CEH Practice Questions (607)

Ron, a customer support intern, exploited default configurations and settings of the off-the-shelf libraries and code used in the company's CRM platform. How will you categorize this attack? Operation System Attack Mis-Configuration Attack Application-level attack Shrink-wrap code attack

Shrink-Wrap code attack.

Which initial procedure should an ethical hacker perform after being brought into an organization? begin security testing. turn over deliverables. sign a formal contract with a non-disclosure clause or agreement. assess what the organization is trying to protect.

Sign a formal contract with a non-disclosure clause or agreement.

Which Google search query can you use to find mail lists dumped on pastebin.com allinurl: pastebin.com intitle: "mail lists:. site: pastebin.com intext: *@*.com:* cache: pastebin.com intitle: *@*.com* allinurl:pastebin.com intitle:*@*.com:*

Site: Pastebin.com intext: *@*.com:*

A security consultant is trying to bid on a large contract that involves penetration testing and reporting. The company accepting bids wants proof of work, so the consultant prints out several audits, that they have performed for previous companies. Which of the following is likely to occur as a result? The consultant will ask for money on the bid because of great work. The consultant may expose vulnerabilities of other companies. The company accepting bids will want the same type of format of testing. The company accepting bids will hire the consultant because of the great work performed.

The consultant may expose vulnerabilities of other companies.

Which one of the following is a Google search query used for VPN footprinting to find Cisco VPN client passwords? filetype:pcf "cisco" "grouppwd". "[main]?"enc_GroupPwd="ext:txt. "config" intitle. "index of" intext:vpn. inurl:/remote/login?lang=en.

"[main""enc_GroupPwd=" ext:txt

The open web application security project (owasp) testing methodology address the need to secure web applications by providing which one of the following services? An extensible security framework named COBIT. A list of flaws and how to fix them. Web application patches A security certification for hardened web applications.

A list of flaws and how to fix them.

Which of the following statements correctly defines a zero-day attack? An attack that exploits vulnerabilities before the software developer releases a patch for the vulnerability. an attack that exploits vulnerabilities after the software developer releases a patch for the vulnerability. an attack that could not exploit vulnerabilities even though the software developer has not released a patch. an attack that exploits an application even if there are zero vulnerabilities

A: An attack that exploits vulnerabilities before the software developer releases a patch for the vulnerability

A penetration tester is attempting to scan an internal corporate network from the internet without alerting the border sensor. Which of the following techniques should the tester consider using? Spoofing an IP address. Tunneling scan over SSH. Tunneling over high port numbers. Scanning using fragmented IP packets.

Tunneling scan over SSH.

While performing a UDP scan of a subnet, you receive an ICMP reply of Code 3/ Type 3 for all the pings you have sent out. What is the most likely cause of this? The firewall is dropping the packets. UDP port is closed. UDP port is open. The host does not respond to ICMP packets.

UDP port is closed

Which of the following countermeasure helps organizations to prevent information disclosure through banner grabbing? Configure iis. Configure web servers. TCP/IP and IPsec. Implement VPN.

Configure IIS.

Which of the following terms refers to gaining access to one network and/or computer and then using the same to gain access to multiple networks and computers that contain desirable information? doxing daisy chaining social engineering kill chain

Daisy chaining.

Which of the following does not fall under the scope of ethical hacking? Risk assessment Vulnerability scanning Pen Testing Defense-in-depth implementation

Defense in depth implementation

Juan is the administrator of a Windows domain for a global corporation. He uses his knowledge to scan the internal network to find vulnerabilities without the authorization of his boss; he tries to perform an attack and gain access to an AIX server to sow the results to his boss. What kind of role is shown in his scenario? Gray hat hacker black hat hacker white hat hacker annoying employee

Gray Hat Hacker

Anonymous, a known hacker group, claim to have taken down 20,000 twitter accounts linked to Islamic state in response to the Paris attacks that left 130 people dead. How can you categorize this attack by anonymous? Spoofing Cracking Hacktivism Social Engineering

Hacktivism

Individuals who promote security awareness a political agenda by performing hacking are known as: Hacktivist Cyber Terrorists Script Kiddies Suicide hackers

Hacktivist

If a tester is attempting to ping a target that exists but receives no response or a response that states the destination is unreachable, ICMP may be disabled and the network may be using TCP. Which other option could the tester use to get a response from a host using TCP? A. Hping B. Traceroute C. TCP ping D. Broadcast ping

Hping.

