CEHv11 Simulated Exam - Set B
Which type of assessment tools are used to find and identify previously unknown vulnerabilities in a system? A: Depth assessment tools B: Scope assessment tools C: Application-layer vulnerability assessment tools D: Active scanning tools
A: Depth assessment tools
Which location and data examination tool interacts only with the real machine where it resides and provides a report to the same machine after scanning? A: Network-based scanner B: Proxy scanner C: Cluster scanner D: Agent-based scanner
A: Network-based scanner
Which of the following attack techniques uses the cryptanalytic time-memory trade-off and requires less time than other techniques? A: Rainbow table attack B: Distributed network attack C: Toggle-case attack D: PRINCE attack
A: Rainbow table attack
Identify the Google search query used by an attacker to extract the list of FTP/SFTP passwords from sublime text. A: inurl:github.com intext:.ftpconfig -issues B:inurl:"ftp://www." "Index of /" C:intitle:"Index Of" intext:sftp-config.json D: inurl:"ftp://www." "Index of /"
C:intitle:"Index Of" intext:sftp-config.json
Which of the following attacks runs malicious code inside a browser and causes an infection that persists even after closing or browsing away from the malicious web page that spread the infection? A Clickjacking attack B DNS rebinding attack C MarioNet attack D XML poisoning
C MarioNet attack
In which of the following attacks does an attacker install a fake communication tower between two authentic endpoints with the intention of misleading a user and interrupting the data transmission between the user and real tower to hijack an active session? A Rogue AP attack B Key reinstallation attack C Wardriving D aLTEr attack
D aLTEr attack
Larry, a professional hacker, was hired to launch a few attacks on an organization. In the process, he identified that FTP server ports are open and performed enumeration on FTP to find the software version and state of existing vulnerabilities for performing further exploitations. What is the FTP port number that Larry has targeted? TCP 25 TCP 20/21 TCP/UDP 5060, 5061 TCP 179
TCP 20/21
Which of the following is a bidirectional antenna used to support client connections, rather than site-to-site applications? Yagi antenna Reflector antenna Dipole antenna Directional antenna
Dipole antenna
Jim, a professional hacker, was hired to perform an attack on an organization. In the attack process, Jim targeted the SMTP server of the target organization and performed SMTP enumeration using the smtp-user-enum tool. He used some options in the tool to gather the usernames of the target organization's employees. Which of the following options did Jim use in the SMTP command for guessing the username from among EXPN, VRFY, and RCPT TO? -m n -u user -M mode -p port
-M mode
Which of the following elements can be extracted using the queryhttp://www.certifiedhacker.com/page.aspx?id=1 or 1=convert (int,(select top 1 name from sysobjects where xtype=char(85)))-- ? A 1st database table B 1st table column name C 1st field of the 1st row D Database name
A 1st database table
Which of the following is a category of hackers who are also known as crackers, use their extraordinary computing skills for illegal or malicious purposes, and are often involved in criminal activities? A Black hats B White hats C Suicide hackers D Script kiddies
A Black hats
Which of the following techniques involves sending unsolicited messages over Bluetooth to Bluetooth-enabled devices such as mobile phones and laptops? A Bluejacking B Bluesmacking C Bluebugging D BluePrinting
A Bluejacking
Which of the following cloud services provides data processing services, such as IoT services for connected devices, mobile and web applications, and batch-and-stream processing? A Function as a service (FaaS) B Container as a service (CaaS) C Security as a service (SECaaS) D Identity as a service (IDaaS)
A Function as a service (FaaS)
Santa, an attacker, targeted an organization's web infrastructure and sent partial HTTP requests to the target web server. When the partial requests were received, the web server opened multiple connections and waited for the requests to complete; however, these requests remained incomplete, causing the target server's maximum concurrent connection pool to be exhausted and additional connection attempts to be denied. Which of the following attack techniques was employed by Santa? A Slowloris attack B Ping-of-death (PoD) attack C Multi-vector attack D Smurf attack
A Slowloris attack
Which of the following is an evasion technique that involves replacing characters with their ASCII codes in hexadecimal form and prefixing each code point with the percent sign (%)? A URL encoding B Sophisticated matches C Null byte D Case variation
A URL encoding
Which of the following techniques is used by an attacker to perform automated searches on the target website and collect specified information, such as employee names and email addresses? A Web spidering B Website mirroring C Monitoring of web updates D Website link extraction
