312-50: EC-Council Certified Ethical Hacker (CEH v12) - Full

You got 0 of 125 possible points.

Your score: 0 %

Question Results

Question: Score 0 of 1
(skipped)
Bob, your senior colleague, has sent you a mail regarding a deal with one of the clients. You are requested to accept the offer and you
oblige. After 2 days, Bab denies that he had ever sent a mail. What do you want to “”know”” to prove yourself that it was Bob who had send a mail?

Response:

Non-Repudiation

Integrity

Authentication

Confidentiality

Question: Score 0 of 1
(skipped)
TLS, also known as SSL, is a protocol for encrypting communications over a network. Which of the following statements is correct?

Response:

SSL/TLS uses do not uses asymmetric or symmetric encryption.

 SSL/TLS uses only asymmetric encryption.

SSL/TLS uses both asymmetric and symmetric encryption.

SSL/TLS uses only symmetric encryption.

Question: Score 0 of 1
(skipped)
Which of the following is a Denial-of-service vulnerability for which security patches have not yet been released, or there is no
effective means of protection?

Response:

Yo-yo

Smurf

APDoS

Zero-Day

Question: Score 0 of 1
(skipped)
You know that the application you are attacking is vulnerable to an SQL injection, but you cannot see the result of the injection. You
send a SQL query to the database, which makes the database wait before it can react. You can see from the time the database takes to respond,
whether a query is true or false. What type of SQL injection did you use?

Response:

Error-based SQLi.

Out-of-band SQLi.
 UNION SQLi.

Blind SQLi.

Question: Score 0 of 1
(skipped)
The ping utility is used to check the integrity and quality of connections in networks. In the process, it sends an ICMP Echo-Request
and captures the incoming ICMP Echo-Reply, but quite often remote nodes block or ignore ICMP. Which of the options will solve this problem?

Response:

Use hping

Use traceroute

Use arping

Use broadcast ping

Question: Score 0 of 1
(skipped)
Jenny, a pentester, conducts events to detect viruses in systems. She uses a detection method where the anti-virus executes the
malicious codes on a virtual machine to simulate CPU and memory activities. Which of the following methods does Jenny use?

Response:

Code Emulation.

Heuristic Analysis.

Integrity checking.
 Vulnerability scanner.

Question: Score 0 of 1
(skipped)
When reviewing the Windows core design, which of the following corresponds to user mode and is the level of least privilege?

Response:

Ring 0

Ring 1

Ring 2

Ring 3

Question: Score 0 of 1
(skipped)
Having a sufficient database of passwords, you can use statistical analysis of the list of words, you can create a very effective way to
crack passwords for such tools as, for example, John The Ripper. Which of the attacks uses such an analysis to calculate the probability of placing
characters in a quasi-brute attack?

Response:

Fingerprint

Markov Chain

Prince

Toggle-Case
Question: Score 0 of 1
(skipped)
Which of the following ciphers is U.S. FIPS 197?

Response:

Twofish

Blowfish

AES

DES

Question: Score 0 of 1
(skipped)
Jack, a cybersecurity specialist, plans to do some security research for the embedded hardware he uses. He wants to perform side-
channel power analysis and glitching attacks during this research. Which of the following will Jack use?

Response:

RIoT

Foren6

UART

ChipWhisperer

Question: Score 0 of 1
______ remotely accesses phone features. (skipped)

Response:

Bluebugging

Bluesnarfing

Bluejacking

Bluesmacking

Question: Score 0 of 1
(skipped)
SQL injection is an attack against what?

Response:

Device

Network

Server

User

Question: Score 0 of 1
(skipped)
Don, a student, came across a gaming app in a third-party app store and installed it. Subsequently, all the legitimate apps in his
smartphone were replaced by deceptive applications that appeared legitimate. He also received many advertisements on his smartphone after
installing the app.

What is the attack performed on Don in the above scenario?

Response:

SIM card attack

Clickjacking

SMS phishing attack

Agent Smith attack

Question: Score 0 of 1
(skipped)
If executives are found liable for not properly protecting their company’s assets and information systems, what type of law would
apply in this situation?

Response:

Criminal

International

Common

Civil

Question: Score 0 of 1
(skipped)
A user calls with a problem. Her laptop uses the same hardware and software as many of the other clients on the network, and she can
see the wireless network but cannot connect. You run a sniffer, and results show the WAP is not responding to the association requests being sent
by the wireless client.

Of the following choices, which is the most likely source of the problem?
Response:

The wireless client does not use DHCP.

The wireless client is on the wrong wireless channel.

The WAP has MAC filtering engaged and does not recognize the MAC.

SSID security is preventing the connection.

Question: Score 0 of 1
(skipped)
Which of the following is a cloud malware designed to exploit misconfigured kubelets in a Kubernetes cluster and infect all containers
present in the Kubernetes environment?

Response:

Hildegard

Heartbleed

Trivy

Kubescape

Question: Score 0 of 1
(skipped)
You are explaining IPsec to a new network security analyst. What best explains the role of AH?

