CEH Exam Mega Guide
Jonathan, a solutions architect with a start-up, was asked to redesign the company's web infrastructure to meet the growing customer demands. He proposed the following architecture to the management: https://gyazo.com/3b8ed7f1d417d0e376bb4a7facd7f854 What is Jonathan's primary objective? (A) Ensuring high availability (B) Ensuring confidentiality of the data (C) Ensuring integrity of the application servers (D) Proper user authentication
A
Juan is the administrator of a Windows domain for a global corporation. He uses his knowledge to scan the internal network to find vulnerabilities without the authorization of his boss; he tries to perform an attack and gain access to an AIX server to show the results to his boss. What kind of role is shown in the scenario? (A) Gray Hat hacker (B) White Hat hacker (C) Annoying Employee (D) Black Hat hacker
A
Marin is using the mitmf tool during a penetration test and after few minutes this is what pops up on the screen. https://gyazo.com/f236b38e6142c7a952aaeb131b191dbf A few seconds later though, the hash is different. https://gyazo.com/1a8ef848907300ff5af44c0d94de9a75 (A) This is Microsoft NTLMv2 hash—it's salted, so it will be different for every new request. (B) This is Microsoft NTLMv2 hash. It's different because this is another user accessing the website. (C) This is Microsoft NTLMv2 hash. It's different because user is visiting another website. Each website will have its own unique hash. (D) This is Microsoft NTLMv2 hash. It's different because user changed the password in the meantime
A
On a Linux device, which of the following commands will start the Nessus client in the background so that the Nessus server can be configured? (A) nessus & (B) nessus + (C) nessus -d (D) nessus *s
A
Passive reconnaissance involves collecting information through which of the following? (A) Publicly Accessible Sources (B) Trace-route analysis (C) Social Engineering (D) Email tracking
A
Ransomware encrypts the files and locks systems, thereby leaving the system in an unusable state. The compromised user has to pay ransom to the attacker to unlock the system and get the files decrypted. Petya delivers malicious code can that even destroy the data with no scope of recovery. What is this malicious code called? (A) Payload (B) Bot (C) Vulnerability (D) Honeypot
A
A covert channel is a channel that: (A) Transfers information via a communication path within a computer system, or network for transfer of data (B) Transfers information over, within a computer system, or network that is outside of the security policy. (C) Transfers information over, within a computer system, or network that is encrypted. (D) Transfers information over, within a computer system, or network that is within the security policy
B
A hacker is attempting to see which ports have been left open on a network. Which NMAP switch would the hacker use? (A) -sU (B) -sO (C) -sS (D) -sP
B
Which one of the following is a Google search query used for VoIP footprinting to extract Cisco phone details? (A) intitle:"D-Link VoIP Router" "Welcome" (B) inurl:"NetworkConfiguration" cisco (C) inurl:"ccmuser/logon.asp" (D) inurl:/voice/advanced/ intitle:Linksys SPA configuration
B
While performing a UDP scan of a subnet, you receive an ICMP reply of Code 3/Type 3 for all the pings you have sent out. What is the most likely cause of this? (A) UDP port is open (B) UDP port is closed (C) The firewall is dropping the packets (D) The host does not respond to ICMP packets
B
You are doing a research on SQL injection attacks. Which of the following combination of Google operators will you use to find all Wikipedia pages that contain information about SQL, injection attacks or SQL injection techniques? (A) site: Wikipedia.org intitle:"SQL Injection" (B) SQL Injection site:Wikipedia.org (C) allinurl: Wikipedia.org intitle:"SQL Injection" (D) site:Wikipedia.org related:"SQL Injection"
B
(A) DNS Lookup (B) Traceroute (C) WhoIs Lookup (D) TCP/IP
C
A CEH is approached by a friend who believes her husband is cheating. She offers to pay to break into her husband's email account in order to find proof so she can take him to court. What is the ethical response? (A) Say yes; do the job for free (B) Say no; make sure the friend knows the risk she's asking the CEH to take (C) Say no; the friend is not the owner of the account (D) Say yes; the friend needs help to gather evidence
C
