Ethical Hacking
Which HTTP error informs you the server understands the request but refuses to comply?
403 Forbidden
Which of the following encryption standards is part of the NSA's suite B cryptographic algorithms and is validated strong enough to protect classified data?
AES-256
Technology is restricted to a single room or line of sight because this light spectrum cannot penetrate walls
Infrared (IR)
If a Cisco administrator needs to configure a serial or Fast Ethernet port, which configuration mode should they use?
Interface configuration mode
What type of viruses and code has been created by security researchers and attackers that could infect phones running Google's Android, Windows Mobile, and the Apple iPhone OS?
Java-based
Which of the following is a common Linux rootkit?
Linux Rootkit 5
To determine whether a system could be vulnerable to an RPC-related issue, which of the following tools can be used?
MBSA
An OS security mechanism that enforces access rules based on privileges for interactions between processes, files, and users
Mandatory access control
Which of the following EAP methods uses TLS to authenticate the server to the client, but not the client to the server?
PEAP
Which of the following systems should be used when equipment monitoring and automation is critical?
SCADA
The name used to identify a WLAN
SSID
Routers operate at the Network layer of the TCP/IP protocol stack.
True
Wget is a *nix system command that can be used to retrieve HTTP, HTTPS, and FTP files over the Internet.
True
SCADA systems controlling critical infrastructure are usually completely separated from the Internet by which of the following?
air gap
Which of the following is contained in a wireless frequency band and breaks up the band into smaller frequency ranges?
channels
In what type of attack does the attacker have the ciphertext of several messages that were encrypted with the same encryption algorithm, but has no access to the plaintext so he or she must try to calculate the key used to encrypt the data?
ciphertext-only
A port state which does not allow entry or access to a service
closed port
What social engineering tactic can be utilized to acquire old notes that may contain written passwords or other items that document important information?
dumpster diving
An interprocess communication mechanism that allows a program running on one host to run code on a remote host
remote procedure call
Data is spread across a large-frequency bandwidth instead of traveling across just one frequency band
spread spectrum
Red Hat and Fedora Linux use what command to update and manage their RPM packages?
yum
Which process enables you to see all the host computers on a network and basically give you a diagram of an organization's network?
zone transfers
What IP address is used as a loopback address and is not a valid IP address that can be assigned to a network?
127 address
A standard that addresses the issue of authentication
802.1x
Which IDS system uses a baseline of normal activity and then sends an alert if the activity deviates significantly from this baseline?
Anomaly-based IDS
Windows Server 2012 introduced what protection feature to prevent pass-the-hash attacks?
Authentication Silos
What type of malicious code could be installed in a system's flash memory to allow an attacker to access the system at a later date?
BIOS-based rootkit
Adobe System's ColdFusion uses its proprietary tags, which are written in which of the following languages?
CFML
What acronym represents the U.S. Department of Justice new branch that addresses computer crime?
CHIP
For a Windows computer to be able to access a *nix resource, which of the following must be enabled on both systems?
CIFS
A standardized protocol that replaced SMB in Windows 2000 Server and later
Common internet file system
What type of port scan is similar to a SYN scan and is risky to use because it relies on the attacked computer's OS?
Connect
Which Windows 10 feature uses virtualization to protect access tokens from theft by attackers?
Credential Guard
Which of the following application tests analyzes a running application for vulnerabilities?
Dynamic Application Security Testing
An enhancement to PPP, that was designed to allow a company to select its authentication method
EAP
Data hops to other frequencies to avoid interference that might occur over a frequency band
FHSS
A DDoS attack is launched against a host from a single server or workstation.
False
A hex number is written with two characters, each representing a byte.
False
All of the enumeration techniques that work with older Windows OSs still work with Windows Server 2012.
False
As a security tester, you can make a network impenetrable.
Fasle
Which of the following is a useful enumeration tool that enables you to find out who is logged into a *nix system with one simple command?
Finger utility
Allows you to ping multiple IP addresses simultaneously and is usually included in Kali Linux
Fping
What boot loader will allow your computer or laptop to start in both Windows and Linux?
GRUB
What specific term does the U.S. Department of Justice use to label all illegal access to computer or network systems?
Hacking
Tool for performing ping sweeps and used to bypass filtering devices by injecting crafted or otherwise modified IP-packets
Hping
Which type of device monitors a network's hardware so that security administrators can identify attacks in progress and stop them?
IDS
What layer, in the TCP/IP stack, is responsible for routing a packet to a destination address?
Internet
What type of hardware devices and computer programs can be used to obtain passwords by capturing key strokes on a targeted computer system?
Keyloggers
A device that performs more than one function, such as printing and faxing is called which of the following?
MFD
What router feature provides basic security by mapping internal private IP addresses to public external IP addresses, essentially hiding the internal infrastructure from unauthorized personnel?
NAT
Which of the following commands is a powerful enumeration tool included with Windows?
Nbtstat
The original utility from which OpenVas was developed
Nessus
A fast and efficient protocol that requires little configuration and allows transmitting NetBIOS packets over TCP/IP
NetBEUI
Which of the following protocols does NetBios use to access a network resource?