Response:

Provides origin authenticity, integrity, and confidentiality protection of packets. It offers encryption-only and authentication-only configurations.
 Used to set up an SA by handling negotiation of protocols and algorithms and generating the encryption and authentication keys to be used.

Provides the framework for key exchange.

Provides connectionless integrity and data origin authentication.

Question: Score 0 of 1
(skipped)
Which of the following is a common IDS evasion technique?

Response:

Unicode characters

Subnetting

Port knocking

Spyware

Question: Score 0 of 1
(skipped)
Clark is a professional hacker. He created and configured multiple domains pointing to the same host to switch quickly between the
domains and avoid detection.

Identify the behavior of the adversary in the above scenario.

Response:

Unspecified proxy activities

Use of command-line interface

 Data staging

Use of DNS tunneling

Question: Score 0 of 1
(skipped)
What order, from bottom to top, does the TCP/IP architecture use?

Response:

Network Access, Network, Transport, Application

Link, Internet, Transport, Application

Physical, Network, Session, Application

Data Link, Internet, Transport, Application

Question: Score 0 of 1
(skipped)
Jerome is performing a scan on a target server. He is sending a SYN scan. If the port is open, what will Jerome receive back?

Response:

RST

ACK

SYN-ACK

Nothing
Question: Score 0 of 1
(skipped)
Gerard wishes to set up a cell that will service an area no more than a few 10s of meters in diameter. What type of cell is this?

Response:

Microcell

Picocell

Nanocell

Femtocell

Question: Score 0 of 1
(skipped)
You want to execute an SQLi attack. The first thing you check is testing the response time of a true or false response. Secondly, you
want to use another command to determine whether the database will return true or false results for user IDs. Which two SQL injection types have
you tried to perform?

Response:

Time-based and union-based

Time-based and boolean-based

Union-based and error-based

Out of band and boolean-based

Question: Score 0 of 1
(skipped)
Which wireless technology uses the RC4 stream cipher for encryption?

Response:

WEP

WPA

WPA2

WPA3

Question: Score 0 of 1
(skipped)
The analyst needs to evaluate the possible threats to Blackberry phones for third-party company. To do this, he will use the
Blackjacking attack method to demonstrate how an attacker could circumvent perimeter defences and gain access to the corporate network. Which
of the following tools is best suited for the analyst for this task?

Response:

BBCrack

Blooover

Paros Proxy

BBProxy

Question: Score 0 of 1
(skipped)
What is the first and most important phase that is the starting point for penetration testing in the work of an ethical hacker?
Response:

Maintaining Access

Gaining Access

Scanning

Reconnaissance

Question: Score 0 of 1
(skipped)
Josiah is performing several scans on a target system. If he sends an Xmas scan and the port is open, what response will he get?

Response:

No response

RST

ACK

SYN-ACK

Question: Score 0 of 1
(skipped)
Even though IDS and firewall security controls can prevent any unauthorized network access, there are many evasion techniques used
by attackers to exploit security limitations. One such technique is where the attacker changes the source IP addresses so that the attacks appear to
be coming in as someone else.

Identify the IDS/firewall evasion technique used by the attacker?

Response:
 IP Address Spoofing

Packet Fragmentation

Source Routing

IP Address Decoy

Question: Score 0 of 1
(skipped)
The network elements of the telecom operator are located in the data center under the protection of firewalls and intrusion prevention
systems. Which of the following is true for additional security measures?

Response:

Periodic security checks and audits are required. Access to network elements should be provided by user IDs with strong passwords.

Firewalls and intrusion detection systems are sufficient to ensure complete security.

No additional measures are required since attacks and downtime are inevitable, and a backup site is required.

No additional measures are required, since the attacker does not have physical access to the data center equipment.

Question: Score 0 of 1
(skipped)
You have malware on a computer. This malware intercepts calls between the browser and libraries on the victim’s computer. This
allows the malware to alter those calls and intercept data. What is the best term for this type of malware attack?

Response:

Trojan horse
 Man-in-the-browser

Application rootkit

Spyware

Question: Score 0 of 1
(skipped)
Leonardo, an employee of a cybersecurity firm, conducts an audit for a third-party company. First of all, he plans to run a scanning
that looks for common misconfigurations and outdated software versions. Which of the following tools is most likely to be used by Leonardo?

Response:

Armitage

Nikto

Metasploit

Nmap

Question: Score 0 of 1
(skipped)
The SOC analyst of the company wants to track the transfer of files over the unencrypted FTP protocol, which filter for the Wireshark
sniffer should he use?

Response:

tcp.port == 443

tcp.port ==21
 tcp.port = 23

tcp.port == 80

Question: Score 0 of 1
(skipped)
What is the name of a cloud infrastructure in which multiple organizations share resources and services based on common
operational and regulatory requirements?

Response:

Shared Cloud

Public Cloud

Community Cloud

Hybrid Cloud

Question: Score 0 of 1
(skipped)
Dayn, an attacker, wanted to detect if any honeypots are installed in a target network. For this purpose, he used a time-based TCP
fingerprinting method to validate the response to a normal computer and the response of a honeypot to a manual SYN request.

Which of the following techniques is employed by Dayn to detect honeypots?

