EC-Council CEH Certification Practice Exam
Which of the following ports are used by null sessions on your network?
139 and 445
Which of the following best describes an anti-virus sensor system?
A collection of software that detects and analyzes malware.
Which of the following best describes a supply chain?
A company provides materials to another company to manufacture a product
An attacker conducts a normal port scan on a host and detects protocols used by a Windows operating system and protocols used by a Linux operating system. Which of the following might this indicate?
A honeypot
Which of the following information sharing policies addresses the sharing of critical information in press releases, annual reports, product catalogs, and marketing materials?
A printed materials policy
The following formula defines which method of dealing with risk? Cost of Risk > Damage = Risk _________
Acceptance
Which of the following IDS detection types compare behavior to baseline profiles or network behavior baselines?
Anomaly-based
An attacker may use compromised websites and emails to distribute specially designed malware to poorly secured devices. This malware provides an access point to the attacker, which he can use to control the device. Which of the following devices can the attacker use?
Any device that can communicate over the intranet can be hacked.
Which of the following is an open-source web server technology?
Apache Web Server
The Simple Network Management Protocol (SNMP) is used to manage devices such as routers, hubs, and switches. SNMP works with an SNMP agent and an SNMP management station in which layer of the OSI model?
Application Layer
This type of assessment evaluates deployment and communication between the server and client. It is imperative to develop tight security through user authorization and validation. Open-source and commercial tools are both recommended for this assessment. Which of the following types of vulnerability research is being done?
Application flaws
Which of the following is a short-range wireless personal area network that supports low-power, long-use IoT needs?
BLE(Bluetooth low energy)
Which of the following do hackers install in systems to allow them to have continued admittance, gather sensitive information, or establish access to resources and operations within the system?
Backdoors
Which of the following are the three metrics used to determine a CVSS score?
Base, temporal, and environmental
Creating an area of the network where offending traffic is forwarded and dropped is known as _________?
Black hole filtering
Which of the following Bluetooth hacking tools is a complete framework to perform man-in-the-middle attacks on Bluetooth smart devices?
Btlejuice
Which of the following is used to remove files and clear the internet browsing history?
CCleaner
Which of the following best describes a rootkit?
Can modify the operating system and the utilities of the target system.
You have just discovered that a hacker is trying to penetrate your network using MAC spoofing. Which of the following best describes MAC spoofing?
Changing a hacker's network card to match a legitimate address being used on a network.
Daphne has determined that she has malware on her Linux machine. She prefers to only use open-source software. Which anti-malware software should she use?
ClamAV
Which type of web application requires a separate application to be installed before you can use the app?
Client-based web app
Which of the following packet crafting software programs can be used to modify flags and adjust other packet content?
Colasoft
ABC company is in the process of merging with XYZ company. As part of the merger, a penetration test has been recommended. Testing the network systems, physical security, and data security have all been included in the scope of work. What else should be included in the scope of work?
Company culture
Which of the following is considered an out-of-band distribution method for private key encryption?
Copying the key to a USB drive.
Kathy doesn't want to purchase a digital certificate from a public certificate authority, but needs to establish a PKI in her local network. Which of the follow actions should she take?
Create a local CA and generate a self-signed certificate.
Charles found a song he wrote being used without his permission in a video on YouTube. Which law will help him protect his work?
DMCA
Jason is at home, attempting to access the website for his music store. When he goes to the website, it has a simple form asking for name, email, and phone number. This is not the music store website. Jason is sure the website has been hacked. How did the attacker accomplish this hack?
DNS cache poisoning
Which of the following best describes what FISMA does?
Defines how federal government data, operations, and assets are handled.
Which of the following best describes a stateful inspection?
Determines the legitimacy of traffic based on the state of the connection from which the traffic originated.
Ron, a hacker, wants to get access to a prestigious law firm he has been watching for a while. June, an administrative assistant at the law firm, is having lunch at the food court around the corner from her office. Ron notices that June has a picture of a dog on her phone. He casually walks by and starts a conversation about dogs. Which phase of the social engineering process is Ron in?
