Special New Year Discount Limited Time 65% Offer - Ends in 0d 00h 00m 00s - Coupon code: netdisc

ECCouncil 312-50v11 Certified Ethical Hacker Exam - C|EH v11 Exam Practice Test

Page: 1 / 53
Total 528 questions

Certified Ethical Hacker Exam - C|EH v11 Questions and Answers

Question 1

Which access control mechanism allows for multiple systems to use a central authentication server (CAS) that

permits users to authenticate once and gain access to multiple systems?

Options:

A.

Role Based Access Control (RBAC)

B.

Discretionary Access Control (DAC)

C.

Single sign-on

D.

Windows authentication

Question 2

Vlady works in a fishing company where the majority of the employees have very little understanding of IT let alone IT Security. Several information security issues that Vlady often found includes, employees sharing password, writing his/her password on a post it note and stick it to his/her desk, leaving the computer unlocked, didn’t log out from emails or other social media accounts, and etc.

After discussing with his boss, Vlady decided to make some changes to improve the security environment in his company. The first thing that Vlady wanted to do is to make the employees understand the importance of keeping confidential information, such as password, a secret and they should not share it with other persons.

Which of the following steps should be the first thing that Vlady should do to make the employees in his company understand to importance of keeping confidential information a secret?

Options:

A.

Warning to those who write password on a post it note and put it on his/her desk

B.

Developing a strict information security policy

C.

Information security awareness training

D.

Conducting a one to one discussion with the other employees about the importance of information security

Question 3

jane, an ethical hacker. Is testing a target organization's web server and website to identity security loopholes. In this process, she copied the entire website and its content on a local drive to view the complete profile of the site's directory structure, file structure, external links, images, web pages, and so on. This information helps jane map the website's directories and gain valuable information. What is the attack technique employed by Jane in the above scenario?

Options:

A.

website mirroring

B.

Session hijacking

C.

Web cache poisoning

D.

Website defacement

Question 4

Eve is spending her day scanning the library computers. She notices that Alice is using a computer whose port 445 is active and listening. Eve uses the ENUM tool to enumerate Alice machine. From the command prompt, she types the following command.

What is Eve trying to do?

Options:

A.

Eve is trying to connect as a user with Administrator privileges

B.

Eve is trying to enumerate all users with Administrative privileges

C.

Eve is trying to carry out a password crack for user Administrator

D.

Eve is trying to escalate privilege of the null user to that of Administrator

Question 5

Nicolas just found a vulnerability on a public-facing system that is considered a zero-day vulnerability. He sent an email to the owner of the public system describing the problem and how the owner can protect themselves from that vulnerability. He also sent an email to Microsoft informing them of the problem that their systems are exposed to. What type of hacker is Nicolas?

Options:

A.

Red hat

B.

white hat

C.

Black hat

D.

Gray hat

Question 6

Study the snort rule given below:

From the options below, choose the exploit against which this rule applies.

Options:

A.

WebDav

B.

SQL Slammer

C.

MS Blaster

D.

MyDoom

Question 7

Ethical backer jane Doe is attempting to crack the password of the head of the it department of ABC company. She Is utilizing a rainbow table and notices upon entering a password that extra characters are added to the password after submitting. What countermeasure is the company using to protect against rainbow tables?

Options:

A.

Password key hashing

B.

Password salting

C.

Password hashing

D.

Account lockout

Question 8

You have compromised a server and successfully gained a root access. You want to pivot and pass traffic undetected over the network and evade any possible Intrusion Detection System. What is the best approach?

Options:

A.

Use Alternate Data Streams to hide the outgoing packets from this server.

B.

Use HTTP so that all traffic can be routed vis a browser, thus evading the internal Intrusion Detection Systems.

C.

Install Cryptcat and encrypt outgoing packets from this server.

D.

Install and use Telnet to encrypt all outgoing traffic from this server.

Question 9

Dorian Is sending a digitally signed email to Polly, with which key is Dorian signing this message and how is Poly validating It?

