CEHv12 - Set 8

Given below are different steps involved in the vulnerability-management life cycle. 1) Remediation 2) Identify assets and create a baseline 3) Verification 4) Monitor 5) Vulnerability scan 6) Risk assessment Identify the correct sequence of steps involved in vulnerability management

2) Identify assets and create a baseline 5) Vulnerability scan 6) Risk assessment 1) Remediation 3) Verification 4) Monitor

In an attempt to damage the reputation of a competitor organization, Hailey, a professional hacker, gathers a list of employee and client email addresses and other related information by using various search engines, social networking sites, and web spidering tools. In this process, she also uses an automated tool to gather a list of words from the target website to further perform a brute-force attack on the previously gathered email addresses. What is the tool used by Hailey for gathering a list of words from the target website? A. CeWL B. Orbot C. Shadowsocks D. Psiphon

A. CeWL

John, a security analyst working for an organization, found a critical vulnerability on the organization's LAN that allows him to view ¦nancial and personal information about the rest of the employees. Before reporting the vulnerability, he examines the information shown by the vulnerability for two days without disclosing any information to third parties or other internal employees. He does so out of curiosity about the other employees and may take advantage of this information later. What would John be considered as? A. Cybercriminal B. White hat C. Gray hat D. Black hat

A. Cybercriminal

CyberTech Inc. recently experienced SQL injection attacks on its o¨cial website. The company appointed Bob, a security professional, to build and incorporate defensive strategies against such attacks. Bob adopted a practice whereby only a list of entities such as the data type, range, size, and value, which have been approved for secured access, is accepted. What is the defensive technique employed by Bob in the above scenario? A. Whitelist validation B. Output encoding C. Blacklist validation D. Enforce least privileges

A. Whitelist validation

BitLocker encryption has been implemented for all the Windows-based computers in an organization. You are concerned that someone might lose their cryptographic key. Therefore, a mechanism was implemented to recover the keys from Active Directory. What is this mechanism called in cryptography? A. Key archival B. Certificate rollover C. Key escrow D. Key renewal

A. Key archival

James is working as an ethical hacker at Technix Solutions. The management ordered James to discover how vulnerable its network is towards footprinting attacks. James took the help of an open-source framework for performing automated reconnaissance activities. This framework helped James in gathering information using free tools and resources. What is the framework used by James to conduct footprinting and reconnaissance activities? A. OSINT framework B. WebSploit Framework C. Browser Exploitation Framework D. SpeedPhish Framework

A. OSINT framework

Mary, a penetration tester, has found password hashes in a client system she managed to breach. She needs to use these passwords to continue with the test, but she does not have time to ¦nd the passwords that correspond to these hashes. Which type of attack can she implement in order to continue? A. Pass the hash B. Internal monologue attack C. LLMNR/NBT-NS poisoning D. Pass the ticket

A. Pass the hash

What would be the purpose of running "wget 192.168.0.15 -q -S" against a web server? A. Performing content enumeration on the web server to discover hidden folders B. Using wget to perform banner grabbing on the webserver C. Flooding the web server with requests to perform a DoS attack D. Downloading all the contents of the web page locally for further examination

A. Performing content enumeration on the web server to discover hidden folders B. Using wget to perform banner grabbing on the webserver

Jude, a pen tester working in Keiltech Ltd., performs sophisticated security testing on his company's network infrastructure to identify security loopholes. In this process, he started to circumvent the network protection tools and firewalls used in the company. He employed a technique that can create forged TCP sessions by carrying out multiple SYN, ACK, and RST or FIN packets. Further, this process allowed Jude to execute DDoS attacks that can exhaust the network resources. What is the attack technique used by Jude for finding loopholes in the above scenario? A. Spoofed session flood attack B. UDP flood attack C. Peer-to-peer attack D. Ping-of-death attack