A Web spidering
Which of the following scanning techniques is used by an attacker to send a TCP frame to a remote device with the FIN, URG, and PUSH flags set? A Xmas scan B TCP Maimon scan C ACK flag probe sca D IDLE/IPID header scan
A Xmas scan
Which of the following drozer commands is used by an attacker to find the list of various exported activities, services, broadcast receivers, and content providers in a target mobile device? A dz> run app.package.attacksurface <package_name> B dz> run app.activity.start --component <package_name> <activity_name> C dz> run app.package.list D dz> run app.package.info -a <package_name>
A dz> run app.package.attacksurface <package_name>
Jude, an attacker, has targeted an organization's communication network. While conducting initial footprinting, he used a Google dork to find the VoIP login portals of the organization. What is the Google dork that helped Jude find the VoIP login portals? A inurl:8080 intitle:"login" intext:"UserLogin" "English" B inurl:/voice/advanced/ intitle:Linksys SPA configuration C inurl:/remote/login?lang=en D !Host=. intext:enc_UserPassword=* ext:pcf
A inurl:8080 intitle:"login" intext:"UserLogin" "English"
Karen, a security professional in an organization, performed a vulnerability assessment on the organization's network to check for vulnerabilities. In this process, she used a type of location data examination scanner that resides on a single machine but can scan several machines on the same network. Which of the following types of location and data examination tools did Karen use? A Network-based scanner B Agent-based scanner C Proxy scanner D Cluster scanner
B Agent-based scanner
In which of the following types of hijacking can an attacker inject malicious data or commands into intercepted communications in a TCP session, even if the victim disables source routing? A RST hijacking B Blind hijacking C UDP hijacking D Session fixation
B Blind hijacking
In which of the following types of attack does an attacker exploit the carrier-sense multiple access with collision avoidance (CSMA/CA) clear channel assessment (CCA) mechanism to make a channel appear busy? A Beacon flood B Denial of service C Access point theft D EAP failure
B Denial of service
When Jake, a software engineer, was using social media, he abruptly received a friend request from an unknown lady. Out of curiosity, he accepted it. She pretended to be nice and tricked Jake into revealing sensitive information about his organization. Once she obtained the information, she deactivated her account. Which of the following types of attack was performed on Jake in the above scenario? A Shoulder surfing B Honey trap C Diversion theft D Tailgating
B Honey trap
In which of the following incident handling and response phases are the identified security incidents analyzed, validated, categorized, and prioritized? A Incident recording and assignment B Incident triage C Containment D Eradication
B Incident triage
In which of the following security risks does an API accidentally expose internal variables or objects because of improper binding and filtering based on a whitelist, allowing attackers with unauthorized access to modify object properties? A Broken object-level authorization B Mass assignment C Improper assets management D Injection
B Mass assignment
Which of the following protocols is often used for data compression, digital signing, encryption and decryption of messages, emails, files, and directories as well as to enhance the privacy of email communications? A EAP B PGP C CHAP D HMAC
B PGP
Which of the following TCP communication flags notifies the transmission of a new sequence number and represents the establishment of a connection between two hosts? A FIN flag B SYN flag C PSH flag D RST flag
B SYN flag
Which of the following is a process that can be used to convert object data into a linear format for transportation to a different system or different network? A Deserialization B Serialization C Insecure deserialization D Directory traversal
B Serialization
Clark is a professional hacker. He targeted an organization for financial benefit and used various footprinting techniques to gather information about the target network. In this process, he employed a protocol used for querying databases that store the registered users or assignees of an Internet resource, such as a domain name, an IP address block, or an autonomous system. What is the protocol employed by Clark in the above scenario? A SMB B Whois C SNMP D FTP
B Whois
Which of the following is the regulation that specifies the requirements for establishing, implementing, maintaining, and continually improving an information security management system within the context of an organization? A: The Federal Information Security Management Act (FISMA) B: ISO/IEC 27001:2013 C: The Digital Millennium Copyright Act (DMCA) D: Sarbanes Oxley Act (SOX)
B: ISO/IEC 27001:2013