Options:

A.

Dorian is signing the message with his public key. and Poly will verify that the message came from Dorian by using Dorian's private key.

B.

Dorian Is signing the message with Polys public key. and Poly will verify that the message came from Dorian by using Dorian's public key.

C.

Dorian is signing the message with his private key. and Poly will verify that the message came from Dorian by using Dorian's public key.

D.

Dorian is signing the message with Polys private key. and Poly will verify mat the message came from Dorian by using Dorian's public key.

Question 10

Which of the following tools is used to analyze the files produced by several packet-capture programs such as tcpdump, WinDump, Wireshark, and EtherPeek?

Options:

A.

tcptrace

B.

Nessus

C.

OpenVAS

D.

tcptraceroute

Question 11

An attacker can employ many methods to perform social engineering against unsuspecting employees, including scareware.

What is the best example of a scareware attack?

Options:

A.

A pop-up appears to a user stating, "You have won a free cruise! Click here to claim your prize!"

B.

A banner appears to a user stating, "Your account has been locked. Click here to reset your password and unlock your account."

C.

A banner appears to a user stating, "Your Amazon order has been delayed. Click here to find out your new delivery date."

D.

A pop-up appears to a user stating, "Your computer may have been infected with spyware. Click here to install an anti-spyware tool to resolve this issue."

Question 12

is a set of extensions to DNS that provide the origin authentication of DNS data to DNS clients (resolvers) so as to reduce the threat of DNS poisoning, spoofing, and similar types of attacks.

Options:

A.

DNSSEC

B.

Resource records

C.

Resource transfer

D.

Zone transfer

Question 13

Andrew is an Ethical Hacker who was assigned the task of discovering all the active devices hidden by a restrictive firewall in the IPv4 range in a given target network.

Which of the following host discovery techniques must he use to perform the given task?

Options:

A.

UDP scan

B.

TCP Maimon scan

C.

arp ping scan

D.

ACK flag probe scan

Question 14

Louis, a professional hacker, had used specialized tools or search engines to encrypt all his browsing activity and navigate anonymously to obtain sensitive/hidden information about official government or federal databases. After gathering the Information, he successfully performed an attack on the target government organization without being traced. Which of the following techniques is described in the above scenario?

Options:

A.

Dark web footprinting

B.

VoIP footpnnting

C.

VPN footprinting

D.

website footprinting

Question 15

Mary, a penetration tester, has found password hashes in a client system she managed to breach. She needs to use these passwords to continue with the test, but she does not have time to find the passwords that correspond to these hashes. Which type of attack can she implement in order to continue?

Options:

A.

LLMNR/NBT-NS poisoning

B.

Internal monologue attack

C.

Pass the ticket

D.

Pass the hash

Question 16

What does the following command in netcat do?

nc -l -u -p55555 < /etc/passwd

Options:

A.

logs the incoming connections to /etc/passwd file

B.

loads the /etc/passwd file to the UDP port 55555

C.

grabs the /etc/passwd file when connected to UDP port 55555

D.

deletes the /etc/passwd file when connected to the UDP port 55555

Question 17

A DDOS attack is performed at layer 7 to take down web infrastructure. Partial HTTP requests are sent to the web infrastructure or applications. Upon receiving a partial request, the target servers opens multiple connections and keeps waiting for the requests to complete.

Which attack is being described here?

Options:

A.

Desynchronization

B.

Slowloris attack

C.

Session splicing

D.

Phlashing

Question 18

Which type of sniffing technique is generally referred as MiTM attack?

Options:

A.

Password Sniffing

B.

ARP Poisoning

C.

Mac Flooding

D.

DHCP Sniffing

Question 19

While browsing his Facebook teed, Matt sees a picture one of his friends posted with the caption. "Learn more about your friends!", as well as a number of personal questions. Matt is suspicious and texts his friend, who confirms that he did indeed post it. With assurance that the post is legitimate. Matt responds to the questions on the post, a few days later. Mates bank account has been accessed, and the password has been changed. What most likely happened?

