CEH V 11 2 of 4

Abel, a security professional, conducts penetration testing in his client organization to check for any security loopholes. He launched an attack on the DHCP server by broadcasting forged DHCP requests and leased all the DHCP addresses available in the DHCP scope until the server could not issue any more IP addresses. This led to a Dos attack, and as a result , legitimate employees were unable to access the client's network. Which of the following attack did Abel perform in the above scenario? Option 1 : Rogue DHCP server attack Option 2 : VLAN hopping Option 3 : STP attack Option 4 : DHCP starvation

DHCP starvation

Louis, a professional hacker, had used specialized tools or search engines to encrypt all his browsing activity and navigate anonymously to obtain sensitive/hidden information about official government or federal databases. After gathering the information, he successfully performed an attack on the target government organization without being traced. Which of the following techniques is described in the above scenario? Option 1 : VoIP footprinting Option 2 : Dark web footprinting Option 3 : Website footprinting Option 4 : VPN footprinting

Dark web footprinting

While testing a web application in development, you notice that the web server does not properly ignore the "dot dot slash" (../) character string and instead returns the file listing of a folder structure of the server.What kind of attack is possible in this scenario? Option 1 : Denial of service Option 2 : Cross-site scripting Option 3 : SQL injection Option 4 : Directory traversal

Directory traversal

Annie, a cloud security engineer, uses the Docker architecture to employ a client/server model in the application she is working on. She utilizes a component that can process API requests and handle various Docker objects, such as containers, volumes, images, and networks. What is the component of the Docker architecture used by Annie in the above scenario? Option 1 : Docker daemon Option 2 : Docker client Option 3 : Docker objects Option 4 : Docker registries

Docker daemon

Morris, a professional hacker, performed a vulnerability scan on a target organization by sniffing the traffic on the network to identify the active systems, network services, applications, and vulnerabilities. He also obtained the list of the user who are currently accessing the network. What is the type of vulnerability assessment that Morris performed on the target organization? Option 1 : Credential assessment Option 2 : Internal assessment Option 3 : External assessment Option 4 : Passive assessment

Passive assessment

In the Common Vulnerability Scoring System (CVSS) v3.1 severity ratings, what range does medium vulnerability fall in? Option 1 : 4.0-6.9 Option 2 : 3.9-6.9 Option 3 : 3.0-6.9 Option 4 : 4.0-6.0

4.0-6.9

Allen, a professional pen tester, was hired by XpertTech solution to perform an attack simulation on the organization's network resources. To perform the attack, he look advantage of the NetBIOS API and targeted the NetBIOS service. By enumerating NetBIOS, he found that port 139 was open and could see the resources that could be accessed or viewed on a remote system. He came across many NetBIOS codes during enumeration. Identify the NetBIOS code used for obtaining the messenger service running for the logged-in user? Option 1 : <00> Option 2 : <1B> Option 3 : <03> Option 4 : <20>

<03>

Joe works as an IT administrator in an organization and has recently set up a cloud computing service for the organization. To implement this service, he reached out to a telecom company for providing Internet connectivity and transport services between the organization and the cloud service provide. In the NIST cloud deployment reference architecture, under which category does the telecom company fall in the above scenario? Option 1 : Cloud auditor Option 2 : Cloud consumer Option 3 : Cloud carrier Option 4 : Cloud broker

Cloud carrier

Samuel a security administrator, is accessing the configuration of a web server. He noticed that the server permits SSLv2 connections, and the same private key certificate is used on a different server that allows SSLv2 connections. This vulnerability makes the web server vulnerable to attack as the SSLv2 server can leak key information. Which of the following attack can be performed by exploiting the above vulnerability? Option 1 : Padding oracle attack Option 2 : DUHK attack Option 3 : DROWN attack Option 4 : Side-channel attack

DROWN attack

Ricardo has discovered the username for an application in his target's environment. As he has a limited amount of time, he decides to attempt to use a list of common password he found on Internet. He compiles them into a list and then feeds that list as an argument into his password-cracking application. What type of attack is Ricardo performing? Option 1 : Dictionary Option 2 : Password Spraying Option 3 : Known plaintext Option 4 : Brute force

Dictionary

Bella, a security professional working at an IT firm, finds that a security breach has occurred while transferring important files. Sensitive data, employee username, and passwords are shared in plaintext, paving the way for hackers to perform successful session hijacking. To address this situation, Bella implemented a protocol that sends data using encryption and digital certifications. Which of the following protocols is used by Bella? Option 1 : HTTPS Option 2 : FTP Option 3 : IP Option 4 : FTPS

HTTPS

To create a botnet, the attacker can use several technique to scan vulnerable machines. The attacker first collects information about a large number of vulnerable machines to create a list. Subsequently, they infect the machines. The list is divided by assigning half of the list to the newly compromised machines. The scanning process runs simultaneously. This technique ensure the spreading and installation of malicious code in little time. Which technique is discussed here ?

