowed to transmit. This leads to what type of attack?

Response:

Jamming

Bluejacking

Authentication attack

Availability attack

Question: Score 0 of 1
(skipped)
John, a cybersecurity specialist, received a copy of the event logs from all firewalls,
Intrusion Detection Systems (IDS) and proxy servers on a company's network. He tried to match all
the registered events in all the logs, and he found that their sequence didn't match. What can cause
such a problem?

Response:

A proper chain of custody was not observed while collecting the logs.

The network devices are not all synchronized.

The security breach was a false positive.

The attacker altered events from the logs.

Question: Score 0 of 1
(skipped)
To create a botnet, the attacker can use several techniques to scan vulnerable machines.
The attacker first collects information about a large number of vulnerable machines to create a list.
file:///C:/Users/Mihail/Desktop/312-50_ EC-Council Certified Ethical Hacker (CEH v12) - Full _ EDUSUM.mhtml 40/53
7/14/23, 7:26 AM 312-50: EC-Council Certified Ethical Hacker (CEH v12) - Full | EDUSUM

Subsequently, they infect the machines.

The list is divided by assigning half of the list to the newly compromised machines. The scanning process
runs simultaneously. This technique ensures the spreading and installation of malicious code in little time.

Which technique is discussed here?

Response:

Subnet scanning technique

Permutation scanning technique

Hit-list scanning technique

Topological scanning technique

Question: Score 0 of 1
(skipped)
What are the two main conditions for a digital signature?

Response:

It has to be the same number of characters as a physical signature and must be unique.

Legible and neat.

Unforgeable and authentic.

Unique and have special characters.

Question: Score 0 of 1
(skipped)
The fraudster Lisandro, masquerading as a large car manufacturing company
recruiter, massively sends out job offers via e-mail with the promise of a good salary, a friendly
team, unlimited coffee, and medical insurance. He attaches Microsoft Word or Excel documents to
his letters into which he embeds a special virus written in Visual Basic that runs when the
document is opened and infects the victim's computer. What type of virus does Lisandro use?

Response:

Multipart virus

file:///C:/Users/Mihail/Desktop/312-50_ EC-Council Certified Ethical Hacker (CEH v12) - Full _ EDUSUM.mhtml 41/53
7/14/23, 7:26 AM 312-50: EC-Council Certified Ethical Hacker (CEH v12) - Full | EDUSUM

Polymorphic code

Stealth virus

Macro virus

Question: Score 0 of 1
(skipped)
Evil Russian hacker Ivan is attacking again! This time, he got a job in a large
American company to steal commercial information for his customer to gain a competitive
advantage in the market. In his attack, Ivan used all available means, especially blackmail, bribery,
and technological surveillance. What is the name of such an attack?

Response:

Information Leakage

Corporate Espionage

Social Engineering

Business Loss

Question: Score 0 of 1
(skipped)
Which term from the following describes a set of vulnerabilities that allows spyware
to be installed on smartphones with the iOS operating system, allowing those who conducted
espionage to track and monitor every action on the device?

Response:

DroidSheep

Androrat

Trident

Zscaler

file:///C:/Users/Mihail/Desktop/312-50_ EC-Council Certified Ethical Hacker (CEH v12) - Full _ EDUSUM.mhtml 42/53
7/14/23, 7:26 AM 312-50: EC-Council Certified Ethical Hacker (CEH v12) - Full | EDUSUM

Question: Score 0 of 1
(skipped)
Enumeration is a process which establishes an active connection to the target hosts
to discover potential attack vectors in the system, and the same can be used for further
exploitation of the system. What type of enumeration is used to get shared resources on individual
hosts on the network and a list of computers belonging to the domain?

Response:

Netbios enumeration

SNMP enumeration

NTP enumeration

SMTP enumeration

Question: Score 0 of 1
(skipped)
IPsec is a suite of protocols developed to ensure the integrity, confidentiality, and
authentication of data communications over an IP network. Which protocol is NOT included in the
IPsec suite?

Response:

Media Access Control (MAC)

Authentication Header (AH)

Encapsulating Security Protocol (ESP)

Security Association (SA)

Question: Score 0 of 1
(skipped)
Which of the following layers in IoT architecture helps bridge the gap between two
endpoints, such as a device and a client, and carries out message routing, message identification,
and subscribing?

file:///C:/Users/Mihail/Desktop/312-50_ EC-Council Certified Ethical Hacker (CEH v12) - Full _ EDUSUM.mhtml 43/53
7/14/23, 7:26 AM 312-50: EC-Council Certified Ethical Hacker (CEH v12) - Full | EDUSUM

Response:

Edge Technology.

Access Gateway.

Middleware.

Internet.

Question: Score 0 of 1
(skipped)
Which of the following types of SQL injection attacks extends the results returned by
the original query, enabling attackers to run two or more statements if they have the same structure
as the original one?