Response:

Detecting honeypots running on VMware

Detecting the presence of Snort_inline honeypots

Detecting the presence of Honeyd honeypots

 Detecting the presence of Sebek-based honeypots

Question: Score 0 of 1
(skipped)
Identify a security policy that defines using of a VPN for gaining access to an internal corporate network?

Response:

Information protection policy

Access control policy

Network security policy

Remote access policy

Question: Score 0 of 1
(skipped)
Mohanned is explaining the Mirai virus to a colleague. What feature most defines Mirai’s activity?

Response:

It used existing LoRa connections to spread.

It exploited the MQTT protocol.

It used default usernames and passwords to breach IoT devices.

It used a rainbow table to breach IoT devices.

Question: Score 0 of 1
(skipped)
Which regulation defines security and privacy controls for all U.S. federal information systems except those related to national
security?

Response:

NIST-800-53

HIPAA

EU Safe Harbor

PCI-DSS

Question: Score 0 of 1
(skipped)
An attacker identified that a user and an access point are both compatible with WPA2 and WPA3 encryption. The attacker installed a rogue
access point with only WPA2 compatibility in the vicinity and forced the victim to go through the WPA2 four-way handshake to get connected. After the
connection was established, the attacker used automated tools to crack WPA2-encrypted messages.

What is the attack performed in the above scenario?

Response:

Cache-based attack

Timing-based attack

Downgrade security attack

Side-channel attack
Question: Score 0 of 1
(skipped)
Code-breaking techniques help measure the encryption strength. Which of the following code-breaking techniques requires a high
level of mathematical and cryptographic skills and involves the use of social engineering techniques to extract cryptography keys?

Response:

Brute-Force

Frequency Analysis

Trickery and Deceit

One-Time Pad

Question: Score 0 of 1
(skipped)
While performing online banking using a browser, your friend receives a message that contains a link to a website. He decides to click
on this link, and another browser session starts and displays a funny video. A few hours later, he receives a letter from the bank stating that his
online bank was visited from another country and tried to transfer money.

The bank also asks him to contact them and confirm the transfer if he really made it. What vulnerability did the attacker use when attacking your
friend?

Response:

Clickjacking

Cross-Site Scripting

Webform input validation

Cross-Site Request Forgery

Question: Score 0 of 1
(skipped)
You see the following text written down—port:502. What does that likely reference?

Response:

Shodan search

I/O search

p0f results

RIR query

Question: Score 0 of 1
(skipped)
In which of the following attack does an attacker install a virtual communication tower between the two authentic endpoints, intending
to mislead the victim?

Response:

aLTEr Attack

Wormhole Attack

Sinkhole Attack

Wi-Jacking Attack

Question: Score 0 of 1
(skipped)
If you send a TCP ACK segment to a known closed port on a firewall but it does not respond with an RST, what do you know about the
firewall you are scanning?
Response:

It is a non-stateful firewall

There is no firewall in place

It is a stateful firewall

This event does not tell you anything about the firewall

Question: Score 0 of 1
(skipped)
You want to clear all logs from a Windows 10 machine. What tool or technique would best accomplish this?

Response:

Use ClearLogs

Erase everything in /var/log

Use export HISTSIZE=0

Use history -c

Question: Score 0 of 1
(skipped)
What actions should be performed before using a Vulnerability Scanner for scanning a network?

Response:

Firewall detection.
 TCP/IP stack fingerprinting.

TCP/UDP Port scanning.

Checking if the remote host is alive.

Question: Score 0 of 1
(skipped)
Lisandro is engaged in sending spam. To avoid blocking, he connects to incorrectly configured SMTP servers that allow e-mail relay
without authentication (which allows Lisandro to fake information about the sender's identity). What is the name of such an SMTP server?

Response:

Public SMTP server.

Message transfer agent.

Open mail relay.

Weak SMTP.

Question: Score 0 of 1
(skipped)
Which of the following commands is used to clear the bash history?

Response:

history –n

history –c

history –a
 history -w

Question: Score 0 of 1
(skipped)
sqlmap.py -u "http://10.10.37.12/?p=1&forumaction=search" --dbs

Which of the following does this command do?

Response:

Enumerating the databases in the DBMS for the URL.

Retrieving SQL statements being executed on the database.

Searching database statements at the IP address given.

Creating backdoors using SQL injection.

Question: Score 0 of 1
(skipped)
Monitoring your company’s assets is one of the most important jobs you can perform. What warnings should you try to reduce when
configuring security tools, such as security information and event management (SIEM) solutions or intrusion detection systems (IDS)?

Response:

Only False Positives

False Positives and False Negatives

True Positives and True Negatives

Only True Negatives

Question: Score 0 of 1
(skipped)
____ is a known plaintext attack invented by Mitsuru Matsui.

Response:

Differential cryptanalysis

Related key attack

Linear cryptanalysis

Birthday attack

Question: Score 0 of 1
(skipped)
Having multiple simultaneous accesses potentially conflicting leads to concern about what?