Development phase
Anabel purchased a smart speaker. She connected it to all the smart devices in her home. Which of the following communication models is she using?
Device-to-device
Which of the following cryptographic algorithms is used in asymmetric encryption?
Diffie-Hellman
Implementing emergency lighting that runs on protected power and automatically switches on when the main power goes off is part of which physical control?
Employee and visitor safety
Miguel is performing a penetration test on a web server. Miguel was given only the server's IP address and name. Which of the following best describes the type of penetration test Miguel is performing?
External
Randy is an ethical hacker student. He has learned how nmap flag manipulation can help find open ports. Although the name of the operating system did not jump right out at him, he might be able to figure it out by reviewing packet information. In a packet, Randy can see a TTL of 255 and a window size of 4128. What type of scanning process is Randy using?
Fingerprinting
Which of the following is the third step in the ethical hacking methodology?
Gain access
What are the two types of Intrusion Detection Systems (IDSs)?
HIDS and NIDS
Michael is performing a penetration test for a hospital. Which federal regulation does Michael need to ensure he follows?
HIPAA
You are looking for a web server security tool that will detect hidden malware in websites and advertisements. Which of the following security tools would you most likely use?
Hackalert
It may be tempting for an organization to feel secure after going through the process of penetration testing and the corrections and hardening that you must perform. Which of the following should you help them to understand?
Hackers have time on their side, and there will always be new threats to security.
Jessica needs to set up a firewall to protect her internal network from the Internet. Which of the following would be the best type of firewall for her to use?
Hardware
Which of the following best describes the scan with ACK evasion method?
Helps determine whether the firewall is stateful or stateless and whether or not the ports are open.
Mark, an ethical hacker, is looking for a honeypot tool that will simulate a mischievous protocol such as devil or mydoom. Which of the following honeypot tools should he use?
HoneyBOT
Rudy is analyzing a piece of malware discovered in a pentest. He has taken a snapshot of the test system and will run the malware. He will take a snapshot afterwards and monitor different components such as ports, processes, event logs, and more for any changes. Which of the following processes is he using?
Host integrity monitoring
You are on a Windows system. You receive an alert that a file named MyFile.txt.exe had been found. Which of the following could this indicate?
Host-based IDS
Which of the following assessment types focus on all types of user risks, including threats from malicious users, ignorant users, vendors, and administrators?
Host-based assessment
Which of the following are protocols included in the IPsec architecture?
IKE, AH, and ESP
Which of the following is the most basic way to counteract SMTP exploitations?
Ignore messages to unknown recipients instead of sending back error messages
Which of the following best describes what SOX does?
Implements accounting and disclosure requirements that increase transparency.
YuJin drove his smart car to the beach to fly his drone in search of ocean animal activity. Which of the following operation systems are most likely being used by his car and drone?
Integrity RTOS and snappy
Jerry runs a tool to scan a clean system to create a database. The tool then scans the system again and compares the second scan to the clean database. Which of the following detection methods is Jerry using?
Integrity-based
Which of the following is a benefit of using a proxy when you find that your scanning attempts are being blocked?
It filters incoming and outgoing traffic, provides you with anonymity, and shields you from detection.
Patrick is planning a penetration test for a client. As part of this test, he will perform a phishing attack. He needs to create a virus to distribute through email and run a custom script that will let him track who has run the virus. Which of the following programs will allow him to create this virus?
JPS(Virus Maker)
After the enumeration stage, you are considering blocking port 389. Your colleague has advised you to use caution when blocking ports that could potentially impact your network. Which of the following necessary services could be blocked?