Which of the following types of antennas is useful for transmitting weak radio signals over very long distances - on the order of 10 miles? A: Omnidirectional B: Parabolic grid C: Unidirectional D: Bidirectional
B: Parabolic grid
Which of the following types of jailbreaking uses a loophole in SecureROM to disable signature checks and thereby load patch NOR firmware? A: Userland exploit B: iBoot exploit C: Bootrom exploit D: Tethered jailbreaking
B: iBoot exploit
In which of the following attack types does an attacker modify the content of a web page by examining its HTML code and identifying form fields that lack valid constraints? A Directory traversal B Buffer overflow attack C Command injection attack D Cross-site scripting (XSS) attack
C Command injection attack
Which of the following attacks does not directly recover a WEP key and requires at least one data packet from a target AP for initiation? A MAC spoofing attack B Evil twin attack C Fragmentation attack D De-authentication attack
C Fragmentation attack
Which of the following DNS poisoning techniques is used by an attacker to infect a victim's machine with a Trojan and remotely change their DNS IP address to that of the attacker's? A DNS cache poisoning B Proxy server DNS poisoning C Internet DNS spoofing D Intranet DNS spoofing
C Internet DNS spoofing
Which of the following Purdue levels is commonly referred to as an industrial demilitarized zone (IDMZ)? A Level 2 B Level 3 C Level 3.5 D Level 4
C Level 3.5
Which of the following modules establishes a communication channel between the Metasploit framework and a victim host? A Exploit module B Auxiliary module C Payload module D NOPS module
C Payload module
Which of the following cloud deployment models is also known as the internal or corporate cloud and is a cloud infrastructure operated by a single organization and implemented within a corporate firewall? A Community cloud B Multi cloud C Private cloud D Public cloud
C Private cloud
Given below are the steps involved in automated patch management. Test Assess Detect Acquire Maintain Deploy What is the correct sequence of steps involved in automatic patch management? A c → b → a → d → f → e B b → c → d → a → f → e C c → b → d → a → f → e D a → c → b → e → f → d
C c → b → d → a → f → e
Which of the following is an open-source technology that provides PaaS through OS-level virtualization and delivers containerized software packages? A:Serverless computing B:Virtual machines C: Docker D: Microservices
C: Docker
Which of the following techniques scans the headers of IP packets leaving a network and ensures that unauthorized or malicious traffic never leaves the internal network? A Ingress filtering B TCP intercept C Rate limiting D Egress filtering
D Egress filtering
Rick, an ethical hacker, is performing a vulnerability assessment on an organization and a security audit on the organization's network. In this process, he used a tool for identifying vulnerabilities, configuration issues, and malware that attackers use to penetrate networks. Which of the following tools did Rick use to perform vulnerability assessment? A Metagoofil B Infoga C Immunity Debugger D Nessus
D Nessus
Which of the following Google advanced search operators displays similar websites to the specified URL? A [site:] B [info:] C [inurl:] D [related:]
D [related:]
In which of the following types of injection attack does an attacker inject carriage return (\r) and linefeed (\n) characters into user input to trick a web server, web application, or user? A: Server-side JS injection B: Server-side includes injection C: Log injection D: CRLF injection
D: CRLF injection
Which of the following master components in the Kubernetes cluster architecture scans newly generated pods and allocates a node to them? AKube-apiserver B:Etcd cluster C:Kube-scheduler D:Kube-controller-manager
C:Kube-scheduler
Which of the following MIBs manages the TCP/IP-based Internet using a simple architecture and system? A: WINS.MIB B:DHCP.MIB C:MIB_II.MIB D:HOSTMIB.MI
C:MIB_II.MIB
Which of the following tools is used by an attacker to determine the relationships and real-world links among people, organizations, websites, Internet infrastructure, and documents? A:Unicornscan B:BillCipher C:Maltego D:Whonix
C:Maltego
Which of the following filters in Wireshark displays only the traffic in a LAN (192.168.x.x) between workstations and servers with no Internet? A ip.src==192.168.0.0/16 and ip.dst==192.168.0.0/16 B ip.src!= xxx.xxx.xxx.xxx && ip.dst != xxx.xxx.xxx.xxx && sip C ip.addr==192.168.1.100 && tcp.port=23 D ip.addr == 10.0.0.4 or ip.addr == 10.0.0.5
A ip.src==192.168.0.0/16 and ip.dst==192.168.0.0/16
Which of the following RFCrack commands is used by an attacker to perform an incremental scan on a target IoT device while launching a rolling-code attack? A python RFCrack.py -b -v 5000000 B python RFCrack.py -j -F 314000000 C python RFCrack.py -r -M MOD_2FSK -F 314350000 D python RFCrack.py -i
A python RFCrack.py -b -v 5000000