A penetration tester is attempting to scan an internal corporate network from the Internet without alerting the border sensor. Which of the following techniques should the tester consider using? (A) Scanning using fragmented IP packets (B) Tunneling over high port numbers (C) Tunneling scan over SSH (D) Spoofing an IP address
C
Which of the following regional internet registries (RIRs) provides services related to the technical coordination and management of Internet number resources in Canada, the United States, and many Caribbean and North Atlantic islands? (A) LACNIC (B) APNIC (C) ARIN (D) AFRINIC
C
Which of the following resources does NMAP need to be used as a basic vulnerability scanner covering several vectors like SMB, HTTP and FTP? (A) Nessus scripting engine (B) SAINT scripting engine (C) NMAP scripting engine (D) Metasploit scripting engine
C
Which of the following tools allows an attacker to extract information such as sender identity, mail server, sender's IP address, location, and so on? (A) Website Mirroring Tools (B) Metatdata Extraction Tools (C) Email Tracking Tools (D) Web Updates Monitoring Tools
C
Which of the following tools would be the best choice for achieving compliance with PCI Requirement 11? (A) Clamwin (B) Sub7 (C) Nessus (D) Trucrypt
C
Which term refers to common software vulnerabilities that happen due to coding errors allowing attackers to get access to the target system ? (A) Banner Grabbing (B) Port Scanning (C) Buffer Overflows (D) Active Footprinting
C
Which tool includes a graphical and command line interface that can perform local or remote scans of Microsoft Windows systems? (A) Wireshark (B) Netcraft (C) Microsoft Baseline Security Analyzer (MBSA) (D) FOCA
C
You are performing a port scan with Nmap. You are in hurry and conducting the scans at the fastest possible speed. However, you don't want to sacrifice reliability for speed. If stealth is not an issue, what type of scan should you run to get very reliable results? (A) Fragmented packet scan (B) Stealth scan (C) Connect scan (D) XMAS scan
C
James has published personal information about all senior executives of Essential Securities Bank on his blog website. He has collected all this information from multiple social media websites and publicly accessible databases. What is this known as? (A) Doxing (B) Impersonation (C) Phishing (D) Social Engineering
A
A hacker is attempting to use nslookup to query Domain Name Service (DNS). The hacker uses the nslookup interactive mode for the search. Which command should the hacker type into the command shell to request the appropriate records? (A) Set type=ns (B) Request type=ns (C) Transfer type=ns (D) Locate type=ns
A
A newly discovered flaw in a software application would be considered as which kind of security vulnerability? (A) Zero-day vulnerability (B) Input validation flaw (C) HTTP header injection vulnerability (D) Time-to-check to time-to-use flaw
A
A pen tester was hired to perform penetration testing on an organization. The tester was asked to perform passive footprinting on the target organization. Which of the following techniques comes under passive footprinting? (A) Finding the top-level domains (TLDs) and sub-domains of a target through web services (B) Querying published name servers of the target (C) Performing social engineering (D) Performing trace-route analysis
A
A security consultant is trying to bid on a large contract that involves penetration testing and reporting. The company accepting bids wants proof of work, so the consultant prints out several audits that they have performed for previous companies. Which of the following is likely to occur as a result? (A) The consultant may expose vulnerabilities of other companies. (B) The consultant will ask for money on the bid because of the great work (C) The company accepting bids will hire the consultant because of the great work performed (D) The company accepting bids will want the same type of format of testing
A
An NMAP scan of a server shows port 25 is open. What risk could this pose? (A) Active Mail Relay (B) Web portal data leak (C) Open printer sharing (D) Clear text authentication
A
An attacker is using the scanning tool Hping to scan and identify live hosts, open ports, and services running on a target network. He/she wants to collect all the TCP sequence numbers generated by the target host. Which of the following Hping commands he/she needs to use to gather the required information? (A) hping3 <Target IP> -Q -p 139 -s (B) hping3 -F -P -U 10.0.0.25 -p 80 (C) hping3 -A <Target IP> -p 80 (D) hping3 -S <Target IP> -p 80 --tcp-timestamp
A