LDAP
Based on your review of physical security, you have recommended several improvements. Your plan includes smart card readers, IP cameras, signs, and access logs. Smart cards have the ability to encrypt access information. Smart cards can require contact or be contactless. Proximity cards, also known as RFID (radio frequency identification) cards, are a subset of smart cards that use the 125 kHz frequency to communicate with proximity readers. Proximity cards differ from smart cards because they are designed to only communicate the card's ID, but the smart card can communicate more information. Use IP security cameras because they operate over the TCP/IP network. Implement your physical security plan by dragging the correct items from the shelf into the various locations in the building. As you drag the items from the shelf, the possible drop locations are highlighted. Not all items on the shelf will be used. In this lab, your task is to: Install the smart card key readers in the appropriate location to control access to key infrastructure. The key card readers should be contactless and record more than the card's ID. Install the IP security cameras in the appropriate location to record which employees access the key infrastructure. The security cameras should operate over the TCP/IP network. Install a Restricted Access sign on the networking closet door to control access to the infrastructure. Install the visitor log on the Lobby desk.
LabSim
Which of the following best describes the countermeasures you would take against a cross-site request forgery attack?
Log off immediately after using a web application. Clear the history after using a web application, and don't allow your browser to save your login details.
Which of the following virus types is shown in the code below?
Logic bomb
Mark is moving files from a device that is formatted using NTFS to a device that is formatted using FAT. Which of the following is he trying to get rid of?
Malicious alternate data streams.
Which of the following mobile security concerns is characterized by malicious code that specifically targets mobile devices?
Malicious website
Which term describes the process of sniffing traffic between a user and server, then re-directing the traffic to the attacker's machine, where malicious traffic can be forwarded to either the user or server?
Man-in-the-middle
A hacker finds a system that has a poorly design and unpatched program installed. He wants to create a backdoor for himself. Which of the following tools could he use to establish a backdoor?
Metasploit
Clive, a penetration tester, is scanning for vulnerabilities on the network, specifically outdated versions of Apple iOS. Which of the following tools should he use?
Nessus
Which of the following is an online tool that is used to obtain server and web server information?
Netcraft
Whois, Nslookup, and ARIN are all examples of:
Network footprinting tools
Which of the following is a sign of a network-based intrusion?
New or unusual protocols and services running.
Using Wireshark, you have used a filter to help capture only the desired types of packets. Using the information shown in the image, which of the following best describes the effects of using the host 192.168.0.34 filter?
Only packets with 192.168.0.34 in either the source or destination address are captured.
Which of the following is a tool for cracking Windows login passwords using rainbow tables?
Ophcrack
Which of the following techniques involves adding random bits of data to a password before it is stored as a hash?
Password salting
Which of the following best describes the HTTP Request/Response TRACE?
Performs a loopback test to a target resource.
Using a fictitious scenario to persuade someone to perform an action or give information they aren't authorized to share is called:
Pretexting
A company has subscribed to a cloud service that offers cloud applications and storage space. Through acquisition, the number of company employees quickly doubled. The cloud service vendor was able to add cloud services for these additional employees without requiring hardware changes. Which of the following cloud concepts does this represent?
Rapid elasticity
Which of the following cloud computing service models delivers software applications to a client either over the Internet or on a local area network?
SaaS
Mary is using asymmetric cryptography to send a message to Sam so that only Sam can read it. Which of the following keys should she use to encrypt the message?
Sam's public key
Which of the following is a deviation from standard operating security protocols?
Security exception
Which of the following includes a list of resolved vulnerabilities?
Security vulnerability summary
You are looking for a vulnerability assessment tool that detects vulnerabilities in mobile devices and gives you a report containing a total risk score, a summary of revealed vulnerabilities, and remediation suggestions. Which of the following vulnerability assessment tools should you use?
SecurityMetrics Mobile
Which of the following footprinting methods would you use to scan a web server to find ports that the web server is using for various services?
Service discovery
Allen, the network administrator, needs a tool that can do network intrusion prevention and intrusion detection, capture packets, and monitor information. Which of the following tools would he most likely select?
Snort
Julie is looking for a honeypot detection tool that is capable of packet manipulation. Which of the following tools should she use?
Snort inline
A goal-based penetration test needs to have specific goals. Using SMART goals is extremely useful for this. What does SMART stand for?
