New Year Special Limited Time Flat 70% Discount offer - Ends in 0d 00h 00m 00s - Coupon code: 70spcl

ECCouncil 312-50v12 Certified Ethical Hacker Exam (CEHv12) Exam Practice Test

Page: 1 / 57
Total 572 questions

Certified Ethical Hacker Exam (CEHv12) Questions and Answers

Question 1

_________ is a tool that can hide processes from the process list, can hide files, registry entries, and intercept keystrokes.

Options:

A.

Trojan

B.

RootKit

C.

DoS tool

D.

Scanner

E.

Backdoor

Question 2

Widespread fraud ac Enron. WorldCom, and Tyco led to the creation of a law that was designed to improve the accuracy and accountability of corporate disclosures. It covers accounting firms and third parties that provide financial services to some organizations and came into effect in 2002. This law is known by what acronym?

Options:

A.

Fed RAMP

B.

PCIDSS

C.

SOX

D.

HIPAA

Question 3

How is the public key distributed in an orderly, controlled fashion so that the users can be sure of the sender’s identity?

Options:

A.

Hash value

B.

Private key

C.

Digital signature

D.

Digital certificate

Question 4

which type of virus can change its own code and then cipher itself multiple times as it replicates?

Options:

A.

Stealth virus

B.

Tunneling virus

C.

Cavity virus

D.

Encryption virus

Question 5

Fred is the network administrator for his company. Fred is testing an internal switch.

From an external IP address, Fred wants to try and trick this switch into thinking it already has established a session with his computer. How can Fred accomplish this?

Options:

A.

Fred can accomplish this by sending an IP packet with the RST/SIN bit and the source address of his computer.

B.

He can send an IP packet with the SYN bit and the source address of his computer.

C.

Fred can send an IP packet with the ACK bit set to zero and the source address of the switch.

D.

Fred can send an IP packet to the switch with the ACK bit and the source address of his machine.

Question 6

What is the first step for a hacker conducting a DNS cache poisoning (DNS spoofing) attack against an organization?

Options:

A.

The attacker queries a nameserver using the DNS resolver.

B.

The attacker makes a request to the DNS resolver.

C.

The attacker forges a reply from the DNS resolver.

D.

The attacker uses TCP to poison the ONS resofver.

Question 7

Richard, an attacker, aimed to hack loT devices connected to a target network. In this process. Richard recorded the frequency required to share information between connected devices. After obtaining the frequency, he captured the original data when commands were initiated by the connected devices. Once the original data were collected, he used free tools such as URH to segregate the command sequence. Subsequently, he started injecting the segregated command sequence on the same frequency into the loT network, which repeats the captured signals of the devices. What Is the type of attack performed by Richard In the above scenario?

Options:

A.

Side-channel attack

B.

Replay attack

C.

CrypTanalysis attack

D.

Reconnaissance attack

Question 8

Nathan is testing some of his network devices. Nathan is using Macof to try and flood the ARP cache of these switches.

If these switches' ARP cache is successfully flooded, what will be the result?

Options:

A.

The switches will drop into hub mode if the ARP cache is successfully flooded.

B.

If the ARP cache is flooded, the switches will drop into pix mode making it less susceptible to attacks.

C.

Depending on the switch manufacturer, the device will either delete every entry in its ARP cache or reroute packets to the nearest switch.

D.

The switches will route all traffic to the broadcast address created collisions.

Question 9

Johnson, an attacker, performed online research for the contact details of reputed cybersecurity firms. He found the contact number of sibertech.org and dialed the number, claiming himself to represent a technical support team from a vendor. He warned that a specific server is about to be compromised and requested sibertech.org to follow the provided instructions. Consequently, he prompted the victim to execute unusual commands and install malicious files, which were then used to collect and pass critical Information to Johnson's machine. What is the social engineering technique Steve employed in the above scenario?

Options:

A.

Quid pro quo

B.

Diversion theft

C.

Elicitation

D.

Phishing

Question 10

Garry is a network administrator in an organization. He uses SNMP to manage networked devices from a remote location. To manage nodes in the network, he uses MIB. which contains formal descriptions of all network objects managed by SNMP. He accesses the contents of MIB by using a web browser either by entering the IP address and Lseries.mlb or by entering the DNS library name and Lseries.mlb. He is currently retrieving information from an MIB that contains object types for workstations and server services. Which of the following types of MIB is accessed by Garry in the above scenario?

Options:

A.

LNMIB2.MIB

B.

WINS.MIB

C.

DHCP.MIS

D.

MIB_II.MIB

Question 11

ViruXine.W32 virus hides their presence by changing the underlying executable code.

This Virus code mutates while keeping the original algorithm intact, the code changes itself each time it runs, but the function of the code (its semantics) will not change at all.

Question # 11

Here is a section of the Virus code:

Question # 11

What is this technique called?

Options:

A.

Polymorphic Virus

B.

Metamorphic Virus

C.

Dravidic Virus

D.

Stealth Virus

Question 12

You are programming a buffer overflow exploit and you want to create a NOP sled of 200 bytes in the program exploit.c

Question # 12

What is the hexadecimal value of NOP instruction?

Options:

A.

0x60

B.

0x80

C.

0x70

D.

0x90

Question 13

What is the file that determines the basic configuration (specifically activities, services, broadcast receivers, etc.) in an Android application?

Options:

A.

AndroidManifest.xml

B.

APK.info

C.

resources.asrc

D.

classes.dex

Question 14

What is the main security service a cryptographic hash provides?

Options:

A.

Integrity and ease of computation

B.

Message authentication and collision resistance

C.

Integrity and collision resistance

D.

Integrity and computational in-feasibility

Question 15

What is the algorithm used by LM for Windows2000 SAM?

Options:

A.

MD4

B.

DES

C.

SHA

D.

SSL

Question 16

Robin, a professional hacker, targeted an organization's network to sniff all the traffic. During this process.

Robin plugged in a rogue switch to an unused port in the LAN with a priority lower than any other switch in the network so that he could make it a root bridge that will later allow him to sniff all the traffic in the network.

What is the attack performed by Robin in the above scenario?

Options:

A.

ARP spoofing attack

B.

VLAN hopping attack

C.

DNS poisoning attack

D.

STP attack

Question 17

Steve, an attacker, created a fake profile on a social media website and sent a request to Stella. Stella was enthralled by Steve's profile picture and the description given for his profile, and she initiated a conversation with him soon after accepting the request. After a few days. Sieve started asking about her company details and eventually gathered all the essential information regarding her company. What is the social engineering technique Steve employed in the above scenario?

Options:

A.

Diversion theft

B.

Baiting

C.

Honey trap

D.

Piggybacking

Question 18

Boney, a professional hacker, targets an organization for financial benefits. He performs an attack by sending his session ID using an MITM attack technique. Boney first obtains a valid session ID by logging into a service and later feeds the same session 10 to the target employee. The session ID links the target employee to Boneys account page without disclosing any information to the victim. When the target employee clicks on the link, all the sensitive payment details entered in a form are linked to Boneys account. What is the attack performed by Boney in the above scenario?

Options:

A.

Session donation attack

B.

Session fixation attack

C.

Forbidden attack

D.

CRIME attack

Question 19

Ethical hacker jane Smith is attempting to perform an SQL injection attach. She wants to test the response time of a true or false response and wants to use a second command to determine whether the database will return true or false results for user IDs. which two SQL Injection types would give her the results she is looking for?

Options:

A.

Out of band and boolean-based

B.

Time-based and union-based

C.

union-based and error-based

D.

Time-based and boolean-based

Question 20

Gerard, a disgruntled ex-employee of Sunglass IT Solutions, targets this organization to perform sophisticated attacks and bring down its reputation in the market. To launch the attacks process, he performed DNS footprinting to gather information about ONS servers and to identify the hosts connected in the target network. He used an automated tool that can retrieve information about DNS zone data including DNS domain names, computer names. IP addresses. DNS records, and network Who is records. He further exploited this information to launch other sophisticated attacks. What is the tool employed by Gerard in the above scenario?

Options:

A.

Knative

B.

zANTI

C.

Towelroot

D.

Bluto

Question 21

Bobby, an attacker, targeted a user and decided to hijack and intercept all their wireless communications. He installed a fake communication tower between two authentic endpoints to mislead the victim. Bobby used this virtual tower to interrupt the data transmission between the user and real tower, attempting to hijack an active session, upon receiving the users request. Bobby manipulated the traffic with the virtual tower and redirected the victim to a malicious website. What is the attack performed by Bobby in the above scenario?

Options:

A.

Wardriving

B.

KRACK attack

C.

jamming signal attack

D.

aLTEr attack

Question 22

An organization is performing a vulnerability assessment tor mitigating threats. James, a pen tester, scanned the organization by building an inventory of the protocols found on the organization's machines to detect which ports are attached to services such as an email server, a web server or a database server. After identifying the services, he selected the vulnerabilities on each machine and started executing only the relevant tests. What is the type of vulnerability assessment solution that James employed in the above scenario?

