CEH 1-50

A company's Web development team has become aware of a certain type of security vulnerability in their Web software. To mitigate the possibility of this vulnerability being exploited, the team wants to modify the software requirements to disallow users from entering HTML as input into their Web application.What kind of Web application vulnerability likely exists in their software? A. Cross-site scripting vulnerability B. SQL injection vulnerability C. Web site defacement vulnerability D. Gross-site Request Forgery vulnerability

A

What is the following command used for? sqlmap.py -u "http7/10.10.1.20/?p=1&forumaction=search" -dbs A. Retrieving SQL statements being executed on the database B. Creating backdoors using SQL injection C. Enumerating the databases in the DBMS for the URL D. Searching database statements at the IP address given

B

A company's policy requires employees to perform file transfers using protocols which encrypt traffic. You suspect some employees are still performing file transfers using unencrypted protocols because the employees do not like changes.You have positioned a network sniffer to capture traffic from the laptops used by employees in the data ingest department. Using Wireshark to examine the captured traffic, which command can be used as a display filter to find unencryptedfile transfers? A. tcp.port = = 21 B. tcp.port = 23 C. tcp.port = = 21 | | tcp.port = =22 D. tcp.port ! = 21

A

A network administrator discovers several unknown files in the root directory of his Linux FTP server. One of the files is a tarball, two are shell script files, and the third is a binary file is named "nc." The FTP server's access logs show that the anonymous user account logged in to the server, uploaded the files, and extracted the contents of the tarball and ran the script using a function provided by the FTP server's software. The ps command shows that the nc file is running as process, and the netstat command shows the nc process is listening on a network port.What kind of vulnerability must be present to make this remote attack possible? A. File system permissions B. Privilege escalation C. Directory traversal D. Brute force logi

A

An incident investigator asks to receive a copy of the event logs from all firewalls, proxy servers, and Intrusion Detection Systems (IDS) on the network of an organization that has experienced a possible breach of security. When the investigator attempts to correlate the information in all of the logs, the sequence of many of the logged events do not match up. What is the most likely cause? A. The network devices are not all synchronized. B. Proper chain of custody was not observed while collecting the logs. C. The attacker altered or erased events from the logs. D. The security breach was a false positive.

A

Bella, a security professional working at an IT firm, finds that a security breach has occurred while transferring important files. Sensitive data, employee usernames, and passwords are shared in plaintext, paving the way for hackers to perform successful session hijacking. To address this situation, Bella implemented a protocol that sends data using encryption and digital certificates.Which of the following protocols is used by Bella? A. FTPS B. FTP C. HTTPS D. IP

A

Calvin, a grey-hat hacker, targets a web application that has design flaws in its authentication mechanism. He enumerates usernames from the login form of the web application, which requests users to feed data and specifies the incorrect field in case of invalid credentials. Later, Calvin uses this information to perform social engineering.Which of the following design flaws in the authentication mechanism is exploited by Calvin? A. Password reset mechanism B. Insecure transmission of credentials C. User impersonation D. Verbose failure messages

A

CyberTech Inc. recently experienced SQL injection attacks on its official website. The company appointed Bob, a security professional, to build and incorporate defensive strategies against such attacks. Bob adopted a practice whereby only a list of entities such as the data type, range, size, and value, which have been approved for secured access, is accepted.What is the defensive technique employed by Bob in the above scenario? A. Whitelist validation B. Output encoding C. Blacklist validation D. Enforce least privileges

A

From the following table, identify the wrong answer in terms of Range (ft). Standard Range (ft) 802.11a 150-150 802.11b 150-150 802.11g 150-150 802.16 (WiMax) 30 miles A. 802.16 (WiMax) B. 802.11g C. 802.11b D. 802.11a

A

If executives are found liable for not properly protecting their company's assets and information systems, what type of law would apply in this situation? A. Criminal B. International C. Common D. Civil

