CEH v11 - 3&4
Having a sufficient database of passwords, you can use statistical analysis of the list of words, you can create a very effective way to crack passwords for such tools as, for example, John The Ripper. Which of the attacks uses such an analysis to calculate the probability of placing characters in a quasi-brute attack? Markov Chain Prince Toggle-Case Fingerprint
Markov Chain
During testing, you discovered a vulnerability that allows hackers to gain unauthorized access to API objects and perform actions such as viewing, updating and deleting sensitive data. Which of the following API vulnerabilities have you found? No ABAC validation. RBAC Privilege Escalation. Code Injections. Business Logic Flaws.
No ABAC validation.
The company "Work Town" hired a cybersecurity specialist to perform a vulnerability scan by sniffing the traffic on the network to identify the active systems, network services, applications, and vulnerabilities. What type of vulnerability assessment should be performed for "Work Town"? Passive assessment. Active assessment. Internal assessment. External assessment.
Passive assessment.
Which of the following is the fastest way to perform content enumeration on a web server using the Gobuster tool? Performing content enumeration using a wordlist. Performing content enumeration using the brute-force mode and random file extensions. Skipping SSL certificate verification. Performing content enumeration using the brute-force mode and 10 threads.
Performing content enumeration using a wordlist.
The network elements of the telecom operator are located in the data center under the protection of firewalls and intrusion prevention systems. Which of the following is true for additional security measures? No additional measures are required, since the attacker does not have physical access to the data center equipment. Periodic security checks and audits are required. Access to network elements should be provided by user IDs with strong passwords. Firewalls and intrusion detection systems are sufficient to ensure complete security. No additional measures are required since attacks and downtime are inevitable, and a backup site is required.
Periodic security checks and audits are required. Access to network elements should be provided by user IDs with strong passwords.
Black-hat hacker Ivan attacked a large DNS server. By poisoning the cache, he was able to redirect the online store's traffic to a phishing site. Users did not notice the problem and believed that they were on the store's actual website, so they entered the data of their accounts and even bank cards. Before the security system had time to react, Ivan collected a large amount of critical user data. Which option is best suited to describe this attack? SPIT attack Spear-phishing Pharming Phishing
Pharming
Identify a security policy that defines using of a VPN for gaining access to an internal corporate network? Access control policy Remote access policy Information protection policy Network security policy
Remote access policy
Identify the security model by description: In this security model, every user in the network maintains a ring of public keys. Also, a user needs to encrypt a message using the receiver's public key, and only the receiver can decrypt the message using their private key. Web of trust Transport Layer Security Secure Socket Layer Zero trust security model
Web of trust
The attacker wants to draw a map of the target organization's network infrastructure to know about the actual environment they will hack. Which of the following will allow him to do this? Malware analysis Network enumeration Scanning networks Vulnerability analysis
Scanning networks
Which of the following algorithms is a symmetric key block cipher with a block size of 128 bits representing a 32-round SP-network operating on a block of four 32-bit words? RC4 SHA-256 Serpent CAST-128
Serpent
Enabling SSI directives allows developers to add dynamic code snippets to static HTML pages without using full-fledged client or server languages. However, suppose the server is incorrectly configured (for example, allowing the exec directive) or the data is not strictly verified. In that case, an attacker can change or enter directives to perform malicious actions. What kind of known attack are we talking about? Server-side template injection CRLF injection Server-side includes injection Server-side JS injection
Server-side includes injection
Modern security mechanisms can stop various types of DDoS attacks, but if they only check incoming traffic and mostly ignore return traffic, attackers can bypass them under the disguise of a valid TCP session by carrying an SYN, multiple ACK, and one or more RST or FIN packets. What is the name of such an attack? Ping-of-death attack. UDP flood attack. Peer-to-peer attack. Spoofed session flood attack.
Spoofed session flood attack.
Alex received an order to conduct a pentest and scan a specific server. When receiving the technical task, he noticed the point: "The attacker must scan every port on the server several times using a set of spoofed source IP addresses." Which of the following Nmap flags will allow Alex to fulfill this requirement? -f -S -A -D
-D
The date and time of the remote host can theoretically be used against some systems to use weak time-based random number generators in other services. Which option in Zenmap will allow you to make ICMP Timestamp ping? -PN -PP -PY -PU
-PP
Which of the following parameters is Nmap helps evade IDS or firewalls? -T -r -A -R
-T
When scanning with Nmap, you found a firewall. Now you need to determine whether it is a stateful or stateless firewall. Which of the following options is best for you to use? -sO -sM -sA -sT
-sA
To collect detailed information about services and applications running on identified open ports, nmap can perform version detection. To do this, various probes are used to receive responses from services and applications. Nmap requests probe information from the target host and analyzes the response, comparing it with known responses for various services, applications, and versions. Which of the options will allow you to run this scan? -sF -sX -sN -sV
-sV
You need to hide the file in the Linux system. Which of the following characters will you type at the beginning of the filename? _ (Underscore) ~ (Tilda) ! (Exclamation mark) . (Period)
. (Period)
What is the minimum number of network connections needed for a multi-homed firewall? 3 2 5 4
2
Identify the wrong answer in terms of Range: 802.11a - 150 ft 802.11b - 150 ft 802.11n - 150 ft 802.16 (WiMax) - 30 miles 802.11a 802.11b 802.11n 802.16
802.16
Lisandro was hired to steal critical business documents of a competitor company. Using a vulnerability in over-the-air programming (OTA programming) on Android smartphones, he sends messages to company employees on behalf of the network operator, asking them to enter a PIN code and accept new updates for the phone. After the employee enters the PIN code, Lisandro gets the opportunity to intercept all Internet traffic from the phone. What type of attack did Lisandro use? Bypass SSL pinning. Tap 'n ghost attack. Advanced SMS phishing. Social engineering.
Advanced SMS phishing.
Victims of DoS attacks often are web servers of high-profile organizations such as banking, commerce, media companies, or government and trade organizations. Which of the following symptom could indicate a DoS or DDoS attack? An inability to access any website Unknown programs running on your system. Misbehaviour of computer programs and application. Damage and corrupt files.
An inability to access any website
What is the name of a popular tool (or rather, an entire integrated platform written in Java) based on a proxy used to assess the security of web applications and conduct practical testing using a variety of built-in tools? Burp Suite Nmap CxSAST Wireshark
Burp Suite
Such techniques as, for example, password cracking or enumeration are much more efficient and faster if performed using a wordlist. Of course, there are a huge number of them in different directions on the Internet or already installed in your Kali or Parrot OS, but an attacker can create his wordlist specifically for the target he is attacking. This requires conducting intelligence and collecting information about the victim. Many tools allow you to automate this process. Which of the following tools can scan a website and create a wordlist? Psiphon Orbot CeWL Shadowsocks
CeWL
Ivan, a black hacker, wants to get information about IoT cameras and devices used by the attacked company. For these purposes, he will use a tool that collects information about the IoT devices connected to a network, open ports and services, and the attack surface area. Thanks to this tool, Ivan constantly monitors every available server and device on the internet. This opportunity will allow him to exploit these devices in the future. Which of the following tools did Ivan use to carry out this attack? NeuVector Censys Lacework Wapiti
Censys
Christian received a letter in his email. It stated that if he forwarded this email to 10 more people, he would receive the money as a gift. Which of the following attacks was Christian subjected to? Hoax letters Instant chat messenger Spam Messages Chain letters
Chain letters
Jack, a cybersecurity specialist, plans to do some security research for the embedded hardware he uses. He wants to perform side-channel power analysis and glitching attacks during this research. Which of the following will Jack use? RIoT ChipWhisperer Foren6 UART
ChipWhisperer
Identify the attack where the hacker uses the ciphertexts corresponding to a set of plaintexts of his own choosing? Differential cryptanalysis Kasiski examination Known-plaintext attack Chosen-plaintext
Chosen-plaintext
Which of the following is an on-premise or cloud-hosted solution responsible for enforcing security, compliance, and governance policies in the cloud application? Container Security Tools Cloud Access Security Broker Next-Generation Secure Web Gateway Secure access service edge
Cloud Access Security Broker
The attacker knows about a vulnerability in a bare-metal cloud server that can enable him to implant malicious backdoors in firmware. Also, the backdoor can persist even if the server is reallocated to new clients or businesses that use it as an IaaS. What type of cloud attack can be performed by an attacker exploiting the vulnerability discussed in the above scenario? Cloud cryptojacking Metadata spoofing attack Cloudborne attack Man-in-the-cloud (MITC) attack
Cloudborne attack
What is the name of a cloud infrastructure in which multiple organizations share resources and services based on common operational and regulatory requirements? Public Cloud Hybrid Cloud Community Cloud Shared Cloud
Community Cloud
A digital signature is the digital equivalent of a handwritten signature or stamped seal. It is intended to solve the problem of tampering and impersonation in digital communications. Which of the following option does a digital signature NOT provide? Confidentiality Non-repudiation Authentication Integrity
Confidentiality
Which of the following is a Docker network plugin designed for building security and infrastructure policies for multi-tenant microservices deployments? Weave Macvlan Kuryr Contiv
Contiv
Evil Russian hacker Ivan is attacking again! This time, he got a job in a large American company to steal commercial information for his customer to gain a competitive advantage in the market. In his attack, Ivan used all available means, especially blackmail, bribery, and technological surveillance. What is the name of such an attack? Business Loss Corporate Espionage Social Engineering Information Leakage
Corporate Espionage
An attacker tries to infect as many devices connected to the Internet with malware as possible to get the opportunity to use their computing power and functionality for automated attacks hidden from the owners of these devices. Which of the proposed approaches fits description of the attacker's actions? Using Banking Trojans Creating a botnet Mass distribution of Ransomware APT attack
Creating a botnet
Scammers can query the DNS server to determine whether a specific DNS record is cached, thereby determining your organization's browsing habits. This can disclose sensitive information such as financial institutions visited recently or other sensitive websites that a company might not want to be public knowledge of. Which of the proposed attacks fits this description? DNS cache poisoning DNSSEC zone walking DNS cache snooping DNS zone walking
DNS cache snooping
Which of the following is the best description of The final phase of every successful hacking - Clearing tracks? During a cyberattack, a hacker corrupts the event logs on all machines. A hacker gains access to a server through an exploitable vulnerability. After a system is breached, a hacker creates a backdoor. During a cyberattack, a hacker injects a rootkit into a server.