An IT security engineer notices that the company's web server is currently being hacked. What should the engineer do next? Unplug the network connection on the company's web server. Determine the origin of the attack and launch a counterattack. Record as much information as possible from the attack perform a system restart on the company's web server.

Unplug the network connection on the company's web server.

Which of the following terms refers to the existence of a weakness, design flaw, or implementation error that can lead to an unexpected event compromising the security of the system? Exploit Hacking Vulnerability Zero-Day Attack

Vulnerability

Which of the following tools consists of a publicly available set of databases that contain personal information of domain owners? Whois lookup tools. traceroute tools Web spidering tools Metadata extraction tools.

WhoIS Lookup Tools.

Which of the following is a query and response protocol used for querying databases that store the registered users or assignees of an internet resource, such as a domain name, an IP address block, or an autonomous system? Whois Lookup. TCP/IP DNS lookup Traceroute

WhoIs Lookup.

in which of the following hacking phases does an attacker use steganography and tunneling techniques to hide communication with the target for continuing access to the victims system and remain unnoticed and uncaught? reconisance scanning enumeration clearing tracks

clearing tracks

Which of the following hping command performs UDP scan on port 80? hping3 -2 <IP address> -p 80 hping3 -1 <IP Address> -p 80 Hping3 -A <Ip Address> -p 80 hping3 -F -P -U <ipAddress> -p 80

hping3-2 <IP Address> -p 80

An attacker is using the scanning tool Hping to scan and identify live hosts, open ports, and services running on a target network. He/she wants to collect all the TCP sequence numbers generated by the target host. Which of the following hping commands he/she needs to use to gather the required information? hping3 <taget IP> -Q -p 139 -s. hping3 -A <target IP> -p 80 hping3 -S <Taget IP> -p 80 --tcp -timestamp. hpting3 -F -P -U 10.0.0.25 -p 80.

Hping3 <target IP> -Q -p 139 -s

If the final set of security controls does not eliminate all risk in a system, what could be done next? Continue to apply controls until there is zero risk. ignore any remaining risk if the residual risk is low enough, it can be accepted. remove current controls since they are completely ineffective.

If the residual risk is low enough, it can be accepted.

Which of the following category of information warfare is a sensor-based technology that directly corrupts technological systems? Electronic Warfare Intelligence-based warfare Command and control warfare (c2 warfare) Economic warfare

Intelligence-based warfare

Which of the following resources does NMAP need to be used as a basic vulnerability scanner covering several vectors like SMB, HTTP, and FTP? Metasploit scripting engine. Nessus scripting engine. NMAP scripting engine. SAINT scripting engine.

NMAP scripting engine.

Which method can provide a better return on IT security investment and provide a through and comprehensive assessment of an organizational security covering policy, procedure design, and implementation? Penetration testing. Social Engineering. Vulnerability Scanning. Access control list reviews.

Penetration Testing.

Which of the following techniques is used to distribute malicious links via some communication channel such as mails to obtain private information from the victims? Dumpster Diving Phishing Piggybacking Vishing

Phishing

In which of the following hacking phases does an attacker try to detect listening ports to find information about the nature of services running on the target machine? scanning gaining access maintaining access clearing tracks

Scanning

Which of the following is an active reconnaissance technique? Collecting information about a target from search engines performing dumpster diving scanning a system by using tools to detect open ports. collecting contact information from yellow pages.

Scanning a system by using tools to detect open ports.

Which of the following terms refers to unskilled hackers who compromise systems by running scripts, tools, and software developed by real hackers? They usually focus on the quantity of attacks rather than the quality of the attacks that they initiate. Hacktivist Script kiddies Gray hats Suicide hackers

Script Kiddies

Sean works as a penetration tester in ABC firm. He was asked to gather information about the target company. Sean begins with social engineering by following the steps: secretly observe the target to gain critical information. looks at employee's password or PIN code with the help of binoculars or a low-power telescope. Based on the above description, identify the social engineering technique. Shoulder surfing. Dumpster diving. phishing. Tailgating.