Response:

Union SQL injection

Error-based injection

Blind SQL injection

Boolean-based blind SQL injection

Question: Score 0 of 1
(skipped)
To collect detailed information about services and applications running on identified
open ports, nmap can perform version detection. To do this, various probes are used to receive
responses from services and applications.

Nmap requests probe information from the target host and analyzes the response, comparing it
with known responses for various services, applications, and versions. Which of the options will
allow you to run this scan?

Response:

-sV

-sN
file:///C:/Users/Mihail/Desktop/312-50_ EC-Council Certified Ethical Hacker (CEH v12) - Full _ EDUSUM.mhtml 44/53
7/14/23, 7:26 AM 312-50: EC-Council Certified Ethical Hacker (CEH v12) - Full | EDUSUM

-sF

-sX

Question: Score 0 of 1
(skipped)
In what type of attack does the attacker forge the sender's IP address to gain access
to protected systems and confidential data?

Response:

IP Spoofing

Source Routing

IP fragmentation attack

IP forwarding

Question: Score 0 of 1
(skipped)
Such techniques as, for example, password cracking or enumeration are much more
efficient and faster if performed using a wordlist. Of course, there are a huge number of them in
different directions on the Internet or already installed in your Kali or Parrot OS, but an attacker can
create his wordlist specifically for the target he is attacking.

This requires conducting intelligence and collecting information about the victim. Many tools allow
you to automate this process. Which of the following tools can scan a website and create a
wordlist?

Response:

Orbot

Psiphon

Shadowsocks

CeWL

file:///C:/Users/Mihail/Desktop/312-50_ EC-Council Certified Ethical Hacker (CEH v12) - Full _ EDUSUM.mhtml 45/53
7/14/23, 7:26 AM 312-50: EC-Council Certified Ethical Hacker (CEH v12) - Full | EDUSUM

Question: Score 0 of 1
(skipped)
Which of the following standards is most applicable for a major credit card company?

Response:

PCI-DSS

Sarbanes-Oxley Act

FISMA

HIPAA

Question: Score 0 of 1
(skipped)
You performed a tool-based vulnerability assessment and found vulnerabilities. You
have started to analyze these issues and found that they are not true vulnerabilities. How can you
characterize these issues?

Response:

False positives

False negatives

True negatives

True positives

Question: Score 0 of 1
(skipped)
Andrew, an evil hacker, research the website of the company which he wants to
attack. During the research, he finds a web page and understands that the company's application is
potentially vulnerable to Server-side Includes Injection. Which web-page file type did Andrew find
while researching the site?

Response:

file:///C:/Users/Mihail/Desktop/312-50_ EC-Council Certified Ethical Hacker (CEH v12) - Full _ EDUSUM.mhtml 46/53
7/14/23, 7:26 AM 312-50: EC-Council Certified Ethical Hacker (CEH v12) - Full | EDUSUM

.html

.stm

.cms

.rss

Question: Score 0 of 1
(skipped)
____ is a mobile monitoring and spying application that runs on a target device and
logs all activities, including call log history, GPS location, calendar updates, and more.

Response:

SpyDealer

FaceNiff

DroidSheep

mSpy

Question: Score 0 of 1
(skipped)
Which of the following Nmap's commands allows you to most reduce the probability
of detection by IDS when scanning common ports?

Response:

nmap -A - Pn

nmap -A --host-timeout 99-T1

nmap -sT -O -T2

nmap -sT -O -T0

file:///C:/Users/Mihail/Desktop/312-50_ EC-Council Certified Ethical Hacker (CEH v12) - Full _ EDUSUM.mhtml 47/53
7/14/23, 7:26 AM 312-50: EC-Council Certified Ethical Hacker (CEH v12) - Full | EDUSUM

Question: Score 0 of 1
(skipped)
Which of the following information security controls creates an appealing isolated
environment for hackers to prevent them from compromising critical targets while simultaneously
gathering information about the hacker?

Response:

Botnet

Intrusion detection system

Firewall

Honeypot

Question: Score 0 of 1
(skipped)
Robin, a professional hacker, targeted an organization’s network to sniff all the traffic.
During this process, Robin plugged in a rogue switch to an unused port in the LAN with a priority
lower than any other switch in the network so that he could make it a root bridge that will later
allow him to sniff all the traffic in the network.

What is the attack performed by Robin in the above scenario?

Response:

ARP spoofing attack

STP attack

DNS poisoning attack

VLAN hopping attack

Question: Score 0 of 1
(skipped)
Consider the following Nmap output:

file:///C:/Users/Mihail/Desktop/312-50_ EC-Council Certified Ethical Hacker (CEH v12) - Full _ EDUSUM.mhtml 48/53
7/14/23, 7:26 AM 312-50: EC-Council Certified Ethical Hacker (CEH v12) - Full | EDUSUM

- Starting Nmap X.XX (http://nmap.org) at XXX-XX-XX XX:XX EDT

- Nmap scan report for 192.168.1.42 Host is up (0.00023s latency).
- Not shown: 932 filtered ports, 56 closed ports

PORT STATE SERVICE

- 21/Rep open ftp

- 22/tcp open ssh
- 25/tcp open smtp
- 53/tcp open domain
- 80/tcp open http
- 110/tcp open pop3
- 143/tcp open imap
- 443/tcp open https
- 465/tcp open smtps
- 587/tcp open submission
- 993/tcp open imaps
- 995/tcp open pop3s
- Nmap done: 1 IP address (1 host up) scanned in 3.90 seconds

What command-line parameter could you use to determine the type and version number of the web
server?

