312-50: EC-Council Certified Ethical Hacker (CEH v12) - Mini

You got 50 of 62 possible points.

Your score: 81 %

Question Results

Question: Score 1 of 1

You've installed multiple files and processes on the compromised system. What should you also look at installing?

Response:

Registry keys

Root login

Rootkit

Alternate data streams

Question: Score 1 of 1

The attacker tries to take advantage of vulnerability where the application does not verify if the user is authorized to access the internal object via its
name or key. Which of the following queries best describes an attempt to exploit an insecure direct object using the name of the valid account "User
1"?

Response:

"GET/restricted/goldtransfer?to=Account&from=1 or 1=1' HTTP/1.1Host: westbank.com"

 "GET/restricted/\r\n\%00account%00User1%00access HTTP/1.1 Host: westbank.com"

"GET/restricted/accounts/?name=User1 HTTP/1.1 Host: westbank.com"

"GET/restricted/bank.getaccount("˜User1') HTTP/1.1 Host: westbank.com"

Question: Score 0 of 1

Theresa is concerned about her VPN. She wants to use a well-established protocol, but one that supports as many authentication methods as
possible. What should she choose?

Response:

IKE

L2TP

PPTP

ISAKMP

Question: Score 1 of 1

You must to identifying open ports in the target network and determining whether the ports are online and any firewall rule sets are encountered.
Which of the following nmap commands do you must use to perform the TCP SYN ping scan?

Response:

nmap -sn -PA < target IP address >

nmap -sn -PP < target IP address >

 nmap -sn -PO < target IP address >

nmap -sn -PS < target IP address >

Question: Score 1 of 1

David is a security professional working in an organization, and he is implementing a vulnerability management program in the organization to
evaluate and control the risks and vulnerabilities in its IT infrastructure. He is currently executing the process of applying fixes on vulnerable
systems to reduce the impact and severity of vulnerabilities.

Which phase of the vulnerability-management life cycle is David currently in?

Response:

Verification

Vulnerability scan

Risk assessment

Remediation

Question: Score 1 of 1

In order to prevent collisions and protect password hashes from rainbow tables, Maria, the system administrator, decides to add random data
strings to the end of passwords before hashing. What is the name of this technique?

Response:

Masking

Stretching
 Salting

Extra hashing

Question: Score 1 of 1

Gideon is trying to perform an SNMP scan. What ports should he scan?

(Choose all that apply.)

Response:

161

162

139

445

Question: Score 1 of 1

While performing an Nmap scan against a host, Pacla determines the existence of a firewall. In an attempt to determine whether the firewall is
stateful or stateless, which of the following options would be best to use?

Response:

-sA

-sT

-sX
 -sF

Question: Score 0 of 1

You are scanning a target network using ping, and when targeting host A in the network, you get a 10, but when targeting host B, you get a
response. How would you interpret that?

Response:

The firewall is blocking ping.

Host A does not exist.

Host B is a honeypot.

The firewall is not blocking ping, but host A is.

Question: Score 1 of 1

John, a professional hacker, targeted CyberSol Inc., an MNC. He decided to discover the loT devices connected in the target network that are using default
credentials and are vulnerable to various hijacking attacks. For this purpose, he used an automated tool to scan the target network for specific types of loT
devices and detect whether they are using the default, factory-set credentials.

What is the tool employed by John in the above scenario?

Response:

AT&T loT Platform

loTSeeker

loT Inspector
 Azure loT Central

Question: Score 1 of 1

Boney, a professional hacker, targets an organization for financial benefits. He performs an attack by sending his session ID using an MITM attack
technique. Boney first obtains a valid session ID by logging into a service and later feeds the same session ID to the target employee.

The session ID links the target employee to Boney’s account page without disclosing any information to the victim. When the target employee clicks
on the link, all the sensitive payment details entered in a form are linked to Boney’s account.

What is the attack performed by Boney in the above scenario?