Cristine is the CEO of a global corporation that has several branch offices around the world. The company employs over 300 workers, half of whom use computers. Recently, the company suffered from a ransomware attack that disrupted many services, and many people have written to Cristine with questions about why it happened. She asks Edwin, the systems administrator, about servers that have encrypted information. Edwin explains to Cristine that the servers have a screen asking about bitcoins to pay to decrypt the information, but he does not know why. What team does the company lack? (A) CSIRT (B) Vulnerability Management Team (C) Administrators Team (D) Unencrypt Team
A
Highlander, Incorporated, is a medical insurance company with several regional company offices in North America. Employees, when in the office, utilize desktop computers that have Windows 10, Microsoft Office, anti-malware/virus software, and an insurance application developed by a contractor. All of the software updates and patches are managed by the IT department of Highlander, Incorporated. Group policies are used to lock down the desktop computers, including the use of Applocker to restrict the installation of any third-party applications. There are one hundred employees who work from their home offices. Employees who work from home use their own computers, laptops, and personal smartphones. They authenticate to a cloud-based domain service, which is synchronized with the corporate internal domain service. The computers are updated and patched through the cloud-based domain service. Applocker is not used to restrict the installation of third-party applications. The database that hosts the information collected from the insurance application is hosted on a cloud-based file server, and their email server is hosted on Office 365. Other files created by employees get saved to a cloud-based file server, and the company uses work folders to synchronize offline copies back to their devices. A competitor learns that employees use their own personal smartphones to communicate with other employees of Highlander, Incorporated. Which information security attack vector should the competitor use to gather information over a long period of time from the phones, without the victim being aware that he or she has been compromised? (A) Advanced Persistent Threat (B) Mobile Threats (C) Viruses and worms (D) Botnet
A
How does an attacker perform a "social engineered clickjacking" attack? (A) By injecting malware into legitimate-looking websites to trick users by clicking them (B) By mimicking legitimate institutions, such as banks, in an attempt to steal passwords and credit card (C) By exploiting flaws in browser software to install malware merely by visiting a website (D) By attaching a malicious file to an e-mail and sending the e-mail to a multiple target address
A
InfoTech Security hired a penetration tester Sean to do physical penetration testing. On the first day of his assessment, Sean goes to the company posing as a repairman and starts checking trash bins to collect the sensitive information. What is Sean trying to do? (A) Trying to attempt social engineering by dumpster diving (B) Trying to attempt social engineering by shoulder surfing (C) Trying to attempt social engineering by eavesdropping (D) Trying to attempt social engineering using phishing
A
Smith works as a professional Ethical Hacker with a large MNC. He is a CEH certified professional and was following the CEH methodology to perform the penetration testing. He is assigned a project for information gathering on a client's network. He started penetration testing and was trying to find out the company's internal URLs, (mostly by trial and error), looking for any information about the different departments and business units. Smith was unable to find any information. What should Smith do to get the information he needs? (A) Smith should use online services such as netcraft.com to find the company's internal URLs. (B) Smith should use website mirroring tools such as HTTrack Website Copier to find the company's internal URLs (C) (D) Smith should use email tracking tools such as eMailTrackerPro to find the company's internal URLs
A
What is the outcome of the command "nc -l -p 2222 | nc 10.1.0.43 1234"? (A) Netcat will listen on port 2222 and output anything received to a remote connection on 10.1.0.43 port 1234. (B) Netcat will listen on 10.1.0.43 interface for 1234 seconds on port 2222 (C) Netcat will listen for a connection from 10.1.0.43 on port 1234 and output anything received to port 2222. (D) Netcat will listen on port 2222 and then output anything received to local interface 10.1.0.43.