Which of the following is an IDS evasion technique used by attackers to encode an attack packet payload in such a manner that the destination host can decode the packet but not the IDS? A Evasion B Session splicing C Obfuscating D Fragmentation
C Obfuscating
Which one of the following is a Google search query used for VPN footprinting to find Cisco VPN client passwords? A: filetype:pcf "cisco" "GroupPwd" B: "[main]" "enc_GroupPwd=" ext:txt C: "Config" intitle:"Index of" intext:vpn D: inurl:/remote/login?lang=en
B: "[main]" "enc_GroupPwd=" ext:txt
Which of the following tools is designed to capture a WPA/WPA2 handshake and act as an ad-hoc AP? A: Airmon-ng B: Airbase-ng C: Airolib-ng D: Airodump-ng
B: Airbase-ng
Which of the following layers in the IoT architecture is responsible for bridging the gap between two endpoints and performs functions such as message routing, message identification, and subscribing? A:Internet layer B:Access gateway layer C:Middleware layer D:Edge technology layer
B:Access gateway layer
Which of the following encoding schemes represents any binary data using only printable ASCII characters and is used for encoding email attachments for safe transmission over SMTP? A URL encoding B Unicode encoding C Base64 encoding D Hex encoding
C Base64 encoding
A hacker is attempting to see which protocols are supported by target machines or network. Which NMAP switch would the hacker use? A: -sO B: -sT C: -sS D: -sU
A: -sO
Denis is looking at an older system that uses DES encryption. A colleague has told him that DES is insecure due to its short key size. What is the key length used for DES? A: 56 B: 64 C: 128 D: 256
A: 56
Which of the following DHCPv4 messages is sent by a client to the server to relinquish the network address and cancel the remaining lease? A: DHCPRelease B: DHCPRequest C: DHCPRequest D: DHCPOffer
A: DHCPRelease
An attacker uses the following SQL query to perform an SQL injection attackSELECT * FROM users WHERE name - '' OR '1'='1';Identify the type of SQL injection attack performed A: Tautology B: Illegal/logically incorrect query C: UNION SQL injection D: End-of-line comment
A: Tautology
Which of the following vulnerability assessment phases involves tasks such as system rescanning, dynamic analysis, and attack surface reviewing? A: Verification B: Remediation C: Monitoring D: Risk assessment
A: Verification
Which of the following techniques is used by an attacker to access all of an application's functionalities and employs an intercepting proxy to monitor all requests and responses? A: Web spidering/crawling B: Banner grabbing C: Attacker-directed spidering D: DNS interrogation
A: Web spidering/crawling
Which of the following hping command performs UDP scan on port 80? A: hping3 -2 <IP Address> -p 80 B: hping3 -1 <IP Address> -p 80 C: hping3 -A <IP Address> -p 80 D: hping3 -F -P -U <IP Address> -p 80
A: hping3 -2 <IP Address> -p 80
Which of the following components of public key infrastructure acts as a verifier for the certificate authority? A Authentication authority B Registration authority C Certificate management system D Validation authority
B Registration authority
Michel, a professional hacker, is trying to perform an SQL injection attack on the MS SQL database system of the CityInfo, Inc. by bypassing the signature-based IDS. He tried various IDS evasion techniques and finally succeeded with one where he breaks the SQL query into a number of small pieces and uses the + sign to join SQL query end to end. A:String concatenation B:Char encoding C:Hex encoding D: URL encoding
A:String concatenation
In which of the following attacks does an attacker exploit the vulnerability residing in a bare-metal cloud server and use it to implant a malicious backdoor in its firmware? A Wrapping attack B Cloudborne attack C Cryptanalysis attack D Cross-site scripting attack
B Cloudborne attack
Which of the following types of malware remains dormant until the user performs an online financial transaction, replicates itself on the computer, and edits the registry entries each time the computer starts? A TAN grabber B Covert credential grabber C HTML injection D Form grabber
B Covert credential grabber
What is the feature in FOCA that checks each domain to ascertain the host names configured in NS, MX, and SPF servers to discover the new host and domain names? A Common names B DNS search C Web search D Bing IP
B DNS search
Which of the following types of IDS alerts is an alarm raised when no actual attack is in progress? A True positive B False positive C True negative D False negative
B False positive
Which of the following information security elements guarantees that the sender of a message cannot later deny having sent the message and the recipient cannot deny having received the message? A Confidentiality B Non-repudiation C Availability D Integrity
B Non-repudiation
In which of the following attacks does an attacker dump memory by rebooting a victim's device with a malicious OS and then extract sensitive data from the dumped memory? A iOS jailbreaking B OS data caching C Carrier-loaded software D User-initiated code