Response:

Forbidden attack

CRIME attack

Session fixation attack

Session donation attack

Question: Score 1 of 1

Marketing department employees complain that their computers are working slow and every time they attempt to go to a website, they receive a
series of pop-ups with advertisements. Which of the following type of malwares infected their systems?

Response:

Spyware

Trojan
 Adware

Virus

Question: Score 1 of 1

Bob, an attacker, has managed to access a target IoT device. He employed an online tool to gather information related to the model of the IoT device
and the certifications granted to it.

Which of the following tools did Bob employ to gather the above information?

Response:

search.com

EarthExplorer

FCC ID search

Google image search

Question: Score 0 of 1

Todd is concerned about DoS attacks against his network. He is particularly worried about attacks that used malformed ICMP packets. What type of
attack is Todd concerned about?

Response:

PoD

Teardrop

Smurf
 PDoS

Question: Score 1 of 1

Which following OSI layer is responsible for encoding and decoding data packets into bits?

Response:

Network layer

Session layer

Application layer

Data link layer

Question: Score 1 of 1

Amanda works as a senior security analyst and overhears a colleague discussing confidential corporate information being posted on an external
website.

When questioned on it, he claims about a month ago he tried random URLs on the company’s website and found confidential information. Amanda
visits the same URLs but finds nothing.

Where can Amanda go to see past versions and pages of a website?

Response:

Pasthash.com

Search.com

Archive.org
 Google cache

Question: Score 1 of 1

What is the name of a popular tool (or rather, an entire integrated platform written in Java) based on a proxy used to assess the security of web
applications and conduct practical testing using a variety of built-in tools?

Response:

Nmap

Wireshark

Burp Suite

CxSAST

Question: Score 1 of 1

The company "Usual company" asked a cybersecurity specialist to check their perimeter email gateway security. To do this, the specialist creates a
specially formatted email message:

From: [email protected]
To: [email protected]
Subject: Test message
Date: 5/8/2021 11:22

He sends this message over the Internet, and a "Usual company " employee receives it. This means that the gateway of this company doesn't
prevent _____.

Response:

Email Harvesting
 Email Masquerading

Email Spoofing

Email Phishing

Question: Score 1 of 1

Which of the following is a vulnerability in modern processors such as Intel, AMD and ARM using speculative execution?

Response:

Launch Daemon

Named Pipe Impersonation

Spectre and Meltdown

Application Shimming

Question: Score 1 of 1

Identify the encryption algorithm by the description: Symmetric-key block cipher having a classical 12- or 16-round Feistel network with a block size
of 64 bits for encryption, which includes large 8 × 32-bit S-boxes based on bent functions, modular addition and subtraction, key-dependent
rotation, and XOR operations. This cipher also uses a "masking" key and a "rotation" key for performing its functions.

Response:

GOST

AES
 CAST-128

DES

Question: Score 1 of 1

Which of the following methods is best suited to protect confidential information on your laptop which can be stolen while travelling?

Response:

Password protected files.

Hidden folders.

BIOS password.

Full disk encryption.

Question: Score 0 of 1

Which of the following is an entity in a PKI that will vouch for the identity of an individual or company?

Response:

VA

KDC

CA

CR
Question: Score 0 of 1

Ethical hacker Jane Smith is attempting to perform an SQL injection attack. She wants to test the response time of a true or false response and
wants to use a second command to determine whether the database will return true or false results for user IDs.

Which two SQL injection types would give her the results she is looking for?

Response:

Out of band and boolean-based

Union-based and error-based

Time-based and union-based

Time-based and boolean-based

Question: Score 1 of 1

The attacker knows about a vulnerability in a bare-metal cloud server that can enable him to implant malicious backdoors in firmware. Also, the
backdoor can persist even if the server is reallocated to new clients or businesses that use it as an IaaS. What type of cloud attack can be performed
by an attacker exploiting the vulnerability discussed in the above scenario?