Response:

Consensus

Virtualization

Synchronization

Concurrency

Question: Score 0 of 1
(skipped)
Windows passwords that are stored in seven-character fields are known as what?
Response:

NTLMv2

Kerberos

Salted

LAN Manager

Question: Score 0 of 1
(skipped)
Rootkits are kernel programs that can hide and cover-up traces of activities. It replaces certain operating system calls and utilities with
its own modified versions of those routines.

Which of the following rootkit modifies the boot sequence of the machine to load themselves instead of the original virtual machine monitor or
operating system?

Response:

Hypervisor level rootkit

Kernel level rootkit

Boot loader level rootkit

Library level rootkits

Question: Score 0 of 1
(skipped)
The fraudster Lisandro, masquerading as a large car manufacturing company recruiter, massively sends out job offers via e-mail with
the promise of a good salary, a friendly team, unlimited coffee, and medical insurance. He attaches Microsoft Word or Excel documents to his letters
into which he embeds a special virus written in Visual Basic that runs when the document is opened and infects the victim's computer. What type of
virus does Lisandro use?

Response:

Multipart virus

Polymorphic code

Stealth virus

Macro virus

Question: Score 0 of 1
(skipped)
In which of the following attacks does the attacker receive information from data sources such as voice assistants, multimedia
messages, and audio files by using a malicious app to breach speech privacy?

Response:

DroidDream

Spearphone attack

SIM swap scam

Smudge attack

Question: Score 0 of 1
(skipped)
Which of the following frameworks contains a set of the most popular tools that facilitate your tasks of collecting information and data
from open sources?

Response:
 BeEF

OSINT framework

WebSploit Framework

Speed Phish Framework

Question: Score 0 of 1
(skipped)
Identify the encryption algorithm by the description: Symmetric-key block cipher having a classical 12- or 16-round Feistel network
with a block size of 64 bits for encryption, which includes large 8 × 32-bit S-boxes based on bent functions, modular addition and subtraction, key-
dependent rotation, and XOR operations. This cipher also uses a "masking" key and a "rotation" key for performing its functions.

Response:

DES

AES

CAST-128

GOST

Question: Score 0 of 1
(skipped)
Identify the structure designed to verify and authenticate the identity of individuals within the enterprise taking part in a data
exchange?

Response:

single sign-on
 PKI

SOA

biometrics

Question: Score 0 of 1
(skipped)
Which type of attack attempts to overflow the content-addressable memory (CAM) table in an Ethernet switch?

Response:

DDoS attack

Evil twin attack

DNS cache flooding

MAC flooding

Question: Score 0 of 1
(skipped)
John is logged into his company web portal using a secure session. However, he is simultaneously logged into a site that he did not
realize has been compromised. What attack might John be vulnerable to?

Response:

Session fixation

Man-in-the-middle

Cross-site scripting
 Cross-site request forgery

Question: Score 0 of 1
(skipped)
Ramone is using Wireshark and he wants to view only those packets that are from IP address 192.10.10.1 and using port 80. What
command will do that?

Response:

ip ==192.10.10.1 || port==80

ip.addr==192.10.10.1 || tcp.port==80

ip ==192.10.10.1 && port==80

ip.addr==192.10.10.1 && tcp.port==80

Question: Score 0 of 1
(skipped)
Which of the following Nmap options will you use if you want to scan fewer ports than the default?

Response:

-T

-p

-F

-sP
Question: Score 0 of 1
(skipped)
Jack sent an email to Jenny with a business proposal. Jenny accepted it and fulfilled all her obligations. Jack suddenly refused his
offer when everything was ready and said that he had never sent an email. Which of the following digital signature properties will help Jenny prove
that Jack is lying?

Response:

Integrity

Authentication

Confidentiality

Non-Repudiation

Question: Score 0 of 1
(skipped)
You need to conduct a technical assessment of the network for a small company that supplies medical services. All computers in the
company use Windows OS. What is the best approach for discovering vulnerabilities?

Response:

Use the built-in Windows Update tool.

Create a disk image of a clean Windows installation.

Check MITRE.org for the latest list of CVE findings.

Use a scan tool like Nessus.

Question: Score 0 of 1
(skipped)
You know that an attacker can create websites similar to legitimate sites in pharming and phishing attacks. Which of the following is
the difference between them?

Response:

Pharming attack: an attacker provides the victim with a URL that is either misspelled or looks similar to the legitimate website's domain name.
Phishing attack: a victim is redirected to a fake website by modifying their host configuration file or exploiting DNS vulnerabilities.

Both pharming and phishing attacks are identical.

Both pharming and phishing attacks are purely technical.

Phishing attack: an attacker provides the victim with a URL that is either misspelled or looks similar to the legitimate website's domain name.
Pharming attack: a victim is redirected to a fake website by modifying their host configuration file or exploiting DNS vulnerabilities.

Question: Score 0 of 1
(skipped)
Which type of viruses tries to hide from antivirus programs by actively changing and corrupting the chosen service call interruptions
when they are being run?

Response:

Stealth/Tunneling virus

Polymorphic virus

Cavity virus

Tunneling virus

Question: Score 0 of 1
During the pentest, Maria, the head of the blue team, discovered that the new online service has problems with the authentication (skipped)
mechanism. The old password can be reset by correctly answering the secret question, and the sending form does not have protection
using a CAPTCHA, which allows a potential attacker to use a brute force attack.