A. Spoofed session flood attack

Ben purchased a new smartphone and received some updates on it through the OTA method. He received two messages: one with a PIN from the network operator and another asking him to enter the PIN received from the operator. As soon as he entered the PIN, the smartphone started functioning in an abnormal manner. What is the type of attack performed on Ben in the above scenario? A. Tap 'n ghost attack B. Phishing C. Advanced SMS phishing D. Bypass SSL pinning

A. Tap 'n ghost attack C. Advanced SMS phishing

A group of hackers were roaming around a bank office building in a city, driving a luxury car. They were using hacking tools on their laptop with the intention to find a free-access wireless network. What is this hacking process known as? A. Wardriving B. Spectrum analysis C. Wireless sniffing D. GPS mapping

A. Wardriving

Joel, a professional hacker, targeted a company and identified the types of websites frequently visited by its employees. Using this information, he searched for possible loopholes in these websites and injected a malicious script that can redirect users from the web page and download malware onto a victim's machine. Joel waits for the victim to access the infected web application so as to compromise the victim's machine. Which of the following techniques is used by Joel in the above scenario? A. Watering hole attack B. DNS rebinding attack C. MarioNet attack D. Clickjacking attack

A. Watering hole attack

Morris, an attacker, warned to check whether the target AP is in a locked state. He attempted using different utilities to identify WPS-enabled APs in the target wireless network. Ultimately, he succeeded with one special command-line utility. Which of the following command-line utilities allowed Morris to discover the WPS-enabled APs? A. wash B. net view C. macof D. ntptrace

A. wash

Shiela is an information security analyst working at HiTech Security Solutions. She is performing service version discovery using Nmap to obtain information about the running services and their versions on a target system. Which of the following Nmap options must she use to perform service version discovery on the target host? A. -sN B. -sV C. -sX D. -sF

B. -sV

Miley, a professional hacker, decided to attack a target organization's network. To perform the attack, she used a tool to send fake ARP messages over the target network to link her MAC address with the target system's IP address. By performing this, Miley received messages directed to the victim's MAC address and further used the tool to intercept steal, modify, and block sensitive communication to the target system. What is the tool employed by Miley to perform the above attack? A. Wireshark B. BetterCAP C. DerpNSpoof D. Gobbler

B. BetterCAP

Henry is a penetration tester who works for XYZ organization. While performing enumeration on a client organization, he queries the DNS server for a specific cached DNS record. Further, by using this cached record, he determines the sites recently visited by the organization's user. What is the enumeration technique used by Henry on the organization? A. DNS zone walking B. DNS cache snooping C. DNS cache poisoning D. DNSSEC zone walking

B. DNS cache snooping

Calvin, a grey-hat hacker, targets a web application that has design flaws in its authentication mechanism. He enumerates usernames from the login form of the web application, which requests users to feed data and specifies the incorrect ¦eld in case of invalid credentials. Later, Calvin uses this information to perform social engineering. Which of the following design flaws in the authentication mechanism is exploited by Calvin? A. Password reset mechanism B. Insecure transmission of credentials C. User impersonation D. Verbose failure messages

B. Insecure transmission of credentials D. Verbose failure messages

An attacker decided to crack the passwords used by industrial control systems. In this process, he employed a loop strategy to recover these passwords. He used one character at a time to check whether the ¦rst character entered is correct; if so, he continued the loop for consecutive characters. If not, he terminated the loop. Furthermore, the attacker checked how much time the device took to ¦nish one complete password authentication process, through which he deduced how many characters entered are correct. What is the attack technique employed by the attacker to crack the passwords of the industrial control systems? A. Buffer overflow attack B. Side-channel attack C. Denial-of-service attack D. HMI-based attack

B. Side-channel attack

Your organization has signed an agreement with a web hosting provider that requires you to take full responsibility of the maintenance of the cloud-based resources. Which of the following models covers this? A. Platform as a service B. Software as a service C. Functions as a service D. Infrastructure as a service