During a cyberattack, a hacker corrupts the event logs on all machines.
Rajesh wants to make the Internet a little safer and uses his skills to scan the networks of various organizations and find vulnerabilities even without the owners' permission. He informs the company owner about the problems encountered, but if the company ignores him and does not fix the vulnerabilities, Rajesh publishes them publicly and forces the company to respond. What type of hacker is best suited for Rajesh? Cybercriminal Gray hat White hat Black hat
Gray hat
Which of the following is a rootkit that adds additional code or replaces portions of the core operating system to obscure a backdoor on a system? Kernel-level rootkit. Application-level Rootkit. User-mode rootkit. Hypervisor-level rootkit.
Kernel-level rootkit.
Storing cryptographic keys carries a particular risk. In cryptography, there is a mechanism in which a third party stores copies of private keys. By using it, you are can ensure that in the case of a catastrophe, be it a security breach, lost or forgotten keys, natural disaster, or otherwise, your critical keys are safe. What is the name of this mechanism? Key schedule Key encapsulation Key whitening Key escrow
Key escrow
You need to increase the security of keys used for encryption and authentication. For these purposes, you decide to use a technique to enter an initial key to an algorithm that generates an enhanced key resistant to brute-force attacks. Which of the following techniques will you use? KDF Key reinstallation PKI Key stretching
Key stretching
Which of the following is a Kubernetes component that can assign nodes based on the overall resource requirement, data locality, software/hardware/policy restrictions, and internal workload interventions? cloud-controller-manager Kube-controller-manager Kube-scheduler Kube-apiserver
Kube-scheduler
Your company started working with a cloud service provider, and after a while, they were disappointed with their service and wanted to move to another CSP. Which of the following can become a problem when changing to a new CSP? Virtualization Lock-in Lock-down Lock-up
Lock-in
Which of the following is the type of attack that tries to overflow the CAM table? Evil twin attack DNS flood DDoS attack MAC flooding
MAC flooding
Your company plans to open a new division. You have been assigned to choose a cloud deployment model. The main requirements for the cloud model are infrastructure operated solely for your organization with the ability to customize hardware, network, and storage characteristics. Which of the following solutions will suit your organization? Community cloud Hybrid cloud Public cloud Private cloud
Private cloud
Which of the following is a type of malware that spreads from one system to another or from one network to another and causes similar types of damage as viruses to do to the infected system? Adware Trojan Rootkit Worm
Worm
Which of the following is a network forensics analysis tool that can monitor and extract information from network traffic and capture application data contained in the network traffic? Hyenae NG yersinia Xplico mitm6
Xplico
Which antenna is commonly used in communications for a frequency band of 10 MHz to VHF and UHF? Yagi antenna Dipole antenna Parabolic grid antenna Omnidirectional antenna
Yagi antenna
Which of the following is a Denial-of-service vulnerability for which security patches have not yet been released, or there is no effective means of protection? APDoS Smurf Zero-Day Yo-yo
Zero-Day
Which of the following is a Metasploit post-exploitation module that is used to escalate privileges on systems? autoroute getuid keylogrecorder getsystem
getsystem
Jenny, a pentester, conducts events to detect viruses in systems. She uses a detection method where the anti-virus executes the malicious codes on a virtual machine to simulate CPU and memory activities. Which of the following methods does Jenny use? Vulnerability scanner. Integrity checking. Code Emulation. Heuristic Analysis.
Code Emulation.
The CIA Triad is a security model that highlights the main goals of data security and serves as a guide for organizations to protect their confidential data from unauthorized access and data theft. What are the three concepts of the CIA triad? Comparison, reflection and abstraction Efficiency, equity and liberty Transference, transformation and transcendence Confidentiality, integrity, and availability
Confidentiality, integrity, and availability
Lisandro is a novice fraudster, he uses special software purchased in the depths of the network for sending his malware. This program allows it to deceive pattern-based detection mechanisms and even some behavior-based ones, disguising malwares as harmless programs. What does Lisandro use? Payload Crypter Ransomware Dropper
Crypter
Black-hat hacker Ivan created a fraudulent website to steal users' credentials. What of the proposed tasks does he need to perform so that users are redirected to a fake one when entering the domain name of a real site? DNS spoofing MAC Flooding SMS phishing ARP Poisoning
DNS spoofing
Shortly after replacing the outdated equipment, John, the company's system administrator, discovered a leak of critical customer information. Moreover, among the stolen data was the new user's information that excludes incorrect disposal of old equipment. IDS did not notice the intrusion, and the logging system shows that valid credentials were used. Which of the following is most likely the cause of this problem? Industrial Espionage NSA backdoor Default Credential Zero-day vulnerabilities
Default Credential
To protect the enterprise infrastructure from the constant attacks of the evil hacker Ivan, Viktor divided the network into two parts using the network segmentation approach. · In the first one (local, without direct Internet access), he isolated business-critical resources. · In the second (external, with Internet access), he placed public web servers to provide services to clients. Subnets communicate with each other through a gateway protected by a firewall. What is the name of the external subnet? Demilitarized Zone Bastion host WAF Network access control
Demilitarized Zone
Confidential information is stored and processed on your company's servers, however, auditing has never been enabled. What of the following should be done before enabling the audit feature? Perform a cost/benefit analysis of the audit feature. Determine the impact of enabling the audit feature. Perform a vulnerability scan of the system. Allocate funds for staffing of audit log review.
Determine the impact of enabling the audit feature.
Alex, a cybersecurity science student, needs to fill in the information into a secured PDF-file job application received from a prospective employer. He can't enter the information because all the fields are blocked. He doesn't want to request a new document that allows the forms to be completed and decides to write a script that pulls passwords from a list of commonly used passwords to try against the secured PDF until the correct password is found or the list is exhausted. Which attack is the student attempting? Brute-force attack Dictionary-attack Session hijacking Man-in-the-middle attack
Dictionary-attack
Which of the following components of IPsec provides confidentiality for the content of packets? AH ESP IKE ISAKMP
ESP
Identify the way to achieve chip-level security of an IoT device? Turning off the device when not needed or not in use Closing insecure network services Changing the password of the router Encrypting the JTAG interface
Encrypting the JTAG interface
Identify the attack by the description: It is the wireless version of the phishing scam. This is an attack-type for a rogue Wi-Fi access point that appears to be a legitimate one offered on the premises but has been set up to eavesdrop on wireless communications. When performing this attack, an attacker fools wireless users into connecting a device to a tainted hotspot by posing as a legitimate provider. This type of attack may be used to steal the passwords of unsuspecting users by either snooping the communication link or by phishing, which involves setting up a fraudulent website and luring people there. Evil Twin Sinkhole Collision Signal Jamming
Evil Twin
Monitoring your company's assets is one of the most important jobs you can perform. What warnings should you try to reduce when configuring security tools, such as security information and event management (SIEM) solutions or intrusion detection systems (IDS)? True Positives and True Negatives Only True Negatives Only False Positives False Positives and False Negatives
False Positives and False Negatives
Identify an adaptive SQL Injection testing technique by the description: A testing technique is used to discover coding errors by inputting massive amounts of random data and observing the changes in the output. Dynamic Testing. Static application security testing. Functional Testing. Fuzz Testing.
Fuzz Testing.
Identify the type of partial breaks in which the attacker discovers a functionally equivalent algorithm for encryption and decryption, but without learning the key? Total break. Information deduction. Global deduction. Instance deduction.
Global deduction.