Options:

A.

Matt inadvertently provided the answers to his security questions when responding to the post.

B.

Matt's bank-account login information was brute forced.

C.

Matt Inadvertently provided his password when responding to the post.

D.

Matt's computer was infected with a keylogger.

Question 20

Sam, a professional hacker. targeted an organization with intention of compromising AWS IAM credentials. He attempted to lure one of the employees of the organization by initiating fake calls while posing as a legitimate employee. Moreover, he sent phishing emails to steal the AWS 1AM credentials and further compromise the employee's account. What is the technique used by Sam to compromise the AWS IAM credentials?

Options:

A.

Social engineering

B.

insider threat

C.

Password reuse

D.

Reverse engineering

Question 21

Bob wants to ensure that Alice can check whether his message has been tampered with. He creates a checksum of the message and encrypts it using asymmetric cryptography. What key does Bob use to encrypt the checksum for accomplishing this goal?

Options:

A.

Alice's private key

B.

Alice's public key

C.

His own private key

D.

His own public key

Question 22

infecting a system with malware and using phishing to gain credentials to a system or web application are examples of which phase of the ethical hacking methodology?

Options:

A.

Reconnaissance

B.

Maintaining access

C.

Scanning

D.

Gaining access

Question 23

How does a denial-of-service attack work?

Options:

A.

A hacker prevents a legitimate user (or group of users) from accessing a service

B.

A hacker uses every character, word, or letter he or she can think of to defeat authentication

C.

A hacker tries to decipher a password by using a system, which subsequently crashes the network

D.

A hacker attempts to imitate a legitimate user by confusing a computer or even another person

Question 24

A post-breach forensic investigation revealed that a known vulnerability in Apache Struts was to blame for the Equifax data breach that affected 143 million customers. A fix was available from the software vendor for several months prior 10 the Intrusion. This Is likely a failure in which of the following security processes?

Options:

A.

vendor risk management

B.

Security awareness training

C.

Secure deployment lifecycle

D.

Patch management

Question 25

What does a firewall check to prevent particular ports and applications from getting packets into an organization?

Options:

A.

Transport layer port numbers and application layer headers

B.

Presentation layer headers and the session layer port numbers

C.

Network layer headers and the session layer port numbers

D.

Application layer port numbers and the transport layer headers

Question 26

Insecure direct object reference is a type of vulnerability where the application does not verify if the user is authorized to access the internal object via its name or key. Suppose a malicious user Rob tries to get access to the account of a benign user Ned.

Which of the following requests best illustrates an attempt to exploit an insecure direct object reference vulnerability?

Options:

A.

“GET /restricted/goldtransfer?to=Rob&from=1 or 1=1’ HTTP/1.1Host: westbank.com”

B.

“GET /restricted/\r\n\%00account%00Ned%00access HTTP/1.1 Host: westbank.com”

C.

“GET /restricted/accounts/?name=Ned HTTP/1.1 Host westbank.com”

D.

“GET /restricted/ HTTP/1.1 Host: westbank.com

Question 27

Leverox Solutions hired Arnold, a security professional, for the threat intelligence process. Arnold collected information about specific threats against the organization. From this information, he retrieved contextual information about security events and incidents that helped him disclose potential risks and gain insight into attacker methodologies. He collected the information from sources such as humans, social media, and chat rooms as well as from events that resulted in cyberattacks. In this process, he also prepared a report that includes identified malicious activities, recommended courses of action, and warnings for emerging attacks. What is the type of threat intelligence collected by Arnold in the above scenario?

Options:

A.

Strategic threat intelligence

B.

Tactical threat intelligence

C.

Operational threat intelligence

D.

Technical threat intelligence

Question 28

Which of the following algorithms can be used to guarantee the integrity of messages being sent, in transit, or stored?