Hit-list scanning technique

Steve, an attacker, created a fake profile on a social media website and sent a request to Stella. Stella was enthralled by Steve 's profile picture and the description given for his profile, and she conversation with him soon after accepting the request. After a few days, Steve started asking about her company details and eventually gathered all the essential information regarding her company. What is the social engineering technique Steve employed in the above scenario? Option 1 : Baiting Option 2 : Honey trap Option 3 : Diversion theft Option 4 : Piggybacking

Honey trap

Emily, an extrovert obsessed with social media, posts a large amount of private information, photographs, and location tags of recently visited places. Realizing this, James, a professional hacker, targets Emily and acquaintances, conducts a location search to detect their geolocation by using an automated tool, and gathers information to perform other sophisticated attacks. What is tool employed by James in the above scenario? Option 1 : Ophcrack Option 2 : HootSuite Option 3 : HULK Option 4 : VisualRoute

HootSuite

A newly joined employee, Janet, has been allocated an existing system used by a previous employee. Before issuing the system to Janet, it was assessed by Martin, the administrator. Martin found that there were possibilities of compromise through user directories, registries, and other system parameters. He also identified vulnerabilities such as native configuration tables, incorrect registry or file permissions, and software configuration errors. What is the type of vulnerability assessment performed by Martin? Option 1 : Distributed assessment Option 2 : Database assessment Option 3 : Credentialed assessment Option 4 : Host-based assessment

Host-based assessment

John, a professional hacker, targeted an organization that uses LDAP for accessing distributed directory services. He used an automated tool to anonymously query the LDAP service for sensitive information such as username, addresses, departmental details, and server names to launch further attacks on the target organization. What is tool employed by John to gather information from the LDAP services? Option 1 : Zabasearch Option 2 : EarthExplorer Option 3 : Jxplorer Option 4 : ike-scan

Jxplorer

Garry is a network administrator in an organization. He uses SNMP to manage networked devices from a remote location. To manage nodes in the network, he uses MIB, which contain formal descriptions of all network objects managed by SNMP. He accesses the contents of MIB by using a web browser either by entering the IP address and Lseries.mib or by entering the DNS library name and Lseries.mib. He is currently retrieving information from an MIB that contains object types for workstations and server services.Which of the following types of MIB is accessed by Garry in the above scenario? Option 1 : DHCP.MIB Option 2 : LNIMIB2.MIB Option 3 : WINS.MIB Option 4 : MIB_II.MIB

MIB_II.MIB

Kevin, a professional hacker, wants to penetrate CyberTech Inc.'s network. He employed a technique, using which he encoded packets with Unicode characters. The company's IDS cannot recognize the packet, but the target web server can decode them.What is the technique used by Kevin to evade the IDS system? Option 1 : Desynchronization Option 2 : Obfuscating Option 3 : Session splicing Option 4 : Urgency flag

Obfuscating

Ethical hacker Jane Doe is attempting to crack the password of the head of the IT department of ABC company. She is utilizing a rainbow table and notices upon entering a password that extra characters are added to the password after submitting. What countermeasure is the company using to protect against rainbow tables? Option 1: Password key hashing Option 2: Account lockout Option 3: Password salting Option 4 : Password hashing

Password salting

David is a security professional working in an organization, and he is implementing a vulnerability management program in the organization to evaluate and control the risk and vulnerabilities in its IT infrastructure. He is currently executing the process of applying fixes on vulnerable systems to reduce the impact and severity of vulnerabilities. Which phase of the vulnerability management life cycle is David currently in? Option 1 : Vulnerability scan Option 2 : Verification Option 3 : Remediation Option 4 : Risk assessment

Remediation

Richard, an attacker, aimed to hack IoT devices connected to a target network. In this process, Richard recorded the frequency required to share information between connected devices. After obtaining frequency, he captured the original data when commands were initiated by the connected devices. Once the original data were collected, he used free tools such as URH to segregate the commands sequence. Subsequently, he started injecting the segregated command sequence on the same frequency into the IoT network, which repeats the captured signals of the devices. What is the type of attack performed by Richard in the above Scenario? Option 1 : Replay attack Option 2 : Cryptanalysis attack Option 3 : Side-channel attack Option 4 : Reconnaissance attack