Options:

A.

Product-based solutions

B.

Tree-based assessment

C.

Service-based solutions

D.

inference-based assessment

Question 23

An attacker runs netcat tool to transfer a secret file between two hosts.

Question # 23

He is worried about information being sniffed on the network.

How would the attacker use netcat to encrypt the information before transmitting onto the wire?

Options:

A.

Machine A: netcat -l -p -s password 1234 < testfileMachine B: netcat 1234

B.

Machine A: netcat -l -e magickey -p 1234 < testfileMachine B: netcat 1234

C.

Machine A: netcat -l -p 1234 < testfile -pw passwordMachine B: netcat 1234 -pw password

D.

Use cryptcat instead of netcat

Question 24

In the context of Windows Security, what is a 'null' user?

Options:

A.

A user that has no skills

B.

An account that has been suspended by the admin

C.

A pseudo account that has no username and password

D.

A pseudo account that was created for security administration purpose

Question 25

Tremp is an IT Security Manager, and he is planning to deploy an IDS in his small company. He is looking for an IDS with the following characteristics: - Verifies success or failure of an attack - Monitors system activities Detects attacks that a network-based IDS fails to detect - Near real-time detection and response - Does not require additional hardware - Lower entry cost Which type of IDS is best suited for Tremp's requirements?

Options:

A.

Gateway-based IDS

B.

Network-based IDS

C.

Host-based IDS

D.

Open source-based

Question 26

What type of analysis is performed when an attacker has partial knowledge of inner-workings of the application?

Options:

A.

Black-box

B.

Announced

C.

White-box

D.

Grey-box

Question 27

You are trying to break into a highly classified top-secret mainframe computer with highest security system in place at Merclyn Barley Bank located in Los Angeles.

You know that conventional hacking doesn't work in this case, because organizations such as banks are generally tight and secure when it comes to protecting their systems.

In other words, you are trying to penetrate an otherwise impenetrable system.

How would you proceed?

Options:

A.

Look for "zero-day" exploits at various underground hacker websites in Russia and China and buy the necessary exploits from these hackers and target the bank's network

B.

Try to hang around the local pubs or restaurants near the bank, get talking to a poorly-paid or disgruntled employee, and offer them money if they'll abuse their access privileges by providing you with sensitive information

C.

Launch DDOS attacks against Merclyn Barley Bank's routers and firewall systems using 100, 000 or more "zombies" and "bots"

D.

Try to conduct Man-in-the-Middle (MiTM) attack and divert the network traffic going to the Merclyn Barley Bank's Webserver to that of your machine using DNS Cache Poisoning techniques

Question 28

What port number is used by LDAP protocol?

Options:

A.

110

B.

389

C.

464

D.

445

Question 29

OpenSSL on Linux servers includes a command line tool for testing TLS. What is the name of the tool and the correct syntax to connect to a web server?

Options:

A.

openssl s_client -site www.website.com:443

B.

openssl_client -site www.website.com:443

C.

openssl s_client -connect www.website.com:443

D.

openssl_client -connect www.website.com:443

Question 30

Bella, a security professional working at an it firm, finds that a security breach has occurred while transferring important files. Sensitive data, employee usernames. and passwords are shared In plaintext, paving the way for hackers 10 perform successful session hijacking. To address this situation. Bella Implemented a protocol that sends data using encryption and digital certificates. Which of the following protocols Is used by Bella?

Options:

A.

FTP

B.

HTTPS

C.

FTPS

D.

IP

Question 31

The network administrator at Spears Technology, Inc has configured the default gateway Cisco router's access-list as below:

You are hired to conduct security testing on their network.

You successfully brute-force the SNMP community string using a SNMP crack tool.

The access-list configured at the router prevents you from establishing a successful connection.

You want to retrieve the Cisco configuration from the router. How would you proceed?

Options:

A.

Use the Cisco's TFTP default password to connect and download the configuration file

B.

Run a network sniffer and capture the returned traffic with the configuration file from the router

C.

Run Generic Routing Encapsulation (GRE) tunneling protocol from your computer to the router masking your IP address

D.

Send a customized SNMP set request with a spoofed source IP address in the range -192.168.1.0

Question 32

Matthew, a black hat, has managed to open a meterpreter session to one of the kiosk machines in Evil Corp’s lobby. He checks his current SID, which is S-1-5-21-1223352397-1872883824-861252104-501. What needs to happen before Matthew has full administrator access?

Options:

A.

He must perform privilege escalation.

B.

He needs to disable antivirus protection.

C.

He needs to gain physical access.

D.

He already has admin privileges, as shown by the “501” at the end of the SID.

Question 33

You are tasked to configure the DHCP server to lease the last 100 usable IP addresses in subnet to. 1.4.0/23. Which of the following IP addresses could be teased as a result of the new configuration?

Options:

A.

210.1.55.200

B.

10.1.4.254

C.

10..1.5.200

D.

10.1.4.156

Question 34

What is the minimum number of network connections in a multi homed firewall?

Options:

A.

3

B.

5

C.

4

D.

2

Question 35

Abel, a cloud architect, uses container technology to deploy applications/software including all its dependencies, such as libraries and configuration files, binaries, and other resources that run independently from other processes in the cloud environment. For the containerization of applications, he follows the five-tier container technology architecture. Currently. Abel is verifying and validating image contents, signing images, and sending them to the registries. Which of the following tiers of the container technology architecture Is Abel currently working in?

Options:

A.

Tier-1: Developer machines

B.

Tier-4: Orchestrators

C.

Tier-3: Registries

D.

Tier-2: Testing and accreditation systems

Question 36

What kind of detection techniques is being used in antivirus softwares that identifies malware by collecting data from multiple protected systems and instead of analyzing files locally it's made on the premiers environment-

Options:

A.

VCloud based

B.

Honypot based

C.

Behaviour based

D.

Heuristics based

Question 37

Vlady works in a fishing company where the majority of the employees have very little understanding of IT let alone IT Security. Several information security issues that Vlady often found includes, employees sharing password, writing his/her password on a post it note and stick it to his/her desk, leaving the computer unlocked, didn’t log out from emails or other social media accounts, and etc.

After discussing with his boss, Vlady decided to make some changes to improve the security environment in his company. The first thing that Vlady wanted to do is to make the employees understand the importance of keeping confidential information, such as password, a secret and they should not share it with other persons.

Which of the following steps should be the first thing that Vlady should do to make the employees in his company understand to importance of keeping confidential information a secret?

Options:

A.

Warning to those who write password on a post it note and put it on his/her desk

B.

Developing a strict information security policy

C.

Information security awareness training

D.

Conducting a one to one discussion with the other employees about the importance of information security

Question 38

Which of the following statements is FALSE with respect to Intrusion Detection Systems?

Options:

A.

Intrusion Detection Systems can be configured to distinguish specific content in network packets

B.

Intrusion Detection Systems can easily distinguish a malicious payload in an encrypted traffic

C.

Intrusion Detection Systems require constant update of the signature library

D.

Intrusion Detection Systems can examine the contents of the data n context of the network protocol

Question 39

Abel, a security professional, conducts penetration testing in his client organization to check for any security loopholes. He launched an attack on the DHCP servers by broadcasting forged DHCP requests and leased all the DHCP addresses available in the DHCP scope until the server could not issue any more IP addresses. This led to a Dos attack, and as a result, legitimate employees were unable to access the clients network. Which of the following attacks did Abel perform in the above scenario?

Options:

A.

VLAN hopping

B.

DHCP starvation

C.

Rogue DHCP server attack

D.

STP attack

Question 40

Scenario: Joe turns on his home computer to access personal online banking. When he enters the URL www.bank.com. the website is displayed, but it prompts him to re-enter his credentials as if he has never visited the site before. When he examines the website URL closer, he finds that the site is not secure and the web address appears different. What type of attack he is experiencing?.

Options:

A.

Dos attack

B.

DHCP spoofing

C.

ARP cache poisoning

D.

DNS hijacking

Question 41

During the process of encryption and decryption, what keys are shared?

Options:

A.

Private keys

B.

User passwords

C.

Public keys

D.

Public and private keys

Question 42

what are common files on a web server that can be misconfigured and provide useful Information for a hacker such as verbose error messages?

Options:

A.

httpd.conf

B.

administration.config

C.

idq.dll

D.

php.ini

Question 43

Password cracking programs reverse the hashing process to recover passwords. (True/False.)

Options:

A.

True

B.

False

Question 44

A friend of yours tells you that he downloaded and executed a file that was sent to him by a coworker. Since the file did nothing when executed, he asks you for help because he suspects that he may have installed a trojan on his computer.

what tests would you perform to determine whether his computer Is Infected?

Options:

A.

Use ExifTool and check for malicious content.

B.

You do not check; rather, you immediately restore a previous snapshot of the operating system.

C.

Upload the file to VirusTotal.

D.

Use netstat and check for outgoing connections to strange IP addresses or domains.

Question 45

When discussing passwords, what is considered a brute force attack?