Options:

A.

symmetric algorithms

B.

asymmetric algorithms

C.

hashing algorithms

D.

integrity algorithms

Question 29

An attacker has installed a RAT on a host. The attacker wants to ensure that when a user attempts to go to "www.MyPersonalBank.com ", the user is directed to a phishing site.

Which file does the attacker need to modify?

Options:

A.

Boot.ini

B.

Sudoers

C.

Networks

D.

Hosts

Question 30

In this attack, a victim receives an e-mail claiming from PayPal stating that their account has been disabled and confirmation is required before activation. The attackers then scam to collect not one but two credit card numbers, ATM PIN number and other personal details. Ignorant users usually fall prey to this scam.

Which of the following statement is incorrect related to this attack?

Options:

A.

Do not reply to email messages or popup ads asking for personal or financial information

B.

Do not trust telephone numbers in e-mails or popup ads

C.

Review credit card and bank account statements regularly

D.

Antivirus, anti-spyware, and firewall software can very easily detect these type of attacks

E.

Do not send credit card numbers, and personal or financial information via e-mail

Question 31

Which of these is capable of searching for and locating rogue access points?

Options:

A.

HIDS

B.

WISS

C.

WIPS

D.

NIDS

Question 32

Ben purchased a new smartphone and received some updates on it through the OTA method. He received two messages: one with a PIN from the network operator and another asking him to enter the PIN received from the operator. As soon as he entered the PIN, the smartphone started functioning in an abnormal manner. What is the type of attack performed on Ben in the above scenario?

Options:

A.

Advanced SMS phishing

B.

Bypass SSL pinning

C.

Phishing

D.

Tap 'n ghost attack

Question 33

Attacker Simon targeted the communication network of an organization and disabled the security controls of NetNTLMvl by modifying the values of LMCompatibilityLevel, NTLMMinClientSec, and RestrictSendingNTLMTraffic. He then extracted all the non-network logon tokens from all the active processes to masquerade as a legitimate user to launch further attacks. What is the type of attack performed by Simon?

Options:

A.

Internal monologue attack

B.

Combinator attack

C.

Rainbow table attack

D.

Dictionary attack

Question 34

You are performing a penetration test for a client and have gained shell access to a Windows machine on the internal network. You intend to retrieve all DNS records for the internal domain, if the DNS server is at 192.168.10.2 and the domain name is abccorp.local, what command would you type at the nslookup prompt to attempt a zone transfer?

Options:

A.

list server=192.168.10.2 type=all

B.

is-d abccorp.local

C.

Iserver 192.168.10.2-t all

D.

List domain=Abccorp.local type=zone

Question 35

in this form of encryption algorithm, every Individual block contains 64-bit data, and three keys are used, where each key consists of 56 bits. Which is this encryption algorithm?

Options:

A.

IDEA

B.

Triple Data Encryption standard

C.

MDS encryption algorithm

D.

AES

Question 36

What is the proper response for a NULL scan if the port is open?

Options:

A.

SYN

B.

ACK

C.

FIN

D.

PSH

E.

RST

F.

No response

Question 37

An organization has automated the operation of critical infrastructure from a remote location. For this purpose, all the industrial control systems are connected to the Internet. To empower the manufacturing process, ensure the reliability of industrial networks, and reduce downtime and service disruption, the organization deckled to install an OT security tool that further protects against security incidents such as cyber espionage, zero-day attacks, and malware. Which of the following tools must the organization employ to protect its critical infrastructure?

Options:

A.

Robotium

B.

BalenaCloud

C.

Flowmon

D.

IntentFuzzer

Question 38

Johnson, an attacker, performed online research for the contact details of reputed cybersecurity firms. He found the contact number of sibertech.org and dialed the number, claiming himself to represent a technical support team from a vendor. He warned that a specific server is about to be compromised and requested sibertech.org to follow the provided instructions. Consequently, he prompted the victim to execute unusual commands and install malicious files, which were then used to collect and pass critical Information to Johnson's machine. What is the social engineering technique Steve employed in the above scenario?

Options:

A.