D

Joel, a professional hacker, targeted a company and identified the types of websites frequently visited by its employees.Using this information, he searched for possible loopholes in these websites and injected a malicious script that can redirect users from the web page and download malware onto a victim's machine. Joel waits for the victim to access the infected web application so as to compromise the victim's machine.Which of the following techniques is used by Joel in the above scenario? A. Watering hole attack B. DNS rebinding attack C. MarioNet attack D. Clickjacking attack

A

Mary, a penetration tester, has found password hashes in a client system she managed to breach. She needs to use these passwords to continue with the test, but she does not have time to find the passwords that correspond to these hashes. Which type of attack can she implement in order to continue? A. Pass the hash B. Internal monologue attack C. LLMNR/NBT-NS poisoning D. Pass the ticket

A

Ralph, a professional hacker, targeted Jane, who had recently bought new systems for her company. After a few days, Ralph contacted Jane while masquerading as a legitimate customer support executive, informing that her systems needto be serviced for proper functioning and that customer support will send a computer technician. Jane promptly replied positively. Ralph entered Jane's company using this opportunity and gathered sensitive information by scanningterminals for passwords, searching for important documents in desks, and rummaging bins.What is the type of attack technique Ralph used on Jane? A. Impersonation B. Dumpster diving C. Shoulder surfing D. Eavesdropping

A

What does a firewall check to prevent particular ports and applications from getting packets into an organization? A. Transport layer port numbers and application layer headers B. Presentation layer headers and the session layer port numbers C. Network layer headers and the session layer port numbers D. Application layer port numbers and the transport layer headers

A

Which Nmap option would you use if you were not concerned about being detected and wanted to perform a very fast scan? A. -T5 B. -O C. -T0 D. -A

A

Which of the following is a component of a risk assessment? A. Administrative safeguards B. Physical security C. DMZ D. Logical interface

A

Which of the following is a low-tech way of gaining unauthorized access to systems? A. Social Engineering B. Eavesdropping C. Scanning D. Sniffing

A

Which of the following is not a Bluetooth attack? A. Bluedriving B. Bluesmacking C. Bluejacking D. Bluesnarfing

A

Which of the following tools is used to detect wireless LANs using the 802.11a/b/g/n WLAN standards on a Linux platform? A. Kismet B. Abel C. Netstumbler D. Nessus

A

Steve, a scientist who works in a governmental security agency, developed a technological solution to identify people based on walking patterns and implemented this approach to a physical control access. A camera captures peoplewalking and identifies the individuals using Steve's approach.After that, people must approximate their RFID badges. Both the identifications are required to open the door. In this case, we can say: A. Although the approach has two phases, it actually implements just one authentication factor B. The solution implements the two authentication factors: physical object and physical characteristic C. The solution will have a high level of false positives D. Biological motion cannot be used to identify people

B

The "Gray-box testing" methodology enforces what kind of restriction? A. Only the external operation of a system is accessible to the tester. B. The internal operation of a system in only partly accessible to the tester. C. Only the internal operation of a system is known to the tester. D. The internal operation of a system is completely known to the tester.

B

Chandler works as a pen-tester in an IT-firm in New York. As a part of detecting viruses in the systems, he uses a detection method where the anti-virus executes the malicious codes on a virtual machine to simulate CPU and memoryactivities.Which type of virus detection method did Chandler use in this context? A. Heuristic Analysis B. Code Emulation C. Scanning D. Integrity checking

B

Eric, a cloud security engineer, implements a technique for securing the cloud resources used by his organization. This technique assumes by default that a user attempting to access the network is not an authentic entity and verifies every incoming connection before allowing access to the network. Using this technique, he also imposed conditions such that employees can access only the resources required for their role.What is the technique employed by Eric to secure cloud resources? A. Demilitarized zone B. Zero trust network C. Serverless computing D. Container technology

B

John is investigating web-application firewall logs and observers that someone is attempting to inject the following:char buff[10];buff[10] = 'a';What type of attack is this? A. SQL injection B. Buffer overflow C. CSRF D. XSS

B

What would be the purpose of running "wget 192.168.0.15 -q -S" against a web server? A. Performing content enumeration on the web server to discover hidden folders B. Using wget to perform banner grabbing on the webserver C. Flooding the web server with requests to perform a DoS attack D. Downloading all the contents of the web page locally for further examination

B

Which of the following protocols can be used to secure an LDAP service against anonymous queries? A. NTLM B. RADIUS C. WPA D. SSO

B

Which of the following statements is TRUE? A. Packet Sniffers operate on the Layer 1 of the OSI model. B. Packet Sniffers operate on Layer 2 of the OSI model. C. Packet Sniffers operate on both Layer 2 & Layer 3 of the OSI model. D. Packet Sniffers operate on Layer 3 of the OSI model.