What is the name of such an attack in the Enumeration of Common Disadvantages (CWE)?

Response:

User impersonation.

Weak password recovery mechanism.

Verbose failure messages.

Insecure transmission of credentials.

Question: Score 0 of 1
(skipped)
David is a security professional working in an organization, and he is implementing a vulnerability management program in the
organization to evaluate and control the risks and vulnerabilities in its IT infrastructure. He is currently executing the process of applying fixes on
vulnerable systems to reduce the impact and severity of vulnerabilities.

Which phase of the vulnerability-management life cycle is David currently in?

Response:

Remediation

Verification

Risk assessment

Vulnerability scan
Question: Score 0 of 1
(skipped)
What useful information is gathered during a successful Simple Mail Transfer Protocol (SMTP) enumeration?

Response:

A list of all mail proxy server addresses used by the targeted host.

The internal command RCPT provides a list of ports open to message traffic.

The two internal commands VRFY and EXPN provide a confirmation of valid users, email addresses, aliases, and mailing lists.

Reveals the daily outgoing message limits before mailboxes are locked.

Question: Score 0 of 1
(skipped)
What is the primary purpose of using digital signatures?

Response:

Ensuring the confidentiality of the message

Ensuring the integrity of the message

Confirming the sender’s identity

Establishing a shared key

Question: Score 0 of 1
(skipped)
You have been assigned the task of defending the company from network sniffing. Which of the following is the best option for this
task?

Response:
 Using encryption protocols to secure network communications.

Restrict Physical Access to Server Rooms hosting Critical Servers.

Register all machines MAC Address in a Centralized Database.

Use Static IP Address.

Question: Score 0 of 1
(skipped)
Which of the following is an example of a scareware social engineering attack?

Response:

A banner appears to a user stating, "Your order has been delayed. Click here to find out your new delivery date."

A pop-up appears to a user stating, "You have won money! Click here to claim your prize!"

A pop-up appears to a user stating, "Your computer may have been infected with spyware. Click here to install an anti-spyware tool to resolve this
issue."

A banner appears to a user stating, "Your password has expired. Click here to update your password."

Question: Score 0 of 1
(skipped)
_____ involves stealing a cloud service provider’s domain name.

Response:

Domain sniping

Domain hijacking
 Cybersquatting

DNS poisoning

Question: Score 0 of 1
(skipped)
Rajesh, a system administrator, noticed that some clients of his company were victims of DNS Cache Poisoning. They were redirected
to a malicious site when they tried to access Rajesh's company site. What is the best recommendation to deal with such a threat?

Response:

Customer awareness

Use a multi-factor authentication

Use of security agents on customers' computers.

Use Domain Name System Security Extensions (DNSSEC)

Question: Score 0 of 1
(skipped)
Robert is sending packets with an invalid RST flag. What is the primary goal of doing this?

Response:

To allow the attacker to resynchronize

To allow the attacker to hide parts of the packet

To trick the IDS/IPS into ignoring that stream

To trick the IDS/IPS into resetting that session

Question: Score 0 of 1
(skipped)
Gunter has been performing testing of a Linux server. He is trying to erase his tracks. He wants to get rid of the history of all shell
commands for only the current shell. Which of the following is the best way to accomplish this?

Response:

shred ~/.bash_history

export HISTSIZE=0

history -w

ClearLogs

Question: Score 0 of 1
(skipped)
Jerrod is running an hping v3 scan on a target machine. He wants to send TCP SYN packets every 3 seconds to port 445 on host
10.10.10.15. Which command will do that?

Response:

hping3 -i 3 10.10.10.15 -sS -V -p 445

hping3 1 0.10.10.15 -sS -V -p 445 -i 3

hping3 10.10.10.15 -S -V -p 445 -i 3

hping3 -i 3 10.10.10.15 -S -V -p 445 -i 3

Question: Score 0 of 1
(skipped)
Wireshark is one of the most important tools for a cybersecurity specialist. It is used for network troubleshooting, analysis, software,
etc. And you often have to work with a packet bytes pane. In what format is the data presented in this pane?

Response:

Binary

ASCII only

Hexadecimal

Decimal

Question: Score 0 of 1
(skipped)
Joh has placed a suspicious file on a non-networked isolated machine and will use a range of tools to test what processes it spawns,
what resources it uses, what registry settings it affects, and other activity. What best describes this process?

Response:

Dynamic analysis

Static analysis

Sheep dip

Air gap

Question: Score 0 of 1
(skipped)
Bill is a network administrator. He wants to eliminate unencrypted traffic inside his company’s network. He decides to setup a SPAN port and
capture all traffic to the datacenter. He immediately discovers unencrypted traffic in port UDP 161.

What protocol is this port using and how can he secure that traffic?

Response:

RPC and the best practice is to disable RPC completely.

SNMP and he should change it to SNMP V3

SNMP and he should change it to SNMP V2, which is encrypted

It is not necessary to perform any actions, as SNMP is not carrying important information.