B OS data caching
Which of the following OS discovery techniques is used by an attacker to identify a target machine's OS by observing the TTL values in the acquired scan result? A OS discovery using Nmap B OS discovery using Unicornscan C OS discovery using Nmap Script Engine D OS discovery using IPv6 fingerprinting
B OS discovery using Unicornscan
Which of the following types of vulnerability assessment sniffs the traffic present on the network to identify the active systems, network services, applications, and vulnerabilities? A Active assessment B Passive assessment C Credentialed assessment D Distributed assessment
B Passive assessment
In which of the following stages of the web server attack methodology does an attacker determine the web server's remote access capabilities, its ports and services, and other aspects of its security? A Information gathering B Web server footprinting C Website mirroring D Vulnerability scanning
B Web server footprinting
Which of the following modbus-cli commands is used by attackers to manipulate the register values in a target PLC device? A modbus write <Target IP> 101 1 1 1 1 1 1 1 1 1 1modbus write <Target IP> %M100 1 1 1 1 1 1 1 1 1 1 B modbus write <Target IP> %MW100 2 2 2 2 2 2 2 2modbus write <Target IP> 400101 2 2 2 2 2 2 2 2 C modbus read <Target IP> 101 10modbus read <Target IP> %M100 10 D modbus read <Target IP> %MW100 10modbus read <Target IP> 400101 10
B modbus write <Target IP> %MW100 2 2 2 2 2 2 2 2modbus write <Target IP> 400101 2 2 2 2 2 2 2 2
During a penetration test, Marin discovered a session token that had had the content: 20170801135433_Robert. Why is this session token weak, and what is the name used for this type of vulnerability? A: Unknown Session Token B: Predictable Session C: TokenCaptured Session D: TokenDate/Time Session Token
B: Predictable Session
Which of the following tools is utilized by an attacker to perform vulnerability assessment on a target IoT and ICS environment for obtaining the objective risk score and identifying all the IoT and ICS assets connected to the target network? A:Cydia B:CyberX C:Frida D:Foren6
B:CyberX
Which of the following DoS attack detection techniques analyzes network traffic in terms of spectral components? It divides incoming signals into various frequencies and examines different frequency components separately. A:Activity profiling B:Wavelet-based signal analysis C: Change-point detection D: Signature-based analysis
B:Wavelet-based signal analysis
Given below are the different phases of the vulnerability management lifecycle. Monitor Vulnerability scan Identify assets and create a baseline Risk assessment Verification Remediation What is the correct sequence of phases involved in the vulnerability management lifecycle A 1 → 2 → 3 → 4 → 5 → 6 B 2 → 1 → 5 → 3 → 6 → 4 C 3 → 2 → 4 → 6 → 5 → 1 D 3 → 1 → 4 → 5 → 6 → 2
C 3 → 2 → 4 → 6 → 5 → 1
Which of the following countermeasures should be followed to safeguard the privacy, data, and reputation of an organization and to prevent information disclosure? A Keeping the domain name profile public B Enabling directory listings in the web servers C Avoiding domain-level cross-linking for critical assets D Turning on geolocation access on all mobile devices
C Avoiding domain-level cross-linking for critical assets
Which of the following symmetric-key block ciphers has either 18 rounds for 128-bit keys or 24 rounds for 256-bit keys and uses four 8 × 8-bit S-boxes that perform affine transformations and logical operations? A RSA B Diffie-Hellman C Camellia D YAK
C Camellia
In which of the following attack types does an attacker use compromised PCs with spoofed IP addresses to intensify DDoS attacks on the victims' DNS server by exploiting the DNS recursive method? A DoS/DDoS attack B DNS server hijacking C DNS amplification attack D Directory traversal attack
C DNS amplification attack
Ben, an ethical hacker, was hired by an organization to check its security levels. In the process, Ben examined the network from a hacker's perspective to identify exploits and vulnerabilities accessible to the outside world by using devices such as firewalls, routers, and servers. Which of the following types of vulnerability assessment did Ben perform on the organization? A Active assessment B Passive assessment C External assessment D Internal assessment
C External assessment
Victor, an employee in an organization, received an executable file as an email attachment. Out of suspicion, he reached out to the organization's IT team. The team used a tool to dismantle the executable file into a binary program to find harmful or malicious processes. Which of the following tools did the IT team employ to analyze the application? A Splunk B Spam Mimic C IDA Pro D CCleaner
C IDA Pro
David, a content writer, was searching online for a specific topic. He visited a web page that appears legitimate and downloaded a file. As soon as he downloaded the file, his laptop started to behave in a weird manner. Out of suspicion, he scanned the laptop for viruses but found nothing. Which of the following programs conceals the malicious code of malware via various techniques, making it difficult for security mechanisms to detect or remove it? A Exploit B Downloader C Obfuscator D Payload