Quid pro quo

B.

Diversion theft

C.

Elicitation

D.

Phishing

Question 39

which of the following information security controls creates an appealing isolated environment for hackers to prevent them from compromising critical targets while simultaneously gathering information about the hacker?

Options:

A.

intrusion detection system

B.

Honeypot

C.

Botnet

D Firewall

Question 40

John, a professional hacker, targeted CyberSol Inc., an MNC. He decided to discover the loT devices connected in the target network that are using default credentials and are vulnerable to various hijacking attacks. For this purpose, he used an automated tool to scan the target network for specific types of loT devices and detect whether they are using the default, factory-set credentials. What is the tool employed by John in the above scenario?

Options:

A.

loTSeeker

B.

loT Inspector

C.

AT&T loT Platform

D.

Azure loT Central

Question 41

What is correct about digital signatures?

Options:

A.

A digital signature cannot be moved from one signed document to another because it is the hash of the original document encrypted with the private key of the signing party.

B.

Digital signatures may be used in different documents of the same type.

C.

A digital signature cannot be moved from one signed document to another because it is a plain hash of the document content.

D.

Digital signatures are issued once for each user and can be used everywhere until they expire.

Question 42

Peter, a Network Administrator, has come to you looking for advice on a tool that would help him perform SNMP enquires over the network.

Which of these tools would do the SNMP enumeration he is looking for? Select the best answers.

Options:

A.

SNMPUtil

B.

SNScan

C.

SNMPScan

D.

Solarwinds IP Network Browser

E.

NMap

Question 43

During an Xmas scan what indicates a port is closed?

Options:

A.

No return response

B.

RST

C.

ACK

D.

SYN

Question 44

which of the following protocols can be used to secure an LDAP service against anonymous queries?

Options:

A.

SSO

B.

RADIUS

C.

WPA

D.

NTLM

Question 45

env x=’(){ :;};echo exploit’ bash –c ‘cat/etc/passwd’

What is the Shellshock bash vulnerability attempting to do on a vulnerable Linux host?

Options:

A.

Removes the passwd file

B.

Changes all passwords in passwd

C.

Add new user to the passwd file

D.

Display passwd content to prompt

Question 46

By using a smart card and pin, you are using a two-factor authentication that satisfies

Options:

A.

Something you are and something you remember

B.

Something you have and something you know

C.

Something you know and something you are

D.

Something you have and something you are

Question 47

Calvin, a software developer, uses a feature that helps him auto-generate the content of a web page without manual involvement and is integrated with SSI directives. This leads to a vulnerability in the developed web application as this feature accepts remote user inputs and uses them on the page. Hackers can exploit this feature and pass malicious SSI directives as input values to perform malicious activities such as modifying and erasing server files. What is the type of injection attack Calvin's web application is susceptible to?

Options:

A.

Server-side template injection

B.

Server-side JS injection

C.

CRLF injection

D.

Server-side includes injection

Question 48

The security team of Debry Inc. decided to upgrade Wi-Fi security to thwart attacks such as dictionary attacks and key recovery attacks. For this purpose, the security team started implementing cutting-edge technology that uses a modern key establishment protocol called the simultaneous authentication of equals (SAE), also known as dragonfly key exchange, which replaces the PSK concept. What is the Wi-Fi encryption technology implemented by Debry Inc.?

Options:

A.

WEP

B.

WPA

C.

WPA2

D.

WPA3

Question 49

A penetration tester is conducting a port scan on a specific host. The tester found several ports opened that were confusing in concluding the Operating System (OS) version installed. Considering that NMAP result below, which of the following is likely to be installed on the target machine by the OS? Starting NMAP 5.21 at 2011-03-15 11:06 NMAP scan report for 172.16.40.65 Host is up (1.00s latency). Not shown: 993 closed ports PORT STATE SERVICE 21/tcp open ftp 23/tcp open telnet 80/tcp open http 139/tcp open netbios-ssn 515/tcp open 631/tcp open ipp 9100/tcp open MAC Address: 00:00:48:0D:EE:8

Options:

A.