Options:

A.

You attempt every single possibility until you exhaust all possible combinations or discover the password

B.

You threaten to use the rubber hose on someone unless they reveal their password

C.

You load a dictionary of words into your cracking program

D.

You create hashes of a large number of words and compare it with the encrypted passwords

E.

You wait until the password expires

Question 46

Wilson, a professional hacker, targets an organization for financial benefit and plans to compromise its systems by sending malicious emails. For this purpose, he uses a tool to track the emails of the target and extracts information such as sender identities, mall servers, sender IP addresses, and sender locations from different public sources. He also checks if an email address was leaked using the haveibeenpwned.com API. Which of the following tools is used by Wilson in the above scenario?

Options:

A.

Factiva

B.

Netcraft

C.

infoga

D.

Zoominfo

Question 47

George is a security professional working for iTech Solutions. He was tasked with securely transferring sensitive data of the organization between industrial systems. In this process, he used a short-range communication protocol based on the IEEE 203.15.4 standard. This protocol is used in devices that transfer data infrequently at a low rate in a restricted area, within a range of 10-100 m. What is the short-range wireless communication technology George employed in the above scenario?

Options:

A.

MQTT

B.

LPWAN

C.

Zigbee

D.

NB-IoT

Question 48

Andrew is an Ethical Hacker who was assigned the task of discovering all the active devices hidden by a restrictive firewall in the IPv4 range in a given target network.

Which of the following host discovery techniques must he use to perform the given task?

Options:

A.

UDP scan

B.

TCP Maimon scan

C.

arp ping scan

D.

ACK flag probe scan

Question 49

In this attack, a victim receives an e-mail claiming from PayPal stating that their account has been disabled and confirmation is required before activation. The attackers then scam to collect not one but two credit card numbers, ATM PIN number and other personal details. Ignorant users usually fall prey to this scam.

Which of the following statement is incorrect related to this attack?

Options:

A.

Do not reply to email messages or popup ads asking for personal or financial information

B.

Do not trust telephone numbers in e-mails or popup ads

C.

Review credit card and bank account statements regularly

D.

Antivirus, anti-spyware, and firewall software can very easily detect these type of attacks

E.

Do not send credit card numbers, and personal or financial information via e-mail

Question 50

Clark, a professional hacker, was hired by an organization lo gather sensitive Information about its competitors surreptitiously. Clark gathers the server IP address of the target organization using Whole footprinting. Further, he entered the server IP address as an input to an online tool to retrieve information such as the network range of the target organization and to identify the network topology and operating system used in the network. What is the online tool employed by Clark in the above scenario?

Options:

A.

AOL

B.

ARIN

C.

DuckDuckGo

D.

Baidu

Question 51

Alice needs to send a confidential document to her coworker. Bryan. Their company has public key infrastructure set up. Therefore. Alice both encrypts the message and digitally signs it. Alice uses_______to encrypt the message, and Bryan uses__________to confirm the digital signature.

Options:

A.

Bryan’s public key; Bryan’s public key

B.

Alice’s public key; Alice’s public key

C.

Bryan’s private key; Alice’s public key

D.

Bryan’s public key; Alice’s public key

Question 52

There are multiple cloud deployment options depending on how isolated a customer's resources are from those of other customers. Shared environments share the costs and allow each customer to enjoy lower operations expenses. One solution Is for a customer to Join with a group of users or organizations to share a cloud environment. What is this cloud deployment option called?

Options:

A.

Hybrid

B.

Community

C.

Public

D.

Private

Question 53

Suppose that you test an application for the SQL injection vulnerability. You know that the backend database

is based on Microsoft SQL Server. In the login/password form, you enter the following credentials:

Username: attack' or 1=1 -

Password: 123456

Based on the above credentials, which of the following SQL commands are you expecting to be executed by the server, if there is indeed an SQL injection vulnerability?

Options:

A.

select * from Users where UserName = 'attack'' or 1=1 -- and UserPassword = '123456'

B.

select * from Users where UserName = 'attack' or 1=1 -- and UserPassword = '123456'

C.

select * from Users where UserName = 'attack or 1=1 -- and UserPassword = '123456'

D.

select * from Users where UserName = 'attack' or 1=1 --' and UserPassword = '123456'

Question 54

Jason, an attacker, targeted an organization to perform an attack on its Internet-facing web server with the intention of gaining access to backend servers, which are protected by a firewall. In this process, he used a URL https://xyz.com/feed.php?url:externaIsile.com/feed/to to obtain a remote feed and altered the URL input to the local host to view all the local resources on the target server. What is the type of attack Jason performed In the above scenario?

Options:

A.

website defacement

B.

Server-side request forgery (SSRF) attack

C.

Web server misconfiguration

D.

web cache poisoning attack

Question 55

in an attempt to increase the security of your network, you Implement a solution that will help keep your wireless network undiscoverable and accessible only to those that know It. How do you accomplish this?

Options:

A.

Delete the wireless network

B.

Remove all passwords

C.

Lock all users

D.

Disable SSID broadcasting

Question 56

An attacker redirects the victim to malicious websites by sending them a malicious link by email. The link appears authentic but redirects the victim to a malicious web page, which allows the attacker to steal the victim's data. What type of attack is this?

Options:

A.

Phishing

B.

Vlishing

C.

Spoofing

D.

DDoS

Question 57

John, a disgruntled ex-employee of an organization, contacted a professional hacker to exploit the organization. In the attack process, the professional hacker Installed a scanner on a machine belonging to one of the vktims and scanned several machines on the same network to Identify vulnerabilities to perform further exploitation. What is the type of vulnerability assessment tool employed by John in the above scenario?

Options:

A.

Proxy scanner

B.

Agent-based scanner

C.

Network-based scanner

D.

Cluster scanner

Question 58

The following is an entry captured by a network IDS. You are assigned the task of analyzing this entry. You notice the value 0x90, which is the most common NOOP instruction for the Intel processor. You figure that the attacker is attempting a buffer overflow attack.

You also notice "/bin/sh" in the ASCII part of the output.

As an analyst what would you conclude about the attack?

Question # 58

Options:

A.

The buffer overflow attack has been neutralized by the IDS

B.

The attacker is creating a directory on the compromised machine

C.

The attacker is attempting a buffer overflow attack and has succeeded

D.

The attacker is attempting an exploit that launches a command-line shell

Question 59

Session splicing is an IDS evasion technique in which an attacker delivers data in multiple, small sized packets to the target computer, making it very difficult for an IDS to detect the attack signatures. Which tool can be used to perform session splicing attacks?

Options:

A.

tcpsplice

B.

Burp

C.

Hydra

D.

Whisker

Question 60

Tess King is using the nslookup command to craft queries to list all DNS information (such as Name Servers, host names, MX records, CNAME records, glue records (delegation for child Domains), zone serial number, TimeToLive (TTL) records, etc) for a Domain.

What do you think Tess King is trying to accomplish? Select the best answer.

Options:

A.

A zone harvesting

B.

A zone transfer

C.

A zone update

D.

A zone estimate

Question 61

Steve, a scientist who works in a governmental security agency, developed a technological solution to identify people based on walking patterns and implemented this approach to a physical control access.

A camera captures people walking and identifies the individuals using Steve’s approach.

After that, people must approximate their RFID badges. Both the identifications are required to open the door. In this case, we can say:

Options:

A.

Although the approach has two phases, it actually implements just one authentication factor

B.

The solution implements the two authentication factors: physical object and physical characteristic

C.

The solution will have a high level of false positives

D.

Biological motion cannot be used to identify people

Question 62

The collection of potentially actionable, overt, and publicly available information is known as

Options:

A.

Open-source intelligence

B.

Real intelligence

C.

Social intelligence

D.

Human intelligence

Question 63

Which of the following is the BEST way to defend against network sniffing?

Options:

A.

Using encryption protocols to secure network communications

B.

Register all machines MAC Address in a Centralized Database

C.

Use Static IP Address

D.

Restrict Physical Access to Server Rooms hosting Critical Servers

Question 64

Study the following log extract and identify the attack.

Question # 64

Options:

A.

Hexcode Attack

B.

Cross Site Scripting

C.

Multiple Domain Traversal Attack

D.

Unicode Directory Traversal Attack

Question 65

You just set up a security system in your network. In what kind of system would you find the following string of characters used as a rule within its configuration? alert tcp any any -> 192.168.100.0/24 21 (msg: ““FTP on the network!””;)

Options:

A.

A firewall IPTable

B.

FTP Server rule

C.

A Router IPTable

D.

An Intrusion Detection System

Question 66

An incident investigator asks to receive a copy of the event logs from all firewalls, proxy servers, and Intrusion Detection Systems (IDS) on the network of an organization that has experienced a possible breach of security. When the investigator attempts to correlate the information in all of the logs, the sequence of many of the logged events do not match up.

What is the most likely cause?

Options:

A.

The network devices are not all synchronized.

B.

Proper chain of custody was not observed while collecting the logs.

C.

The attacker altered or erased events from the logs.