C Obfuscator
Which of the following risk management phases involves selecting and implementing appropriate controls for the identified risks to modify them? A Risk tracking and review B Risk identification C Risk treatment D Risk assessment
C Risk treatment
In which of the following attack types does an attacker exploit vulnerabilities that evolve from the unsafe use of functions in an application in public web servers to send crafted requests to internal or backend servers? A SSH brute forcing B Web-server password cracking C Server-side request forgery D Web-server misconfiguration
C Server-side request forgery
Edward, a security professional in an organization, was instructed by higher officials to calculate the severity of the organization' s systems.In the process, he used CVSS, a published standard that provides an open framework for communicating the characteristics and impacts of IT vulnerabilities. He used three metrics provided by CVSS for measuring vulnerabilities.Which of the following CVSS metrics represents the features that continue to change during the lifetime of the vulnerability? A Base metric B Environmental metric C Temporal metric D Overall score
C Temporal metric
Which of the following protocols uses AES and the Counter Mode Cipher Block Chaining Message Authentication Code Protocol (CCMP) for wireless data encryption? A WEP B WPA3 C WPA2 D WPA
C WPA2
Which of the following is a technique used by an attacker to gather valuable system-level data such as account details, OS, software version, server names, and database schema details? A Whois B Session hijacking C Web server footprinting D Vulnerability scanning
C Web server footprinting
Which of the following Net View commands is used by an attacker to view all the available shares in a domain? A net view \<computername> /ALL B net view /domain:<domain name> C net view /domain D net view \<computername>
C net view /domain
Which of the following Nmap commands is used by an attacker to perform an IP protocol ping scan on a target device? A: # nmap -sn -PS <target IP address> B: # nmap -sn -PA <target IP address> C: # nmap -sn -PO <target IP address> D: # nmap -sn -PP <target IP address>
C: # nmap -sn -PO <target IP address>
In which of the following methods does an attacker leverage headers such as Host in the HTTP request message to crack passwords? A: Brute-forcing B: Password guessing C: Attack password reset mechanism D: "Remember Me" exploit
C: Attack password reset mechanism
Which of the following types of software vulnerability occurs due to coding errors and allows attackers to gain access to the target system? A:Open services B: Unpatched servers C: Buffer overflow D:Misconfiguration
C: Buffer overflow
Which of the following types of attack is a cross-protocol weakness that can communicate and initiate an attack on servers supporting recent SSLv3/TLS protocol suites? A: Related-key attack B: Padding oracle attack C: DROWN attack D: DUHK attack
C: DROWN attack
Which of the following protocols reduces the chance of a successful hijack by sending data using encryption and digital certificates? A: HTTP B: FTP C: FTPS D: IP
C: FTPS
Which of the following protocols is widely used in network management systems to monitor network-attached devices such as routers, switches, firewalls, printers, and servers? A: NBNS B: SMTP C: SNMP D: NFS
C: SNMP
A hacker is attempting to use nslookup to query domain name service (DNS). The hacker uses the nslookup interactive mode for the search. Which command should the hacker type into the command shell to request the appropriate records? A: Locate type=ns B: Request type=ns C: Set type=ns D: Transfer type=ns
C: Set type=ns
Which protocol and port number might be needed to send log messages to a log analysis tool that resides behind a firewall? A: UDP 123 B: UDP 541 C: UDP 514 D: UDP 415
C: UDP 514
Which of the following is an HTTP header field used by an attacker to identify a client system's IP address that initiates a connection to a web server through an HTTP proxy? A: Referer B: User-Agent C: X-Forwarded-For D: Proxy-Authorization
C: X-Forwarded-For
Javier is asked to explain to IT management as to why he is suggesting replacing the existing company firewall. Javier states that many external attackers are using forged internet addresses against the firewall and is concerned that this technique is highly effective against the existing firewall. What type of firewall Javier would have deployed A:Packet filtering firewall is deployed because it is unable to prevent these types of attacks. B:Host-based firewall is deployed because the attackers are outside the network. C:Circuit-level proxy firewall is deployed because it prevents these types of attacks. D: Host-based firewall is deployed because the attackers are inside the network.