Replay attack

Bill is a network administrator. He wants to eliminate unencrypted traffic inside his company's network. He decides to setup a SPAN port and capture all traffic to the datacenter. He immediately discovers unencrypted traffic in port UDP 161. What protocol is this port using and how can he secure that traffic? Option 1 : RPC and the best practice is to disable RPC completely Option 2 : SNMP and he should change it to SNMP V2, which is encrypted Option 3 : It is not necessary to perform any actions, as SNMP is not carrying important information Option 4 : SNMP and he should change it to SNMP V3

SNMP and he should change it to SNMP V3

Robin, a professional hacker, targeted an organization's network to sniff all the traffic. During this process, Robin plugged in a rough switch to an unused port in the LAN with a priority lower than any other switch in the network so that he could make it a root bridge that will later allow him to sniff all the traffic in the network. What is the attack performed by Robin in above scenario? Option 1 : ARP spoofing attack Option 2 : VLAN hopping attack Option 3 : DNS poisoning attack Option 4 : STP attack

STP attack

During the enumeration phase, Lawrence performs banner grabbing to obtain information such as OS details and versions of services running. The service that he enumerated runs directly on TCP port 445. Which of the following services is enumerated by Lawrence in this scenario? Option 1 : Telnet Option 2 : Network File System (NFS) Option 3 : Server Message Block (SMB) Option 4 : Remote procedure call (RPC)

Server Message Block (SMB)

Samuel, a professional hacker, monitored and intercepted already established traffic between Bob and host machine to predict Bob 's ISN. Using this ISN, Samuel sent spoofed packets with Bob 's IP address to the host machine. The host machine responded with a packet having an incremented ISN. Consequently, Bob 's connection got hung, and Samuel was able to communicate with the host machine on behalf of Bob. What is the type of attack performed by Samuel in the above scenario? Option 1 : TCP/IP hijacking Option 2 : UDP hijacking Option 3 : Forbidden attack Option 4 : Blind hijacking

TCP/IP hijacking

You are a penetration tester and are about to perform a scan on a specific server. The agreement that you signed with the client contains the following specific condition for the scan: "The attacker must scan every port on the server several times using a set of spoofed sources IP addresses. " Suppose that you are using Nmap to perform this scan. What flag will you use to satisfy this requirement? Option 1 : The -A flag Option 2 : The -g flag Option 3 : The -f flag Option 4 : The -D flag

The -D flag

Abel, a cloud architect, uses container technology to deploy applications/software including all its dependencies, such as libraries and configuration files, binaries, and other resources that run independently from other processes in the cloud environment. For the containerization of applications, he follows the five-tier container technology architecture. Currently, Abel is verifying and validating image contents, signing images, and sending them to the registries.Which of the following tiers of the container technology architecture is Abel currently working in? Option 1 : Tier-1 : Developer machines Option 2 : Tier-4 : Orchestrators Option 3 : Tier-3 : Registries Option 4 : Tier-2 : Testing and accreditation systems

Tier-2 : Testing and accreditation systems

Taylor, a security professional, uses a tool to monitor her company's website, analyze the website's traffic, and track the geographical location of the users visiting the company's website. Which of the following tools did Taylor employ in the above scenario? Option 1 : WAFW00F Option 2 : Webroot Option 3 : Web-Stat Option 4 : Website-Watcher

Web-Stat

George is a security professional working for iTech Solution. He was tasked with securely transferring sensitive data of the organization between industrial systems. In this process, he used a short-range communication protocol based on the IEEE 203.15.4 standard. This protocol is used in devices that transfer data infrequently at a low rate in a restricted area, within a range of 10-100m. What is the short-range wireless communication technology George employed in the above scenario? Option 1 : Zigbee Option 2 : LPWAN Option 3 : NB-IoT Option 4 : MQTT

Zigbee

Steven connected his iPhone to a public computer that had been infected by Clark, an attacker. After establishing the connection with the public computer, Steven enabled iTunes WI-FI sync on the computer so that the device could continue communication with that computer even after being physically disconnected. Now, Clark gains access to Steven's iPhone through the infected computer and is able to monitor and read all of Steven's activity on the iPhone, even after the device is out of the communication zone.Which of the following attacks is performed by Clark in above scenario? Option 1 : iOS Jailbreaking Option 2 : Exploiting SS7 vulnerability Option 3 : iOS trustjacking Option 4 : Man-in-the-disk attack

iOS trustjacking