B

Bob, a network administrator at BigUniversity, realized that some students are connecting their notebooks in the wired network to have Internet access. In the university campus, there are many Ethernet ports available for professors andauthorized visitors but not for students.He identified this when the IDS alerted for malware activities in the network. What should Bob do to avoid this problem? A. Disable unused ports in the switches B. Separate students in a different VLAN C. Use the 802.1x protocol D. Ask students to use the wireless network

C

Due to a slowdown of normal network operations, the IT department decided to monitor internet traffic for all of the employees. From a legal standpoint, what would be troublesome to take this kind of measure? A. All of the employees would stop normal work activities B. IT department would be telling employees who the boss is C. Not informing the employees that they are going to be monitored could be an invasion of privacy. D. The network could still experience traffic slow down.

C

Hackers often raise the trust level of a phishing message by modeling the email to look similar to the internal email used by the target company. This includes using logos, formatting, and names of the target company. The phishing message will often use the name of the company CEO, President, or Managers. The time a hacker spends performing research to locate this information about a company is known as? A. Exploration B. Investigation C. Reconnaissance D. Enumeration

C

In an attempt to increase the security of your network, you implement a solution that will help keep your wireless network undiscoverable and accessible only to those that know it.How do you accomplish this? A. Delete the wireless network B. Lock all users C. Disable SSID broadcasting D. Remove all passwords

C

Juliet, a security researcher in an organization, was tasked with checking for the authenticity of images to be used in the organization's magazines. She used these images as a search query and tracked the original source and details of the images, which included photographs, profile pictures, and memes.Which of the following foot printing techniques did Rachel use to finish her task? A. Google advanced search B. Meta search engines C. Reverse image search D. Advanced image search

C

Richard, an attacker, targets an MNC. In this process, he uses a footprinting technique to gather as much information as possible. Using this technique, he gathers domain information such as the target domain name, contact details of its owner, expiry date, and creation date. With this information, he creates a map of the organization's network and misleads domain owners with social engineering to obtain internal details of its network.What type of footprinting technique is employed by Richard? A. VoIP footprinting B. Email footprinting C. Whois footprinting D. VPN footprinting

C

To create a botnet, the attacker can use several techniques to scan vulnerable machines. The attacker first collects information about a large number of vulnerable machines to create a list. Subsequently, they infect the machines. The listis divided by assigning half of the list to the newly compromised machines. The scanning process runs simultaneously. This technique ensures the spreading and installation of malicious code in little time.Which technique is discussed here? A. Subnet scanning technique B. Permutation scanning technique C. Hit-list scanning technique. D. Topological scanning technique

C

Todd has been asked by the security officer to purchase a counter-based authentication system. Which of the following best describes this type of system? A. A biometric system that bases authentication decisions on behavioral attributes. B. A biometric system that bases authentication decisions on physical attributes. C. An authentication system that creates one-time passwords that are encrypted with secret keys. D. An authentication system that uses passphrases that are converted into virtual passwords.

C

What useful information is gathered during a successful Simple Mail Transfer Protocol (SMTP) enumeration? A. A list of all mail proxy server addresses used by the targeted host. B. The internal command RCPT provides a list of ports open to message traffic. C. The two internal commands VRFY and EXPN provide a confirmation of valid users, email addresses, aliases, and mailing lists. D. Reveals the daily outgoing message limits before mailboxes are locked.