In what type of testing does the tester have some information about the internal work of the application? Grey-box Black-box White-box Announced
Grey-box
The attacker tries to find the servers of the attacked company. He uses the following command: nmap 192.168.1.64/28 The scan was successful, but he didn't get any results. Identify why the attacker could not find the server based on the following information: The attacked company used network address 192.168.1.64 with mask 255.255.255.192. In the network, the servers are in the addresses192.168.1.122, 192.168.1.123 and 192.168.1.124. He needs to add the command ""ip address"" just before the IP address. The network must be down and the nmap command and IP address are ok. He needs to change the address to 192.168.1.0 with the same mask. He is scanning from 192.168.1.64 to 192.168.1.78 because of the mask /28 and the servers are not in that range.
He is scanning from 192.168.1.64 to 192.168.1.78 because of the mask /28 and the servers are not in that range.
Assume an attacker gained access to the internal network of a small company and launches a successful STP manipulation attack. What are his next steps? He will repeat this action so that it escalates to a DoS attack. He will repeat the same attack against all L2 switches of the network. He will create a SPAN entry on the spoofed root bridge and redirect traffic to his computer. He will activate OSPF on the spoofed root bridge.
He will create a SPAN entry on the spoofed root bridge and redirect traffic to his computer.
A rootkit is a clandestine computer program designed to provide continued privileged access to a computer while actively hiding its presence. They are classified according to the place of their injection. What type of rootkit loads itself underneath the computer's operating system and can intercept hardware calls made by the original operating system. Memory rootkit Hypervisor (Virtualized) Rootkits Kernel mode rootkits Application rootkit
Hypervisor (Virtualized) Rootkits
Which of the following is a component of IPsec that performs protocol-level functions required to encrypt and decrypt the packets? IPsec driver Oakley IPsec Policy Agent Internet Key Exchange (IKE)
IPsec driver
Alex, the system administrator, should check the firewall configuration. He knows that all traffic from workstations must pass through the firewall to access the bank's website. Alex must ensure that workstations in network 10.10.10.0/24 can only reach the bank website 10.20.20.1 using HTTPS. Which of the following firewall rules best meets this requirement? If (source matches 10.10.10.0 and destination matches 10.20.20.1 and port matches 443) then permit If (source matches 10.10.10.0/24 and destination matches 10.20.20.1 and port matches 80 or 443) then permit If (source matches 10.20.20.1 and destination matches 10.10.10.0/24 and port matches 443) then permit If (source matches 10.10.10.0/24 and destination matches 10.20.20.1 and port matches 443) then permit
If (source matches 10.10.10.0/24 and destination matches 10.20.20.1 and port matches 443) then permit
Which of the following best describes the operation of the Address Resolution Protocol? It sends a reply packet for a specific IP, asking for the MAC address. It sends a request packet to all the network elements, asking for the MAC address from a specific IP. It sends a reply packet to all the network elements, asking for the MAC address from a specific IP. It sends a request packet to all the network elements, asking for the domain name from a specific IP.
It sends a request packet to all the network elements, asking for the MAC address from a specific IP.
The fraudster Lisandro, masquerading as a large car manufacturing company recruiter, massively sends out job offers via e-mail with the promise of a good salary, a friendly team, unlimited coffee, and medical insurance. He attaches Microsoft Word or Excel documents to his letters into which he embeds a special virus written in Visual Basic that runs when the document is opened and infects the victim's computer. What type of virus does Lisandro use? Macro virus Polymorphic code Stealth virus Multipart virus
Macro virus
IPsec is a suite of protocols developed to ensure the integrity, confidentiality, and authentication of data communications over an IP network. Which protocol is NOT included in the IPsec suite? Security Association (SA) Media Access Control (MAC) Encapsulating Security Protocol (ESP) Authentication Header (AH)
Media Access Control (MAC)
Maria, the leader of the Blue Team, wants to use network traffic analysis to implement the ability to detect an intrusion in her network of several hosts quickly. Which tool is best suited to perform this task? NIDS Honeypot HIDS Firewalls
NIDS
Due to the network slowdown, the IT department decided to monitor the Internet traffic of all employees to track a possible cause, but they can't do it immediately. Which of the following is troublesome to take this kind of measure from a legal point of view? Not informing the employees that they are going to be monitored could be an invasion of privacy. The absence of an official responsible for traffic on the network. Lack of comfortable working conditions. All of the employees would stop normal work activities.
Not informing the employees that they are going to be monitored could be an invasion of privacy.
An attacker gained access to a Linux host and stolen the password file from /etc/passwd. Which of the following scenarios best describes what an attacker can do with this file? The attacker can perform actions as a user because he can open it and read the user ids and corresponding passwords. Nothing because he cannot read the file because it is encrypted. The attacker can perform actions as root because the file reveals the passwords to the root user only. Nothing because the password file does not contain the passwords themselves.
Nothing because the password file does not contain the passwords themselves.
Lisandro is engaged in sending spam. To avoid blocking, he connects to incorrectly configured SMTP servers that allow e-mail relay without authentication (which allows Lisandro to fake information about the sender's identity). What is the name of such an SMTP server? Message transfer agent. Weak SMTP. Open mail relay. Public SMTP server.
Open mail relay.
Identify the structure designed to verify and authenticate the identity of individuals within the enterprise taking part in a data exchange? single sign-on biometrics SOA PKI
PKI
An attacker stole financial information from a bank by compromising only a single server. After that, the bank decided to hire a third-party organization to conduct a full security assessment. Cybersecurity specialists have been provided with information about this case, and they need to provide an initial recommendation. Which of the following will be the best recommendation? Require all employees to change their passwords immediately. Issue new certificates to the web servers from the root certificate authority. Move the financial data to another server on the same IP subnet. Place a front-end web server in a demilitarized zone that only handles external web traffic.
Place a front-end web server in a demilitarized zone that only handles external web traffic.
Identify which of the following will provide you with the most information about the system's security posture? Phishing, spamming, sending trojans Wardriving, warchalking, social engineering Port scanning, banner grabbing, service identification Social engineering, company site browsing, tailgating
Port scanning, banner grabbing, service identification
NIST defines risk management as the process of identifying, assessing, and controlling threats to an organization's capital and earnings. But what is the "risk" itself? Potential that a threat will exploit vulnerabilities of an asset or group of assets. An occurrence that actually or potentially jeopardizes the confidentiality, integrity, or availability of an information system. The unauthorized disclosure, modification, or use of sensitive data. Weakness in an information system, system security procedures, internal controls, or implementation that could be exploited or triggered by a threat source.
Potential that a threat will exploit vulnerabilities of an asset or group of assets.
Which mode of a NIC (interface) allows you to intercept and read each network packet that arrives in its entirety? Port forwarding Multicast Promiscuous mode Simplex Mode
Promiscuous mode
Alex, a network administrator, received a warning from IDS about a possibly malicious sequence of packets sent to a Web server in the network's external DMZ. The packet traffic was captured by the IDS and saved to a PCAP file. Now Alex needs to determine if these packets are genuinely malicious or simply a false positive. Which of the following type of network tools will he use? Intrusion Prevention System (IPS). Protocol analyzer. Host-based intrusion prevention system (HIPS). Vulnerability scanner.
Protocol analyzer.
What type of cryptography is used in IKE, SSL, and PGP? Secret Key Digest Public Key Hash
Public Key
Which of the following is true about the AES and RSA encryption algorithms? RSA is asymmetric, which is used to create a public/private key pair; AES is symmetric, which is used to encrypt data. AES is asymmetric, which is used to create a public/private key pair; RSA is symmetric, which is used to encrypt data. Both are asymmetric algorithms, but RSA uses 1024-bit keys. Both are symmetric algorithms, but AES uses 256-bit keys.
RSA is asymmetric, which is used to create a public/private key pair; AES is symmetric, which is used to encrypt data.
As a result of the attack on the dating web service, Ivan received a dump of all user passwords in a hashed form. Ivan recognized the hashing algorithm and started identifying passwords. What tool is he most likely going to use if the service used hashing without salt? Rainbow table XSS Brute force Dictionary attacks
Rainbow table
What is the first and most important phase that is the starting point for penetration testing in the work of an ethical hacker? Maintaining Access Reconnaissance Gaining Access Scanning
Reconnaissance
Gabriella uses Google search operators, which allow you to optimize and expand the capabilities of regular search. What will be the result of this request? site:eccouncil.org discount -ilearn Results about all discounts from the site eccouncil.org except for the ilearn format. Results about all discounts from the site ec-council.org for the ilearn training format. Results from the ec-council website except for discounts and the ilearn format. The results that match the entire query.
Results about all discounts from the site eccouncil.org except for the ilearn format
TLS, also known as SSL, is a protocol for encrypting communications over a network. Which of the following statements is correct? SSL/TLS uses only symmetric encryption. SSL/TLS uses do not uses asymmetric or symmetric encryption. SSL/TLS uses both asymmetric and symmetric encryption. SSL/TLS uses only asymmetric encryption.