NetBEUI
Windows programming interface that allows computers to communicate across a local area network
NetBIOS
What tool can be used to read and write data to ports over a network?
Netcat
A popular port scanners that has the ability to use a GUI front end
Nmap
Which of the following interfaces is a standard database access method, developed by SQL Access Group, that allows an application to access data stored in a database management system (DBMS)?
ODBC
Which of the following interfaces, developed by Microsoft, is a set of interfaces that enable applications to access data stored in a database management system (DBMS)?
OLE DB
An open-source fork of Nessus
OpenVAS
The open-source descendant of Nessus is called which of the following?
OpenVAS
What tactic is being used when an attacker trailing closely behind an employee enters a restricted area without any security credentials by utilizing their proximity to another employee with security clearance?
Piggybacking
Closed ports respond to a NULL scan with what type of packet?
RST
An older network management service which enables remote administration and run on both Windows and *nix systems
SNMP
An open-source implementation of CIFS
Samba
Which of the following is an open-source implementation of CIFS?
Samba
A large organization that is responsible for sensitive or critical data may elect to create which of the following to do damage assessment, risk remediation, and legal consultation?
Security Operations Center
Used to share files and usually runs on top of NetBIOS, NetBEUI, or TCP/IP
Server message block
If an attacker wishes to collect confidential financial data, passwords, PINs and any personal data stored on your computer which of the following programs would they choose to use?
Spyware
Which of the following application tests analyzes an application's source code for vulnerabilities, and is therefore only possible when the source code of an application is available?
Static Application Security Testing
Which of the following cross-site scripting vulnerabilities types is especially harmful because it can be delivered to subsequent users of the application?
Stored
In 2007 became Windows new standard to deploy and manage servers alongside updated patch-management functionality
System center configuration manager
Microsoft's standard for managing Windows security patches on multiple computers in a network between 1994 and 2005
Systems management server
What protocol is the most widely used and allows all computers on a network to communicate and function
TCP/IP
What subject area is not one of the 22 domains tested during the CEH exam?
Trojan hijacking
ECC is an efficient algorithm requiring few hardware resources, so it's a perfect candidate for wireless devices and cell phones.
True
In a buffer overflow attack, an attacker finds a vulnerability in poorly written code that doesn't check for a defined amount of memory space use.
True
It is possible to have a wireless network that does not connect to a wired network.
True
Malware is malicious software, such as a virus, worm, or Trojan program, introduced into a network.
True
No matter what medium connects computers on network-copper wires, fiber-optic cables, or a wireless setup; the same protocol must be running on all computers if communication is going to function correctly.
True
Port scanning is a method of finding out which services a host computer offers.
True
The latest version of Nessus Server and Client can run on Windows, Mac OS X, FreeBSD, and most Linux distributions.
True
When using the Common Internet File System (CIFS), which security model will require network users to have a user name and password to access a specific resource?
User-level security
Designed for use on tablets and traditional PCs and only allows trusted applications by default through Device Guard
Windows 10
Builds on the security advances made in Vista with the introduction of AppLocker
Windows 7
The first Microsoft GUI product that didn't rely on DOS
Windows 95
Introduced Authentication Silos to prevent pass-the-hash attacks
Windows Server 2012
Introduces Windows Containers to allow for application isolation to protect applications from one another
Windows Server 2016
First Windows version to introduce User Account Control and BitLocker
Windows Vista
A Windows client/server technology introduced in 2005 used to manage patching and updating system software from the network
Windows software update services
A certificate contains a unique serial number and must follow which standard that describes the creating of a certificate?
X.509
What type of port scan has the FIN, PSH, and URG flags set?
XMAS scan
When hackers drive around or investigate an area with an antenna, they are usually looking for which component of a wireless network?
access point
An independent WLAN without an AP
ad-hoc network
The virus signature file is maintained by what type of software?
antivirus
Which type of program can mitigate some risks associated with malware?
antivirus
What type of firewall inspects network traffic at a higher level in the OSI model than a traditional stateful packet inspection firewall does?
application-aware firewall
Amount of code a computer system exposes to unauthenticated outsiders
attack surface
What is the specific act of checking a user's privileges to understand if they should or should not have access to a page, field, resource, or action in an application?
authorization
What penetration model should be used when a company's management team does not wish to disclose that penetration testing is being conducted?
black box
When a programmer exploits written code that doesn't check for a defined amount of memory space they are executing which of the following attacks?
buffer overflow
Which of the following refers to the flow a user is expected to follow in an application to accomplish a goal?
business logic
Which of the following physical security methods provides the ability to secure a company's assets and document any individuals physical time of entry?
card access
Which of the following does Object Linking and Embedding Database (OLE DB) rely on that allows an application to access data stored on an external device?
connection strings
When a security professional is presented with a contract drawn up by a company's legal department, which allows them to "hack" the company's network, they should proceed by performing what precautionary step?