Shoulder Surfing.

Arturo is the leader of information security professionals of a small financial corporation that has a few branch offices in Africa. The company suffered an attack of USD 10 Million through an inter banking system. The CSIRT explained to Arturo that the incident occurred because 6 months ago the hackers came in from the outside through a small vulnerability, then they did a lateral movement to the computer of a person with privileges in the inter banking system. Finally the hackers got access and did the fraudulent transactions. What is the most accurate name for the kind of attack in this scenario? apt internal attack external attack backdoor

APT

There are one hundred employees who work from their home offices. Employees who work from home use their own computers, laptops, and personal smartphones. They authenticate to a cloud-based domain service, which is synchronized with the corporate internal domain service. The computers are updated and patched through the cloud-based domain service. Applocker is not used to restrict the installation of third-party applications. The database that hosts the information collected from the insurance application is hosted on a cloud-based file server, and their email servier is hosted on office 365. Other files created by employees get saved to a cloud-based file server, and the company uses work folders to synchronize offline copies back to their devices. A competitor learns that employees use their own personal smartphones to communicate with other employees of Highlander, incorporated. Which information security attack vector should the competitor use to gather information over a long period of time from the phones, without the victim being aware that he or she has been compromised? APT Viruses and worms mobile threats Botnet

APT

Which of the following attack vectors is a network attack in which an unauthorized person gains access to a network and stays there undetected for a long period of time? The intention of this attack is to steal data rather than to cause damage to the network or organization APT mobile threats botnet insider attack

APT

Which of the following regional internet registries (RIRs) provides services related to the technical coordination and management of internet number resources in Canada, The united states, and many Caribbean and North Atlantic islands? AFRNIC ARIN APNIC LACNIC

ARIN

What type of OS fingerprinting technique sends specially crafted packets to the remote OS and analyzes the received response? A. Passive B. Reflective C. Active D. Distributive

Active

An NMAP scan of a sever shows port 25 is open. What risk could this pose? Open printer sharing. Web portal data leak. Clear Text Authentication. Active Mail Relay.

Active Mail Relay.

Which of the following is one of the four critical components of an effective risk assessment? physical security administrative safeguards dmz. logical interface.

Administrative safeguards

Which fundamental element of information security refers to an assurance that the information is only accessible to those authorized to have access? confidentiality integrity availability authenticity

Confidentiality

Which of the following items is unique to the N-tier architecture method of designing software applications? Application layers can be separated, allowing each layer to be upgraded independently from other layers. it is compatible with various databases including Access, Oracle, and SQL. Data security is tied into each layer and must be updated for all layers when an upgrade is performed. Application layers can be written in C, ASP.Net, or Delphi without any performance loss

Application layers can be separated, allowing each layer to be upgraded independently from other layers.

Which of the following database is used to delete history of the target website . TCP/IP and IPSec filters. Archive.org. Whois lookup database. Implement VPN.

Archive.org.

When does the payment card industry data security standard (PCI_DSS) require organizations to perform external and internal penetration testing? At least once a year and after any significant upgrade or modification. at least once every three years or after any significant upgrade or modification. at least twice a year or after any significant upgrade or modification at least once every two years and after any significant upgrade or modification.

At least once a year and after any significant upgrade or modification.

The database that hosts the information collected from the insurance application is hosted on a cloud-based file server, and their email server is hosted on office 365. Other files created by employees get saved to a cloud-based file server, and the company uses work folders to synchronize offline copies back to their devices. Based on the knowledge of the network topology and trends in network security, what would be the primary target of a hacker trying to compromise highlander? cloud based file server company desktops personal laptops personal smartphones

Cloud based file server

What is the name of the international standard that establishes a baseline level of confidence in the security functionality of IT products by providing a set of requirements for evaluation? Blue Book ISO 26029 Common Criteria The wassenaar agreement

Common Criteria

The database that hosts the information collected from the insurance application is hosted on a cloud-based file server, and their email server is hosted on Office 365. Other files created by employees get saved to a cloud-based file server, and the company uses work folders to synchronize offline copies back to their devices. Based on the knowledge of the network topology, which of the main elements of information security has highlander, incorporated, not addressed in its plans for it's laptops? confidentiality integrity availability authenticity

Confidentiality

An ethical hacker for a large security research firm performs penetration tests, vulnerability tests, and risk assessments. A friend recently started a company and asks the hacker to perform a penetration test and vulnerability assessment of the new company as a favor. What should the hacker's next step be before starting work on this job? Start by footprinting the network and mapping out a plan of attack. defined the penetration testing scope. begin the reconnaissance phase with passive information gathering and then move into active information gathering. use social engineering techniques on the friend's employees to help identity areas that may be susceptible to attack.