SSL/TLS uses both asymmetric and symmetric encryption.
Which of the following is the type of message that sends the client to the server to begin a 3-way handshake while establishing a TCP connection? RST SYN-ACK ACK SYN
SYN
In order to prevent collisions and protect password hashes from rainbow tables, Maria, the system administrator, decides to add random data strings to the end of passwords before hashing. What is the name of this technique? Salting Masking Stretching Extra hashing
Salting
Which of the following is most useful for quickly checking for SQL injection vulnerability by sending a special character to web applications? Backslash Semicolon Single quotation Double quotation
Single quotation
Which of the following is an access control mechanism that allows multiple systems to use a CAS that permits users to authenticate once and gain access to multiple systems? Single sign-on Discretionary Access Control (DAC) Mandatory access control (MAC) Role-Based Access Control (RBAC)
Single sign-on
Which of the following is correct? Sniffers operate on Layer 4 of the OSI model. Sniffers operate on Layer 2 of the OSI model. Sniffers operate on both Layer 2 & Layer 3 of the OSI model. Sniffers operate on Layer 3 of the OSI model.
Sniffers operate on Layer 2 of the OSI model.
Identify a low-tech way of gaining unauthorized access to information? Sniffing Scanning Social engineering Eavesdropping
Social engineering
Transmission Control Protocol accepts data from a data stream, divides it into chunks, and adds a TCP header creating a TCP segment. A TCP segment consists of a segment header and a data section. The segment header contains 10 mandatory fields and an optional extension field. Which of the suggested fields is not included in the TCP segment header? Checksum Source IP address Sequence Number Source Port
Source IP address
Which of the following is a vulnerability in modern processors such as Intel, AMD and ARM using speculative execution? Named Pipe Impersonation Application Shimming Launch Daemon Spectre and Meltdown
Spectre and Meltdown
Identify the type of DNS configuration in which first DNS server on the internal network and second DNS in DMZ? EDNS DynDNS Split DNS DNSSEC
Split DNS
John needs to send a super-secret message, and for this, he wants to use the technique of hiding a secret message within an ordinary message. The technique provides "security through obscurity." Which of the following techniques will John use? Deniable encryption Steganography Encryption Digital watermarking
Steganography
When choosing a biometric system for your company, you should take into account the factors of system performance and whether they are suitable for you or not. What determines such a factor as the throughput rate? The data collection speeds, data processing speed, or enrolment time. The probability that the system fails to detect a biometric input when presented correctly. The probability that the system incorrectly matches the input pattern to a non-matching template in the database. The maximum number of sets of data that can be stored in the system.
The data collection speeds, data processing speed, or enrolment time.
After scanning the ports on the target machine, you see a list of open ports, which seems unusual to you: Starting NMAP 5.21 at 2019-06-18 12:32 NMAP scan report for 172.19.40.112 Host is up (1.00s latency). Not shown: 993 closed ports PORT STATE SERVICE 21/tcp open ftp 23/tcp open telnet 80/tcp open http 139/tcp open netbios-ssn 515/tcp open 631/tcp open ipp 9100/tcp open MAC Address: 00:00:5D:3F:EE:92 Based on the NMAP output, identify what is most likely this host? The host is likely a printer. The host is likely a Linux machine. The host is likely a router. The host is likely a Windows machine.
The host is likely a printer.
John received this text message: "Hello, this is Jack Smith from the Gmail customer service. Kindly contact me about problems with your account: [email protected]". Which statement below is true? This is probably a legitimate message as it comes from a respectable organization. This is a scam because John does not know Jack. John should write to [email protected] to verify the identity of Jack. This is a scam as everybody can get a @gmail.com address, not the Gmail customer service employees.
This is a scam as everybody can get a @gmail.com address, not the Gmail customer service employees.
Sniffing is a process of monitoring and capturing all data packets passing through a given network. An intruder can capture and analyze all network traffic by placing a packet sniffer on a network in promiscuous mode. Sniffing can be either Active or Passive in nature. How does passive sniffing work? This is the process of sniffing through the hub. This is the process of sniffing through the gateway. This is the process of sniffing through the switch. This is the process of sniffing through the router.
This is the process of sniffing through the hub.
Identify which term corresponds to the following description: It is can potentially adversely impact a system through unauthorized access, destruction, disclosure, denial of service or modification of data. Risk Attack Threat Vulnerability
Threat
What of the following is the most common method of using "ShellShock" or "Bash Bug"? Through Web servers utilizing CGI to send a malformed environment variable. Using SYN Flood. Using SSH. Manipulate format strings in text fields.
Through Web servers utilizing CGI to send a malformed environment variable.
ISAPI filters is a powerful tool that is used to extend the functionality of IIS. However, improper use can cause huge harm. Why do EC-Council experts recommend that security analysts monitor the disabling of unused ISAPI filters? To prevent memory leaks To defend against webserver attacks To prevent leaks of confidential data To defend against wireless attacks
To defend against webserver attacks
The flexible SNMP architecture allows you to monitor and manage all network devices from a single console. The data exchange is based on the Protocol Data Unit (PDU). There are 7 PDUs in the latest version of the SNMP protocol. Which of them sends a notification about the past event immediately, without waiting for the manager's request, and does not need confirmation of receipt? GetNextRequest Trap GetRequest InformRequest
Trap
Alex, an employee of a law firm, receives an email with an attachment "Court_Notice_09082020.zip". There is a file inside the archive "Court_Notice_09082020.zip.exe". Alex does not notice that this is an executable file and runs it. After that, a window appears with the notification "This word document is corrupt" and at the same time, malware copies data to APPDATA\local directory takes place in the background and begins to beacon to a C2 server to download additional malicious binaries. What type of malware has Alex encountered? Trojan Macro Virus Key-Logger Worm
Trojan
Which of the following is a common IDS evasion technique? Unicode characters Subnetting Port knocking Spyware
Unicode characters
You want to surf safely and anonymously on the Internet. Which of the following options will be best for you? Use Tor network with multi-node. Use public WiFi. Use VPN. Use SSL sites.
Use Tor network with multi-node.
You need to conduct a technical assessment of the network for a small company that supplies medical services. All computers in the company use Windows OS. What is the best approach for discovering vulnerabilities? Create a disk image of a clean Windows installation. Use the built-in Windows Update tool. Use a scan tool like Nessus. Check MITRE.org for the latest list of CVE findings.
Use a scan tool like Nessus.
How can resist an attack using rainbow tables? Lockout accounts under brute force password cracking attempts. Use of non-dictionary words. Use password salting. All uppercase character passwords.
Use password salting.
Which of the following is the most effective way against encryption ransomware? Use the 3-2-1 backup rule. Analyze the ransomware to get the decryption key of encrypted data. Pay a ransom. Use multiple antivirus software.
Use the 3-2-1 backup rule.
Identify the type of attack according to the following scenario: Ivan, a black-hat hacker, initiates an attack on a certain organization. In preparation for this attack, he identified a well-known and trust website that employees of this company often use. In the next step, Ivan embeds an exploit into the website that infects the target systems of employees when using the website. After this preparation, he can only wait for the successful execution of his attack. Watering Hole Shellshock Spear Phishing Heartbleed
Watering Hole
Identify the algorithm according to the following description: That wireless security algorithm was rendered useless by capturing packets and discovering the passkey in seconds. This vulnerability was strongly affected to TJ Maxx company. This vulnerability led to a network invasion of the company and data theft through a technique known as wardriving. Temporal Key Integrity Protocol (TKIP) Wi-Fi Protected Access (WPA) Wi-Fi Protected Access 2 (WPA2) Wired Equivalent Privacy (WEP)
Wired Equivalent Privacy (WEP)
The evil hacker Ivan wants to attack the popular air ticket sales service. After careful study, he discovered that the web application is vulnerable to introduced malicious JavaScript code through the application form. This code does not cause any harm to the server itself, but when executed on the client's computer, it can steal his personal data. What kind of attack is Ivan preparing to use? SQL injection XSS LDAP Injection CSRF
XSS
When getting information about the web server, you should be familiar with methods GET, POST, HEAD, PUT, DELETE, TRACE. There are two critical methods in this list: PUT (upload a file to the server) and DELETE (delete a file from the server). When using nmap, you can detect all these methods. Which of the following nmap scripts will help you detect these methods? http enum http-headers http-methods http ETag
http-methods
Which of the following nmap options can be used for very fast scanning? -T5 -O -T4 -T0
-T5
Organizations need to deploy a web-based software package that requires three separate servers and internet access. What is the recommended architecture in terms of server placement? A web server and the database server facing the Internet, an application server on the internal network. A web server facing the Internet, an application server on the internal network, a database server on the internal network. All three servers need to face the Internet so that they can communicate between themselves. All three servers need to be placed internally.
A web server facing the Internet, an application server on the internal network, a database server on the internal network.