Question: Score 0 of 1
(skipped)
___________ is a routing protocol that allows a host to discover the IP addresses of active routers on the subnet by listening to router
advertisements and soliciting messages on the network.

Response:

CAM

DHCP

IRDP

ARP

Question: Score 0 of 1
(skipped)
As a result of the attack on the dating web service, Ivan received a dump of all user passwords in a hashed form. Ivan recognized the
hashing algorithm and started identifying passwords. What tool is he most likely going to use if the service used hashing without salt?
Response:

Brute force

XSS

Dictionary attacks

Rainbow table

Question: Score 0 of 1
(skipped)
The attacker needs to collect information about his victim - Maria. She is an extrovert who often posts a large amount of private
information, photos, and location tags of recently visited places on social networks. Which automated tool should an attacker use to gather
information to perform other sophisticated attacks?

Response:

VisualRoute

HULK

Ophcrack

Hootsuite

Question: Score 0 of 1
(skipped)
Which access control mechanism allows for multiple systems to use a central authentication server (CAS) that permits users to
authenticate once and gain access to multiple systems?

Response:
 Role Based Access Control (RBAC)

Discretionary Access Control (DAC)

Single sign-on

Windows authentication

Question: Score 0 of 1
(skipped)
Matthew successfully hacked the server and got root privileges. Now he wants to pivot and stealthy transit the traffic over the network,
avoiding the IDS. Which of the following will be the best solution for Matthew?

Response:

Install Cryptcat and encrypt outgoing packets from this server.

Use HTTP so that all traffic can be routed vis a browser, thus evading the internal Intrusion Detection Systems.

Install and use Telnet to encrypt all outgoing traffic from this server.

Use Alternate Data Streams to hide the outgoing packets from this server.

Question: Score 0 of 1
(skipped)
Why does 'OR '1' = '1 work?

Response:

It is always a true statement.

SQL cannot process it, and it causes an error.

 This command has special meaning in SQL.

It does not work.

Question: Score 0 of 1
(skipped)
Shellshock is a serious bug in the Bash command-line interface shell that allows an attacker to execute commands by gaining
unauthorized access to computer systems.

env x=`(){ :;};echo exploit` bash -c 'cat /etc/passwd'

What is the result of executing this query on a vulnerable host?

Response:

Display of the contents of the passwd file.

Copying the contents of the passwd file

Creating a passwd file.

Deleting the passwd file.

Question: Score 0 of 1
(skipped)
Black-hat hacker Ivan wants to determine the status of ports on a remote host. He wants to do this quickly but imperceptibly for IDS
systems. For this, he uses a half-open scan that doesn’t complete the TCP three-way handshake. What kind of scanning does Ivan use?

Response:

PSH Scan

TCP SYN (Stealth) Scan

 XMAS scans

FIN scan

Question: Score 0 of 1
(skipped)
Attacker uses various IDS evasion techniques to bypass intrusion detection mechanisms. At the same time, IDS is configured to detect
possible violations of the security policy, including unauthorized access and misuse. Which of the following evasion method depend on the Time-to-
Live (TTL) fields of a TCP/IP ?

Response:

Obfuscation

Unicode Evasion

Denial-of-Service Attack

Insertion Attack

Question: Score 0 of 1
(skipped)
With a(n) ____ attack, an attacker modifies the parameters of the SOAP message that is sent from the service consumer to the service
provider to initiate a SQL injection attack.

Response:

XML injection

XAML injection

SQL injection via SOAP

 man-in-the-cloud

Question: Score 0 of 1
(skipped)
Gabriella uses Google search operators, which allow you to optimize and expand the capabilities of regular search. What will be the
result of this request?

site:eccouncil.org discount -ilearn

Response:

Results about all discounts from the site ec-council.org for the ilearn training format.

The results that match the entire query.

Results about all discounts from the site eccouncil.org except for the ilearn format.

Results from the ec-council website except for discounts and the ilearn format.

Question: Score 0 of 1
(skipped)
Identify the attack by the description: It is the wireless version of the phishing scam. This is an attack-type for a rogue Wi-Fi access
point that appears to be a legitimate one offered on the premises but has been set up to eavesdrop on wireless communications. When performing
this attack, an attacker fools wireless users into connecting a device to a tainted hotspot by posing as a legitimate provider.

This type of attack may be used to steal the passwords of unsuspecting users by either snooping the communication link or by phishing, which
involves setting up a fraudulent website and luring people there.

Response:

Signal Jamming

Evil Twin
 Collision

Sinkhole

Question: Score 0 of 1
(skipped)
Sam is a penetration tester hired by Inception Tech, a security organization. He was asked to perform port scanning on a target host in the
network. While performing the given task, Sam sends FIN/ACK probes and determines that an RST packet is sent in response by the target host, indicating that
the port is closed.

What is the port scanning technique used by Sam to discover open ports?

Response:

Xmas

IDLE/IPID header scan

TCP Maimon scan

ACK flag probe scan

Question: Score 0 of 1
(skipped)
Guillermo has found malware on a machine that allows the attacker to replace the operating system boot process. What is the best
term for this tool?