C:Circuit-level proxy firewall is deployed because it prevents these types of attacks.
In which of the following malware components does an attacker embed notorious malware files that can perform the installation task covertly? A:Injector B:Obfuscator C:Dropper D:Packer
C:Dropper
Which of the following techniques is used to gather information about the target without direct interaction with the target? A: Active footprinting B: Scanning C:Passive footprinting D: Enumeration
C:Passive footprinting
In which of the following attacks does an attacker use a method known as the "bricking" of a system, through which he sends emails, IRC chats, tweets, or videos with fraudulent content for hardware updates to the victim? A:Recursive HTTP GET flood attack B:UDP flood attack C:Permanent denial-of-service attack D: SYN flood attack
C:Permanent denial-of-service attack
Given below are the different steps involved in exploiting vulnerabilities. Develop the exploit. Determine the risk associated with the vulnerability. Determine the capability of the vulnerability. Identify the vulnerability. Gain remote access. Select the method for delivering: local or remote. Generate and deliver the payload. What is the correct sequence of steps involved in exploiting vulnerabilities? A 1 → 2 → 3 → 4 → 5 → 6 → 7 B 3 → 6 → 7 → 4 → 2 → 1 → 5 C 2 → 3 → 6 → 4 → 5 → 1 → 7 D 4 → 2 → 3 → 1 → 6 → 7 → 5
D 4 → 2 → 3 → 1 → 6 → 7 → 5
One of the following techniques redirects all malicious network traffic to a honeypot after any intrusion attempt is detected. Attackers can identify such honeypots by examining specific TCP/IP parameters such as the round-trip time (RTT), time to live (TTL), and TCP timestamp. Which is this technique? A Fake AP B Snort_inline C User-Mode Linux (UML) D Bait and switch
D Bait and switch
In which of the following phases of social engineering attacks does an attacker collect sensitive information about the organization's accounts, finance, technologies in use, and upcoming plans? A Research the target company B Select a target C Develop a relationship D Exploit the relationship
D Exploit the relationship
Through which of the following techniques can an attacker obtain a computer's IP address, alter the packet headers, and send request packets to a target machine while pretending to be a legitimate host? A IP address decoy B Source port manipulation C Packet fragmentation D IP address spoofing
D IP address spoofing
Which of the following is an attack technique where the only information available to the attacker is some plaintext blocks along with the corresponding ciphertext and algorithm used to encrypt and decrypt the text? A Ciphertext-only attack B Adaptive chosen-plaintext attack C Chosen-plaintext attack D Known-plaintext attack
D Known-plaintext attack
Through which of the following SCADA vulnerabilities does an attacker exploit code security issues that include out-of-bound read/write vulnerabilities and heap- and stack-based buffer overflow? A Credential management B Code injection C Lack of authorization D Memory corruption
D Memory corruption
Jack, a security professional, was instructed to introduce a security standard to handle cardholder information for major debit, credit, prepaid, e-purse, ATM, and POS cards. In the process, Jack has employed a standard that offers robust and comprehensive standards as well as supporting materials to enhance payment-card data security. What is the security standard that Jack has employed? A HIPAA B SOX C DMCA D PCI DSS
D PCI DSS
Which of the following phases of risk management is an ongoing iterative process that assigns priorities for risk mitigation and implementation plans to help determine the quantitative and qualitative value of risk? A Risk identification B Risk treatment C Risk tracking and review D Risk assessment
D Risk assessment
An attacker aims to hack an organization and gather sensitive information. In this process, they lure an employee of the organization into clicking on a fake link, which appears legitimate but redirects the user to the attacker's server. The attacker then forwards the request to the legitimate server on behalf of the victim. Which of the following types of attack is performed by the attacker in the above scenario? A Man-in-the-middle attack B Cross-site script attack C Session replay attack D Session hijacking using proxy servers
D Session hijacking using proxy servers
In which of the following attacks does an attacker obtain the user session ID and then reuse it to gain unauthorized access to a target user account? A Session token prediction B Session token tampering C Session hijacking D Session replay