B. Software as a service D. Infrastructure as a service

An organization decided to harden its security against web-application and web-server attacks. John, a security personnel in the organization, employed a security scanner to automate web-application security testing and to guard the organization's web infrastructure against webapplication threats. Using that tool, he also wants to detect XSS, directory transversal problems, fault injection, SQL injection, attempts to execute commands, and several other attacks. Which of the following security scanners will help John perform the above task? A. AlienVaultֲ® OSSIM B. Syhunt Hybrid C. Saleae Logic Analyzer D. Cisco ASA

B. Syhunt Hybrid

Stella, a professional hacker, performs an attack on web services by exploiting a vulnerability that provides additional routing information in the SOAP header to support asynchronous communication. This further allows the transmission of web-service requests and response messages using different TCP connections. Which of the following attack techniques is used by Stella to compromise the web services? A. Web services parsing attacks B. WS-Address spoofing C. SOAPAction spoofing D. XML injection

B. WS-Address spoofing

Rebecca, a security professional, wants to authenticate employees who use web services for safe and secure communication. In this process, she employs a component of the Web Service Architecture, which is an extension of SOAP, and it can maintain the integrity and confidentiality of SOAP messages. Which of the following components of the Web Service Architecture is used by Rebecca for securing the communication? A. WS-Work Processes B. WS-Security C. WS-Policy D. WSDL

B. WS-Security

Which of the following web vulnerabilities would an attacker be attempting to exploit if they delivered the following input? A. SQLi B. XXE C. XXS D. IDOR

B. XXE

A security analyst uses Zenmap to perform an ICMP timestamp ping scan to acquire information related to the current time from the target host machine. Which of the following Zenmap options must the analyst use to perform the ICMP timestamp ping scan? A. -Pn B. -PU C. -PP D. -PY

C. -PP

Gregory, a professional penetration tester working at Sys Security Ltd., is tasked with performing a security test of web applications used in the company. For this purpose, Gregory uses a tool to test for any security loopholes by hijacking a session between a client and server. This tool has a feature of intercepting proxy that can be used to inspect and modify the traffic between the browser and target application. This tool can also perform customized attacks and can be used to test the randomness of session tokens. Which of the following tools is used by Gregory in the above scenario? A. Wireshark B. Nmap C. Burp Suite D. CxSAST

C. Burp Suite

According to the NIST cloud deployment reference architecture, which of the following provides connectivity and transport services to consumers? A. Cloud connector B. Cloud broker C. Cloud carrier D. Cloud provider

C. Cloud carrier

Jack, a professional hacker, targets an organization and performs vulnerability scanning on the target web server to identify any possible weaknesses, vulnerabilities, and misconfigurations. In this process, Jack uses an automated tool that eases his work and performs vulnerability scanning to find hosts, services, and other vulnerabilities in the target server. Which of the following tools is used by Jack to perform vulnerability scanning? A. Infoga B. NCollector Studio C. Netsparker D. WebCopier Pro

C. Netsparker

Juliet, a security researcher in an organization, was tasked with checking for the authenticity of images to be used in the organization's magazines. She used these images as a search query and tracked the original source and details of the images, which included photographs, pro¦le pictures, and memes. Which of the following footprinting techniques did Rachel use to ¦nish her task? A. Google advanced search B. Meta search engines C. Reverse image search D. Advanced image search

C. Reverse image search

What information security law or standard aims at protecting stakeholders and the general public from accounting errors and fraudulent activities within organizations? A. FISMA B. PCI-DSS C. SOX D. ISO/IEC 27001:2013

C. SOX

Kate dropped her phone and subsequently encountered an issue with the phone's internal speaker. Thus, she is using the phone's loudspeaker for phone calls and other activities. Bob, an attacker, takes advantage of this vulnerability and secretly exploits the hardware of Kate's phone so that he can monitor the loudspeaker's output from data sources such as voice assistants, multimedia messages, and audio ¦les by using a malicious app to breach speech privacy. What is the type of attack Bob performed on Kate in the above scenario? A. SIM card attack B. aLTEr attack C. Spearphone attack D. Man-in-the-disk attack