A
Which of the following countermeasure helps organizations to prevent information disclosure through banner grabbing? (A) Configure IIS (B) Implement VPN (C) TCP/IP and IPSec (D) Configure Web Servers
A
Which of the following is a network threat? (A) Session Hijacking (B) SQL Injection (C) Arbitrary Code Execution (D) Privilege Escalation
A
Which of the following is an active reconnaissance technique? (A) Scanning a system by using tools to detect open port (B) Collecting information about a target from search engines (C) Collecting contact information from yellow pages (D) Performing Dumpster Diving
A
Which of the following is considered an acceptable option when managing a risk? (A) Mitigate the risk (B) Deny the risk (C) Reject the risk (D) Initiate the risk
A
Which of the following malware types restricts access to the computer system's files and folders, and demands a payment to the malware creator(s) in order to remove the restrictions? (A) Ransomeware (B) Trojan Horse (C) Adware (D) Spyware
A
Which of the following parameters enables NMAP's operating system detection feature? (A) NMAP =O (B) NMAP -oS (C) NMAP -sV (D) NAMP -sC
A
Which of the following settings enables Nessus to detect when it is sending too many packets and the network pipe is approaching capacity? (A) Reduce parallel connections on congestion (B) Consider unscanned ports as closed (C) Netstat WMI Scan (D) Silent Dependencies
A
Which of the following technique is used to gather information about the target without direct interaction with the target? (A) Passive Footprinting (B) Enumeration (C) Active Footprinting (D) Scanning
A
Which of the following tools will scan a network to perform vulnerability checks and compliance auditing? (A) Nessus (B) NMAP (C) BeEF (D) Metasploit
A
Which of the following utility uses the ICMP protocol concept and Time to Live ('TTL') field of IP header to find the path of the target host in the network? (A) Traceroute (B) Whois (C) TCP/IP (D) DNS Lookup
A
Which one of the following is a Google search query used for VPN footprinting to find Cisco VPN client passwords ? (A) "[main]" "enc_GroupPWD=" ext:txt (B) "Config" intitle:"Index of" intext:vpn (C) filetype:pcf "cisco" "GroupPwd" (D) inurl:/remote/login?lang=en
A
You are the security administrator of Xtrinity, Inc. You write security policies and conduct assessments to protect the company's network. During one of your periodic checks to see how well policy is being followed by the employees, you discover that an employee has attached his laptop to his personal 4G Wi-Fi device. He has used this 4G connection to download certain files from the Internet, thereby bypassing your firewall. A security policy breach has occurred as a direct result of this activity. The employee explains that he used the modem because he had to download software for a department project. How would you resolve this situation? (A) Enforce the corporate security policy (B) Install a network-based IDS (C) Conduct a needs analysis (D) Reconfigure the Firewall
A
A penetration tester was hired to perform a penetration test for a bank. The tester began searching for IP ranges owned by the bank, performing lookups on the bank's DNS servers, reading news articles online about the bank, watching the bank employees time in and out, searching the bank's job postings (paying special attention to IT-related jobs), and visiting the local dumpster for the bank's corporate office. What phase of the penetration test is the tester currently in? (A) Information Reporting (B) Passive Information Gathering (C) Active Information Gathering (D) Vulnerability Assessment
B
An NMAP scan of a server shows port 69 is open. What risk could this pose? (A) Weak SSL version (B) Unauthenticated access (C) Web portal data leak (D) Cleartext login
B
An e-commerce site was put into a live environment and the programmers failed to remove the secret entry point (bits of code embedded in programs) that was used during the application development to quickly gain access at a later time, often during the testing or debugging phase. What is this secret entry point known as? (A) SDLC Process (B) Trap Door (C) Honey Pot (D) SQL Injection
B
If a tester is attempting to ping a target that exists but receives no response or a response that states the destination is unreachable, ICMP may be disabled and the network may be using TCP. Which other option could the tester use to get a response from a host using TCP? (A) Broadcast ping (B) Hping (C) Tracroute (D) TCP ping
B