Response:

Firmware rootkit

Bootloader rootkit
 Operating system rootkit

Application rootkit

Question: Score 0 of 1
(skipped)
_____ is IEEE standard 1902.1. It is a wireless protocol that is two way.

Response:

Zigbee

LoRa

Z-Wave

RuBee

Question: Score 0 of 1
(skipped)
Which characteristic is most likely not to be used by companies in biometric control for use on the company's territory?

Response:

Iris patterns

Voice

Height/Weight

Fingerprints
Question: Score 0 of 1
(skipped)
Suppose that you test an application for the SQL injection vulnerability. You know that the backend database is based on Microsoft
SQL Server. In the login/ password form, you enter the following credentials:

- Username: attack’ or 1=1 –

- Password: 123456

Based on the above credentials, which of the following SQL commands are you expecting to be executed by the server, if there is indeed an SQL
injection vulnerability?

Response:

select * from Users where UserName = ‘attack’ ‘ or 1=1 — and UserPassword = ‘123456’

select * from Users where UserName = ‘attack’ or 1=1 — and UserPassword = ‘123456’

select * from Users where UserName = ‘attack or 1=1 — and UserPassword = ‘123456’

select * from Users where UserName = ‘attack’ or 1=1 –‘ and UserPassword = ‘123456’

Question: Score 0 of 1
(skipped)
The CIA Triad is a security model that highlights the main goals of data security and serves as a guide for organizations to protect their
confidential data from unauthorized access and data theft. What are the three concepts of the CIA triad?

Response:

Transference, transformation and transcendence

Comparison, reflection and abstraction

Confidentiality, integrity, and availability

 Efficiency, equity and liberty

Question: Score 0 of 1
(skipped)
At what stage of the cyber kill chain theory model does data exfiltration occur?

Response:

Weaponization

Actions on objectives

Command and control

Installation

Question: Score 0 of 1
(skipped)
Which of the following allows attackers to draw a map or outline the target organization’s network infrastructure to know about the
actual environment that they are going to hack?

Response:

Vulnerability analysis

Malware analysis

Scanning networks

Enumeration
Question: Score 0 of 1
(skipped)
Todd is concerned about DoS attacks against his network. He is particularly worried about attacks that used malformed ICMP packets.
What type of attack is Todd concerned about?

Response:

PoD

Teardrop

PDoS

Smurf

Question: Score 0 of 1
(skipped)
What type of scan does hping3 www.chuckeasttom.com -a 182.10.10.10 perform?

Response:

It performs an hping ACK scan of the domain and IP address given.

It performs an hping scan of www.chuckeasttom.com, spoofing the IP address 182.10.10.10.

It performs an hping scan of 182.10.10.10 www.chuckeasttom.com.

It doesn’t work without an IP address and a domain name.

Question: Score 0 of 1
Which type of virus can change its own code and then cipher itself multiple times as it replicates? (skipped)

Response:

Stealth virus

Tunneling virus

Cavity virus

Encryption virus

Question: Score 0 of 1
(skipped)
You must discover all the active devices hidden by a restrictive firewall in the IPv4 range in a target network. Which of the following
host discovery techniques will you use?

Response:

ARP ping scan

ACK flag probe scan

TCP Maimon scan

UDP scan

Question: Score 0 of 1
(skipped)
Cookie Cadger is an example of which of the following?

Response:

Botnet
 DoS tool

Sniffing tool

Session hijacking tool

Question: Score 0 of 1
(skipped)
Mr. Omkar performed tool-based vulnerability assessment and found two vulnerabilities. During analysis, he found that these issues
are not true vulnerabilities. What will you call these issues?

Response:

False positives

True negatives

True positives

False negatives

Question: Score 0 of 1
(skipped)
Ivan, the evil hacker, decided to use Nmap scan open ports and running services on systems connected to the target organization's OT
network. For his purposes, he enters the Nmap command into the terminal which identifies Ethernet/IP devices connected to the Internet and further
gathered information such as the vendor name, product code and name, device name, and IP address. Which of the following commands did Ivan
use in this scenario?

Response:

nmap -Pn -sT -p 46824 < Target IP >

 nmap -Pn -sT -p 102 --script s7-info < Target IP >

nmap -Pn -sT --scan-delay 1s --max-parallelism 1 -p < Port List > < Target IP >

nmap -Pn -sU -p 44818 --script enip-info < Target IP >

Question: Score 0 of 1
(skipped)
Which file is a rich target to discover the structure of a website during web-server footprinting?

Response:

domain.txt

Robots.txt

Document root

index.html

Question: Score 0 of 1
(skipped)
Rajesh, a network administrator found several unknown files in the root directory of his FTP server. He was very interested in a binary
file named "mfs". Rajesh decided to check the FTP server logs and found that the anonymous user account logged in to the server, uploaded the
files and ran the script using a function provided by the FTP server's software.

Also, he found that "mfs" file is running as a process and it listening to a network port. What kind of vulnerability must exist to make this attack
possible?

Response:

Privilege escalation.
 Brute force login.

File system permissions.

Directory traversal.

Question: Score 0 of 1
(skipped)
What piece of software could you use to recover from a ransomware attack?