Response:

Cloud cryptojacking

Metadata spoofing attack

Cloudborne attack

Man-in-the-cloud (MITC) attack

Question: Score 1 of 1

What is the common name for a vulnerability disclosure program opened by companies in platforms such as HackerOne?

Response:

White-hat hacking program

Bug bounty program

Ethical hacking program

Vulnerability hunting program

Question: Score 1 of 1

Which of the following services runs directly on TCP port 445?

Response:

Remote procedure call (RPC)

Telnet

Server Message Block (SMB)

Network File System (NFS)

Question: Score 1 of 1
With a(n) _____ attack, the attacker attempts, with very precise measurements of the time taken to execute algorithms, the attacker can attempt to
work backwards to the input.

Response:

service hijacking

cryptanalysis

timing

acoustic cryptanalysis

Question: Score 1 of 1

A competitor of a reputed IT firm has gathered sensitive information about the firm and launched similar products in the market by changing the
prices of the products, thereby causing adverse damage to the firm’s market position.

Which of the following threat does the IT firm face?

Response:

Corporate Espionage

Social Engineering

Business Loss

Information Leakage

Question: Score 1 of 1

You need to conduct a technical assessment of the network for a small company that supplies medical services. All computers in the company use
Windows OS. What is the best approach for discovering vulnerabilities?
Response:

Check MITRE.org for the latest list of CVE findings.

Create a disk image of a clean Windows installation.

Use the built-in Windows Update tool.

Use a scan tool like Nessus.

Question: Score 1 of 1

Which of the following Google search strings will find documents in the URL that contains the keyword given?

Response:

inurl

allinurl

intitle

inname

Question: Score 1 of 1

Which cryptographic attack refers to the extraction of cryptographic secrets (e.g. the password to an encrypted file) from a person by coercion or
torture?

Response:

Rubber Hose Attack

 Chosen-ciphertext Attack

Ciphertext-only Attack

Adaptive Chosen-plaintext Attack

Question: Score 1 of 1

The CA is primarily responsible for ________.

Response:

distributing public keys

issuing certificates

establishing shared keys

validating servers

Question: Score 1 of 1

Black-hat hacker Ivan created a fraudulent website to steal users' credentials. What of the proposed tasks does he need to perform so that users are
redirected to a fake one when entering the domain name of a real site?

Response:

SMS phishing

MAC Flooding

DNS spoofing
 ARP Poisoning

Question: Score 1 of 1

Attackers can use this tool for launching attacks against REST-, WADL-, and WSDL-based web services.

Response:

Burp

Hydra

SoapUI

Brutus

Question: Score 1 of 1

Identify the technique by description: The attacker wants to create a botnet. Firstly, he collects information about a large number of vulnerable
machines to create a list. Secondly, they infect the machines. The list is divided by assigning half of the list to the newly compromised
machines. The scanning process runs simultaneously. This technique ensures a very fast spreading and installation of malicious code.

Response:

Topological scanning technique

Subnet scanning technique

Hit-list scanning technique

Permutation scanning technique

Question: Score 1 of 1

Harris is attempting to identify the OS running on his target machine. He inspected the initial TTL in the IP header and the related TCP window size
and obtained the following results:

- TTL: 64
- Window Size: 5840

What the OS running on the target machine?

Response:

Windows OS

Linux OS

Mac OS

Solaris OS

Question: Score 0 of 1

Based on the below log, which of the following sentences are true?

Mar 1, 2016, 7:33:28 AM 10.240.250.23 – 54373 10.249.253.15 – 22 tcp_ip

Response:

Application is FTP and 10.240.250.23 is the client and 10.249.253.15 is the server

Application is SSH and 10.240.250.23 is the server and 10.249.253.15 is the client

SSH communications are encrypted; it’s impossible to know who is the client or the server.
 Application is SSH and 10.240.250.23 is the client and 10.249.253.15 is the server.

Question: Score 1 of 1

Black-hat hacker Ivan attacked the SCADA system of the industrial water facility. During the exploration process, he discovered that outdated
equipment was being used, the human-machine interface (HMI) was directly connected to the Internet and did not have any security tools or
authentication mechanism.