D.

The security breach was a false positive.

Question 67

You are a Network Security Officer. You have two machines. The first machine (192.168.0.99) has snort installed, and the second machine (192.168.0.150) has kiwi syslog installed. You perform a syn scan in your network, and you notice that kiwi syslog is not receiving the alert message from snort. You decide to run wireshark in the snort machine to check if the messages are going to the kiwi syslog machine. What Wireshark filter will show the connections from the snort machine to kiwi syslog machine?

Options:

A.

tcp.srcport= = 514 && ip.src= = 192.168.0.99

B.

tcp.srcport= = 514 && ip.src= = 192.168.150

C.

tcp.dstport= = 514 && ip.dst= = 192.168.0.99

D.

tcp.dstport= = 514 && ip.dst= = 192.168.0.150

Question 68

The company ABC recently contracts a new accountant. The accountant will be working with the financial statements. Those financial statements need to be approved by the CFO and then they will be sent to the accountant but the CFO is worried because he wants to be sure that the information sent to the accountant was not modified once he approved it. Which of the following options can be useful to ensure the integrity of the data?

Options:

A.

The CFO can use a hash algorithm in the document once he approved the financial statements

B.

The CFO can use an excel file with a password

C.

The financial statements can be sent twice, one by email and the other delivered in USB and the accountant can compare both to be sure is the same document

D.

The document can be sent to the accountant using an exclusive USB for that document

Question 69

Bob received this text message on his mobile phone: “Hello, this is Scott Smelby from the Yahoo Bank. Kindly contact me for a vital transaction on: scottsmelby@yahoo.com”. Which statement below is true?

Options:

A.

This is a scam as everybody can get a @yahoo address, not the Yahoo customer service employees.

B.

This is a scam because Bob does not know Scott.

C.

Bob should write to scottmelby@yahoo.com to verify the identity of Scott.

D.

This is probably a legitimate message as it comes from a respectable organization.

Question 70

Although FTP traffic is not encrypted by default, which layer 3 protocol would allow for end-to-end encryption of the connection?

Options:

A.

SFTP

B.

Ipsec

C.

SSL

D.

FTPS

Question 71

What does the –oX flag do in an Nmap scan?

Options:

A.

Perform an eXpress scan

B.

Output the results in truncated format to the screen

C.

Output the results in XML format to a file

D.

Perform an Xmas scan

Question 72

If a tester is attempting to ping a target that exists but receives no response or a response that states the destination is unreachable, ICMP may be disabled and the network may be using TCP. Which other option could the tester use to get a response from a host using TCP?

Options:

A.

Traceroute

B.

Hping

C.

TCP ping

D.

Broadcast ping

Question 73

What is the way to decide how a packet will move from an untrusted outside host to a protected inside that is behind a firewall, which permits the hacker to determine which ports are open and if the packets can pass through the packet-filtering of the firewall?

Options:

A.

Session hijacking

B.

Firewalking

C.

Man-in-the middle attack

D.

Network sniffing

Question 74

A zone file consists of which of the following Resource Records (RRs)?

Options:

A.

DNS, NS, AXFR, and MX records

B.

DNS, NS, PTR, and MX records

C.

SOA, NS, AXFR, and MX records

D.

SOA, NS, A, and MX records

Question 75

is a set of extensions to DNS that provide the origin authentication of DNS data to DNS clients (resolvers) so as to reduce the threat of DNS poisoning, spoofing, and similar types of attacks.

Options:

A.

DNSSEC

B.

Resource records

C.

Resource transfer

D.

Zone transfer

Question 76

A large mobile telephony and data network operator has a data center that houses network elements. These are essentially large computers running on Linux. The perimeter of the data center is secured with firewalls and IPS systems.

What is the best security policy concerning this setup?

Options:

A.

Network elements must be hardened with user ids and strong passwords. Regular security tests and audits should be performed.

B.

As long as the physical access to the network elements is restricted, there is no need for additional measures.

C.

There is no need for specific security measures on the network elements as long as firewalls and IPS systems exist.

D.

The operator knows that attacks and down time are inevitable and should have a backup site.

Question 77

You are tasked to perform a penetration test. While you are performing information gathering, you find an employee list in Google. You find the receptionist’s email, and you send her an email changing the source email to her boss’s email (boss@company). In this email, you ask for a pdf with information. She reads your email and sends back a pdf with links. You exchange the pdf links with your malicious links (these links contain malware) and send back the modified pdf, saying that the links don’t work. She reads your email, opens the links, and her machine gets infected. You now have access to the company network. What testing method did you use?

Options:

A.

Social engineering

B.

Piggybacking

C.

Tailgating

D.

Eavesdropping

Question 78

Which of the following tools are used for enumeration? (Choose three.)

Options:

A.

SolarWinds

B.

USER2SID

C.

Cheops

D.

SID2USER

E.

DumpSec

Question 79

When you are getting information about a web server, it is very important to know the HTTP Methods (GET, POST, HEAD, PUT, DELETE, TRACE) that are available because there are two critical methods (PUT and DELETE). PUT can upload a file to the server and DELETE can delete a file from the server. You can detect all these methods (GET, POST, HEAD, DELETE, PUT, TRACE) using NMAP script engine. What Nmap script will help you with this task?

Options:

A.

http-methods

B.

http enum

C.

http-headers

D.

http-git

Question 80

Bob, a system administrator at TPNQM SA, concluded one day that a DMZ is not needed if he properly configures the firewall to allow access just to servers/ports, which can have direct internet access, and block the access to workstations.

Bob also concluded that DMZ makes sense just when a stateful firewall is available, which is not the case of TPNQM SA.

In this context, what can you say?

Options:

A.

Bob can be right since DMZ does not make sense when combined with stateless firewalls

B.

Bob is partially right. He does not need to separate networks if he can create rules by destination IPs, one by one

C.

Bob is totally wrong. DMZ is always relevant when the company has internet servers and workstations

D.

Bob is partially right. DMZ does not make sense when a stateless firewall is available

Question 81

Which of the following is a low-tech way of gaining unauthorized access to systems?

Options:

A.

Social Engineering

B.

Eavesdropping

C.

Scanning

D.

Sniffing

Question 82

An attacker, using a rogue wireless AP, performed an MITM attack and injected an HTML code to embed a malicious applet in all HTTP connections.

When users accessed any page, the applet ran and exploited many machines. Which one of the following tools the hacker probably used to inject HTML code?

Options:

A.

Wireshark

B.

Ettercap

C.

Aircrack-ng

D.

Tcpdump

Question 83

What is a NULL scan?

Options:

A.

A scan in which all flags are turned off

B.

A scan in which certain flags are off

C.

A scan in which all flags are on

D.

A scan in which the packet size is set to zero

E.

A scan with an illegal packet size

Question 84

User A is writing a sensitive email message to user B outside the local network. User A has chosen to use PKI to secure his message and ensure only user B can read the sensitive email. At what layer of the OSI layer does the encryption and decryption of the message take place?

Options:

A.

Application

B.

Transport

C.

Session

D.

Presentation

Question 85

Under what conditions does a secondary name server request a zone transfer from a primary name server?

Options:

A.

When a primary SOA is higher that a secondary SOA

B.

When a secondary SOA is higher that a primary SOA

C.

When a primary name server has had its service restarted

D.

When a secondary name server has had its service restarted

E.

When the TTL falls to zero

Question 86

Shellshock allowed an unauthorized user to gain access to a server. It affected many Internet-facing services, which OS did it not directly affect?

Options:

A.

Linux

B.

Unix

C.

OS X

D.

Windows

Question 87

As a securing consultant, what are some of the things you would recommend to a company to ensure DNS security?

Options:

A.

Use the same machines for DNS and other applications

B.

Harden DNS servers

C.

Use split-horizon operation for DNS servers

D.

Restrict Zone transfers

E.

Have subnet diversity between DNS servers

Question 88

What is the proper response for a NULL scan if the port is open?

Options:

A.

SYN

B.

ACK

C.

FIN

D.

PSH

E.

RST

F.

No response

Question 89

When analyzing the IDS logs, the system administrator noticed an alert was logged when the external router was accessed from the administrator’s Computer to update the router configuration. What type of an alert is this?

Options:

A.

False negative

B.

True negative

C.

True positive

D.

False positive

Question 90

What is correct about digital signatures?

Options:

A.

A digital signature cannot be moved from one signed document to another because it is the hash of the original document encrypted with the private key of the signing party.

B.

Digital signatures may be used in different documents of the same type.

C.

A digital signature cannot be moved from one signed document to another because it is a plain hash of the document content.

D.

Digital signatures are issued once for each user and can be used everywhere until they expire.

Question 91

Why should the security analyst disable/remove unnecessary ISAPI filters?

Options:

A.

To defend against social engineering attacks

B.

To defend against webserver attacks

C.

To defend against jailbreaking

D.

To defend against wireless attacks

Question 92

Which method of password cracking takes the most time and effort?

Options:

A.

Dictionary attack

B.