Response:

Decryptor

Encryptor

Anti-malware

Endpoint detection and response

Question: Score 0 of 1
(skipped)
You performed a tool-based vulnerability assessment and found vulnerabilities. You have started to analyze these issues and found
that they are not true vulnerabilities. How can you characterize these issues?

Response:

False positives

False negatives

True negatives
 True positives

Question: Score 0 of 1
(skipped)
Which attack is based on an ICMP (Internet Control Message Protocol) packet sent to the broadcast address of the network?

Response:

Teardrop attack

Slowloris attack

Smurf attack

PDoS attack

Question: Score 0 of 1
(skipped)
Which tool offers penetration-test-like services for Amazon EC2 customers?

Response:

CloudPassage Halo

Core Cloud

CloudInspect

Panda Cloud Office Protection

Question: Score 0 of 1
(skipped)
Whois services allow you to get a massive amount of valuable information at the stage of reconnaissance. Depending on the target's
location, they receive data from one of the five largest regional Internet registries (RIR). Which of the following RIRs should the Whois service
contact if you want to get information about an IP address registered in France?

Response:

ARIN

LACNIC

APNIC

RIPE NCC

Question: Score 0 of 1
(skipped)
You have been asked to examine a Windows 7 computer that is running poorly. You first used Netstat to examine active connections,
and you now would like to examine performance via the Computer Management Console.

Which of the following is the correct command to launch it?

Response:

c:\services.msc

c:\compmgmt.msc

ps -aux

c:\msconfig
Question: Score 0 of 1
(skipped)
During a port scan on the target host, your colleague sends FIN/ACK probes and finds that an RST packet is sent in response by the
target host, indicating that the port is closed. Which of the following port scanning techniques did your colleague use?

Response:

IDLE/IPID header scan

ACK flag probe scan

TCP Maimon scan

Xmas scan

Question: Score 0 of 1
(skipped)
Victoria is using a different vulnerability scanning strategy for each machine or component of the information system. What best
describes this approach?

Response:

Tree-based assessment

Inference-based assessment

Active assessment

Passive assessment

Question: Score 0 of 1
(skipped)
Which of the following types of SQL injection attacks extends the results returned by the original query, enabling attackers to run two or more
statements if they have the same structure as the original one?

Response:

Union SQL injection

Error-based injection

Blind SQL injection

Boolean-based blind SQL injection

Question: Score 0 of 1
(skipped)
Which of the following Trojans are used by attackers to destroy or change the entire content of a database and also attack the
websites by physically changing the underlying HTML format?

Response:

E-banking Trojan

Point-of-Sale Trojan

Defacement Trojan

Mobile Trojans

Question: Score 0 of 1
(skipped)
How does separation of duties help prevent insider threats?

Response:
 No single person can do a critical task.

As employees rotate, they can find intentional or negligence issues.

Collaboration makes employees feel more valuable and reduces insider threat.

Separation of duties is ineffective against insider threats.

Question: Score 0 of 1
(skipped)
Ramone is trying to enumerate machines on a network. The network uses a Windows Server 2019 domain controller. Which of the
following commands is most likely to give him information about machines on that network?

Response:

finger

ntpq

net view

rwho

Question: Score 0 of 1
(skipped)
OS fingerprinting is the method used to determine the operating system running on a remote target system. It is an important scanning
method, as the attacker will have a greater probability of success if he/she knows the OS. Active stack fingerprinting is one of the types of OS
fingerprinting.

Which of the following is true about active stack fingerprinting?

Response:
 It Uses password crackers to escalate system privileges

It Is based on the fact that various vendors of OS implement the TCP stack differently

TCP connect scan

It Uses sniffing techniques instead of the scanning techniques

It Is based on the differential implantation of the stack and the various ways an OS responds to it

Question: Score 0 of 1
(skipped)
Jane, an ethical hacker, is testing a target organization’s web server and website to identify security loopholes. In this process, she
copied the entire website and its content on a local drive to view the complete profile of the site’s directory structure, file structure, external links,
images, web pages, and so on. This information helps Jane map the website’s directories and gain valuable information.

What is the attack technique employed by Jane in the above scenario?

Response:

Session hijacking

Website mirroring

Website defacement

Web cache poisoning

Question: Score 0 of 1
(skipped)
The attacker gained credentials of an organization's internal server system and often logged in outside work hours. The organization
commissioned the cybersecurity department to analyze the compromised device to find incident details such as the type of attack, its severity,
target, impact, method of propagation, and vulnerabilities exploited.

What is the incident handling and response process, in which the cybersecurity department has determined these issues?

Response:

Incident recording and assignment.

Preparation.

Eradication.

Incident triage.

Question: Score 0 of 1
(skipped)
The attacker is trying to cheat one of the employees of the target organization by initiating fake calls while posing as a legitimate
employee. Also, he sent phishing emails to steal employee's credentials and further compromise his account. Which of the following techniques did
the attacker use?

Response:

Reverse engineering

Insider threat

Password reuse

Social engineering

Money Back Guarantee Testimonial FAQs Privacy Policy Terms and Conditions About Us Join Us Contact Us