Specific/Measurable/Attainable/Relevant/Timely
The method of embedding data into legitimate files like graphics to hide it and then extracting the data once it reaches its destination is called:
Steganography
What port does a DNS zone transfer use?
TCP 53
LDAP is an internet protocol for accessing distributed directory services. If this port is open, it indicates that Active Directory or Exchange may be in use. What port does LDAP use?
TCP/UDP 389
You are configuring several wireless access points for your network. Knowing that each access point will have a service set identifier (SSID), you want to ensure that it is configured correctly. Which of the following SSID statements are true?
The SSID is a unique name, separate from the access point name.
Which of the following best describes a cybersquatting cloud computing attack?
The hacker uses phishing scams by making a domain name that is almost the same as the cloud service provider.
An IDS can perform many types of intrusion detections. Three common detection methods are signature-based, anomaly-based, and protocol-based. Which of the following best describes protocol-based detection?
This detection method can include malformed messages and sequencing errors.
Which statement best describes a suicide hacker?
This hacker is only concerned with taking down their target for a cause. They have no concerns about being caught.
You are a security consultant and have been hired to evaluate an organization's physical security practices. All employees must pass through a locked door to enter the main work area. Access is restricted using a biometric fingerprint lock. A receptionist is located next to the locked door in the reception area. She uses an iPad application to log any security events that may occur. She also uses her iPad to complete work tasks as assigned by the organization's CEO. What could you do to add an additional layer of security to this organization?
Train the receptionist to keep her iPad in a locked drawer.
Heather wants to gain remote access to Randy's machine. She has developed a program and hidden it inside a legitimate program that she is sure Randy will install on his machine. Which of the following types of malware is she using?
Trojan horse
In a world where so much private information is stored and transferred digitally, it is essential to proactively discover weaknesses. An ethical hacker's assessment sheds light on the flaws that can open doors for malicious attackers. Which of the following types of assessments does an ethical hacker complete to expose these weaknesses?
Vulnerability assessment
What type of scan is used to find system weaknesses such as open ports, access points, and other potential threats?
Vulnerability scan
You are analyzing the web applications in your company and have newly discovered vulnerabilities. You want to launch a denial-of-service (DoS) attack against the web server. Which of the following tools would you most likely use?
WebInspect
Iggy, a penetration tester, is conducting a black box penetration test. He wants to do reconnaissance by gathering information about ownership, IP addresses, domain name, locations, and server types. Which of the following tools would be most helpful?
Whois
During a penetration test, Omar found unpredicted responses from an application. Which of the following tools was he most likely using while assessing the network?
beSTORM (is a smart fuzzer that finds buffer overflow weaknesses as it automates and documents the process of delivering malicious input and then watches for unpredicted responses from an application.)
Using Wireshark filtering, you want to see all traffic except IP address 192.168.142.3. Which of the following is the best command to filter a specific source IP address?
ip.src ne 192.168.142.3
On your network, you have a Windows 10 system with the IP address 10.10.10.195. You have installed XAMPP along with some web pages, php, and forms. You want to put it on the public-facing internet, but you are not sure if it has any vulnerabilities. On your Kali Linux system, you have downloaded the nmap-vulners script from GitHub. Which of the following is the correct nmap command to run?
nmap --script nmap-vulners -sV 10.10.10.195
Nmap can be used for banner grabbing. Nmap connects to an open TCP port and returns anything sent in a five-second period. Which of the following is the proper nmap command?
nmap -sV --script=banner ip_address
You have found the IP address of a host to be 172.125.68.30. You want to see what other hosts are available on the network. Which of the following nmap commands would you enter to do a ping sweep?
nmap -sn 172.125.68. 1-255
You have been asked to perform a penetration test for a company to see if any sensitive information can be captured by a potential hacker. You have used Wireshark to capture a series of packets. Using the tcp contains Invoice filter, you have found one packet. Using the captured information shown, which of the following is the account manager's email address?
Which of the following Bluetooth discovery tools will produce the output shown below?
sdptool Service Discovery Protocol (SDP)