Identify a component of a risk assessment? Physical security Administrative safeguards Logical interface DMZ
Administrative safeguards
Which of the following best describes of counter-based authentication system? An authentication system that uses passphrases that are converted into virtual passwords. An authentication system that creates one-time passwords that are encrypted with secret keys. An authentication system that bases authentication decisions on physical attributes. An authentication system that bases authentication decisions on behavioural attributes.
An authentication system that creates one-time passwords that are encrypted with secret keys.
Alex works as a network administrator at ClassicUniversity. There are many Ethernet ports are available for professors and authorized visitors (but not for students) on the university campus. However, Alex realized that some students connect their notebooks to the wired network to have Internet access. He identified this when the IDS alerted for malware activities in the network. What should Alex do to avoid this problem? Disable unused ports in the switches. Separate students in a different VLAN. Ask students to use the wireless network. Use the 802.1x protocol.
Ask students to use the wireless network. Use the 802.1x protocol.
The company is trying to prevent the security breach by applying a security policy in which all Web browsers must automatically delete their HTTP browser cookies upon termination. Identify the security breach that the company is trying to prevent? Attempts by attackers to determine the employee's web browser usage patterns. Attempts by attackers to access the user and password information stored in the company's SQL database. Attempts by attackers to access websites that trust the Web browser user by stealing the employee's authentication credentials. Attempts by attackers to access passwords stored on the employee's computer.
Attempts by attackers to access websites that trust the Web browser user by stealing the employee's authentication credentials.
The analyst needs to evaluate the possible threats to Blackberry phones for third-party company. To do this, he will use the Blackjacking attack method to demonstrate how an attacker could circumvent perimeter defences and gain access to the corporate network. Which of the following tools is best suited for the analyst for this task? Blooover Paros Proxy BBProxy BBCrack
BBProxy
Which of the following stops vehicles from crashing through the doors of a building? Bollards Traffic barrier Turnstile Mantrap
Bollards
What is the name of the risk assessment method that allows you to study how various types of negative events (violations, failures or destructions) can affect the main activities of the company and key business processes? Emergency Plan Response (EPR) Business Impact Analysis (BIA) Disaster Recovery Planning (DRP) Risk Mitigation
Business Impact Analysis (BIA)
Which of the following is an entity in a PKI that will vouch for the identity of an individual or company? VA KDC CA CR
CA
Which of the following Linux-based tools will help you change any user's password or activate disabled accounts if you have physical access to a Windows 2008 R2 and an Ubuntu 9.10 Linux LiveCD? Cain & Abel CHNTPW SET John the Ripper
CHNTPW
Identify the type of fault injection attack to IoT device by description: During this attack attacker injects faults into the power supply that can be used for remote execution, also causing the skipping of key instructions. Also, an attacker injects faults into the clock network used for delivering a synchronized signal across the chip. Temperature attack Optical, EMFI, BBI Frequency/voltage tampering Power/clock/reset glitching
Power/clock/reset glitching
Which of the following types of keys does the Heartbleed bug expose to the Internet, making exploiting any compromised system very easy? Root Private Shared Public
Private
In what type of attack does the attacker forge the sender's IP address to gain access to protected systems and confidential data? Source Routing IP Spoofing IP fragmentation attack IP forwarding
IP Spoofing
Alex was assigned to perform a penetration test against a website using Google dorks. He needs to get results with file extensions. Which operator should Alex use to achieve the desired result? inurl: site: define: filetype:
filetype:
Assume you used Nmap, and after applying a command, you got the following output: Starting Nmap X.XX (http://nmap.org) at XXX-XX-XX XX:XX EDT Nmap scan report for 192.168.1.42 Host is up (0.00023s latency). Not shown: 932 filtered ports, 56 closed ports PORT STATE SERVICE - 21/Rep open ftp 22/tcp open ssh 25/tcp open smtp 53/tcp open domain 80/tcp open http 110/tcp open pop3 143/tcp open imap 443/tcp open https 465/tcp open smtps 587/tcp open submission 993/tcp open imaps 995/tcp open pop3s Nmap done: 1 IP address (1 host up) scanned in 3.90 seconds Which of the following command-line parameter could you use to determine the service protocol, the application name, the version number, hostname, device type? -sS -sV -sT -sY
-sV
Andrew, an evil hacker, research the website of the company which he wants to attack. During the research, he finds a web page and understands that the company's application is potentially vulnerable to Server-side Includes Injection. Which web-page file type did Andrew find while researching the site? .html .stm .cms .rss
.stm
Which of the following is an example of a scareware social engineering attack? A banner appears to a user stating, "Your password has expired. Click here to update your password." A pop-up appears to a user stating, "Your computer may have been infected with spyware. Click here to install an anti-spyware tool to resolve this issue." A banner appears to a user stating, "Your order has been delayed. Click here to find out your new delivery date." A pop-up appears to a user stating, "You have won money! Click here to claim your prize!"
A pop-up appears to a user stating, "Your computer may have been infected with spyware. Click here to install an anti-spyware tool to resolve this issue."
John sends an email to his colleague Angela and wants to ensure that the message will not be changed during the delivery process. He creates a checksum of the message and encrypts it using asymmetric cryptography. What key did John use to encrypt the checksum? Angela's private key His own private key. His own public key. Angela's public key.
Angela's public key.
Implementing the security testing process early in the SDLC is the key to finding out and fixing the security bugs early in the SDLC lifecycle. The security testing process can be performed in two ways, Automated or Manual web application security testing. Which of the proposed statements is true? Neural networks and artificial intelligence are already used in new tools and do not require additional actions Manual testing is obsolete and should be completely replaced by automatic testing. Automatic testing requires a lot of money and is still very imperfect, so it cannot be used for security Automatic and manual testing should be used together to better cover potential problems
Automatic and manual testing should be used together to better cover potential problems
Alex, a security engineer, needs to determine how much information can be obtained from the firm's public-facing web servers. First of all, he decides to use Netcat to port 80 and receive the following output: HTTP/1.1 200 OK - Server: Microsoft-IIS/6 - Expires: Tue, 17 Jan 2011 01:41:33 GMT Date: Mon, 16 Jan 2011 01:41:33 GMT Content-Type: text/html - Accept-Ranges: bytes - Last Modified: Wed, 28 Dec 2010 15:32:21 GMT ETag:"b0aac0542e25c31:89d" Content-Length: 7369 - Which of the following did Alex do? Cross-Site Request Forgery. SQL injection. Banner grabbing. Cross-site scripting.
Banner grabbing.
Are you sure your network is perfectly protected and no evil hacker Ivan listens to all your traffic? What, ignorance is the greatest source of happiness. There is a powerful tool written in Go that will allow an attacker to carry out a Man in the middle (MITM) attack using, for example, ordinary arp spoofing. What kind of tool are we talking about? BetterCAP Gobbler DerpNSpoof Wireshark
BetterCAP
Identify the type of SQLi by description: This type of SQLi doesn't show any error message. Its use may be problematic due to as it returns information when the application is given SQL payloads that elicit a true or false response from the server. When the attacker uses this method, an attacker can extract confidential information by observing the responses. Out-of-band SQLi Error-based SQLi Union SQLi Blind SQLi
Blind SQLi
Which of the following method of password cracking takes the most time? Rainbow tables Dictionary attack Shoulder surfing Brute force
Brute force
Identify the encryption algorithm by the description: Symmetric-key block cipher having a classical 12- or 16-round Feistel network with a block size of 64 bits for encryption, which includes large 8 × 32-bit S-boxes based on bent functions, modular addition and subtraction, key-dependent rotation, and XOR operations. This cipher also uses a "masking" key and a "rotation" key for performing its functions. AES CAST-128 GOST DES
CAST-128
Ivan, an evil hacker, spreads Emotet malware through the malicious script in the organization he attacked. After infecting the device, he used Emote to spread the infection across local networks and beyond to compromise as many machines as possible. He reached this thanks to a tool which is a self-extracting RAR file (containing bypass and service components) to retrieve information related to network resources such as writable share drives. What tool did Ivan use? Mail PassView NetPass.exe Outlook scraper Credential enumerator
Credential enumerator
While performing online banking using a browser, your friend receives a message that contains a link to a website. He decides to click on this link, and another browser session starts and displays a funny video. A few hours later, he receives a letter from the bank stating that his online bank was visited from another country and tried to transfer money. The bank also asks him to contact them and confirm the transfer if he really made it. What vulnerability did the attacker use when attacking your friend? Clickjacking Cross-Site Request Forgery Cross-Site Scripting Webform input validation
Cross-Site Request Forgery
The cyber kill chain is essentially a cybersecurity model created by Lockheed Martin that traces the stages of a cyber-attack, identifies vulnerabilities, and helps security teams to stop the attacks at every stage of the chain. At what stage does the intruder transmit the malware via a phishing email or another medium? Weaponization Installation Actions on Objective Delivery
Delivery
John, a black hat hacker, wants to find out if there are honeypots in the system that he will attack. For this purpose, he will use a time-based TCP fingerprinting method to validate the response to a computer and the response of a honeypot to a manual SYN request. Identify which of the following techniques will John use? Detecting the presence of Honeyd honeypots. Detecting the presence of UML Honeypot. Detecting the presence of Snort_inline honeypots. Detecting the presence of Sebek-based honeypots.