Sohum is carrying out a security check on a system. This security check involves carrying out a configuration-level check through the command line in order to identify vulnerabilities such as incorrect registry and file permissions, as well as software configuration errors. Which type of assessment is performed by Sohum? (A) External Assessment (B) Host based Assessment (C) Network based Assessment (D) Internal Assessment
B
Stephany is the leader of an information security team of a global corporation that has several branch offices around the world. In the past six months, the company has suffered several security incidents. The CSIRT explains to Stephany that the incidents have something in common: the source IP addresses of all the incidents are from one of the new branches. A lot of the outsourcing staff come to this office to connect their computers to the LAN. What is the most accurate security control to implement to resolve the primary source of the incidents? (A) Internal Firewall (B) Network access control (NAC) (C) Antimalware application (D) Awareness to employees
B
Tesla is running an application with debug enabled in one of its system. Under which category of vulnerabilities can this flaw be classified? (A) Design Flaws (B) Misconfiguration (C) Operating System Flaws (D) Unpatched servers
B
What information is gathered about the victim using email tracking tools? (A) Information on an organization's web pages since their creation (B) Recipient's IP address, Geolocation, PRoxy detection, Operating system and Browser Information (C) Username of the clients, operating systems, email addresses, and list of software (D) Targeted contact data, extracts the URL and meta tag for website promotion
B
What is the correct order of steps in the system hacking cycle? (A) Escalating Privileges -> Gaining Access -> Executing Applications -> Covering Tracks -> Hiding Files (B) Gaining Access -> Escalating Privileges -> Executing Applications -> Hiding Files -> Covering Tracks (C) Executing Applications -> Gaining Access -> Covering Tracks -> Escalating Privileges -> Hiding Files (D) Covering Tracks -> Hiding Files -> Escalating Privileges -> Executing Applications -> Gaining Access
B
What results will the following command yield? nmap -sS -O -p 123-153 192.168.100.3 (A) A stealth scan, opening port 123 and 153 (B) A stealth scan, determine operating system, and scanning ports 123 to 153. (C) A stealth scan, checking all open ports excluding ports 123 to 153 (D) A stealth scan, checking open ports 123 to 153
B
Which of the following Hping3 command is used to perform ACK scan? (A) hping3 -8 50-60 -S <IP Address> -V (B) hping3 -A <IP Address> -p 80 (C) hping3 -2 <IP Address> -p 80 (D) hping3 -1 <IP Address> -p 80
B
Which of the following database is used to delete the history of the target website? (A) TCP-IP and IPSec filters (B) archive.org (C) Whois Lookup database (D) Implement VPN
B
Which of the following is NOT an objectives of network scanning? (A) Discover the network's live hosts (B) Discover the usernames and passwords (C) Discover the services running (D) Discover the services running
B
Which of the following network attacks relies on sending an abnormally large packet size that exceeds TCP/IP specifications? (A) Smurf Attack (B) Ping of death (C) TCP hijacking (D) SYN flooding
B
Which of the following open source tools would be the best choice to scan a network for potential targets? (A) John the Ripper (B) NMAP (C) hashcat (D) Cain & Abel
B
Which of the following scanning tools is specifically designed to find potential exploits in Microsoft Windows products? (A) Core Impact (B) Microsoft Baseline Security Analyzer (C) Retina (D) Microsoft Security Baseline Analyzer
B
Which of the following techniques is used to distribute malicious links via some communication channel such as mails to obtain private information from the victims? (A) Vishing (B) Phishing (C) Dumpster Diving (D) Piggybacking
B
Which of the following techniques rely on tunneling to transmit one protocol data in another protocol? (A) Steganography (B) A covert channel (C) Asymmetric routing (D) Scanning
B
Which of the following term refers to the process of reducing the severity of vulnerabilities in vulnerability management life cycle? (A) Vulnerability Assessment (B) Remediation (C) Risk Assessment (D) Verification
B
Which of the following tools consists of a publicly available set of databases that contain personal information of domain owners? (A) Metadata extraction tools (B) WHOIS lookup tools (C) Web spidering tools (D) Traceroute tools
B
Which of the following tools provides comprehensive vulnerability management for mobile devices, smartphones, and tablets? (A) FaceNiff (B) Retina CS for Mobile (C) zANTI (D) Pamn IP Scanner