Response:

-sV

-sS

-Pn

-V

Question: Score 0 of 1
(skipped)
Annie, a cloud security engineer, uses the Docker architecture to employ a
client/server model in the application she is working on. She utilizes a component that can process
API requests and handle various Docker objects, such as containers, volumes, images, and
networks.

What is the component of the Docker architecture used by Annie in the above scenario?

Response:

Docker objects

file:///C:/Users/Mihail/Desktop/312-50_ EC-Council Certified Ethical Hacker (CEH v12) - Full _ EDUSUM.mhtml 49/53
7/14/23, 7:26 AM 312-50: EC-Council Certified Ethical Hacker (CEH v12) - Full | EDUSUM

Docker daemon

Docker client

Docker registries

Question: Score 0 of 1
(skipped)
What is a "Collision attack"?

Response:

Collision attacks try to change the hash.

Сollision attack on a hash tries to find two inputs producing the same hash value.

Collision attacks break the hash into several parts, with the same bytes in each part to get the
private key.

Collision attacks attempt to recover information from a hash.

Question: Score 0 of 1
(skipped)
You have been authorized to perform a penetration test against a website. You want to
use Google dorks to footprint the site but only want results that show file extensions. What Google
dork operator would you use?

Response:

inurl

site

ext

filetype

file:///C:/Users/Mihail/Desktop/312-50_ EC-Council Certified Ethical Hacker (CEH v12) - Full _ EDUSUM.mhtml 50/53
7/14/23, 7:26 AM 312-50: EC-Council Certified Ethical Hacker (CEH v12) - Full | EDUSUM

Question: Score 0 of 1
(skipped)
What firewall evasion scanning technique make use of a zombie system that has low
network activity as well as its fragment identification numbers?

Response:

Packet fragmentation scanning

Spoof source address scanning

Decoy scanning

Idle scanning

Question: Score 0 of 1
(skipped)
John is configuring Snort rules. He is adding actions. What would the action pass do?

Response:

Log the packet but let it pass

Drop the packet

Pass the packet to the alert system

Nothing

Question: Score 0 of 1
(skipped)
After scanning the ports on the target machine, you see a list of open ports, which
seems unusual to you:

- Starting NMAP 5.21 at 2019-06-18 12:32

- NMAP scan report for 172.19.40.112
- Host is up (1.00s latency).
- Not shown: 993 closed ports
- PORT STATE SERVICE
- 21/tcp open ftp
- 23/tcp open telnet
- 80/tcp open http
file:///C:/Users/Mihail/Desktop/312-50_ EC-Council Certified Ethical Hacker (CEH v12) - Full _ EDUSUM.mhtml 51/53
7/14/23, 7:26 AM 312-50: EC-Council Certified Ethical Hacker (CEH v12) - Full | EDUSUM

- 139/tcp open netbios-ssn

- 515/tcp open
- 631/tcp open ipp
- 9100/tcp open
- MAC Address: 00:00:5D:3F:EE:92

Based on the NMAP output, identify what is most likely this host?

Response:

The host is likely a Windows machine.

The host is likely a Linux machine.

The host is likely a router.

The host is likely a printer.

Question: Score 0 of 1
(skipped)
Shortly after replacing the outdated equipment, John, the company's system
administrator, discovered a leak of critical customer information. Moreover, among the stolen data
was the new user’s information that excludes incorrect disposal of old equipment.

IDS did not notice the intrusion, and the logging system shows that valid credentials were used.
Which of the following is most likely the cause of this problem?

Response:

Default Credential

Industrial Espionage

Zero-day vulnerabilities

NSA backdoor

Question: Score 0 of 1
(skipped)
In what type of attack does a malicious device take on multiple identities?

Response:

file:///C:/Users/Mihail/Desktop/312-50_ EC-Council Certified Ethical Hacker (CEH v12) - Full _ EDUSUM.mhtml 52/53
7/14/23, 7:26 AM 312-50: EC-Council Certified Ethical Hacker (CEH v12) - Full | EDUSUM

Rushing attack

Sybil attack

Mirai attack

Mozai attack

Question: Score 0 of 1
(skipped)
Identify a component of a risk assessment?

Response:

DMZ

Logical interface

Physical security

Administrative safeguards

Money Back Guarantee Testimonial FAQs Privacy Policy Terms and Conditions About Us Join Us
Contact Us

file:///C:/Users/Mihail/Desktop/312-50_ EC-Council Certified Ethical Hacker (CEH v12) - Full _ EDUSUM.mhtml 53/53