Define the penetration testing scope.

in the software security development lifecycle, threat modeling occurs in which phase? design. requirements. verification. implementation.

Design.

James has published personal information about all senior executives of Essential Securities Bank on his blog website. He has collected all this information from multiple social media websites and publicly accessible databases. What is this known as? Doxing Social Engineering Phishing Impersonation

Doxing

Which of the following tools allows an attacker to extract information such as sender identity, mail server, sender's IP address, location and so on? Web Updates Monitoring Tools Metadata Extraction Tols Website Mirroring Tools Email Tracking Tools.

Email Tracking Tools.

Jonathan, a solutions architect with a start-up, was asked to redesign the company's web infrastructure to meet the growing customer demands. He proposed the following architecture to the management. proxy--> app server--> proxy--> DB What is Jonathan's primary objective? proper user authentication ensuring high availiability ensuring integrity of the application servers ensuring confidentiality of the data.

Ensuring High Availability.

Highlander, incorporated, decide to hire an ethical hacker to identify vulnerabilities at the regional locations and ensure system security. What is the main difference between a hacker and an ethical hacker when they are trying to compromise the regional offices? Ethical hackers have the permission of upper management. Ethical hackers have the permission of the regional server administrators. hackers have more sophisticated tools. Hackers don't have any knowledge of the network before they compromise the network.

Ethical hackers have the permission of upper management.

Why is ethical hacking necessary? (Select two) Ethical hackers try to find what an intruder can see on the system under evaluation. ethical hackers are responsible for selecting security solutions and try to verify the ROI of security systems. Ethical hackers try to find if all the components of information systems are adequately protected, updated, and patched. ethical hackers are responsible for incident handling and response in the organization.

Ethical hackers try to find what an intruder can see on the system under evaluation. Ethical hackers try to find if all the components of information systems are adequately protected, updated, and patched.

A pen tester was hired to perform penetration testing on an organization. The tester was asked to perform passive footprinting on the target organization. Which of the following techniques comes under passive footprinting? Finding the top-level domains (TLDs) and sub-domains of a target through web services. Performing traceroute analysis. performing social engineering. Querying published name server of the target.

Finding the top-level domains (TLDs) and sub-domains of a target through web services.

A certified ethical hacker (CEH) completed a penetration test of the main headquarters of a company almost two months ago but has yet to get paid. The customer is suffering from financial problems, and the CEH is worried that the company will go out of business and end up not paying. What actions should the CEH take? Threaten to publish the penetration test results if not paid. follow proper legal procedures against the company to request payment. Tell other customers of the financial problems with payment from his company. exploit some of the vulnerabilities found on the company webserver to deface it.

Follow proper legal procedures against the company to request payment.

What is the correct order of steps in the system hacking cycle? gaining access --> escalating privileges--> Executing applications--> hiding files--> Covering tracks. Covering tracks--> hiding files-->Escalating-->privileges-->executing applications-->gaining access Executing applications-->Gaining access-->covering tracks-->escalating privileges-->hiding files. Escalating privileges-->gaining access-->executing applications-->covering tracks-->Hiding files

Gaining Access-->escalating privileges-->executing applications-->hiding files-->covering tracks

What is the objective of a reconnaissance phase in a hacking life-cycle? Gathering as much information as possible about the target. identifying specific vulnerabilities in the target network. gaining access to the target system and network. gaining access to the target system with admin/root level privileges.

Gathering as much information as possible about the target.

Which of the following techniques is used to create complex search engine queries? Yahoo search. Bing search. Google hacking. DuckDuckGo.

Google Hacking.