B
A penetration tester is conducting a port scan on a specific host. The tester found several open ports that were confusing in concluding the operating system (OS) version installed. Considering the NMAP result below, which of the following is likely to be installed on the target machine by the OS? Starting NMAP 7.70 at 2018-03-15 11:06 NMAP scan report for 172.16.40.65 Host is up (1.00s latency). Not shown: 993 closed ports PORT STATE SERVICE 21/tcp open ftp 23/tcp open telnet 80/tcp open http 139/tcp open netbios-ssn 515/tcp open 631/tcp open ipp 9100/tcp open MAC Address: 00:00:48:0D:EE:89 (A) The host is likely a Windows machine (B) The host is likely a router (C) The host is likely a printer (D) The host is likely a Linux machine
C
A security engineer is attempting to perform scanning on a company's internal network to verify security policies of their networks. The engineer uses the following NMAP command: nmap -n -sS -P0 -p 80 ***.***.**.** What type of scan is this? (A) Comprehensive Scan (B) Intense Scan (C) Stealth Scan (D) Quick Scan
C
A technician is resolving an issue where a computer is unable to connect to the Internet using a wireless access point. The computer can transfer files locally to other machines, but cannot successfully reach the Internet. When the technician examines the IP address and default gateway, they are both on the 192.168.1.0/24. Which of the following has occurred? (A) The computer is using an invalid IP address (B) The gateway and the computer are not on the same network (C) The gateway is not routing to a public IP address (D) The computer is not using a private IP address
C
Anonymous, a known hacker group, claim to have taken down 20,000 Twitter accounts linked to Islamic State in response to the Paris attacks that left 130 people dead. How can you categorize this attack by Anonymous? (A) Cracking (B) Spoofing (C) Hacktivism (D) Social Engineering
C
Highlander, Incorporated, is a medical insurance company with several regional company offices in North America. Employees, when in the office, utilize desktop computers that have Windows 10, Microsoft Office, anti-malware/virus software, and an insurance application developed by a contractor. All the software updates and patches are managed by the IT department of Highlander, Incorporated. Group policies are used to lock down the desktop computers, including the use of Applocker to restrict the installation of any third-party applications. There are one hundred employees who work from their home offices. Employees who work from home use their own computers, laptops, and personal smartphones. They authenticate to a cloud-based domain service, which is synchronized with the corporate internal domain service. The computers are updated and patched through the cloud-based domain service. Applocker is not used to restrict the installation of third-party applications. The laptops utilize direct access to automatically connect their machines to the Highlander, Incorporated, network when they are not in the regional offices. The laptops are set up to use IPsec when communicating with the cloud-based file server. The protocol that they have chosen is Authentication Header (AH). The database that hosts the information collected from the insurance application is hosted on a cloud-based file server, and their email server is hosted on Office 365. Other files created by employees get saved to a cloud-based file server, and the company uses work folders to synchronize offline copies back to their devices. Based on the knowledge of the network topology, which of the main elements of information security has Highlander, Incorporated, NOT addressed in its plans for its laptops? (A) Integrity (B) Availability (C) Confidentiality (D) Authenticity
C
In which of the following hacking phases does an attacker try to detect listening ports to find information about the nature of services running on the target machine? (A) Maintaining Access (B) Cleaning Tracks (C) Scanning (D) Gaining access
C
Information gathered from social networking websites such as Facebook, Twitter, and LinkedIn can be used to launch which of the following types of attacks? (A) SQL Injection Attack (B) Distributed denial of service attack (C) Social engineering attack (D) Smurf Attack
C
What is the correct order for vulnerability management life cycle? (A) Verification → vulnerability assessment → monitor → remediation → creating baseline → risk assessment (B) Verification → risk assessment → monitor → remediation → creating baseline → vulnerability assessment (C) Creating baseline → vulnerability assessment → risk assessment → remediation → verification → monitor (D) Monitor → risk assessment → remediation → verification → creating baseline → vulnerability assessment