Shoulder surfing

C.

Rainbow tables

D.

Brute force

Question 93

Which DNS resource record can indicate how long any "DNS poisoning" could last?

Options:

A.

MX

B.

SOA

C.

NS

D.

TIMEOUT

Question 94

What kind of detection techniques is being used in antivirus software that identifies malware by collecting data from multiple protected systems and instead of analyzing files locally it’s made on the provider’s environment?

Options:

A.

Behavioral based

B.

Heuristics based

C.

Honeypot based

D.

Cloud based

Question 95

What is the known plaintext attack used against DES which gives the result that encrypting plaintext with one DES key followed by encrypting it with a second DES key is no more secure than using a single key?

Options:

A.

Man-in-the-middle attack

B.

Meet-in-the-middle attack

C.

Replay attack

D.

Traffic analysis attack

Question 96

A user on your Windows 2000 network has discovered that he can use L0phtcrack to sniff the SMB exchanges which carry user logons. The user is plugged into a hub with 23 other systems.

However, he is unable to capture any logons though he knows that other users are logging in.

What do you think is the most likely reason behind this?

Options:

A.

There is a NIDS present on that segment.

B.

Kerberos is preventing it.

C.

Windows logons cannot be sniffed.

D.

L0phtcrack only sniffs logons to web servers.

Question 97

A hacker is an intelligent individual with excellent computer skills and the ability to explore a computer’s software and hardware without the owner’s permission. Their intention can either be to simply gain knowledge or to illegally make changes.

Which of the following class of hacker refers to an individual who works both offensively and defensively at various times?

Options:

A.

White Hat

B.

Suicide Hacker

C.

Gray Hat

D.

Black Hat

Question 98

Based on the following extract from the log of a compromised machine, what is the hacker really trying to steal?

Options:

A.

har.txt

B.

SAM file

C.

wwwroot

D.

Repair file

Question 99

What is the role of test automation in security testing?

Options:

A.

It is an option but it tends to be very expensive.

B.

It should be used exclusively. Manual testing is outdated because of low speed and possible test setup inconsistencies.

C.

Test automation is not usable in security due to the complexity of the tests.

D.

It can accelerate benchmark tests and repeat them with a consistent test setup. But it cannot replace manual testing completely.

Question 100

A network administrator discovers several unknown files in the root directory of his Linux FTP server. One of the files is a tarball, two are shell script files, and the third is a binary file is named "nc." The FTP server's access logs show that the anonymous user account logged in to the server, uploaded the files, and extracted the contents of the tarball and ran the script using a function provided by the FTP server's software. The “ps” command shows that the “nc” file is running as process, and the netstat command shows the “nc” process is listening on a network port.

What kind of vulnerability must be present to make this remote attack possible?

Options:

A.

File system permissions

B.

Privilege escalation

C.

Directory traversal

D.

Brute force login

Question 101

Bob, a network administrator at BigUniversity, realized that some students are connecting their notebooks in the wired network to have Internet access. In the university campus, there are many Ethernet ports available for professors and authorized visitors but not for students.

He identified this when the IDS alerted for malware activities in the network. What should Bob do to avoid this problem?

Options:

A.

Disable unused ports in the switches

B.

Separate students in a different VLAN

C.

Use the 802.1x protocol

D.

Ask students to use the wireless network

Question 102

In the field of cryptanalysis, what is meant by a “rubber-hose” attack?

Options:

A.

Forcing the targeted keystream through a hardware-accelerated device such as an ASIC.

B.

A backdoor placed into a cryptographic algorithm by its creator.

C.

Extraction of cryptographic secrets through coercion or torture.

D.

Attempting to decrypt ciphertext by making logical assumptions about the contents of the original plaintext.

Question 103

DHCP snooping is a great solution to prevent rogue DHCP servers on your network. Which security feature on switchers leverages the DHCP snooping database to help prevent man-in-the-middle attacks?

Options:

A.

Spanning tree

B.

Dynamic ARP Inspection (DAI)

C.

Port security

D.

Layer 2 Attack Prevention Protocol (LAPP)

Question 104

Which of the following tools can be used to perform a zone transfer?

Options:

A.

NSLookup

B.

Finger

C.

Dig

D.

Sam Spade

E.

Host

F.

Netcat

G.

Neotrace

Question 105

MX record priority increases as the number increases. (True/False.)

Options:

A.

True

B.

False

Question 106

You need to deploy a new web-based software package for your organization. The package requires three separate servers and needs to be available on the Internet. What is the recommended architecture in terms of server placement?

Options:

A.

All three servers need to be placed internally

B.

A web server facing the Internet, an application server on the internal network, a database server on the internal network

C.

A web server and the database server facing the Internet, an application server on the internal network

D.

All three servers need to face the Internet so that they can communicate between themselves

Question 107

What two conditions must a digital signature meet?

Options:

A.

Has to be the same number of characters as a physical signature and must be unique.

B.

Has to be unforgeable, and has to be authentic.

C.

Must be unique and have special characters.

D.

Has to be legible and neat.

Question 108

The Heartbleed bug was discovered in 2014 and is widely referred to under MITRE’s Common Vulnerabilities and Exposures (CVE) as CVE-2014-0160. This bug affects the OpenSSL implementation of the Transport Layer Security (TLS) protocols defined in RFC6520.

What type of key does this bug leave exposed to the Internet making exploitation of any compromised system very easy?

Options:

A.

Public

B.

Private

C.

Shared

D.

Root

Question 109

Bob is acknowledged as a hacker of repute and is popular among visitors of "underground" sites.

Bob is willing to share his knowledge with those who are willing to learn, and many have expressed their interest in learning from him. However, this knowledge has a risk associated with it, as it can be used for malevolent attacks as well.

In this context, what would be the most effective method to bridge the knowledge gap between the "black" hats or crackers and the "white" hats or computer security professionals? (Choose the test answer.)

Options:

A.

Educate everyone with books, articles and training on risk analysis, vulnerabilities and safeguards.

B.

Hire more computer security monitoring personnel to monitor computer systems and networks.

C.

Make obtaining either a computer security certification or accreditation easier to achieve so more individuals feel that they are a part of something larger than life.

D.

Train more National Guard and reservist in the art of computer security to help out in times of emergency or crises.

Question 110

Scenario1:

1.Victim opens the attacker's web site.

2.Attacker sets up a web site which contains interesting and attractive content like 'Do you want to make

$1000 in a day?'.

3.Victim clicks to the interesting and attractive content URL.

4.Attacker creates a transparent 'iframe' in front of the URL which victim attempts to click, so victim thinks that he/she clicks to the 'Do you want to make $1000 in a day?' URL but actually he/she clicks to the content or URL that exists in the transparent 'iframe' which is setup by the attacker.

What is the name of the attack which is mentioned in the scenario?

Options:

A.

Session Fixation

B.

HTML Injection

C.

HTTP Parameter Pollution

D.

Clickjacking Attack

Question 111

Which of the following program infects the system boot sector and the executable files at the same time?

Options:

A.

Polymorphic virus

B.

Stealth virus

C.

Multipartite Virus

D.

Macro virus

Question 112

Which of the following tools can be used for passive OS fingerprinting?

Options:

A.

nmap

B.

tcpdump

C.

tracert

D.

ping

Question 113

What did the following commands determine?

Question # 113

Options:

A.

That the Joe account has a SID of 500

B.

These commands demonstrate that the guest account has NOT been disabled

C.

These commands demonstrate that the guest account has been disabled

D.

That the true administrator is Joe

E.

Issued alone, these commands prove nothing

Question 114

A company’s security policy states that all Web browsers must automatically delete their HTTP browser cookies upon terminating. What sort of security breach is this policy attempting to mitigate?

Options:

A.

Attempts by attackers to access the user and password information stored in the company’s SQL database.

B.

Attempts by attackers to access Web sites that trust the Web browser user by stealing the user’s authentication credentials.

C.

Attempts by attackers to access password stored on the user’s computer without the user’s knowledge.

D.

Attempts by attackers to determine the user’s Web browser usage patterns, including when sites were visited and for how long.

Question 115

An audacious attacker is targeting a web server you oversee. He intends to perform a Slow HTTP POST attack, by manipulating 'a' HTTP connection. Each connection sends a byte of data every 'b' second, effectively holding up the connections for an extended period. Your server is designed to manage 'm' connections per second, but any connections exceeding this number tend to overwhelm the system. Given ‘a=100' and variable 'm', along with the attacker's intention of maximizing the attack duration 'D=a*b', consider the following scenarios. Which is most likely to result in the longest duration of server unavailability?

Options:

A.

m=110, b=20: Despite the attacker sending 100 connections, the server can handle 110 connections per

second, therefore likely staying operative, regardless of the hold-up time per connection

B.

m=90, b=15: The server can manage 90 connections per second, but the attacker's 100 connections

exceed this, and with each connection held up for 15 seconds, the attack duration could be significant

C.