This allowed Ivan to control the system and influence all processes (including water pressure and temperature). What category does this
vulnerability belong to?

Response:

Code Injection.

Credential Management.

Lack of Authorization/Authentication and Insecure Defaults.

Memory Corruption.

Question: Score 1 of 1

Ivan, a black hacker, wants to attack the target company. He thought about the fact that vulnerable IoT devices could be used in the company. To
check this, he decides to use the tool, scan the target network for specific types of IoT devices and detect whether they are using the default,
factory-set credentials. Which of the following tools will Ivan use?

Response:

Bullguard IoT

Cloud IoT Core

 IoTSeeker

Azure IoT Central

Question: Score 1 of 1

You need to identify the OS on the attacked machine. You know that TTL: 64 and Window Size: 5840. Which is OS running on the attacked machine?

Response:

Linux OS

Google's customized Linux

Windows OS

Mac OS

Question: Score 1 of 1

Identify Bluetooth attck techniques that is used in to send messages to users without the recipient's consent, for example for guerrilla marketing
campaigns?

Response:

Bluesnarfing

Bluebugging

Bluesmacking

Bluejacking
Question: Score 0 of 1

Which of the following tiers in the three-tier application architecture is responsible for moving and processing data between them?

Response:

Application Layer

Presentation tier

Logic tier

Data tier

Question: Score 1 of 1

By performing a penetration test, you gained access under a user account. During the test, you established a connection with your own machine via
the SMB service and occasionally entered your login and password in plaintext.

Which file do you have to clean to clear the password?

Response:

.bash_history

.profile

.xsession-log

.bashrc
Question: Score 1 of 1

___ is inherently insecure and does not provide strong authentication and encryption.

Response:

Wi-Fi open system authentication

Wi-Fi shared key authentication

Wi-Fi centralized server authentication

Wi-Fi ad hoc authentication

Question: Score 1 of 1

Jacob works as a system administrator in an organization. He wants to extract the source code of a mobile application and disassemble the application to
analyze its design flaws. Using this technique, he wants to fix any bugs in the application, discover underlying vulnerabilities, and improve defense strategies
against attacks.

What is the technique used by Jacob in the above scenario to improve the security of the mobile application?

Response:

App sandboxing

Reverse engineering

Social engineering

Jailbreaking

Question: Score 1 of 1
When choosing a biometric system for your company, you should take into account the factors of system performance and whether they are
suitable for you or not. What determines such a factor as the throughput rate?

Response:

The maximum number of sets of data that can be stored in the system.

The data collection speeds, data processing speed, or enrolment time.

The probability that the system incorrectly matches the input pattern to a non-matching template in the database.

The probability that the system fails to detect a biometric input when presented correctly.

Question: Score 1 of 1

At what stage of the cyber kill chain theory model does data exfiltration occur?

Response:

Command and control

Weaponization

Installation

Actions on objectives

Question: Score 1 of 1

Scenario: Joe turns on his home computer to access personal online banking. When he enters the URL www.bank.com, the website is displayed,
but it prompts him to re-enter his credentials as if he has never visited the site before. When he examines the website URL closer, he finds that the
site is not secure and the web address appears different.

What type of attack he is experiencing?

Response:

ARP cache poisoning

DoS attack

DNS hijacking

DHCP spoofing

Question: Score 1 of 1

Dayn, an attacker, wanted to detect if any honeypots are installed in a target network. For this purpose, he used a time-based TCP fingerprinting
method to validate the response to a normal computer and the response of a honeypot to a manual SYN request.

Which of the following techniques is employed by Dayn to detect honeypots?

Response:

Detecting honeypots running on VMware

Detecting the presence of Honeyd honeypots

Detecting the presence of Snort_inline honeypots

Detecting the presence of Sebek-based honeypots

Question: Score 1 of 1

In which of the following IDS evasion techniques does an attacker split the attack traffic into many packets, such that no single packet triggers the
IDS?