C. Spearphone attack

What type of virus is most likely to remain undetected by antivirus software? A. Cavity virus B. Macro virus C. Stealth virus D. File-extension virus

C. Stealth virus

Jake, a professional hacker, installed spyware on a target iPhone to spy on the target user's activities. He can take complete control of the target mobile device by jailbreaking the device remotely and record audio, capture screenshots, and monitor all phone calls and SMS messages. What is the type of spyware that Jake used to infect the target device? A. DroidSheep B. Androrat C. Trident D. Zscaler

C. Trident

The security team of Debry Inc. decided to upgrade Wi-Fi security to thwart attacks such as dictionary attacks and key recovery attacks. For this purpose, the security team started implementing cutting-edge technology that uses a modern key establishment protocol called the simultaneous authentication of equals (SAE), also known as dragonfly key exchange, which replaces the PSK concept. What is the Wi-Fi encryption technology implemented by Debry Inc.? A. WPA B. WEP C. WPA3 D. WPA2

C. WPA3

Which wireless security protocol replaces the personal pre-shared key (PSK) authentication with Simultaneous Authentication of Equals (SAE) and is therefore resistant to offline dictionary attacks? A. Bluetooth B. WPA2-Enterprise C. WPA3-Personal D. ZigBee

C. WPA3-Personal

Is a type of phishing that targets high-profile executives such as CEOs, CFOs, politicians, and celebrities who have access to confidential and highly valuable information. A. Spear phishing B. Vishing C. Whaling D. Phishing

C. Whaling

Which among the following is the best example of the third step (delivery) in the cyber kill chain? A. An intruder creates malware to be used as a malicious attachment to an email. B. An intruder's malware is triggered when a target opens a malicious email attachment. C. An intruder's malware is installed on a targets machine. D. An intruder sends a malicious attachment via email to a target.

D. An intruder sends a malicious attachment via email to a target.

This type of injection attack does not show any error message. It is difficult to exploit as it returns information when the application is given SQL payloads that elicit a true or false response from the server. By observing the response, an attacker can extract sensitive information. What type of attack is this? A. Union SQL injection B. Error-based SQL injection C. Time-based SQL injection D. Blind SQL injection

D. Blind SQL injection

Mirai malware targets IoT devices. After infiltration, it uses them to propagate and create botnets that are then used to launch which types of attack? A. MITM attack B. Password attack C. Birthday attack D. DDoS attack

D. DDoS attack

Elante company has recently hired James as a penetration tester. He was tasked with performing enumeration on an organization's network. In the process of enumeration, James discovered a service that is accessible to external sources. This service runs directly on port 21. What is the service enumerated by James in the above scenario? A. Network File System (NFS) B. Remote procedure call (RPC) C. Border Gateway Protocol (BGP) D. File Transfer Protocol (FTP)

D. File Transfer Protocol (FTP)

Mike, a security engineer, was recently hired by BigFox Ltd. The company recently experienced disastrous DoS attacks. The management had instructed Mike to build defensive strategies for the company's IT infrastructure to thwart DoS/DDoS attacks. Mike deployed some countermeasures to handle jamming and scrambling attacks. What is the countermeasure Mike applied to defend against jamming and scrambling attacks? A. Allow the transmission of all types of addressed packets at the ISP level B. Disable TCP SYN cookie protection C. Allow the usage of functions such as gets and strcpy D. Implement cognitive radios in the physical layer

D. Implement cognitive radios in the physical layer

In this attack, an adversary tricks a victim into reinstalling an already-in-use key. This is achieved by manipulating and replaying cryptographic handshake messages. When the victim reinstalls the key, associated parameters such as the incremental transmit packet number and receive packet number are reset to their initial values. What is this attack called? A. Evil twin B. Chop chop attack C. Wardriving D. KRACK