95, b=10: Here, the server can handle 95 connections per second, but it falls short against the

attacker's 100 connections, albeit the hold-up time per connection is lower

D.

m=105, b=12: The server can manage 105 connections per second, more than the attacker's 100

connections, likely maintaining operation despite a moderate hold-up time

Question 116

In an attempt to damage the reputation of a competitor organization, Hailey, a professional hacker, gathers a list of employee and client email addresses and other related information by using various search engines, social networking sites, and web spidering tools. In this process, she also uses an automated tool to gather a list of words from the target website to further perform a brute-force attack on the previously gathered email addresses.

What is the tool used by Hailey for gathering a list of words from the target website?

Options:

A.

Shadowsocks

B.

CeWL

C.

Psiphon

D.

Orbot

Question 117

You are the lead cybersecurity analyst at a multinational corporation that uses a hybrid encryption system to secure inter-departmental communications. The system uses RSA encryption for key exchange and AES for data encryption, taking advantage of the strengths of both asymmetric and symmetric encryption. Each RSA

key pair has a size of 'n' bits, with larger keys providing more security at the cost of slower performance. The time complexity of generating an RSA key pair is O(n*2), and AES encryption has a time complexity of O(n). An attacker has developed a quantum algorithm with time complexity O((log n)*2) to crack RSA encryption. Given *n=4000' and variable ‘AES key size’, which scenario is likely to provide the best balance of security and

performance?

Options:

A.

AES key size=128 bits: This configuration provides less security than option A, but RSA key generation and AES encryption will be faster.

B.

AES key size=256 bits: This configuration provides a high level of security, but RSA key generation may be slow.

C.

AES key size=192 bits: This configuration is a balance between options A and B, providing moderate security and performance.

D.

AES key size=512 bits: This configuration provides the highest level of security but at a significant performance cost due to the large AES key size.

Question 118

An attacker utilizes a Wi-Fi Pineapple to run an access point with a legitimate-looking SSID for a nearby business in order to capture the wireless password. What kind of attack is this?

Options:

A.

MAC spoofing attack

B.

Evil-twin attack

C.

War driving attack

D.

Phishing attack

Question 119

In an intricate web application architecture using an Oracle database, you, as a security analyst, have identified a potential SQL Injection attack surface. The database consists of 'x' tables, each with y columns. Each table contains z1 records. An attacker, well-versed in SQLi techniques, crafts 'u' SQL payloads, each attempting to extract maximum data from the database. The payloads include UNION SELECT' statements and 'DBMS_XSLPPOCESSOR.READ2CLOB' to read sensitive files. The attacker aims to maximize the total data extracted E=xyz'u'. Assuming 'x=4\ y=2\ and varying z' and 'u\ which situation is likely to result in the highest extracted data volume?

Options:

A.

z=400. u=4: The attacker constructs A SQLpayloads, each focusing on tables with 400 records, influencing all columns of all tables

B.

z=550, u=Z Here, the attacker formulates 2 SQL payloads and directs them towards tables containing 550 records, impacting all columns and tables

C.

z=600. u=2: The attacker devises 2 SQL payloads. each aimed at tables holding 600 records, affecting all columns across all tables

D.

Az=500. u=3: The attacker creates 3 SQL payloads and targets tables with 500 records each, exploiting all columns and tables

Question 120

Mr. Omkar performed tool-based vulnerability assessment and found two vulnerabilities. During analysis, he found that these issues are not true vulnerabilities.

What will you call these issues?

Options:

A.

False positives

B.

True negatives

C.

True positives

D.

False negatives

Question 121

Attempting an injection attack on a web server based on responses to True/False QUESTION NO:s is called which of the following?

Options:

A.

Compound SQLi

B.

Blind SQLi

C.

Classic SQLi

D.

DMS-specific SQLi

Question 122

Clark, a professional hacker, attempted to perform a Btlejacking attack using an automated tool, Btlejack, and hardware tool, micro:bit. This attack allowed Clark to hijack, read, and export sensitive information shared between connected devices. To perform this attack, Clark executed various btlejack commands. Which of the following commands was used by Clark to hijack the connections?

Options:

A.

btlejack-f 0x129f3244-j

B.

btlejack -c any

C.

btlejack -d /dev/ttyACM0 -d /dev/ttyACM2 -s

D.

btlejack -f 0x9c68fd30 -t -m 0x1 fffffffff

Question 123

Lewis, a professional hacker, targeted the loT cameras and devices used by a target venture-capital firm. He used an information-gathering tool to collect information about the loT devices connected to a network, open ports and services, and the attack surface area. Using this tool, he also generated statistical reports on broad usage patterns and trends. This tool helped Lewis continually monitor every reachable server and device on the Internet, further allowing him to exploit these devices in the network. Which of the following tools was employed by Lewis in the above scenario?

Options:

A.

Censys

B.

Wapiti

C.

NeuVector

D.

Lacework

Question 124

The network users are complaining because their system are slowing down. Further, every time they attempt to go a website, they receive a series of pop-ups with advertisements. What types of malware have the system been infected with?

Options:

A.

Virus

B.

Spyware

C.

Trojan

D.

Adware

Question 125

You are a cybersecurity consultant for a healthcare organization that utilizes Internet of Medical Things (loMT) devices, such as connected insulin pumps and heart rate monitors, to provide improved patientcare. Recently, the organization has been targeted by ransomware attacks. While the IT infrastructure was unaffected due to robust security measures, they are worried that the loMT devices could be potential entry points for future

attacks. What would be your main recommendation to protect these devices from such threats?

Options:

A.

Implement multi-factor authentication for all loMT devices.

B.

Disable all wireless connectivity on loMT devices.

C.

Use network segmentation to isolate loMT devices from the main network.

D.

Regularly change the IP addresses of all loMT devices.

Question 126

Harper, a software engineer, is developing an email application. To ensure the confidentiality of email messages. Harper uses a symmetric-key block cipher having a classical 12- or 16-round Feistel network with a block size of 64 bits for encryption, which includes large 8 x 32-bit S-boxes (S1, S2, S3, S4) based on bent functions, modular addition and subtraction, key-dependent rotation, and XOR operations. This cipher also uses a masking key(Km1)and a rotation key (Kr1) for performing its functions. What is the algorithm employed by Harper to secure the email messages?

Options:

A.

CAST-128

B.

AES

C.

GOST block cipher

D.

DES

Question 127

What is the least important information when you analyze a public IP address in a security alert?

Options:

A.

DNS

B.

Whois

C.

Geolocation

D.

ARP

Question 128

You want to analyze packets on your wireless network. Which program would you use?

Options:

A.

Wireshark with Airpcap

B.

Airsnort with Airpcap

C.

Wireshark with Winpcap

D.

Ethereal with Winpcap

Question 129

John, a professional hacker, performs a network attack on a renowned organization and gains unauthorized access to the target network. He remains in the network without being detected for a long time and obtains sensitive information without sabotaging the organization. Which of the following attack techniques is used by John?

Options:

A.

Advanced persistent theft

B.

threat Diversion theft

C.

Spear-phishing sites

D.

insider threat

Question 130

Mary found a high vulnerability during a vulnerability scan and notified her server team. After analysis, they sent her proof that a fix to that issue had already been applied. The vulnerability that Marry found is called what?

Options:

A.

False-negative

B.

False-positive

C.

Brute force attack

D.

Backdoor

Question 131

Mirai malware targets loT devices. After infiltration, it uses them to propagate and create botnets that then used to launch which types of attack?

Options:

A.

MITM attack

B.

Birthday attack

C.

DDoS attack

D.

Password attack

Question 132

Which Nmap switch helps evade IDS or firewalls?

Options:

A.

-n/-R

B.

-0N/-0X/-0G

C.

-T

D.

-D

Question 133

Which of the following web vulnerabilities would an attacker be attempting to exploit if they delivered the following input?

] >

Options:

A.

XXE

B.

SQLi

C.

IDOR

D.

XXS

Question 134

You have been authorized to perform a penetration test against a website. You want to use Google dorks to footprint the site but only want results that show file extensions. What Google dork operator would you use?

Options:

A.

filetype

B.

ext

C.

inurl

D.

site

Question 135

ping-* 6 192.168.0.101

Output:

Pinging 192.168.0.101 with 32 bytes of data:

Reply from 192.168.0.101: bytes=32 time<1ms TTL=128

Reply from 192.168.0.101: bytes=32 time<1ms TTL=128

Reply from 192.168.0.101: bytes=32 time<1ms TTL=128

Reply from 192.168.0.101: bytes=32 time<1ms TTL=128

Reply from 192.168.0.101: bytes=32 time<1ms TTL=128

Reply from 192.168.0.101:

Ping statistics for 192.168.0101

Packets: Sent = 6, Received = 6, Lost = 0 (0% loss).

Approximate round trip times in milli-seconds:

Minimum = 0ms, Maximum = 0ms, Average = 0ms

What does the option * indicate?