Detecting the presence of Honeyd honeypots.
Ivan, a black hat hacker, got the username from the target environment. In conditions of limited time, he decides to use a list of common passwords, which he will pass as an argument to the hacking tool. Which of the following is the method of attack that Ivan uses? Smudge attack. Known plaintext attack. Dictionary attack. Password spraying attack.
Dictionary attack.
Identify the technology according to the description: It's an open-source technology that can help in developing, packaging, and running applications. Also, the technology provides PaaS through OS-level virtualization, delivers containerized software packages, and promotes fast software delivery. This technology can isolate applications from the underlying infrastructure and stimulating communication via well-defined channels. Virtual machine Docker Paravirtualization Serverless computing
Docker
Evil hacker Ivan knows that his target point and user are compatible with WPA2 and WPA 3 encryption mechanisms. He decided to install a rogue access point with only WPA2 compatibility in the vicinity and forced the victim to go through the WPA2 four-way handshake to connect. As soon as the connection is established, Ivan plans to use automated tools to crack WPA2-encrypted messages. Which of the following attacks does Ivan want to perform? Side-channel attack Cache-based attack Timing-based attack Downgrade security attack
Downgrade security attack
The company secretly hired hacker Ivan to attack its competitors before a major tender. Ivan did not start with complex technological attacks but decided to hit the employees and their reputation. To do this, he collected personal information about key employees of a competitor company. Then he began to distribute it in the open form on the Internet by adding false information about past racist statements of employees. As a result of the scandal in social networks and the censure of employees, competitors lost the opportunity to win the tender, and Ivan's work was done. What is the name of this form of attack? Doxing Daisy-chaining Vishing Piggybacking
Doxing
Which of the following modes of IPSec should you use to assure integrity and confidentiality of data within the same LAN? AH transport mode. ESP transport mode. AH tunnel mode. ESP tunnel mode.
ESP transport mode.
Your company regularly conducts backups of critical servers but cannot afford them to be sent off-site vendors for long-term storage and archiving. The company found a temporary solution in the form of storing backups in the company's safe. During the next audit, there was a risk associated with the fact that backup storages are not stored off-site. The company manager has a plan to take the backup storages home with him and wants to know what two things he can do to secure the backup tapes while in transit? Encrypt the backup tapes and use a courier to transport them. Hash the backup tapes and transport them in a lockbox. Encrypt the backup tapes and transport them in a lockbox. Degauss the backup tapes and transport them in a lockbox.
Encrypt the backup tapes and transport them in a lockbox.
Which of the following is a Mirai-based botnet created by threat group Keksec, which specializes in crypto mining and DDoS attacks? BlueBorne Enemybot SeaCat Censys
Enemybot
sqlmap.py -u "http://10.10.37.12/?p=1&forumaction=search" --dbs Which of the following does this command do? Creating backdoors using SQL injection. Enumerating the databases in the DBMS for the URL. Searching database statements at the IP address given. Retrieving SQL statements being executed on the database.
Enumerating the databases in the DBMS for the URL.
Ivan, a black-hat hacker, performs a man-in-the-middle attack. To do this, it uses a rogue wireless AP and embeds a malicious applet in all HTTP connections. When the victims went to any web page, the applet ran. Which of the following tools could Ivan probably use to inject HTML code? Aircrack-ng Ettercap Wireshark tcpdump
Ettercap
Which of the following types of attack does the use of Wi-Fi Pineapple belong to run an access point with a legitimate-looking SSID for a nearby business? MAC spoofing attackAndrew, an evil hacker, research the website of the company which he wants to attack. During the research, he finds a web page and understands that the company's application is potentially vulnerable to Server-side Includes Injection. Which web-page file type did Andrew find while researching the site? .html .stm (Correct) .cms .rss Phishing attack Evil-twin attack Wardriving attack
Evil-twin attack
Adam is a shopaholic, and he constantly surfs on the Internet in search of discounted products. The hacker decided to take advantage of this weakness of Adam and sent a fake email containing a deceptive page link to his social media page with information about a sale. Adam anticipating the benefit didn't notice the malicious link, clicked on them and logged in to that page using his valid credentials. Which of the following tools did the hacker probably use? Evilginx XOIC PyLoris sixnet-tools
Evilginx
The boss has instructed you to test the company's network from the attacker's point of view to find out what exploits and vulnerabilities are accessible to the outside world by using devices such as firewalls, routers, and servers. During this process, you should also external assessment estimates the threat of network security attacks external to the organization. What type of vulnerability assessment should you perform? Active Assessments Passive assessment Host-based Assessments External assessment
External assessment
Which of the following services is running on port 21 by default? Domain Name System Border Gateway Protocol File Transfer Protocol Service Location Protocol
File Transfer Protocol
Your boss has instructed you to introduce a hybrid encryption software program into a web application to secure email messages. You are planning to use free software that uses both symmetric-key cryptography and asymmetric-key cryptography for improved speed and secure key exchange. Which of the following meets these requirements? S/MIME GPG PGP SMTP
GPG
Which of the following is a tool that passively maps and visually displays an ICS/SCADA network topology while safely conducting device discovery, accounting, and reporting on these critical cyber-physical systems? Fritzing Radare2 SearchDiggity GRASSMARLIN
GRASSMARLIN
Which of the following type of hackers refers to an individual who works both offensively and defensively? White Hat Black Hat Gray Hat Suicide Hacker
Gray Hat
Which of the following is an injection technique which attackers use to modify a website's appearance? File inclusion SQL injection Command injection HTML injection
HTML injection
John, a black hacker, is trying to do an SMTP enumeration. What useful information can John gather during a Simple Mail Transfer Protocol enumeration? He can use two internal commands VRFY and EXPN, which provide information about valid users, email addresses, etc. He can use the internal command RCPT provides a list of ports open. He can find information about the daily outgoing message limits before mailboxes are locked. He can receive a list of all mail proxy server addresses used by the company.
He can use two internal commands VRFY and EXPN, which provide information about valid users, email addresses, etc.
Which characteristic is most likely not to be used by companies in biometric control for use on the company's territory? Height/Weight Voice Iris patterns Fingerprints
Height/Weight
Which of the following is a cloud malware designed to exploit misconfigured kubelets in a Kubernetes cluster and infect all containers present in the Kubernetes environment? Trivy Hildegard Heartbleed Kubescape
Hildegard
The attacker needs to collect information about his victim - Maria. She is an extrovert who often posts a large amount of private information, photos, and location tags of recently visited places on social networks. Which automated tool should an attacker use to gather information to perform other sophisticated attacks? Ophcrack Hootsuite HULK VisualRoute
Hootsuite
In which of the following cloud service models do you take full responsibility for the maintenance of the cloud-based resources? IaaS SaaS BaaS PaaS
IaaS
Identify the correct sequence of steps involved in the vulnerability-management life cycle. Vulnerability scan -> Identify assets and create a baseline -> Risk assessment -> Remediation -> Verification -> Monitor. Identify assets and create a baseline -> Vulnerability scan -> Risk assessment -> Remediation -> Verification -> Monitor. Vulnerability scan -> Risk assessment -> Identify assets and create a baseline -> Remediation -> Monitor -> Verification. Remediation -> Monitor -> Verification -> Vulnerability scan -> Risk assessment -> Identify assets and create a baseline.
Identify assets and create a baseline -> Vulnerability scan -> Risk assessment -> Remediation -> Verification -> Monitor.
The attacker gained credentials of an organization's internal server system and often logged in outside work hours. The organization commissioned the cybersecurity department to analyze the compromised device to find incident details such as the type of attack, its severity, target, impact, method of propagation, and vulnerabilities exploited. What is the incident handling and response process, in which the cybersecurity department has determined these issues? Eradication. Incident triage. Preparation. Incident recording and assignment.
Incident triage.
What property is provided by using hash? Confidentiality Authentication Integrity Availability
Integrity
The attacker disabled the security controls of NetNTLMv1 by modifying the values of LMCompatibilityLevel, NTLMMinClientSec, and RestrictSendingNTLMTraffic. His next step was to extract all the non-network logon tokens from all the active processes to masquerade as a legitimate user to launch further attacks. Which of the following attacks was performed by the attacker? Internal monologue attack Dictionary attack Phishing attack Rainbow table attack
Internal monologue attack
Ivan, a black hacker, wants to attack the target company. He thought about the fact that vulnerable IoT devices could be used in the company. To check this, he decides to use the tool, scan the target network for specific types of IoT devices and detect whether they are using the default, factory-set credentials. Which of the following tools will Ivan use? Bullguard IoT Cloud IoT Core Azure IoT Central IoTSeeker
IoTSeeker
Black-hat hacker Ivan attacked the SCADA system of the industrial water facility. During the exploration process, he discovered that outdated equipment was being used, the human-machine interface (HMI) was directly connected to the Internet and did not have any security tools or authentication mechanism. This allowed Ivan to control the system and influence all processes (including water pressure and temperature). What category does this vulnerability belong to? Code Injection. Lack of Authorization/Authentication and Insecure Defaults. Credential Management. Memory Corruption.