The host is likely a Linux machine.

B.

The host is likely a printer.

C.

The host is likely a router.

D.

The host is likely a Windows machine.

Question 50

An unauthorized individual enters a building following an employee through the employee entrance after the lunch rush. What type of breach has the individual just performed?

Options:

A.

Reverse Social Engineering

B.

Tailgating

C.

Piggybacking

D.

Announced

Question 51

Tony wants to integrate a 128-bit symmetric block cipher with key sizes of 128,192, or 256 bits into a software program, which involves 32 rounds of computational operations that include substitution and permutation operations on four 32-bit word blocks using 8-variable S-boxes with 4-bit entry and 4-bit exit. Which of the following algorithms includes all the above features and can be integrated by Tony into the software program?

Options:

A.

TEA

B.

CAST-128

C.

RC5

D.

serpent

Question 52

John the Ripper is a technical assessment tool used to test the weakness of which of the following?

Options:

A.

Passwords

B.

File permissions

C.

Firewall rulesets

D.

Usernames

Question 53

An LDAP directory can be used to store information similar to a SQL database. LDAP uses a _____ database structure instead of SQL’s _____ structure. Because of this, LDAP has difficulty representing many-to-one relationships.

Options:

A.

Relational, Hierarchical

B.

Strict, Abstract

C.

Hierarchical, Relational

D.

Simple, Complex

Question 54

Suppose that you test an application for the SQL injection vulnerability. You know that the backend database

is based on Microsoft SQL Server. In the login/password form, you enter the following credentials:

Username: attack' or 1=1 -

Password: 123456

Based on the above credentials, which of the following SQL commands are you expecting to be executed by the server, if there is indeed an SQL injection vulnerability?

Options:

A.

select * from Users where UserName = ‘attack’ ’ or 1=1 -- and UserPassword = ‘123456’

B.

select * from Users where UserName = ‘attack’ or 1=1 -- and UserPassword = ‘123456’

C.

select * from Users where UserName = ‘attack or 1=1 -- and UserPassword = ‘123456’

D.

select * from Users where UserName = ‘attack’ or 1=1 --’ and UserPassword = ‘123456’

Question 55

Yancey is a network security administrator for a large electric company. This company provides power for over 100, 000 people in Las Vegas. Yancey has worked for his company for over 15 years and has become very successful. One day, Yancey comes in to work and finds out that the company will be downsizing and he will be out of a job in two weeks. Yancey is very angry and decides to place logic bombs, viruses, Trojans, and backdoors all over the network to take down the company once he has left. Yancey does not care if his actions land him in jail for 30 or more years, he just wants the company to pay for what they are doing to him.

What would Yancey be considered?

Options:

A.

Yancey would be considered a Suicide Hacker

B.

Since he does not care about going to jail, he would be considered a Black Hat

C.

Because Yancey works for the company currently; he would be a White Hat

D.

Yancey is a Hacktivist Hacker since he is standing up to a company that is downsizing

Question 56

John is investigating web-application firewall logs and observers that someone is attempting to inject the following:

char buff[10];

buff[>o] - 'a':

What type of attack is this?

Options:

A.

CSRF

B.

XSS

C.

Buffer overflow

D.

SQL injection

Question 57

Henry Is a cyber security specialist hired by BlackEye - Cyber security solutions. He was tasked with discovering the operating system (OS) of a host. He used the Unkornscan tool to discover the OS of the target system. As a result, he obtained a TTL value, which Indicates that the target system is running a Windows OS. Identify the TTL value Henry obtained, which indicates that the target OS is Windows.

Options:

A.

64

B.

128

C.

255

D.

138

Question 58

You are attempting to crack LM Manager hashed from Windows 2000 SAM file. You will be using LM Brute force hacking tool for decryption. What encryption algorithm will you be decrypting?

Options:

A.

MD4

B.

DES

C.

SHA

D.

