passemall.

com

CEH V11 PRACTICE Practice Test 6

50 questions

Question 1:
Which tool can be used to perform session splicing attacks if session splicing is an IDS evasion technique
in which an attacker delivers data in multiple, small sized packets to the target computer, making it very
difficult for an IDS to detect the attack signatures?

A Whisker

B tcpsplice

C Burp

D Hydra

Question 2:
A security consultant decides to use multiple layers of anti-virus defense, such as end user desktop
antivirus and E-mail gateway.

This approach can be used to mitigate which kind of attack?

A Forensic attack

B Scanning attack

C ARP spoofing attack

D Social engineering attack

Question 3:
Which of the following phases of the virus lifecycle is the virus in if a virus has replicated itself
throughout the infected systems and is executing its payload?

A Replication

B Incorporation

C Launch

D Design

Question 4:
The encryption tools would prevent a user from reading a file that they did not generate and does not
demand you to encrypt a whole drive is which of the following?

A EFS

B SSL

C IPsec

D VPN

Question 5:
The best description of the Wassenaar Arrangement is which of the following?

An agreement between 41 countries to enforce similar export controls for weapons, including
A
intrusion software.

B A law that defines how federal government data, operations, and assets are handled.

A law that defines the security standards for any organization that handles cardholder
C
information.

Standards that ensure medical information is kept safe and is only shared with the patient and
D
medical professionals.
Question 6:
Which one of the following approaches would be a satisfactory implementation of multifactor
authentication in the case that Gary’s firm recognized that they are not currently using multifactor
authentication for remote users after a recent penetration test?

A Retinal scans and voiceprint analysis

B Passwords combined with smartcards

C Smartcards and soft tokens

D Passwords combined with security questions

Question 7:
To modify flags and adjust other packet content, which packet crafting software programs can be used?

A ping

B IP Tools

C Currports

D Colasoft

Question 8:
The terms that describe what occurs when an attacker sends falsified messages in order to link their MAC
address to the IP address of a legitimate computer or server on the network is which of the following?

A Port mirroring

B MAC flooding

C ARP poisoning

D MAC spoofing
Question 9:
Ports that display a certain service operating but reject a three-way handshake connection indicate the
presence of which of the following?

A Cavity

B Zombie

C Honeypot

D Trojan

Question 10:
Shawn, a malicious insider, has physically gained access to his manager's computer and want to observe
incoming connections. He determined the IP address of the computer, 192.168.34.91, and downloaded
netcat. On which of the two computers would he enter which of the following netcat commands?

A nc -l -p 2222 (manager's computer) and nc -sv 192.168.34.91 2222 (Shawn's machine)

B nc -l -s 2222 (manager's computer) and nc -pv 192.168.34.91 2222 (Shawn's machine)

C nc -l -p 2222 (manager's computer) and nc -nv 192.168.34.91 2222 (Shawn's machine)

D nc -n -s 2222 (manager's computer) and nc -lp 192.168.34.91 2222 (Shawn's machine)

Question 11:
To protect against rainbow tables, what countermeasure is the company using?

If Jane Doe, an ethical backer, is attempting to crack the password of ABC company's head of the IT
department. She is using a rainbow table and observes that additional characters are added to the
password after submitting it.

A Password salting

B Password hashing

C Password key hashing

D Account lockout
Question 12:
The third step in the ethical hacking methodology is which of the following?

A Scanning and enumeration

B Gain access

C Clear your tracks

D Reconnaissance

Question 13:
What is your best assessment regarding ARP poisoning after examining the results in the following case:

As the cybersecurity specialist for your organization, you suspect a hacker is accessing your network via
ARP poisoning. You used Wireshark to collect packets and then filtered the results to test your hypothesis.

A ARP poisoning is occurring, as indicated by the duplicate response IP address.

B ARP poisoning is occurring, as indicated by the short time interval between ARP packets.

C No ARP poisoning is occurring.

D ARP poisoning is occurring, as indicated by the multiple Who Has packets being sent.

Question 14:
For scanning a network, which of the following is the first step followed by Vulnerability Scanners?

A OS Detection

B Checking if the remote host is alive

C TCP/UDP Port scanning

D Firewall detection
Question 15:
How did the attacker accomplish the hack in the situation:

Jason is at home, attempting to access his music store's website. When he visits the website, he is greeted
with a basic form that requests his name, email address, and phone number. This is not the website of a
music retailer. Jason is certain that the website has been hacked.