C
What is the objective of a reconnaissance phase in a hacking life- cycle? (A) Gaining access to the target system with admin/root level privileges (B) Gaining access to the target system and network (C) Gathering as much information as possible about the target (D) Identifying specific vulnerabilities in the target network
C
Which Google search query will search for any configuration files a target certifiedhacker.com may have? (A) site: certifiedhacker.com intext:xml | intext:conf | intext:cnf | intext:reg | intext:inf | intext:rdp | intext:cfg | intext:txt | intext:ora | intext:ini (B) allinurl: certifiedhacker.com ext:xml | ext:conf | ext:cnf | ext: reg | ext:inf | ext:rdp | ext:cfg | ext:txt | ext:ora | ext:ini (C) site: certifiedhacker.com filetype:xml | filetype:conf | filetype:cnf | filetype:reg | filetype:inf | filetype:rdp | filetype:cfg | filetype:txt | filetype:ora | filetype:ini (D) site: certifiedhacker.com ext:xml || ext:conf || ext:cnf || ext: reg || ext:inf || ext:rdp || ext:cfg || ext:txt || ext:ora || ext:ini
C
Which element in a vulnerability scanning report allows the system administrator to obtain additional information about the scanning such as the origin of the scan? (A) Target information (B) Services (C) Classification (D) Scan Information
C
Which of the following business challenges could be solved by using a vulnerability scanner? (A) Auditors want to discover if all systems are following a standard naming convention. (B) There is an urgent need to remove administrator access from multiple machines for an employee who quit. (C) There is a monthly requirement to test corporate compliance with host application usage and security policies. (D) A web server was compromised and management needs to know if any future systems were compromised.
C
Which of the following is a routing protocol that allows the host to discover the IP addresses of active routers on their subnet by listening to router advertisement and soliciting messages on their network? (A)DHCP (B) DNS (C) IRDP (D) ARP
C
A computer technician is using the latest version of a word- processing software and discovers that a particular sequence of characters is causing the entire computer to crash. The technician researches the bug and discovers that no one else has experienced the problem. What is the appropriate next step? (A) Find an underground bulletin board and attempt to sell the bug to the highest bidder (B) Ignore the problem completely and let someone else deal with it (C) Create a document that will crash the computer when opened and send it to friends (D) Notify the vendor of the bug and do not disclose it until the vendor gets a chance to issue a fix
D
A hacker is attempting to see which IP addresses are currently active on a network. Which NMAP switch would the hacker use? (A) -sT (B) -sS (C) -sU (D) -sn
D
An ethical hacker for a large security research firm performs penetration tests, vulnerability tests, and risk assessments. A friend recently started a company and asks the hacker to perform a penetration test and vulnerability assessment of the new company as a favor. What should the hacker's next step be before starting work on this job? (A) Begin the reconnaissance phase with passive information gathering and then move into active information gathering (B) Start by foot-printing the network and mapping out the plan of attack (C) Use social engineering techniques on the friend's employees to help identify areas that may be susceptible to attack (D) Define the penetration testing scope
D
International Organization for Standardization (ISO) standard 27002 provides guidance for compliance by outlining (A) Financial soundness and business viability metrics (B) Standard practice for configuration mangement (C) Contract agreement writing standards (D) Guidelines and practices for security controls
D
Sanya is a security analyst in a multinational company who wants to schedule scans across multiple scanners, use wizards to easily and quickly create policies and wants to send results via email to her boss. Which vulnerability assessment tool should she use to get the best results? (A) Wireshark (B) Recon-ng (C) FOCA (D) Nessus Professional
D
Sean works as a penetration tester in ABC firm. He was asked to gather information about the target company. Sean begins with social engineering by following the steps: - Secretly observes the target to gain critical information - Looks at employee's password or PIN code with the help of binoculars or a low-power telescope Based on the above description, identify the social engineering technique. (A) Phishing (B) Dumpster Diving (C) Tailgating (D) Shoulder Surfing