D. KRACK

Which of the following tactics uses malicious code to redirect users' web traffic? A. Spear-phishing B. Phishing C. Spimming D. Pharming

D. Pharming

Jack, a disgruntled ex-employee of Incalsol Ltd., decided to inject ¦leless malware into Incalsol's systems. To deliver the malware, he used the current employees' email IDs to send fraudulent emails embedded with malicious links that seem to be legitimate. When a victim employee clicks on the link, they are directed to a fraudulent website that automatically loads Flash and triggers the exploit. What is the technique used by Jack to launch the ¦leless malware on the target systems? A. In-memory exploits B. Legitimate applications C. Script-based injection D. Phishing

D. Phishing

Robert, a professional hacker, is attempting to execute a fault injection attack on a target IoT device. In this process, he injects faults into the power supply that can be used for remote execution, also causing the skipping of key instructions. He also injects faults into the clock network used for delivering a synchronized signal across the chip. Which of the following types of fault injection attack is performed by Robert in the above scenario? A. Frequency/voltage tampering B. Optical, electromagnetic fault injection (EMFI) C. Temperature attack D. Power/clock/reset glitching

D. Power/clock/reset glitching

Becky has been hired by a client from Dubai to perform a penetration test against one of their remote o¨ces. Working from her location in Columbus, Ohio, Becky runs her usual reconnaissance scans to obtain basic information about their network. When analyzing the results of her Whois search, Becky notices that the IP was allocated to a location in Le Havre, France. Which regional Internet registry should Becky go to for detailed information? A. ARIN B. LACNIC C. APNIC D. RIPE

D. RIPE

Tony wants to integrate a 128-bit symmetric block cipher with key sizes of 128, 192, or 256 bits into a software program, which involves 32 rounds of computational operations that include substitution and permutation operations on four 32-bit word blocks using 8-variable S-boxes with 4-bit entry and 4-bit exit. Which of the following algorithms includes all the above features and can be integrated by Tony into the software program? A. CAST-128 B. RC5 C. TEA D. Serpent

D. Serpent

Calvin, a software developer, uses a feature that helps him auto-generate the content of a web page without manual involvement and is integrated with SSI directives. This leads to a vulnerability in the developed web application as this feature accepts remote user inputs and uses them on the page. Hackers can exploit this feature and pass malicious SSI directives as input values to perform malicious activities such as modifying and erasing server ¦les. What is the type of injection attack Calvin's web application is susceptible to? A. CRLF injection B. Server-side template injection C. Server-side JS injection D. Server-side includes injection

D. Server-side includes injection

Jane is working as a security professional at CyberSol Inc. She was tasked with ensuring the authentication and integrity of messages being transmitted in the corporate network. To encrypt the messages, she implemented a security model in which every user in the network maintains a ring of public keys. In this model, a user needs to encrypt a message using the receiver's public key, and only the receiver can decrypt the message using their private key. What is the security model implemented by Jane to secure corporate messages? A. Zero trust network B. Secure Socket Layer (SSL) C. Transport Layer Security (TLS) D. Web of trust (WOT)

D. Web of trust (WOT)

When considering how an attacker may exploit a web server, what is web server footprinting? A. When an attacker creates a complete pro¦le of the site's external links and ¦le structures B. When an attacker uses a brute-force attack to crack a web-server password C. When an attacker implements a vulnerability scanner to identity weaknesses D. When an attacker gathers system-level data, including account details and server names

D. When an attacker gathers system-level data, including account details and server names

Tony is a penetration tester tasked with performing a penetration test. After gaining initial access to a target system, he ¦nds a list of hashed passwords. Which of the following tools would not be useful for cracking the hashed passwords? A. Hashcat B. John the Ripper C. THC-Hydra D. netcat

D. netcat