Which one of the following is a Google Search query used for VoIP footprinting to extract Cisco phone details? Inurl: "ccmuser/logon.asp:. intitle: "D-link voip router" "welcome". inurl:/voice/advanced/ intitle: linksys SPA configuration. Inurl: "NetworkConfiguration" cisco.

Inurl: "NetworkConfiguration" Cisco.

Which of the following DNS record types helps in DNS footprinting to determine domain's mail server? A NS Cname MX

MX

In order to show improvements of security over time, what must be developed? reports testing tools metrics taxonomy of vulnerabilities

Metrics

Which of the following scanning tools is specifically designed to find potential exploits in Microsoft Windows products? Microsoft Security Baseline Analyzer. Retina. Core Impact. Microsoft Baseline Security Analyzer.

Microsoft Baseline Security Analyzer.

What is the outcome of the command "nc -l 2222 | nc 10.1.0.43 1234"? netcat will listen on the 10.1.0.43 interface for 1234 seconds on port 2222. Netcat will listen on port 2222 and output anything received to a remote connection on 10.1.0.43 on port 1234. Netcat will listen for a connection from 10.1.0.43 on port 1234 and output anything received to port 2222. Netcat will listen on port 2222 and then output anything received to local interface 10.1.0.43

Netcat will listen to port 2222 and output anything received to a remote connection on 10.1.0.43 on port 1234.

Stephany is the leader of an information security team of a global corporation that has several branch offices around the world. in the past six months, the company has suffered several security incidents. The CSIRT explains to Stephany that the incidents have something in common; the source IP addresses of all the incidents are from one of the new branches. A lot of the outsourcing staff come to this office to connect their computers to the LAN. What is the most accurate security control to implement to resolve the primary source of the incidents? Network access control (NAC) Internal Firewall Awareness to employees Antimalware application

Network Access Control (NAC)

You have been hired to do an ethical hacking (penetration testing) for a company. Which is the first thing you should do in this process? Network information gathering perimeter testing escalating privileges acquiring target

Network Information Gathering

A computer technician is using the latest version of word-processing software and discovers that a particular sequence of characters is causing the entire computer to crash. The technician researches the bug and discovers that no one else has experienced the problem. What is the appropriate next step? Ignore the problem completely and let someone else deal with it. Create a document that will crash the computer when opened and send it to friends. find an underground bulletin board and attempt to sell the bug to the highest bidder. Notify the vendor of the bug and do not disclose it until the vendor gets a change to issue a fix.

Notify the vendor of the bug and do not disclose it until the vendor gets a chance to issue a fix

Ransomeware encrypts the files and locks systems, thereby leaving the system in an unusable state. The compromised user has to pay ransom to the attacker to unlock the system and get the files decrypted. Petya delivers malicious code that can even destroy the data with no scope of recovery. What is this malicious code called? Bot Payload Vulnerability Honeypot

Payload

Which of the following technique is used to gather information about the target without direct interaction with the target? Active footprinting. Scanning. Passive footprinting. Enumeration.

Passive footprinting.

A penetration tester was hired to perform a penetration test for a bank. The tester began searching for IP ranges owned by the bank, performing lookups on the bank's DNS severs, reading news articles online about the bank, watching the bank employees time in and out, searching bank's job postings (paying special attention to IT-related jobs), and visiting the local dumpster for the bank's corporate office. What phase of the penetration test is the tester currently in? Information reporting. Vulnerability assessment. Active Information Gathering. Passive information gathering.

Passive information gathering.

The database that hosts the information collected from the insurance application is hosted on a cloud-based file server, and their email server is hosted on office 365. Other files created by employees get saved to a cloud-based file server, and the company uses work folders to synchronize offline copies back to their devices. Management at Highlander, incorporated, has agreed to develop an incident management process after discovering laptops were compromised and the situation was not handled in an appropriate manner. What is the first phase that Highlander, incorporated, need to implement within their incident management process? preparation for incident handling and response. classification and prioritization. containment. forensic investigation.

Preparation for incident handling and response.

Which security control role does encryption meet? preventative controls detective controls corrective controls both detective and corrective controls.

Preventative controls

Which security control role does encryption meet? Preventative controls Detective Controls. Corrective Controls Both detective and corrective controls.

Preventative controls.