Options:

A.

t

B.

s

C.

a

D.

n

Question 136

A malicious user has acquired a Ticket Granting Service from the domain controller using a valid user's Ticket Granting Ticket in a Kerberoasting attack. He exhorted the TGS tickets from memory for offline cracking. But the attacker was stopped before he could complete his attack. The system administrator needs to investigate and remediate the potential breach. What should be the immediate step the system administrator takes?

Options:

A.

Perform a system reboot to clear the memory

B.

Delete the compromised user's account

C.

Change the NTLM password hash used to encrypt the ST

D.

invalidate the TGS the attacker acquired

Question 137

Based on the below log, which of the following sentences are true?

Mar 1, 2016, 7:33:28 AM 10.240.250.23 - 54373 10.249.253.15 - 22 tcp_ip

Options:

A.

Application is FTP and 10.240.250.23 is the client and 10.249.253.15 is the server.

B.

Application is SSH and 10.240.250.23 is the server and 10.249.253.15 is the client.

C.

SSH communications are encrypted; it’s impossible to know who is the client or the server.

D.

Application is SSH and 10.240.250.23 is the client and 10.249.253.15 is the server.

Question 138

Joel, a professional hacker, targeted a company and identified the types of websites frequently visited by its employees. Using this information, he searched for possible loopholes in these websites and injected a malicious script that can redirect users from the web page and download malware onto a victim's machine. Joel waits for the victim to access the infected web application so as to compromise the victim's machine. Which of the following techniques is used by Joel in the above scenario?

Options:

A.

DNS rebinding attack

B.

Clickjacking attack

C.

MarioNet attack

D.

Watering hole attack

Question 139

A security analyst is performing an audit on the network to determine if there are any deviations from the security policies in place. The analyst discovers that a user from the IT department had a dial-out modem installed.

Which security policy must the security analyst check to see if dial-out modems are allowed?

Options:

A.

Firewall-management policy

B.

Acceptable-use policy

C.

Permissive policy

D.

Remote-access policy

Question 140

What is the most common method to exploit the “Bash Bug” or “Shellshock” vulnerability?

Options:

A.

SYN Flood

B.

SSH

C.

Through Web servers utilizing CGI (Common Gateway Interface) to send a malformed environment variable to a vulnerable Web server

D.

Manipulate format strings in text fields

Question 141

As a cybersecurity analyst for SecureNet, you are performing a security assessment of a new mobile payment application. One of your primary concerns is the secure storage of customer data on the device. The application

stores sensitive information such as credit card details and personal identification numbers (PINs) on the device. Which of the following measures would best ensure the security of this data?

Options:

A.

Implement biometric authentication for app access.

B.

Encrypt all sensitive data stored on the device.

C.

Enable GPS tracking for all devices using the app.

D.

Regularly update the app to the latest version.

Question 142

Kevin, a professional hacker, wants to penetrate CyberTech Inc.’s network. He employed a technique, using which he encoded packets with Unicode characters. The company’s IDS cannot recognize the packet, but the target web server can decode them.

What is the technique used by Kevin to evade the IDS system?

Options:

A.

Desynchronization

B.

Obfuscating

C.

Session splicing

D.

Urgency flag

Question 143

Tony wants to integrate a 128-bit symmetric block cipher with key sizes of 128,192, or 256 bits into a software program, which involves 32 rounds of computational operations that include substitution and permutation operations on four 32-bit word blocks using 8-variable S-boxes with 4-bit entry and 4-bit exit. Which of the following algorithms includes all the above features and can be integrated by Tony into the software program?

Options:

A.

TEA

B.

CAST-128

C.

RC5

D.

serpent

Question 144

A penetration tester was assigned to scan a large network range to find live hosts. The network is known for using strict TCP filtering rules on its firewall, which may obstruct common host discovery techniques. The tester needs a method that can bypass these firewall restrictions and accurately identify live systems. What host discovery technique should the tester use?

Options:

A.

UDP Ping Scan

B.

lCMP ECHO Ping Scan

C.

ICMP Timestamp Ping Scan

D.

TCP SYN Ping Scan

Question 145

Your company, Encryptor Corp, is developing a new application that will handle highly sensitive user information. As a cybersecurity specialist, you want to ensure this data is securely stored. The development team proposes a method where data is hashed and then encrypted before storage. However, you want an added layer of security to verify the integrity of the data upon retrieval. Which of the following cryptographic concepts should you propose to the team?

Options:

A.

Implement a block cipher mode of operation.

B.

a digital signature mechanism.

C.

Suggest using salt with hashing.

D.

Switch to elliptic curve cryptography.

Question 146

A security analyst is investigating a potential network-level session hijacking incident. During the investigation, the analyst finds that the attacker has been using a technique in which they injected an authentic-looking reset packet using a spoofed source IP address and a guessed acknowledgment number. As a result, the victim's connection was reset. Which of the following hijacking techniques has the attacker most likely used?

Options:

A.

TCP/IP hijacking

B.

UDP hijacking

C.

RST hijacking

D.

Blind hijacking

Question 147

An ethical hacker has been tasked with assessing the security of a major corporation's network. She suspects the network uses default SNMP community strings. To exploit this, she plans to extract valuable network information using SNMP enumeration. Which tool could best help her to get the information without directly modifying any parameters within the SNMP agent’s management information base (MIB)?

Options:

A.

snmp-check (snmp_enum Module) to gather a wide array of information about the target

B.

Nmap, with a script to retrieve all running SNMP processes and associated ports

C.

Oputits, are mainly designed for device management and not SNMP enumeration

D.

SnmpWalk, with a command to change an OID to a different value

Question 148

You have compromised a server and successfully gained a root access. You want to pivot and pass traffic undetected over the network and evade any possible Intrusion Detection System. What is the best approach?

Options:

A.

Use Alternate Data Streams to hide the outgoing packets from this server.

B.

Use HTTP so that all traffic can be routed vis a browser, thus evading the internal Intrusion Detection Systems.

C.

Install Cryptcat and encrypt outgoing packets from this server.

D.

Install and use Telnet to encrypt all outgoing traffic from this server.

Question 149

Firewalls are the software or hardware systems that are able to control and monitor the traffic coming in and out the target network based on pre-defined set of rules. Which of the following types of firewalls can protect against SQL injection attacks?

Options:

A.

Data-driven firewall

B.

Packet firewall

C.

Web application firewall

D.

Stateful firewall

Question 150

Miley, a professional hacker, decided to attack a target organization's network. To perform the attack, she used a tool to send fake ARP messages over the target network to link her MAC address with the target system's IP address. By performing this, Miley received messages directed to the victim's MAC address and further used the tool to intercept, steal, modify, and block sensitive communication to the target system. What is the tool employed by Miley to perform the above attack?

Options:

A.

Gobbler

B.

KDerpNSpoof

C.

BetterCAP

D.

Wireshark

Question 151

A skilled ethical hacker was assigned to perform a thorough OS discovery on a potential target. They decided to adopt an advanced fingerprinting technique and sent a TCP packet to an open TCP port with specific flags enabled. Upon receiving the reply, they noticed the flags were SYN and ECN-Echo. Which test did the ethical hacker conduct and why was this specific approach adopted?

Options:

A.

Test 3: The test was executed to observe the response of the target system when a packet with URG, PSH, SYN, and FIN flags was sent, thereby identifying the OS

B.

Qrest 1: The test was conducted because SYN and ECN-Echo flags enabled to allow the hacker to probe the nature of the response and subsequently determine the OS fingerprint

C.

Test 2: This test was chosen because a TCP packet with no flags enabled is known as a NULL packet and this would allow the hacker to assess the OS of the target

D.

Test 6; The hacker selected this test because a TCP packet with the ACK flag enabled sent to a closed TCP port would yield more information about the OS

Question 152

Firewalk has just completed the second phase (the scanning phase) and a technician receives the output shown below. What conclusions can be drawn based on these scan results?

TCP port 21 no response

TCP port 22 no response

TCP port 23 Time-to-live exceeded

Options:

A.

The lack of response from ports 21 and 22 indicate that those services are not running on the destination server

B.

The scan on port 23 was able to make a connection to the destination host prompting the firewall to respond with a TTL error

C.

The scan on port 23 passed through the filtering device. This indicates that port 23 was not blocked at the firewall

D.

The firewall itself is blocking ports 21 through 23 and a service is listening on port 23 of the target host

Question 153

In your cybersecurity class, you are learning about common security risks associated with web servers. One topic that comes up is the risk posed by using default server settings. Why is using default settings ona web - server considered a security risk, and what would be the best initial step to mitigate this risk?

Options:

A.

Default settings cause server malfunctions; simplify the settings

B.

Default settings allow unlimited login attempts; setup account lockout

C.

Default settings reveal server software type; change these settings

D.

Default settings enable auto-updates; disable and manually patch

Question 154

An attacker identified that a user and an access point are both compatible with WPA2 and WPA3 encryption. The attacker installed a rogue access point with only WPA2 compatibility in the vicinity and forced the victim to go through the WPA2 four-way handshake to get connected. After the connection was established, the attacker used automated tools to crack WPA2-encrypted messages. What is the attack performed in the above scenario?

