CEH 4700 quizzes
Which of the following techniques is used to compromise session IDs, with an attacker intruding into an existing connection between systems and attempting to intercept the messages being transmitted? a. Fragmentation attack b. Man-in-the-middle attack c. Client-side attack d. Man-in-the-browser attack
b. Man-in-the-middle attack
Which of the following port numbers is used by the Trojans Zeus, OceanSalt, and Shamoon? a. Port 443 b. Port 8080 c. Port 80 d. Port 11000
b. Port 8080
Which of the following types of software vulnerability occurs due to coding errors and allows attackers to gain access to the target system? a. Buffer overflow b. Misconfiguration c. Open services d. Unpatched servers
a. Buffer overflow
What type of information is gathered by an attacker through Whois database analysis and tracerouting? a. DNS records and related information b. Publicly available email addresses c. Usernames, passwords, and so on d. Background of the organization
a. DNS records and related information
Which of the following techniques does an attacker use to snoop on the communication between users or devices and record private information to launch passive attacks? a. Eavesdropping b. Privilege escalation c. Session hijacking d. Spoofing
a. Eavesdropping
Which of the following ping methods is effective in identifying active hosts similar to the ICMP timestamp ping, specifically when the administrator blocks the conventional ICMP ECHO ping? a. ICMP address mask ping scan b. UDP ping scan c. ICMP ECHO ping sweep d. ICMP ECHO ping scan
a. ICMP address mask ping scan
In which of the following attacks does an attacker abuse cloud file synchronization services, such as Google Drive and DropBox, for data compromise, command and control, data exfiltration, and remote access? a. Man-in-the-cloud attack b. Cloud hopper attack c. Cloud cryptojacking d. Cloudborne attack
a. Man-in-the-cloud attack
Which of the following constructs of the container network model comprises the container network stack configuration for the management of container interfaces, routing tables, and DNS settings? a. Sandbox b. Network c. Endpoint d. Bridge
a. Sandbox
What is the output returned by search engines when extracting critical details about a target from the Internet? a. Search engine results pages ("SERPs") b. Operating systems, location of web servers, users, and passwords c. Open ports and services d. Advanced search operators
a. Search engine results pages ("SERPs")
Which of the following techniques is used by an attacker to mimic legitimate institutions such as banks and steal sensitive information such as login passwords and credit-card and bank-account data? a. Spear-phishing sites b. Black-hat SEO c. Social-engineered click-jacking d. Malvertising
a. Spear-phishing sites
Which of the following port number is used to exploit vulnerabilities within DNS servers to launch attacks? a. TCP/UDP 53 b. TCP 139 c. TCP/UDP 135 d. UDP 137
a. TCP/UDP 53
Which of the following IOS Global commands is used to configure the number of DHCP packets per second (pps) that an interface can receive? a. ip dhcp snooping limit rate b. ip dhcp snooping trust c. show ip dhcp snooping d. ip dhcp snooping
a. ip dhcp snooping limit rate
Which of the following NTP commands determines where the NTP server obtains the time from and follows the chain of NTP servers back to its primary time source? a. ntptrace b. ntpdc c. ntpdate d. ntpq
a. ntptrace
Which of the following IDS/firewall evasion techniques is used by an attacker to bypass Internet censors and evade certain IDS and firewall rules? a. Sending bad checksums b. Anonymizers c. Source port manipulation d. IP address decoy
b. Anonymizers
Which of the following is the most effective technique in identifying vulnerabilities or flaws in the web page code? a. Packet analysis b. Code analysis c. Data analysis d. Traffic analysis
b. Code analysis
Which of the following categories of mobile risk covers binary patching, local resource modification, method hooking, method swizzling, and dynamic memory modification? a. Reverse engineering b. Code tampering c. Extraneous functionality d. Client code quality
b. Code tampering
Which of the following techniques is used by an attacker to exploit a host computer and results in the IDS discarding packets while the host that must receive the packets accepts them? a. Fragmentation attack b. Evasion c. Session splicing d. Obfuscation
b. Evasion
Which of the following techniques is used to create complex search engine queries? a. Yahoo search b. Google hacking c. Bing search d. DuckDuckGo
b. Google hacking
In which of the following types of injection attacks does an attacker exploit vulnerable form inputs, inject HTML code into a webpage, and change the website appearance? a. Shell injection b. HTML injection c. File injection d. HTML embedding
b. HTML injection
In which of the following password attacks does an attacker gather a password database, split each password entry into two- and three-character syllables to develop a new alphabet, and then match it with the existing password database? a. Fingerprint attack b. Markov-chain attack c. Combinator attack d. PRINCE attack
b. Markov-chain attack
Which of the following attacks allows an attacker to encode portions of the attack with Unicode, UTF-8, Base64, or URL encoding to hide their attacks and avoid detection? a. Authentication hijacking b. Obfuscation application c. Network access attack d. Cookie snooping
b. Obfuscation application
In which of the following attacks does an attacker inject an additional malicious query into an original query to make the DBMS execute multiple SQL queries? a. Tautology b. Piggybacked query c. System stored procedure d. Illegal/logically incorrect query
b. Piggybacked query
In which of the following attacks does an attacker seize control of a valid TCP communication session between two computers and gain access to a machine while a session is in progress? a. Brute forcing b. Session hijacking c. Spoofing attack d. Client-side attack
b. Session hijacking
Given below are the different steps involved in the post-assessment phase of vulnerability management. 1 Remediation 2 Monitoring 3 Risk assessment 4 Verification Identify the correct sequence of steps in the Post Assessment Phase. a. 3 → 2 → 4 → 1 b. 2 → 1 → 3 → 4 c. 3 → 1 → 4 → 2 d. 1 → 2 → 3 → 4
c. 3 → 1 → 4 → 2