Which type of security document provides specific step-by-step details? process procedure policy paradigm

Procedure

Passive reconnaissance involves collecting information through which of the following? A. Social engineering B. Network traffic sniffing C. Man in the middle attacks D. Publicly accessible sources

Publicly accessible resources.

What information is gathered about the victim using email tracking tools? username of the clients, operating systems, email addresses, and list of software. Information on an organization's web pages since their creation. Recipient's IP address, Geolocation, Proxy detection, Operating system and Browser information. Targeted contact data, extracts the URL and meta tag for website promotion.

Receipient's IP address, Geolocation, Proxy detection, Operating system and Browser information.

Which results will be returned with the following google search query? Site: Target.com -site:marketing.target.com accounting Results matching all words in the query. Results matching "accounting" in domain target.com but not on the site Marketing.target.com. Results from matches on the site marketing.target.com that are in the domain target.com but do not include the word accounting. Results for matches on target.com and Marketing.target.com that include the word "accounting".

Results matching "accounting" in domain target.com but not on the site marketing.target.com

in which phase of risk management process does an analyst calculate the organization's risks and estimate the likelihood and impact of those risks? Risk Assessment. Risk identification. Risk Treatment Risk Monitoring and review.

Risk Assessment.

You are doing a research on SQL injection attacks. Which of the following combination of Google operators will you use to find all Wikipedia pages that contain information about SQL injection attacks or SQL injection techniques? SQL injection site: wikipedia.org Site:wikipedia.org intitle: "SQL injection". Allinurl: Wikipedia.org intitle "SQL injection". Site: Wikipedia.org related: "SQL injection".

SQL injection site: Wikipedia.org

A CEH is approached by a friend who believes her husband is cheating. She offers to pay to break into her husband's email account in order to find proof so she can take him to court. What is the ethical response? Say no: the friend is not the owner of the account. Say yes: the friend needs help to gather evidence. Say yes; do the job for free. Say no; make sure that the friend knows the risk she is asking the CEH to take.

Say no; The friend is not the owner of the account.

Sean works as a professional ethical hacker and penetration tester. He is assigned a project for information gathering on a client's network. He started penetration testing and was trying to find out the company's internal URLs., looking for any information about the different departments and business units. Sean was unable to find any information. What should Sean do to get the information he needs? Sean should use Sublist3r tool. Sean should use waybackmachine in Archive.org. Sean should use website mirroring tools. Sean should use email tracking tools.

Sean should use Sublist3r tool

What is the output returned by search engines when extracting critical details about a target from the internet? Search engine results pages (SERPs). Advanced search operators. Open ports and services. Operating systems, location of web servers, users and passwords.

Search engine results pages.

Bayron is the CEO of a medium size company with regional operations in America. He recently hired a security analyst to implement an ISMS. This analyst will design and implement patch management, Vulnerability management and security incident handler procedures for the company. Which of these is a reactive process? Security incident handler. Patch management. Vulnerability management. A and B are correct.

Security Incident Handler.

Which of the following is a network threat? Privilege escalation. Arbitrary code execution. Session hijacking. SQL injection.

Session Hijacking.

A hacker is attempting to use nslookup to query Domain Name Service (DNS). The hacker uses the nslookup interactive mode for the search. Which command should the hacker type into the command shell to request the appropriate records? A. Locate type=ns B. Request type=ns C. Set type=ns D. Transfer type=ns

Set Type=NS

Smith works as a professional Ethical hacker with a large MNC. He is a CEH certified professional and was following the CEH methodology to perform the penetration testing. He is assigned a project for information gathering on a client's network. He started penetration testing and was trying to find out the company's internal URLs, (Mostly by trial and error), looking for any information about the different departments and business units. Smith was unable to find any information. What should Smith do to get the information he needs? Smith should use online services such as netcraft.com to find the company's internal URLs. Smith should use WayBackMachin in Archive.org to find the company's internal URLs. Smith should use website mirroring tools such as HTTrack Website copier to find the company's internal URLs. Smith should use email tracking tools such as emailtrackerpro to find the company's internal URLs.

Smith should use online services such as netcraft.com to find the company's internal URLs.

Information gathered from social networking websites such as Facebook, Twitter, and LinkedIN can be used to launch which of the following types of attacks? Smurf attack. social engineering attack. SQL injection attack. Distributed denial of service attack.