C

When conducting a penetration test, it is crucial to use all means to get all available information about the target network. One of the ways to do that is by sniffing the network. Which of the following cannot be performed by the passive network sniffing? A. Capturing a network traffic for further analysis B. Collecting unencrypted information about usernames and passwords C. Modifying and replaying captured network traffic D. Identifying operating systems, services, protocols and devices

C

When configuring wireless on his home router, Javik disables SSID broadcast. He leaves authentication "open" but sets the SSID to a 32-character string of random letters and numbers.What is an accurate assessment of this scenario from a security perspective? A. Since the SSID is required in order to connect, the 32-character string is sufficient to prevent brute-force attacks. B. Disabling SSID broadcast prevents 802.11 beacons from being transmitted from the access point, resulting in a valid setup leveraging "security through obscurity". C. It is still possible for a hacker to connect to the network after sniffing the SSID from a successful wireless association. D. Javik's router is still vulnerable to wireless hacking attempts because the SSID broadcast setting can be enabled using a specially crafted packet sent to the hardware address of the access point.

C

Which of the following Bluetooth hacking techniques does an attacker use to send messages to users without the recipient's consent, similar to email spamming? A. Bluesmacking B. BlueSniffing C. Bluejacking D. Bluesnarfing

C

Which of the following allows attackers to draw a map or outline the target organization's network infrastructure to know about the actual environment that they are going to hack? A. Vulnerability analysis B. Malware analysis C. Scanning networks D. Enumeration

C

Which of the following program infects the system boot sector and the executable files at the same time? A. Polymorphic virus B. Stealth virus C. Multipartite Virus D. Macro virus

C

You have gained physical access to a Windows 2008 R2 server, which has an accessible disc drive. When you attempt to boot the server and log in, you are unable to guess the password. In your toolkit, you have an Ubuntu 9.10 LinuxLiveCD. Which Linux-based tool can change any user's password or activate disabled Windows accounts? A. John the Ripper B. SET C. CHNTPW D. Cain & Abel

C

__________ is a type of phishing that targets high-profile executives such as CEOs, CFOs, politicians, and celebrities who have access to confidential and highly valuable information. A. Spear phishing B. Vishing C. Whaling D. Phishing

C

An attacker has installed a RAT on a host. The attacker wants to ensure that when a user attempts to go to "www.MyPersonalBank.com", the user is directed to a phishing site. Which file does the attacker need to modify? A. Boot.ini B. Sudoers C. Networks D. Hosts

D

Based on the below log, which of the following sentences are true? Mar 1, 2016, 7:33:28 AM 10.240.250.23 - 54373 10.249.253.15 - 22 tcp_ip A. Application is FTP and 10.240.250.23 is the client and 10.249.253.15 is the server. B. Application is SSH and 10.240.250.23 is the server and 10.249.253.15 is the client. C. SSH communications are encrypted; it's impossible to know who is the client or the server. D. Application is SSH and 10.240.250.23 is the client and 10.249.253.15 is the server.

D

Becky has been hired by a client from Dubai to perform a penetration test against one of their remote offices. Working from her location in Columbus, Ohio, Becky runs her usual reconnaissance scans to obtain basic information about their network.When analyzing the results of her Whois search, Becky notices that the IP was allocated to a location in Le Havre, France.Which regional Internet registry should Becky go to for detailed information? A. ARIN B. LACNIC C. APNIC D. RIPE

D

Internet Protocol Security IPsec is actually a suite pf protocols. Each protocol within the suite provides different functionality. Collective IPsec does everything except. A. Protect the payload and the headers B. Encrypt C. Work at the Data Link Layer D. Authenticate

D

This type of injection attack does not show any error message. It is difficult to exploit as it returns information when the application is given SQL payloads that elicit a true or false response from the server. By observing the response, anattacker can extract sensitive information.What type of attack is this? A. Union SQL injection B. Error-based SQL injection C. Time-based SQL injection D. Blind SQL injection

D

Which Metasploit Framework tool can help penetration tester for evading Anti-virus Systems? A. msfpayload B. msfcli C. msfd D. msfencode

D

You have been authorized to perform a penetration test against a website. You want to use Google dorks to footprint the site but only want results that show file extensions. What Google dork operator would you use? A. inurl B. site C. ext D. filetype

D