Options:

A.

Timing-based attack

B.

Side-channel attack

C.

Downgrade security attack

D.

Cache-based attack

Question 155

In the process of footprinting a target website, an ethical hacker utilized various tools to gather critical information. The hacker encountered a target site where standard web spiders were ineffective due to a specific file in its root directory. However, they managed to uncover all the files and web pages on the target site, monitoring the resulting incoming and outgoing traffic while browsing the website manually. What technique did the hacker likely employ to achieve this?

Options:

A.

Using Photon to retrieve archived URLs of the target website from archive.org

B.

Using the Netcraft tool to gather website information

C.

Examining HTML source code and cookies

D.

User-directed spidering with tools like Burp Suite and WebScarab

Question 156

A computer science student needs to fill some information into a secured Adobe PDF job application that was received from a prospective employer. Instead of requesting a new document that allowed the forms to be completed, the student decides to write a script that pulls passwords from a list of commonly used passwords to try against the secured PDF until the correct password is found or the list is exhausted.

Which cryptography attack is the student attempting?

Options:

A.

Man-in-the-middle attack

B.

Brute-force attack

C.

Dictionary attack

D.

Session hijacking

Question 157

Richard, an attacker, targets an MNC. in this process, he uses a footprinting technique to gather as much information as possible. Using this technique, he gathers domain information such as the target domain name, contact details of its owner, expiry date, and creation date. With this information, he creates a map of the organization's network and misleads domain owners with social engineering to obtain internal details of its network. What type of footprinting technique is employed by Richard?

Options:

A.

VoIP footprinting

B.

VPN footprinting

C.

Whois footprinting

D.

Email footprinting

Question 158

Judy created a forum, one day. she discovers that a user is posting strange images without writing comments.

She immediately calls a security expert, who discovers that the following code is hidden behind those images:

What issue occurred for the users who clicked on the image?

Options:

A.

The code inject a new cookie to the browser.

B.

The code redirects the user to another site.

C.

The code is a virus that is attempting to gather the users username and password.

D.

This php file silently executes the code and grabs the users session cookie and session ID.

Question 159

John is investigating web-application firewall logs and observers that someone is attempting to inject the following:

char buff[10];

buff[>o] - 'a':

What type of attack is this?

Options:

A.

CSRF

B.

XSS

C.

Buffer overflow

D.

SQL injection

Question 160

As an IT Security Analyst, you’ve been asked to review the security measures of an e-commerce website that relies on a SQL database for storing sensitive customer data. Recently, an anonymous tip has alerted you to a possible threat: a seasoned hacker who specializes in SQL Injection attacks may be targeting your system. The site already employs input validation measures to prevent basic injection attacks, and it blocks any user inputs containing suspicious patterns. However, this hacker is known to use advanced SQL Injection techniques. Given this situation, which of the following strategies would the hacker most likely adopt to bypass your security measures?

Options:

A.

The hacker could deploy an 'out-of-band' SQL Injection attack, extracting data via a different communication channel, such as DNS or HTTP requests

B.

The hacker may resort to a DDoS attack instead, attempting to crash the server and thus render the e commerce site unavailable

C.

The hacker may try to use SQL commands which are less known and less likely to be blocked by your system's security

D.

The hacker might employ a blind' SQL Injection attack, taking advantage of the application's true or false responses to extract data bit by bit

Question 161

Chandler works as a pen-tester in an IT-firm in New York. As a part of detecting viruses in the systems, he uses a detection method where the anti-virus executes the malicious codes on a virtual machine to simulate CPU and memory activities. Which type of virus detection method did Chandler use in this context?

Options:

A.

Heuristic Analysis

B.

Code Emulation

C.

Scanning

D.

Integrity checking

Question 162

#!/usr/bin/python import socket buffer=[““A””] counter=50 while len(buffer)<=100: buffer.append (““A””*counter)

counter=counter+50 commands= [““HELP””,““STATS .””,““RTIME .””,““LTIME. ””,““SRUN .”’,““TRUN .””,““GMON

.””,““GDOG .””,““KSTET .”,““GTER .””,““HTER .””, ““LTER .”,““KSTAN .””] for command in commands: for

buffstring in buffer: print ““Exploiting”” +command +““:””+str(len(buffstring)) s=socket.socket(socket.AF_INET,

socket.SOCK_STREAM) s.connect((‘127.0.0.1’, 9999)) s.recv(50) s.send(command+buffstring) s.close()

What is the code written for?

Options:

A.

Denial-of-service (DOS)

B.

Buffer Overflow

C.

Bruteforce

D.

Encryption

Question 163

You are a cybersecurity specialist at CloudTech Inc., a company providing cloud-based services. You are managing a project for a client who wants to migrate their sensitive data to a public cloud service. To comply with regulatory requirements, the client insists on maintaining full control over the encryption keys even when the data is at rest on the cloud. Which of the following practices should you implement to meet this requirement?

Options:

A.

Use the cloud service provider's encryption services but store keys on-premises.

B.

Use the cloud service provider's default encryption and key management services.

C.

Rely on Secure Sockets Layer (SSL) encryption for data at rest.

D.

Encrypt data client-side before uploading to the cloud and retain control of the encryption keys.

Question 164

Harris is attempting to identify the OS running on his target machine. He inspected the initial TTL in the IP header and the related TCP window size and obtained the following results:

TTL: 64 Window Size: 5840

What is the OS running on the target machine?

Options:

A.

Solaris OS

B.

Windows OS

C.

Mac OS

D.

Linux OS

Question 165

Geena, a cloud architect, uses a master component in the Kubernetes cluster architecture that scans newly generated pods and allocates a node to them. This component can also assign nodes based on factors such as the overall resource requirement, data locality, software/hardware/policy restrictions, and internal workload interventions.

Which of the following master components is explained in the above scenario?

Options:

A.

Kube-controller-manager

B.

Kube-scheduler

C.

Kube-apiserver

D.

Etcd cluster

Question 166

Jane is working as a security professional at CyberSol Inc. She was tasked with ensuring the authentication and integrity of messages being transmitted in the corporate network. To encrypt the messages, she implemented a security model in which every user in the network maintains a ring of public keys. In this model, a user needs to encrypt a message using the receiver's public key, and only the receiver can decrypt the message using their private key. What is the security model implemented by Jane to secure corporate messages?

Options:

A.

Zero trust network

B.

Transport Layer Security (TLS)

C.

Secure Socket Layer (SSL)

D.

Web of trust (WOT)

Question 167

Your company suspects a potential security breach and has hired you as a Certified Ethical Hacker to investigate. You discover evidence of footprinting through search engines and advanced Google hacking techniques. The attacker utilized Google search operators to extract sensitive information. You further notice queries that indicate the use of the Google Hacking Database (GHDB) with an emphasis on VPN footprinting.

Which of the following Google advanced search operators would be the LEAST useful in providing the attacker with sensitive VPN-related information?

Options:

A.

intitle: This operator restricts results to only the pages containing the specified term in the title

B.

location: This operator finds information for a specific location

C.

inur: This operator restricts the results to only the pages containing the specified word in the URL

D.

link: This operator searches websites or pages that contain links to the specified website or page

Question 168

Roma is a member of a security team. She was tasked with protecting the internal network of an organization from imminent threats. To accomplish this task, Roma fed threat intelligence into the security devices in a digital format to block and identify inbound and outbound malicious traffic entering the organization's network.

Which type of threat intelligence is used by Roma to secure the internal network?

Options:

A.

Technical threat intelligence

B.

Operational threat intelligence

C.

Tactical threat intelligence

D.

Strategic threat intelligence

Question 169

What useful information is gathered during a successful Simple Mail Transfer Protocol (SMTP) enumeration?

Options:

A.

The two internal commands VRFY and EXPN provide a confirmation of valid users, email addresses, aliases, and mailing lists.

B.

Reveals the daily outgoing message limits before mailboxes are locked

C.

The internal command RCPT provides a list of ports open to message traffic.

D.

A list of all mail proxy server addresses used by the targeted host

Question 170

A large e-commerce organization is planning to implement a vulnerability assessment solution to enhance its security posture. They require a solution that imitates the outside view of attackers, performs well-organized inference-based testing, scans automatically against continuously updated databases, and supports multiple networks. Given these requirements, which type of vulnerability assessment solution would be most appropriate?

Options:

A.

Inference-based assessment solution

B.

Service-based solution offered by an auditing firm

C.

Tree-based assessment approach

D.

Product-based solution installed on a private network

Question 171

Jack, a professional hacker, targets an organization and performs vulnerability scanning on the target web server to identify any possible weaknesses, vulnerabilities, and misconfigurations. In this process, Jack uses an automated tool that eases his work and performs vulnerability scanning to find hosts, services, and other vulnerabilities in the target server. Which of the following tools is used by Jack to perform vulnerability scanning?

Options:

A.

Infoga

B.

WebCopier Pro

C.

Netsparker

D.

NCollector Studio

Page: 1 / 57
Total 572 questions