Social Engineering attack.

A security engineer is attempting to perform scanning on a company's internal network to verify security policies on their networks. The engineer uses the following NMAP command: NMAP -n -sS -PO -P 80 ***.***.**.** What type of scan is this? Quick scan. Intense Scan. Stealth Scan. Comprehensive Scan.

Stealth Scan.

Which of the following Utility uses the ICMP protocol concept and Time to Live ("TTL") field of IP header to find the path of the target host in the network? whois traceroute dns lookup TCP/IP

TraceRoute.

which of the following tools are useful in extracting information about the geographical location of routers, servers, and IP devices in a network? Traceroute Tools. DNS lookup tools Whois Lookup tools Email tracking tools.

Traceroute Tools

Infotech security hired a penetration tester Sean to do physical penetration testing. On the first day of his assessment, Sean goes to the company posing as a repairman and starts checking trash bins to collect the sensitive information. What is Sean trying to do? Trying to attempt social engineering using phishing. Trying to attempt social engineering by eavesdropping. Trying to attempt social engineering by should surfing. Trying to attempt social engineering by dumpster diving.

Trying to attempt social engineering by dumpster diving.

Yancey is a network security administrator for a large electric company. This company provides power for over 100,000 people in Las Vegas. Yancey has worked for his company for more than 15 years and has become very successful. One day, Yancey comes into work and finds out that the company will be downsizing and he will be out of a job in two weeks. Yancey is very angry and decides to place logic bombs, viruses, trojans, and backdoors all over the network to take down the company once he has left. Yancey does not care if his actions land him in jail for 30 or more years; he just wants the company to pay for what they are doing to him. What would Yancey be considered? Yancey would be considered a suicide hacker since he does not care about going to jain, he would be considered a black hat because Yancey works for the company currently, he would be a white hate. Yancey is a hackivisit hackers since he is standing up to a company that is downsizing.

Yancey would be considered a suicide hacker.

the protocol that they have chosen is authentication header. the database that hosts the information collected from the insurance application is hosted on a cloud based file server, and their email server is hosted on office 365. other files created by employees get saved to a cloud server and the company uses work folders to synchronize offline copies back to their devices. a competitor has finished the reconisance and scanning phases of their attack. they are going to try to gain access to the Highlander,incorporated, laptops. which would be the most likely level to gain access? application level operating system network level hardware level

application level

which of the following can be categorized as a host based threat? IDs bypass distributed denial of service privilege escalation man in the middle attack

privilege escalation

which of the following malware types restricts access to the computer systems files and folders, and demands a payment to the malware creators in order to remove the restrictions? ransomware adware spyware Trojan horse

ransomeware

Which type of scan is used on the eye to measure the layer of blood vessels? Facial recognition retinal scan iris scan signature kinetics scan

retinal scan

A hacker is attempting to see which ports have been left open on a network. Which NMAP switch would the hacker use? sO sP sS SU

sO

which of the following is a network based threat? session hijacking arbitrary code execution buffer overflow input validation flow

session hijacking

Which Google search query will search for any configuration files at a target certifiedhacker.com may have? allinurl: Certifiedhacker.com ext: xml | ext:conf | ext:cnf | ext:reg | ext:rdp | ext:cfg| ext:txt | ext:orga | ext.ini. site: certifiedhacker.com filtetype:xml | filetype:cnf | filetype:inf | filetype:rdp | filetype:cfg | filetype:txt | filetype:ora | filetype:ini. site: certifiedhacker.com ext: xml || ext: cnf || ext: reg || ext:rdp || ext:cfg || ext.ora || ext.ini.

site: certifiedhacker.com filetype:xml | filetype:cnf | filetype:inf | filetype:rdp | filetype:cfg | filetype:txt | filetype:ora | filetype:ini.

an ecommerce site was put into a live environment and the programmers failed to remove the secret entry point ( bits of code embedded in programs) that was used during the application development to quickly gain access at a later time, often during the testing or debugging phase. what is this entry point known as? sdlc process honey pot sql injection trap door

trap door

a newly discovered flaw in software application would be considered as which kind of security vulnerability? input validation flaw http header injection vulnerability zero day vulnerability time to check time to use flaw

zero day vulnerabity