Which of the following techniques is used by an attacker to gain unauthorized access to a target network and remain undetected for a long period of time? a. Spear-phishing sites b. Insider threat c. Advanced persistent threat d. Diversion theft
c. Advanced persistent threat
Which of the following methods detects an intrusion based on the fixed behavioral characteristics of the users and components of a computer system? a. Bastion host b. Protocol anomaly detection c. Anomaly detection d. Signature recognition
c. Anomaly detection
In which of the following techniques does the attacking host itself transfer the attack toolkit to a newly discovered vulnerable system, exactly when it breaks into that system? a. Back-chaining propagation b. Spyware propagation c. Autonomous propagation d. Central source propagation
c. Autonomous propagation
In which of the following IoT communication models does a device upload its data to the cloud to be later accessed or analyzed by third parties? a. Device-to-cloud communication model b. Device-to-gateway communication model c. Back-end data-sharing communication model d. Device-to-device communication model
c. Back-end data-sharing communication model
If an attacker is able to access the email contact list, text messages, photos, etc. on your mobile device, then what type of attack did the attacker employ? a. Bluebugging b. BlueSniff c. Bluesnarfing d. Bluesmacking
c. Bluesnarfing
In which of the following attack types does an attacker modify the content of a web page by examining its HTML code and identifying form fields that lack valid constraints? a. Buffer overflow attack b. Directory traversal c. Command injection attack d. Cross-site scripting (XSS) attack
c. Command injection attack
In which of the following database technologies is the SQL query [SELECT * FROM syscat.columns WHERE tabname= 'tablename'] used for column enumeration? a. MSSQL b. MySQL c. DB2 d. Oracle
c. DB2
In which of the following attacks does an attacker use a malicious script to exploit poorly patched vulnerabilities in an IoT device? a. Side channel attack b. Replay attack c. Exploit kits d. Sybil attack
c. Exploit kits
Which of the following techniques allows an attacker to achieve higher-level access and authorizations to perform further malicious activities on an ICS system or network? a. Activity profiling b. Network address translation c. Hooking d. Obfuscating
c. Hooking
Which of the following is a technique used by an attacker masquerading as a trusted host to conceal their identity for hijacking browsers or gaining unauthorized access to a network? a. Port scanning b. Banner grabbing c. IP address spoofing d. Firewalking
c. IP address spoofing
Which of the following security misconfigurations supports weak algorithms and uses expired or invalid certificates, resulting in data exposure and account theft? a. Improper error handling b. Parameter/form tampering c. Insufficient transport layer protection d. Unvalidated inputs
c. Insufficient transport layer protection
Which of the following is the layer in the cloud storage architecture that performs several functions such as data de-duplication and data replication? a. Back-end layer b. Front-end layer c. Middleware layer d. Application layer
c. Middleware layer
In which of the following techniques does an attacker use cache poisoning to redirect the connection between an IP address and its target server? a. Skimming b. Pretexting c. Pharming d. Wardriving
c. Pharming
Which of the following network attacks relies on sending an abnormally large packet size that exceeds TCP/IP specifications? a. Smurf attack b. SYN flooding c. Ping of death d. TCP hijacking
c. Ping of death
What is the TCP/IP-based protocol used for exchanging management information between devices connected to a network? a. NNTP b. IMAP c. SNMP d. POP
c. SNMP
In which of the following hacking phases does an attacker try to detect listening ports to find information about the nature of services running on the target machine? a. Clearing tracks b. Gaining access c. Scanning d. Maintaining access
c. Scanning
In which of the following social engineering contexts does an attacker create a feeling of urgency in a decision-making process and controls the victim's state of mind to obtain information? a. Authority b. Intimidation c. Scarcity d. Consensus
c. Scarcity
In which of the following attack types does an attacker alter the visual appearance of a web page by injecting code to add image popups or text? a. Web-server misconfiguration b. Web cache poisoning c. Website defacement d. Server-side request forgery
c. Website defacement
Which of the following TCP communication flags confirms the receipt of a transmission and identifies the next expected sequence number? a. FIN flag b. RST flag c. SYN flag d. ACK flag
d. ACK flag
In which of the following attacks does an attacker select a series of ciphertexts and then observe the resulting plaintext blocks? a. Chosen-key attack b. Midnight attack c. Ciphertext-only attack d. Adaptive chosen-ciphertext attack
d. Adaptive chosen-ciphertext attack (this one is kinda sus)
In a GNSS spoofing technique, attackers track the receiver's position and identify the deviation from the original location to a fake one. Identify this technique. a. Interrupting the lock mechanism b. Meaconing method c. Cancellation methodology d. Drag-off strategy
d. Drag-off strategy
Which of the following objectives of cryptography defines the trustworthiness of data or resources in terms of preventing improper and unauthorized changes? a. Confidentiality b. Nonrepudiation c. Authentication d. Integrity
d. Integrity
Which of the following types of rootkits replaces original system calls with fake ones to hide information about the attacker? a. Hypervisor-level rootkit b. Boot-loader-level rootkit c. Hardware/firmware rootkit d. Library-level rootkit
d. Library-level rootkit
In which of the following attacks is the practice of spying on the user of a cash-dispensing machine or other electronic device performed in order to obtain their personal identification number, password, and so on? a. Piggybacking b. Dumpster diving c. Tailgating d. Shoulder surfing
d. Shoulder surfing
Which of the following encryption techniques is used in WPA? a. AES b. DES c. RSA d. TKIP
d. TKIP
Which of the following misconfigured services allows attackers to deploy Windows OS without the intervention of an administrator? a. Unquoted service paths b. Modifiable registry autoruns c. Service object permissions d. Unattended installs
d. Unattended installs