A Social networking

B DNS cache poisoning

C Host file modification

D Feigning ignorance

Question 16:
Which of the following best describes BlazeMeter if you are using BlazeMeter to test cloud security?

An end-to-end security solution that assesses continually and is able to see all of your assets, no
A
matter where they reside.

A vulnerability scanner that can be used to detect viruses, malware, backdoors, and web
B
services linking to malicious content.

An end-to-end performance and load testing tool that can simulate up to 1 million users and
C
makes realistic load tests easier.

A load-testing tool for web and mobile applications that checks performance while the
D
application is under a lot of traffic.

Question 17:
The type of web server attacks characterized by altering or vandalizing a website's appearance in an
attempt to humiliate, discredit, or annoy the victim is which of the following?

A Directory traversal

B Footprinting

C Cross-site scripting

D Website defacement
Question 18:
The best description of a certificate authority (CA) is which of the following?

An electronic password that allows a person or organization to exchange data securely over the
A
Internet.

B An entity in a PKI that verifies user requests for a digital certificate.

C An entity that provides a service used to verify the validity of a digital certificate.

D An entity that issues digital certificates.

Question 19:
Which of the following is the key difference between these methodologies in the case:

When executing a penetration test, a typical technique is the penetration testing life cycle. This approach
is nearly equivalent to the ethical hacking approach.

A Gain access

B Reconnaissance

C Maintain access

D Reporting

Question 20:
An incident investigator requests a copy of the event logs from all firewalls, proxy servers, and Intrusion
Detection Systems (IDS) on an organization's network that has experienced a probable security breach.
When the investigator tries to correlate the information from all of the logs, the order of many of the
logged events does not line up. What is the most probable answer?

A Proper chain of custody was not observed while collecting the logs.

B The attacker altered or erased events from the logs.

C The network devices are not all synchronized.

D The security breach was a false positive.

Question 21:
What influence principle was in use if Joe is studying a recent social engineering attack that occurred
against his organization and the attacker phoned an administrative assistant and said that her files were
being deleted and that he needed the assistant’s password to stop the loss of data?

A Urgency

B Scarcity

C Liking

D Social Proof

Question 22:
The best describes the Platform as a Service (PaaS) cloud computing service model is which of the
following?

A Delivers everything a developer needs to build an application on the cloud infrastructure.

Stores and provides data from a centralized location, omitting the need for local collection and
B
storage.

C Delivers software applications to the client either over the Internet or on a local area network.

Delivers infrastructure to the client, such as processing, storage, networks, and virtualized
D
environments.

Question 23:
To scan a web server to find ports that the web server is using for various services, which of the following
footprinting methods would you use?

A Detect firewalls

B Port scanning

C Detect proxy servers

D Service discovery
Question 24:
Which of the following are tactics they might use in the case social engineers are master manipulators?

A Moral obligation, ignorance, and threatening

B Keylogging, shoulder surfing, and moral obligation

C Shoulder surfing, eavesdropping, and keylogging

D Eavesdropping, ignorance, and threatening

Question 25:
Which of the following regulatory standards applies specifically to records containing credit card
information?

A HIPAA

B Privacy Act

C PCI DSS

D FERPA

Question 26:
Which of the following is Robin trying to achieve if he is an IT technician and he has implemented
identification and detection techniques based on the ability to distinguish legitimate traffic from
illegitimate traffic over the network?

A Defend the network from attacks.

B Defend the network against natural disasters.

C Defend the network against WPA/WPA2 cracking.

D Defend the network against IDS evasions.

Question 27:
The law designed to regulate e-mails is which of the follwing?

A CFAA

B CAN-SPAM Act

C USA Patriot Act

D HIPAA

Question 28:
Which of the following types of attacks did Sam use in the case:

He used malware to get access to Sally's PC on the network. He has discovered information that would
enable him to leverage the underlying NTLM to raise his privileges without the requirement for the
plaintext password.

A Dictionary attack

B Rainbow attack

C Pass the hash

D Password sniffing

Question 29:
To use DoS and DDoS attacks, which of the following motivates attackers?

A Distraction, turf wars, and fun

B Hacktivism, profit, and damage reputation

C Distraction, extortion, and theft

D Hacktivism, turf wars, and profit

Question 30:
Which organization is LEAST likely to be subject to PCI DSS requirements?

A Retail store

B Government agencies

C Online store

D Bank

Question 31:
You work at a modest company with only 12 people. You've been tasked with setting up WiFi
connectivity for them. Given that you have a very restricted budget, which of the following technologies
should you hire?