consult their lawyer
Which of the following is a text file generated by a Web server and stored on a user's browser?
cookie
Which of the following is the process of converting ciphertext back into plaintext?
decryption
Which type of attack cripples the network and prevents legitimate users from accessing network resources?
denial-of-service
What specific type of Windows Servers are used to authenticate user accounts and contain most of the information that attackers want to access?
domain controllers
What type of malicious procedure involves using sniffing tools to capture network communications to intercept confidential information or gather credentials that can be used to extend the attack?
eavesdropping
Which of the following is a mathematical function or program that works with a key?
encryption algorithm
Process of extracting critical information from a network
enumeration
AES uses a 128-bit key and is used in PGP encryption software.
false
A port state that may indicate a firewall is being used to allow specified traffic into or out of the network
filtered port
Rootkits that pose the biggest threat to any OS are those that infect what part of the targeted device?
firmware
When security professionals create a packet, they may choose to specifically set which of the following fields to help initiate a response from a target computer?
flag
Which of the following terms is the rate at which a sound wave repeat?
frequency
Which term best describes malicious programmatic behaviors that antivirus software companies use to compare known viruses to every file on a computer?
heuristics
Which frequency band is used by commercial AM radio stations?
medium frequency (MF)
Defines how data is placed on a carrier signal
modulation
A technology that uses microwave radio band frequencies to transmit data
narrowband
To see additional parameters that can be used with the Netcat command, what should you type at the command prompt?
nc -h
What is the most serious shortcoming of Microsoft's original File Allocation Table (FAT) file system?
no ACL support
Which of the following is considered to be the most critical SQL vulnerability?
null SA password
Unauthenticated connection to a Windows computer that uses no logon and password values.
null session
What type of unauthenticated connection is considered to be a significant vulnerability of NetBIOS systems?
null session
A port state that allows access to applications and can be vulnerable
open port
What type of an IDS is being used when it does not take any action to stop or prevent an activity occurring?
passive system
When using a port-scanner, what procedure can be conducted to identify which IP addresses belong to active hosts?
ping sweep
If you work for a company as a security professional, you will most likely be placed on a special team that will conduct penetration tests. What is the standard name for a team made up of security professionals?
red team
One of the limitations when using "ping sweeps" is that many network administrators configure nodes not to respond to ICMP Echo Requests. What type of ICMP Echo message is being disabled by these administrators?
reply
Which of the following is created after an attack and usually hides within the OS tools, so it is almost impossible to detect?
rootkit
Which one of the following, if compromised might allow attackers the ability to gain complete access to network resources?
router
What type of testing procedure involves the tester(s) analyzing the company's security policy and procedures, and reporting any vulnerabilities to management?
security test
Which technique can be used to read PINs entered at ATMs or at other areas when a pin code is entered?
shoulder surfing
In 802.11, which of the following is an addressable unit?
station (STA)
Some attackers want to be hidden from network devices or IDSs that recognize an inordinate amount of pings or packets being sent to their networks. Which of the following attacks are more difficult to detect?
stealth
Which type of symmetric algorithm operates on plaintext one bit at a time?
stream ciphers
Cryptosystems that have a single key that encrypts and decrypts data are using what type of algorithm?
symmetric
What type of assessment performed by a penetration tester attempts to identify all the weaknesses found in an application or on a system?
vulnerability
What penetration model would likely provide a network diagram showing all the company's routers, switches, firewalls, and intrusion detection systems, or give the tester a floor plan detailing the location of computer systems and the OSs running on these systems?
white box
A malicious computer program that replicates and propagates itself without having to attach to a host is called which of the following?
worm
When a computer hacker uses multiple compromised computers to carry out a DDOS attack, the compromised computers are usually referred to as which of the following?
zombies
Which of the following IEEE projects was developed to create LAN and WAN standards?
802
Which of the following sits between the Internet and the internal network and is sometimes referred to as a perimeter network?
DMZ
What area of a network is a major area of potential vulnerability because of the use of URLs?
DNS
Data packets are spread simultaneously over multiple frequencies instead of hopping to other frequencies
DSSS
Which of the following protocols is an enhancement to PPP, and was designed to allow a company to select its authentication method?
EAP
In a NULL scan, all packet flags are turned on.
False
Windows 10, Windows 8, Windows Server 2016, and Windows Server 2012 have most services and features enabled by default.
False
What configuration mode allows a Cisco administrator to configure router settings that affect the overall operations of the router?
Global configuration mode
What encryption algorithm can be used for both encryption and digital signing, uses a one-way function, and is still widely used in e-commerce?
RSA
Which of the following cross-site scripting vulnerabilities types relies on social engineering to trick a user into visiting a maliciously crafted link or URL?
Reflected
There are measures for preventing radio waves from leaving or entering a building so that wireless technology can be used only by people located in the facility.
True
Performed by port scanners to scan large networks to identify which IP addresses belong to active hosts
ping sweep
Allows you the ability to scan thousands or even tens of thousands of IP addresses quickly
port scanning