D
SecTech Inc. is worried about the latest security incidents and data theft reports. The management wants a comprehensive vulnerability assessment of the complete information system at the company. However, SecTech does not have the required resources or capabilities to perform a vulnerability assessment. They decide to purchase a vulnerability assessment tool to test a host or application for vulnerabilities. Which of the following factors should the organization NOT consider while purchasing a vulnerability assessment tool? (A) Types of vulnerabilities being assessed (B) Test run scheduling (C) Functionality for writing own tests (D) Links to patches
D
Stephany is worried because in the past six weeks she has received two and three times the amount of e-mails that she usually receives, and most of it is not related to her work. What kind of problem is Stephany facing? (A) External attack (B) Phishing (C) Malware (D) SPAM
D
What type of OS fingerprinting technique sends specially crafted packets to the remote OS and analyzes the received response? (A) Distributive (B) Passive (C) Reflective (D) Active
D
Which NMAP command combination would let a tester scan every TCP port from a class C network that is blocking ICMP with fingerprinting and service detection? (A) NMAP -P0 -A -O -p1-65535 192.168.0/24 (B) NMAP -PN -O -sS -p 1-1024 192.168.0/8 (C) NMAP -P0 -A -sT -p0-65535 192.168.0/16 (D) NMAP -PN -A -O -sS 192.168.2.0/24
D
Which NMAP feature can a tester implement or adjust while scanning for open ports to avoid detection by the network's IDS? (A) ICMP ping sweep to determine which hosts on the network are not available (B) Traceroute to control the path of the packets sent during the scan (C) Fingerprinting to identify which operating systems are running on the network (D) Timing options to slow the speed that the port scan is conducted
D
Which among the following is not a metric for measuring vulnerabilities in common vulnerability scoring system (CVSS)? (A) Base Metrics (B) Environmental Metrics (C) Temporal Metrics (D) Active Metrics
D
Which assessment focuses on transactional Web applications, traditional client-server applications, and hybrid systems? (A) Wireless network assessment (B) Passive assessment (C) Active assessment (D) Application assessment
D
Which of the following Rootkit Trojans performs targeted attacks against various organizations and arrives on the infected system by being downloaded and executed by the Trickler dubbed "DoubleFantasy," covered by TSL20110614-01 (Trojan.Win32.Micstus.A)? (A) Hardware/firmware rootkit (B) Boot loader level rootkitc (C) GrayFish rootkit (D) EquationDrug rootkit
D
Which of the following hping command performs UDP scan on port 80? (A) hping3 -F -P -U <IP Address> -p 80 (B) hping3 -1 <IP Address> -p 80 (C) hping3 -A <IP Address> -p 80 (D) hping3 -2 <IP Address> -p 80
D
Which of the following statements correctly defines a zero-day attack? (A) An attack that exploits vulnerabilities after the software developer releases a patch for the vulnerability (B) An attack that could not exploit vulnerabilities even though the software developer has not released a patch (C) An attack that exploits an application even if there are zero vulnerabilities (D) An attack that exploits vulnerabilities before the software developer releases a patch for the vulnerability
D
Which of the following techniques helps the attacker in identifying the OS used on the target host in order to detect vulnerabilities on a target system? (A) Source routing (B) Port scanning (C) IP address decoy (D) Banner grabbing
D
Which of the following techniques is used to create complex search engine queries? (A) Bing Search (B) Yahoo Search (C) DuckDuckGo (D) Google hacking
D
Which results will be returned with the following Google search query? site:target.com -site:Marketing.target.com accounting (A) Results from matches on the site marketing.target.com that are in the domain target.com but do not include the word accounting (B) Results matching all words in the query (C) Results for matches on target.com and Marketing.target.com that include the word "accounting" (D) Results matching "accounting" in domain target.com but not on the site Marketing.target.com
D
Which type of assessment tools are used to find and identify previously unknown vulnerabilities in a system? (A) Scope assessment tools (B) Active Scanning Tools (C) Application-layer vulnerability assessment tools (D) Depth assessment tools
D