Lack of Authorization/Authentication and Insecure Defaults.
You need to identify the OS on the attacked machine. You know that TTL: 64 and Window Size: 5840. Which is OS running on the attacked machine? Windows OS Linux OS Mac OS Google's customized Linux
Linux OS
In which of the following Logging framework was a vulnerability discovered in December 2021 that could cause damage to millions of devices and Java applications? SLF4J Log4J Logback Apache Commons Logging
Log4J
Which of the following services run on TCP port 123 by default? POP3 DNS Telnet NTP
NTP
Enumeration is a process which establishes an active connection to the target hosts to discover potential attack vectors in the system, and the same can be used for further exploitation of the system. What type of enumeration is used to get shared resources on individual hosts on the network and a list of computers belonging to the domain? SNMP enumeration Netbios enumeration NTP enumeration SMTP enumeration
Netbios enumeration
Passwords are rarely stored in plain text, most often, one-way conversion (hashing) is performed to protect them from unauthorized access. However, there are some attacks and tools to crack the hash. Look at the following tools and select the one that can NOT be used for this. Netcat John the Ripper Hashcat Ophcrack
Netcat
Which of the following tools is an automated tool that eases his work and performs vulnerability scanning to find hosts, services, and other vulnerabilities in the target server? NCollector Studio Infoga WebCopier Pro Netsparker
Netsparker
The absolute majority of routers and switches use packet filtering firewalls. That kind of firewalls makes decisions about allowing traffic to pass into the network based on the information contained in the packet header. At what level of the OSI model do these firewalls work? Network layer Session layer Application layer Physical layer
Network layer
Leonardo, an employee of a cybersecurity firm, conducts an audit for a third-party company. First of all, he plans to run a scanning that looks for common misconfigurations and outdated software versions. Which of the following tools is most likely to be used by Leonardo? Metasploit Nikto Nmap Armitage
Nikto
The Domain Name System (DNS) is the phonebook of the Internet. When a user tries to access a web address like "example.com", web browser or application performs a DNS Query against a DNS server, supplying the hostname. The DNS server takes the hostname and resolves it into a numeric IP address, which the web browser can connect to. Which of the proposed tools allows you to set different DNS query types and poll arbitrarily specified servers? Wireshark Nslookup Metasploit Nikto
Nslookup
Which of the following frameworks contains a set of the most popular tools that facilitate your tasks of collecting information and data from open sources? BeEF WebSploit Framework Speed Phish Framework OSINT framework
OSINT framework
Jonathan, the evil hacker, wants to capture all the data transmitted over a network and perform expert analysis of each part of the target network. Which of the following tools will help him execute this attack? OmniPeek arpspoof ike-scan Spoof-Me-Now
OmniPeek
What is the name of the practice of collecting information from published or otherwise publicly available sources? Human intelligence Artificial intelligence Open-source intelligence Social intelligence
Open-source intelligence
You have been instructed to collect information about specific threats to the organization. You decide to collect the information from humans, social media, chat rooms, and events that resulted in cyberattacks. You also prepared a report that includes identified malicious activities, recommended courses of action, and warnings for emerging attacks in this process. Thanks to this information, you were able to disclose potential risks and gain insight into attacker methodologies. What is the type of threat intelligence collected by you? Operational threat intelligence. Tactical threat intelligence. Strategic threat intelligence. Technical threat intelligence.
Operational threat intelligence.
Which of the following standards is most applicable for a major credit card company? PCI-DSS FISMA HIPAA Sarbanes-Oxley Act
PCI-DSS
Whois services allow you to get a massive amount of valuable information at the stage of reconnaissance. Depending on the target's location, they receive data from one of the five largest regional Internet registries (RIR). Which of the following RIRs should the Whois service contact if you want to get information about an IP address registered in France? RIPE NCC ARIN LACNIC APNIC
RIPE NCC
Which of the following is an attack where used precomputed tables of hashed passwords? Brute Force Attack Hybrid Attack Dictionary Attack Rainbow Table Attack
Rainbow Table Attack
In which phase of the ethical hacking process can Google hacking be used? For example: allintitle: root passwd Maintaining Access Reconnaissance Gaining Access Scanning and Enumeration
Reconnaissance
The company hired a cybersecurity specialist to conduct an audit of their mobile application. On the first day of work, the specialist suggested starting with the fact that he would extract the source code of a mobile application and disassemble the application to analyze its design flaws. He is sure that using this technique, he can fix bugs in the application, discover underlying vulnerabilities, and improve defence strategies against attacks. Which of the following techniques will the specialist use? Rooting. Jailbreaking. Application sandboxing. Reverse engineering.
Reverse engineering.
Have you spent a lot of time and money on creating photo materials for your business? You probably don't want anyone else to use them. But you don't need to hire a cool hacker to solve this problem. There is a reasonably simple method using search engines to search for photographs, profile pictures, and memes. What method are we talking about? Metasearch engines Google dorking Google advanced search Reverse image search
Reverse image search
Which of the following help to prevent replay attacks and uses in garage door openers or keyless car entry system? Locking code Rolling code Rotating code Unlocking code
Rolling code
Which of the following documents describes the specifics of the testing, the associated violations and essentially protects both the organization's interest and third-party penetration tester? Rules of Engagement Service Level Agreement Non-Disclosure Agreement Project Scope
Rules of Engagement
Incorrectly configured S3 buckets are among the most common and widely targeted attack vectors. All it takes is one or two clicks to upload sensitive data to the wrong bucket or change permissions on a bucket from private to public. Which one of the following tools can you use to enumerate bucket permissions? DumpsterDiver S3 Inspector Sysdig Ruler
S3 Inspector
The network administrator has received the task to eliminate all unencrypted traffic inside the company's network. During the analysis, it detected unencrypted traffic in port UDP 161. Which of the following protocols uses this port and what actions should the network administrator take to fix this problem? RPC and the best practice is to disable RPC completely. SNMP and he should change it to SNMP V2. SNMP and he should change it to SNMP V3. CMIP and enable the encryption for CMIP.
SNMP and he should change it to SNMP V3.
To send an email using SMTP protocol which does not encrypt messages and leaving the information vulnerable to being read by an unauthorized person. To solve this problem, SMTP can upgrade a connection between two mail servers to use TLS, and the transmitted emails will be encrypted. Which of the following commands is used by SMTP to transmit email over TLS? UPGRADETLS OPPORTUNISTICTLS FORCETLS STARTTLS
STARTTLS
Ivan, the black hat hacker, plugged in a rogue switch to an unused port in the LAN with a priority lower than any other switch in the network so that he could make it a root bridge that will later allow him to sniff all the traffic in the target's network. What attack did Ivan perform? ARP spoofing. STP attack. DNS poisoning. VLAN hopping.
STP attack.
Alexa, a college student, decided to go to a cafe. While waiting for her order, she decided to connect to a public Wi-Fi network without additional security tools such as a VPN. How can she verify that nobody is not performing an ARP spoofing attack on her laptop? She should check her ARP table and see if there is one IP address with two different MAC addresses. She should scan the network using Nmap to check the MAC addresses of all the hosts and look for duplicates. She should use netstat to check for any suspicious connections with another IP address within the LAN. She can't identify such an attack and must use a VPN to protect her traffic.
She should check her ARP table and see if there is one IP address with two different MAC addresses.
Rajesh, a black-hat hacker, could not find vulnerabilities in the target company's network since their infrastructure is very well protected. IDS, firewall with strict rules, etc. He is trying to find such an attack method independent of the reliability of the infrastructure of this company. Which attack is an option suitable for Rajesh? Denial-of-Service Confidence trick Buffer Overflow Social Engineering
Social Engineering
The attacker created a fraudulent email with a malicious attachment and sent it to employees of the target organization. The employee opened this email and clicked on the malicious attachment. Because of this, the malware was downloaded and injected into the software used in the victim's system occurred. Further, the malware propagated itself to other networked systems and finally damaging the industrial automation component. Which of the following attack techniques was used by the attacker? SMishing attack Reconnaissance attack Spear-phishing attack HMI-based attack
Spear-phishing attack
In which of the following attacks does the attacker receive information from data sources such as voice assistants, multimedia messages, and audio files by using a malicious app to breach speech privacy? DroidDream Spearphone attack SIM swap scam Smudge attack
Spearphone attack
Experienced employees of the EC-Council monitor the market of security providers every day in search of the best solutions for your business. According to EC-Council experts, which vulnerability scanner combines comprehensive static and dynamic security checks to detect vulnerabilities such as XSS, File Inclusion, SQL injection, command execution, and more? Cisco ASA AT&T USM Anywhere Syhunt Hybrid Saleae Logic Analyzer
Syhunt Hybrid
Black-hat hacker Ivan wants to determine the status of ports on a remote host. He wants to do this quickly but imperceptibly for IDS systems. For this, he uses a half-open scan that doesn't complete the TCP three-way handshake. What kind of scanning does Ivan use? FIN scan PSH Scan XMAS scans TCP SYN (Stealth) Scan
TCP SYN (Stealth) Scan
You need to protect the company's network from imminent threats. To complete this task, you will enter information about threats into the security devices in a digital format to block and identify inbound and outbound malicious traffic entering the company's network. Which of the following types of threat intelligence will you use? Tactical threat intelligence. Technical threat intelligence. Operational threat intelligence. Strategic threat intelligence.