D Session replay
Which of the following encryption algorithms is a large tweakable symmetric-key block cipher with equal block and key sizes of 256, 512, or 1024 and involves only three operations, that is, addition-rotation-XOR? A RC4 B Twofish C RC5 D Threefish
D Threefish
In one of the following jailbreaking techniques, a user turns their device off and back on, following which the device starts up completely and the kernel is patched without the help of a computer. Which is this jailbreaking technique? A Semi-tethered jailbreaking B Tethered jailbreaking C Semi-untethered jailbreaking D Untethered jailbreaking
D Untethered jailbreaking
An attacker performed OS banner grabbing on a target host. They analyzed the packets received from the target system and identified that the values of time to live (TTL) and TCP window size as 255 and 4128, respectively. What is the operating system of the target host on which the attacker performed banner grabbing? A Linux (Kernel 2.4 and 2.6) B Google Linux C Windows 98, Vista, and 7 (Server 2008) D iOS 12.4 (Cisco Routers)
D iOS 12.4 (Cisco Routers)
Which of the following commands is used by an attacker to perform an ICMP ECHO ping sweep that can determine the live hosts from a range of IP addresses by sending ICMP ECHO requests to multiple hosts? A nmap -sn -PR 10.10.10.10 B nmap -sn -PU 10.10.10.10 C nmap -sn -PE 10.10.10.10 D nmap -sn -PE 10.10.10.5-15
D nmap -sn -PE 10.10.10.5-15
What results will the following command yield: nmap -sS -O -p 123-153 192.168.100.3? A: A stealth scan, opening port 123 and 153 B: A stealth scan, checking open ports 123 to 153 C: A stealth scan, checking all open ports excluding ports 123 to 153 D: A stealth scan, determine operating system, and scanning ports 123 to 153
D: A stealth scan, determine operating system, and scanning ports 123 to 153
select An attacker sniffs encrypted traffic from the network and is subsequently able to decrypt it. Which cryptanalytic technique can the attacker use now in his attempt to discover the encryption key? A: Birthday attack B: Known plaintext attack C: Meet in the middle attack D: Chosen ciphertext attack
D: Chosen ciphertext attack
Which of the following is not a defensive measure for web server attacks? A: Limit inbound traffic to port 80 for HTTP and port 443 for HTTPS (SSL) B: Encrypt or restrict intranet traffic C: Ensure that protected resources are mapped to HttpForbiddenHandler and unused HttpModules are removed D: Configure IIS to accept URLs with "../"
D: Configure IIS to accept URLs with "../"
Which of the following attacks helps an attacker bypass a same-origin policy's security constraints, allowing a malicious web page to communicate or make arbitrary requests to local domains? A: MarioNet attack B: Watering hole attack C: Clickjacking attack D: DNS rebinding attack
D: DNS rebinding attack
Which of the following attacks exploits the reuse of cryptographic nonce during the TLS handshake to hijack HTTPS sessions, leading to the disclosure of sensitive information? A: CRIME attack B: Proxy servers C: Session donation attack D: Forbidden attack
D: Forbidden attack
Which of the following static malware analysis techniques provides information about the basic functionality of any program and is also used to determine the harmful actions that a program can perform? A: Identifying packing/obfuscation methods B: Strings search C: Finding information on portable executables (PE) D: Malware disassembly
D: Malware disassembly
Jim, a professional hacker, launched an APT attack on an organization. He was successful in entering the target network and extending access in the target network. He is now maintaining access with the use of customized malware and repackaging tools. Which of the following phases of the APT lifecycle involves maintaining access to the target system, starting from evading endpoint security devices, until there is no further use of the data and assets? A: Preparation B: Cleanup C: Initial intrusion D: Persistence
D: Persistence
Joe, a security professional in an organization, was instructed to simplify the decision-making capability of an organization for identified risks. In the process, he employed a method to scale risk by considering the probability, likelihood, and consequence or impact of the risk. A:Risk level B: Risk identification C:Risk treatment D: Risk matrix
D: Risk matrix
Which of the following UDDI information structures takes the form of keyed metadata and represents unique concepts or constructs in UDDI? A: businessEntity B: businessService C: bindingTemplate D: technicalModel
D: technicalModel