Response:
 Flooding

Session Splicing

Encryption

Unicode Evasion

Question: Score 1 of 1

Black-hat hacker Ivan attacked a large DNS server. By poisoning the cache, he was able to redirect the online store's traffic to a phishing site. Users
did not notice the problem and believed that they were on the store's actual website, so they entered the data of their accounts and even bank cards.

Before the security system had time to react, Ivan collected a large amount of critical user data. Which option is best suited to describe this attack?

Response:

SPIT attack

Spear-phishing

Phishing

Pharming

Question: Score 1 of 1

Which of the following web application attack inject the special character elements "Carriage Return" and "Line Feed" into the user’s input to trick
the web server, web application, or user into believing that the current object is terminated and a new object has been initiated?

Response:

HTML Injection.
 Log Injection.

Server-Side JS Injection.

CRLF Injection.

Question: Score 1 of 1

Which of the following is an example of a scareware social engineering attack?

Response:

A pop-up appears to a user stating, "You have won money! Click here to claim your prize!"

A pop-up appears to a user stating, "Your computer may have been infected with spyware. Click here to install an anti-spyware tool to resolve this
issue."

A banner appears to a user stating, "Your password has expired. Click here to update your password."

A banner appears to a user stating, "Your order has been delayed. Click here to find out your new delivery date."

Question: Score 0 of 1

An attacker identified that a user and an access point are both compatible with WPA2 and WPA3 encryption. The attacker installed a rogue access point with
only WPA2 compatibility in the vicinity and forced the victim to go through the WPA2 four-way handshake to get connected. After the connection was
established, the attacker used automated tools to crack WPA2-encrypted messages.

What is the attack performed in the above scenario?

Response:

Side-channel attack
 Timing-based attack

Downgrade security attack

Cache-based attack

Question: Score 1 of 1

Incorrectly configured S3 buckets are among the most common and widely targeted attack vectors. All it takes is one or two clicks to upload
sensitive data to the wrong bucket or change permissions on a bucket from private to public. Which one of the following tools can you use to
enumerate bucket permissions?

Response:

Sysdig

Ruler

S3 Inspector

DumpsterDiver

Question: Score 0 of 1

When using SNMP, what is MIB?

Response:

Message Importance Database

Message Information Base

 Management Information Base

Management Information Database

Question: Score 1 of 1

Which of the following frameworks contains a set of the most popular tools that facilitate your tasks of collecting information and data from open
sources?

Response:

BeEF

Speed Phish Framework

OSINT framework

WebSploit Framework

Question: Score 0 of 1

_____ attempts to change a DNS server’s records so that customers are redirected to a fake site.

Response:

DNS hijacking

DNS amplification

Spoofing

DDoS
Question: Score 1 of 1

Jude, a pen tester, examined a network from a hacker’s perspective to identify exploits and vulnerabilities accessible to the outside world by using devices such
as firewalls, routers, and servers. In this process, he also estimated the threat of network security attacks and determined the level of security of the corporate
network.

What is the type of vulnerability assessment that Jude performed on the organization?

Response:

Host-based assessment

External assessment

Passive assessment

Application assessment

Question: Score 1 of 1

SQL injection is an attack against what?

Response:

User

Device

Server

Network
Question: Score 0 of 1

Which IOS jailbreaking technique patches the kernel during the device boot so that it becomes jailbroken after each successive reboot?

Response:

Semi-untethered jailbreaking

Semi-tethered jailbreaking

Tethered jailbreaking

Untethered jailbreaking

Question: Score 0 of 1

In a(n) ___ jailbreak, if the user turns the device off and back on, the device will start up completely. It will no longer have a patched kernel, but it will
still be usable for normal functions.

Response:

free-tethered

semi-tethered

untethered

tethered

Money Back Guarantee Testimonial FAQs Privacy Policy Terms and Conditions About Us Join Us Contact Us