SSL

Question 59

Jim, a professional hacker, targeted an organization that is operating critical Industrial Infrastructure. Jim used Nmap to scan open pons and running services on systems connected to the organization's OT network. He used an Nmap command to identify Ethernet/IP devices connected to the Internet and further gathered Information such as the vendor name, product code and name, device name, and IP address. Which of the following Nmap commands helped Jim retrieve the required information?

Options:

A.

nmap -Pn -sT --scan-delay 1s --max-parallelism 1 -p < Port List > < Target IP >

B.

nmap -Pn -sU -p 44818 --script enip-info < Target IP >

C.

nmap -Pn -sT -p 46824 < Target IP >

D.

nmap -Pn -sT -p 102 --script s7-info < Target IP >

Question 60

Fred is the network administrator for his company. Fred is testing an internal switch.

From an external IP address, Fred wants to try and trick this switch into thinking it already has established a session with his computer. How can Fred accomplish this?

Options:

A.

Fred can accomplish this by sending an IP packet with the RST/SIN bit and the source address of his computer.

B.

He can send an IP packet with the SYN bit and the source address of his computer.

C.

Fred can send an IP packet with the ACK bit set to zero and the source address of the switch.

D.

Fred can send an IP packet to the switch with the ACK bit and the source address of his machine.

Question 61

Clark is a professional hacker. He created and configured multiple domains pointing to the same host to switch quickly between the domains and avoid detection.

Identify the behavior of the adversary In the above scenario.

Options:

A.

use of command-line interface

B.

Data staging

C.

Unspecified proxy activities

D.

Use of DNS tunneling

Question 62

CyberTech Inc. recently experienced SQL injection attacks on its official website. The company appointed Bob, a security professional, to build and incorporate defensive strategies against such attacks. Bob adopted a practice whereby only a list of entities such as the data type, range, size, and value, which have been approved for secured access, is accepted. What is the defensive technique employed by Bob in the above scenario?

Options:

A.

Output encoding

B.

Enforce least privileges

C.

Whitelist validation

D.

Blacklist validation

Question 63

James is working as an ethical hacker at Technix Solutions. The management ordered James to discover how vulnerable its network is towards footprinting attacks. James took the help of an open-source framework for performing automated reconnaissance activities. This framework helped James in gathering information using free tools and resources. What is the framework used by James to conduct footprinting and reconnaissance activities?

Options:

A.

WebSploit Framework

B.

Browser Exploitation Framework

C.

OSINT framework

D.

SpeedPhish Framework

Question 64

MX record priority increases as the number increases. (True/False.)

Options:

A.

True

B.

False

Question 65

Richard, an attacker, targets an MNC In this process, he uses a footprinting technique to gather as much information as possible. Using this technique, he gathers domain information such as the target domain name, contact details of its owner, expiry date, and creation date. With this information, he creates a map of the organization's network and misleads domain owners with social engineering to obtain internal details of its network. What type of footprinting technique is employed by Richard?

Options:

A.

VPN footprinting

B.

Email footprinting

C.

VoIP footprinting

D.

Whois footprinting

Question 66

Why should the security analyst disable/remove unnecessary ISAPI filters?

Options:

A.

To defend against social engineering attacks

B.

To defend against webserver attacks

C.

To defend against jailbreaking

D.

To defend against wireless attacks

Question 67

Which Intrusion Detection System is the best applicable for large environments where critical assets on the network need extra scrutiny and is ideal for observing sensitive network segments?

Options:

A.

Honeypots

B.

Firewalls

C.

Network-based intrusion detection system (NIDS)

D.

Host-based intrusion detection system (HIDS)

Question 68

When analyzing the IDS logs, the system administrator noticed an alert was logged when the external router was accessed from the administrator’s Computer to update the router configuration. What type of an alert is this?

Options:

A.

False negative

B.

True negative

C.

True positive

D.

False positive

Question 69

OpenSSL on Linux servers includes a command line tool for testing TLS. What is the name of the tool and the correct syntax to connect to a web server?