Technical threat intelligence.
One of the most popular tools in the pentester's arsenal - John the Ripper is designed for... Automation of the process of detecting and exploiting the SQL injection vulnerability. Search for various default and insecure files, configurations, and programs on any type of web servers. Discover hosts and services on a computer network by sending packets and analyzing the responses. Test password strength, brute-force encrypted or hashed passwords, and crack passwords via dictionary attacks. (Correct)
Test password strength, brute-force encrypted or hashed passwords, and crack passwords via dictionary attacks.
There are different ways of pentest of a system, network, or application in information security based on how much information you have about the target. There's black box testing, white box testing, and gray box testing. Which of the statements is true about grey-box testing? The tester has full access to the internal structure. The tester does not have access at all. The tester is unaware of the internal structure. The tester only partially knows the internal structure.
The tester only partially knows the internal structure.
Which term from the following describes a set of vulnerabilities that allows spyware to be installed on smartphones with the iOS operating system, allowing those who conducted espionage to track and monitor every action on the device? Trident Androrat Zscaler DroidSheep
Trident
What flags will be set when scanning when using the following command: #nmap -sX host.companydomain.com SYN and ACK flags are set. ACK flag is set. URG, PUSH and FIN are set. SYN flag is set.
URG, PUSH and FIN are set.
Which of the following USB tools using to copy files from USB devices silently? USBSniffer USBGrabber USBSnoopy USBDumper
USBDumper
Identify the type of SQL injection where attacks extend the results returned by the original query, enabling attackers to run two or more statements if they have the same structure as the original one? Union SQL injection Blind SQL Injection Error-based SQL Injection
Union SQL injection
Which of the scenarios corresponds to the behaviour of the attacker from the example below: The attacker created and configured multiple domains pointing to the same host to switch quickly between the domains and avoid detection. Unspecified proxy activities. Data staging. DNS tunnelling. Use of command-line interface.
Unspecified proxy activities.
The ping utility is used to check the integrity and quality of connections in networks. In the process, it sends an ICMP Echo-Request and captures the incoming ICMP Echo-Reply, but quite often remote nodes block or ignore ICMP. Which of the options will solve this problem? Use arping Use broadcast ping Use hping Use traceroute
Use hping
What is the "wget 192.168.0.10 -q -S" command used for? Using wget to perform banner grabbing on the webserver. Download all the contents of the web page locally. Performing content enumeration on the web server to discover hidden folders. Flooding the web server with requests to perform a DoS attack.
Using wget to perform banner grabbing on the webserver.
You have been instructed to organize the possibility of working remotely for employees. Their remote connections could be exposed to session hijacking during the work, and you want to prevent this possibility. You decide to use the technology that creates a safe and encrypted tunnel over a public network to securely send and receive sensitive information and prevent hackers from decrypting the data flow between the endpoints. Which of the following technologies will you use? DMZ Bastion host Split tunneling VPN
VPN
This attack exploits a vulnerability that provides additional routing information in the SOAP header to support asynchronous communication. Also, it further allows the transmission of web-service requests and response messages using different TCP connections. Which of the following attacks matches the description above? XML Flooding Soap Array Attack WS-Address spoofing SOAPAction spoofing
WS-Address spoofing
Which of the following SOAP extensions apply security to Web services and maintain the integrity and confidentiality of messages? WSDL WS-Policy WS-Security WS-BPEL
WS-Security
What is the name of the technique in which attackers move around the territory in a moving vehicle and use special equipment and software to search for vulnerable and accessible WiFi networks? Wireless sniffing Spectrum analysis Wardriving Rogue access point
Wardriving
You are investigating to determine the reasons for compromising the computers of your company's employees. You will find out that the machines were infected through sites that employees often visit. When an employee opens a site, there is a redirect from a web page, and malware downloads to the machine. Which of the following attacks did the attacker perform on your company's employees? Watering hole DNS rebinding Clickjacking MarioNet
Watering hole
During the pentest, Maria, the head of the blue team, discovered that the new online service has problems with the authentication mechanism. The old password can be reset by correctly answering the secret question, and the sending form does not have protection using a CAPTCHA, which allows a potential attacker to use a brute force attack. What is the name of such an attack in the Enumeration of Common Disadvantages (CWE)? User impersonation. Weak password recovery mechanism. Verbose failure messages. Insecure transmission of credentials.
Weak password recovery mechanism.
At which of the following steps of the Cyber Kill Chain is the creation of a malware weapon, for example, such as a malicious file disguised as a financial spreadsheet? Delivery Reconnaissance Weaponization Exploitation
Weaponization
You want to prevent possible SQLi attacks on your site. To do this, you decide to use a practice whereby only a list of entities such as the data type, range, size, and value, which have been approved for secured access, is accepted. Which of the following practices are you going to adopt? Blacklist validation. Output encoding. Enforce least privileges. Whitelist validation.
Whitelist validation.
The attacker managed to gain access to Shellshock, and now he can execute arbitrary commands and gain unauthorized access to many Internet-facing services. Which of the following operating system can't be affected by an attacker yet? OS X Windows Linux Unix
Windows
Identify technique for securing the cloud resources according to describe below: This technique assumes by default that a user attempting to access the network is not an authentic entity and verifies every incoming connection before allowing access to the network. When using this technique imposed conditions such that employees can access only the resources required for their role. Serverless computing Container technology DMZ Zero trust network
Zero trust network
Identify Google advanced search operator which helps an attacker gather information about websites that are similar to a specified target URL? [link:] [related:] [inurl:] [site:]
[related:]
The attacker performs the attack using micro:bit and Btlejack, gradually executed different commands in the console. After executing this attack, he was able to read and export sensitive information shared between connected devices. Which of the following commands did the attacker use to hijack the connections? btlejack -d /dev/ttyACM0 -d /dev/ttyACM2 -s btlejack -f 0x9c68fd30 -t -m 0x1fffffffff btlejack -s btlejack -c any
btlejack -f 0x9c68fd30 -t -m 0x1fffffffff
Which of the following commands is used to clear the bash history? history -c history -n history -w history -a
history -c
What Linux command will you use to resolve a domain name into an IP address? host -t AXFR resolveddomain.com host -t a resolveddomain.com host -t ns resolveddomain.com host -t soa resolveddomain.com
host -t a resolveddomain.com
Which of the following is an anonymizer that masks real IP addresses and ensures complete and continuous anonymity for all online activities? https://karmadecay.com https://www.baidu.com https://www.guardster.com https://www.wolframalpha.com
https://www.guardster.com
John, a cybersecurity specialist, wants to perform a syn scan in his company's network. He has two machines. The first machine (192.168.0.98) has snort installed, and the second machine (192.168.0.151) has kiwi Syslog installed. When he started a syn scan in the network, he notices that kiwi Syslog is not receiving the alert message from snort. He decides to run Wireshark in the snort machine to check if the messages are going to the kiwi Syslog machine. What Wireshark filter will show the connections from the snort machine to kiwi Syslog machine? tcp.dstport==514 && ip.dst==192.168.0.151 tcp.dstport==514 && ip.dst==192.168.0.0/16 tcp.srcport==514 && ip.src==192.168.0.98 tcp.srcport==514 && ip.src==192.168.151
tcp.dstport==514 && ip.dst==192.168.0.151
The SOC analyst of the company wants to track the transfer of files over the unencrypted FTP protocol, which filter for the Wireshark sniffer should he use? tcp.port == 80 tcp.port == 443 tcp.port = 23 tcp.port ==21
tcp.port ==21
Identify a tool that can be used for passive OS fingerprinting? tcpdump nmap ping tracert
tcpdump
Jack needs to analyze the files produced by several packet-capture programs such as Wireshark, tcpdump, EtherPeek and WinDump. Which of the following tools will Jack use? OpenVAS Nessus tcptraceroute tcptrace
tcptrace
WPS is a rather troubled wireless network security standard. While it can make your life easier, it is also vulnerable to attacks. An attacker within radio range can brute-force the WPS PIN for a vulnerable access point, obtain WEP or WPA passwords, and likely gain access to the Wi-Fi network. However, first, the attacker needs to find a vulnerable point. Which of the following tools is capable of determining WPS-enabled access points? wash ntptrace net view macof
wash