CEH Domain 1: Background
Which of the following best describes a script kiddie?
A hacker who uses scripts written by much more talented individuals.
Which of the following best describes a lock shim?
A thin, stiff piece of metal.
Which of the following IDS detection types compare behavior to baseline profiles or network behavior baselines?
Anomaly-based Anomaly-based detection compares behavior to baseline profiles or network behavior baselines. These baseline profiles are used to define what is normal behavior on the network or host.
Which of the following is an open-source web server technology?
Apache Web Server Apache Web Server (or Apache HTTP Server) is an open-source web server that is the most widely used web server technology.
Heather is in the middle of performing a penetration test when her client asks her to also check the security of an additional server. Which of the following documents does she need to submit before performing the additional task?
Change order When a change to the scope of work is requested, a change order should be filled out and agreed on. Once this is done, the additional tasks can be completed.
Which of the following steps in an Android penetration test checks for a vulnerability hackers use to break down the browser's sandbox using infected JavaScript code?
Check for a cross-application-scripting error Checking for a cross-application-scripting error requires investigating vulnerabilities in the Android browser. Hackers use this vulnerability to break down the browser's sandbox using infected JavaScript code.
Joelle, an app developer, created an app using two-factor authentication (2FA) and requires strong user passwords. Which of the following IoT security challenges is she trying to overcome?
Default, weak, and hardcoded credentials Many IoT devices allow weak or default passwords, which are easy to attack and break. The main problem is that there's no set regulation for IoT authentication, only guidelines. Some ways to strengthen IoT devices with authentication are to use two-factor authentication (2FA) and enforce strong passwords or certificates.
What are the four primary systems of IoT technology?
Devices, gateway, data storage, and remote control
What does an organization do to identify areas of vulnerability within their network and security systems?
Risk assessment The purpose of a risk assessment is to identify areas of vulnerability within the organization's network. The risk assessment should look at all areas, including high value data, network systems, web applications, online information, and physical security, including operating systems and web servers. This is done before beginning a penetration test.
A client asking for small deviations from the scope of work is called:
Scope creep In project management, one of the most dangerous things to look out for is scope creep. This is when the client begins asking for small deviations from the scope of work. This can cause the project to go off track and increase the time and resources needed to complete it.
Which of the following best describes shoulder surfing?
Someone nearby watches you enter your password on your computer and records it. Shoulder surfing is watching and recording a password, pin, or access code that is being entered by someone nearby.
You are instant messaging a coworker, and you get a malicious link. Which type of social engineering attack is this?
Spim Spim is a malicious link sent to the target over instant messaging.
An IT technician receives an IDS alert on the company network she manages. A seemingly random user now has administration privileges in the system, some files are missing, and other files seem to have just been created. Which of the following alerts did this technician receive?
True positive A true positive alert is when an event triggers an alarm and causes the IDS to react as if a real attack is in progress. A false positive occurs if an event triggers an alarm when no actual attack is in progress. A true negative is a condition that occurs when an IDS identifies an activity as acceptable behavior and the activity is authorized and accepted. A false negative is a condition that occurs when an IDS fails to react to an actual attack event.
YuJin drove his smart car to the beach to fly his drone in search of ocean animal activity. Which of the following operation systems are most likely being used by his car and drone?
Integrity RTOS and snappy Nucleus and Integrity RTOS are both used in the aerospace, industrial, automotive, and medical sectors. Snappy, or Ubuntu Core, is used for drones, robots, and so on.
Strict supply chain management, comprehensive supplier assessment, HR resource requirements, transparent information security and management, compliance reporting, and a security breach notification process are defenses against which of the following cloud computing threats?
Malicious insiders Malicious insiders are usually resentful people who have some kind of connection with a company or cloud service. The best defense is to have strict supply chain management, comprehensive supplier assessment, HR resource requirements, transparent information security and management, compliance reporting, and a security breach notification process.
Which of the following is considered a mission-critical application?
Medical database Some applications are considered mission-critical and need to be off-limits to avoid any down time. This can include financial processing, medical databases, or other sensitive applications.
Which of the following is another name for the signature-based detection method?
Misuse detection The system compares traffic to known signatures in the signature file database. Remember, signature IDS systems rely on matching signatures to pattern traffic, or signature keys, in the signature file database.
Using a fictitious scenario to persuade someone to perform an action or give information they aren't authorized to share is called:
Pretexting Pretexting is using a fictitious scenario to persuade someone to perform an action or give information they aren't authorized to share.
Linda, an Android user, wants to remove unwanted applications (bloatware) that are pre-installed on her device. Which of the following actions must she take?
Root the Android device. Rooting overcomes the security restrictions imposed by the Android device's manufacturer to: Visually change the appearance or theme. Increase performance by overclocking the CPU or GPU. Remove bloatware that comes pre-installed on the device.
Miguel is performing a penetration test. His client needs to add Miguel's computer to the list of devices allowed to connect to the network. What type of security exception is this?
Whitelisting