Options:

A.

openssl s_client -site www.website.com:443

B.

openssl_client -site www.website.com:443

C.

openssl s_client -connect www.website.com:443

D.

openssl_client -connect www.website.com:443

Question 70

A computer science student needs to fill some information into a secured Adobe PDF job application that was received from a prospective employer. Instead of requesting a new document that allowed the forms to be completed, the student decides to write a script that pulls passwords from a list of commonly used passwords to try against the secured PDF until the correct password is found or the list is exhausted.

Which cryptography attack is the student attempting?

Options:

A.

Man-in-the-middle attack

B.

Brute-force attack

C.

Dictionary attack

D.

Session hijacking

Question 71

which of the following Bluetooth hacking techniques refers to the theft of information from a wireless device through Bluetooth?

Options:

A.

Bluesmacking

B.

Bluebugging

C.

Bluejacking

D.

Bluesnarfing

Question 72

Attacker Lauren has gained the credentials of an organization's internal server system, and she was often logging in during irregular times to monitor the network activities. The organization was skeptical about the login times and appointed security professional Robert to determine the issue. Robert analyzed the compromised device to find incident details such as the type of attack, its severity, target, impact, method of propagation, and vulnerabilities exploited. What is the incident handling and response (IH&R) phase, in which Robert has determined these issues?

Options:

A.

Preparation

B.

Eradication

C.

Incident recording and assignment

D.

Incident triage

Question 73

Henry is a penetration tester who works for XYZ organization. While performing enumeration on a client organization, he queries the DNS server for a specific cached DNS record. Further, by using this cached record, he determines the sites recently visited by the organization's user. What is the enumeration technique used by Henry on the organization?

Options:

A.

DNS zone walking

B.

DNS cache snooping

C.

DNS SEC zone walking

D.

DNS cache poisoning

Question 74

While performing an Nmap scan against a host, Paola determines the existence of a firewall. In an attempt to determine whether the firewall is stateful or stateless, which of the following options would be best to use?

Options:

A.

-sA

B.

-sX

C.

-sT

D.

-sF

Question 75

Todd has been asked by the security officer to purchase a counter-based authentication system. Which of the following best describes this type of system?

Options:

A.

A biometric system that bases authentication decisions on behavioral attributes.

B.

A biometric system that bases authentication decisions on physical attributes.

C.

An authentication system that creates one-time passwords that are encrypted with secret keys.

D.

An authentication system that uses passphrases that are converted into virtual passwords.

Question 76

What is not a PCI compliance recommendation?

Options:

A.

Use a firewall between the public network and the payment card data.

B.

Use encryption to protect all transmission of card holder data over any public network.

C.

Rotate employees handling credit card transactions on a yearly basis to different departments.

D.

Limit access to card holder data to as few individuals as possible.

Question 77

What two conditions must a digital signature meet?

Options:

A.

Has to be the same number of characters as a physical signature and must be unique.

B.

Has to be unforgeable, and has to be authentic.

C.

Must be unique and have special characters.

D.

Has to be legible and neat.

Question 78

Calvin, a grey-hat hacker, targets a web application that has design flaws in its authentication mechanism. He enumerates usernames from the login form of the web application, which requests users to feed data and specifies the incorrect field in case of invalid credentials. Later, Calvin uses this information to perform social engineering.

Which of the following design flaws in the authentication mechanism is exploited by Calvin?

Options:

A.

Insecure transmission of credentials

B.

Verbose failure messages

C.

User impersonation

D.

Password reset mechanism

Question 79

Your company was hired by a small healthcare provider to perform a technical assessment on the network.

What is the best approach for discovering vulnerabilities on a Windows-based computer?

Options:

A.

Use the built-in Windows Update tool

B.

Use a scan tool like Nessus

C.

Check MITRE.org for the latest list of CVE findings

D.

Create a disk image of a clean Windows installation

Page: 1 / 53
Total 528 questions