A A software-based range extender

B A hardware-based access point

C A hardware-based range extender

D A software-based access point

Question 32:
Which of the following is known as creating an area of the network where offending traffic is forwarded
and dropped?

A Anti-spoofing measures

B Black hole filtering

C Reverse proxy

D Enable router throttling

Question 33:
Which of the following would be the best backup and storage option in the case:

You've set up a regular backup routine for a Windows system, which includes backing up data files every
night and producing a system image backup once a week. Your organization has opted not to maintain a
redundant copy of the backup media at an off-site location for security concerns.

A Use differential backups and store them on a shelf next to the backup device.

B Use incremental backups and store them in a locked fireproof safe.

C Use incremental backups and store them in a drawer in your office.

D Use differential backups and store them in a locked room.

Question 34:
Which of the following is a type of malware that uses stealth to collect data and then transfers it to a
hacker in order to get remote access?

A Crackers

B Writable services

C ERD Commander

D Spyware

Question 35:
Which of the following programs will he be able to use to make this virus in the case:

Patrick is preparing to do a penetration test for a customer. He will conduct a phishing attack as part of
this test. He must construct a virus to be sent via email and execute a custom script that will allow him to
track who has run the virus.

A ProRat

B TCPView

C JPS

D Webroot
Question 36:
Which of the following tools would be most helpful in the situation that:

A black box penetration test is being carried out by Iggy, a penetration tester. He intends to conduct
reconnaissance by gathering data on ownership, IP addresses, domain names, locations, and server types.

A ARIN

B Whois

C Nslookup

D beSTORM

Question 37:
Which protocol, if present, would be the best evidence supporting Brandy's theory in the case that she is
conducting a vulnerability scan of an enterprise network and believes that there are Windows file shares in
use on the network?

A SMB

B EC2

C AFS

D NFS

Question 38:
Which of the following is an attack in which all traffic between the target computer and the Internet is
stopped by utilizing all available bandwidth?

A Phlashing attack

B Amplification attack

C Volumetric attack

D Fragmentation attack
Question 39:
A hacker named Jorge has acquired access to a Linux system. He's found the usernames and IDs. He
needs the hashed passwords for the users he discovered. In which file should he look?

A /etc/services

B /etc/shadow

C /etc/passwd

D /etc/group

Question 40:
Which information gathering technique is MinJu using in the case

MinJu, a penetration tester, is checking the security of a customer. She notes that a few workers go to a
local pub for happy hour every Wednesday. She enters the pub and begins befriending one of the staff in
order to gather the employee's personal details.

A Social engineering

B Web surfing

C Social networking

D Dumpster diving

Question 41:
To carry out man-in-the-middle attacks on Bluetooth smart devices, which of the following Bluetooth
hacking tools is a complete framework?

A BTScanner

B Bluediving

C Btlejuice

D BluetoothView
Question 42:
Which of the following cloud computing attacks is he using if an attacker's intent is to find out and then
use sensitive data like passwords, session cookies, and other security configurations such as UDDI,
SOAP, and WSDL?

A Session hijacking through XSS attack.

B Service hijacking through social engineering.

C Session hijacking through session riding.

D Service hijacking through network sniffing.

Question 43:
The ports are used by null sessions on your network are which of the following?

A 139 and 445

B 137 and 443

C 139 and 444

D 135 and 445

Question 44:
Which of the following Nmap commands helped Jim retrieve the required information?

Jim, a professional hacker, attacked a company that manages crucial industrial infrastructure. Jim used
Nmap to scan open ports and services operating on servers linked to the organization's OT network. He
utilized the Nmap command to locate Ethernet/IP devices connected to the Internet and obtained further
information such as the vendor name, product code and name, device name, and IP address.

A nmap -Pn -sT -p 46824 < Target IP >

B nmap -Pn -sT --scan-delay 1s --max-parallelism 1 -p < Port List > < Target IP >

C nmap -Pn -sU -p 44818 --script enip-info < Target IP >

D nmap -Pn -sT -p 102 --script s7-info < Target IP >

Question 45:
Before it considers that zone is dead and stops responding to queries, how long will the secondary servers
attempt to contact the primary server if you have the SOA presented below in your Zone and your
secondary servers have not been able to contact your primary server to synchronize information?

A One week

B One day

C One month

D One hour

Question 46:
The best practice for users concerned with geotags is which of the following mobile security?

A Don't root or jailbreak the mobile device.

B Don't auto-upload photos to social networks.

C Configure a passcode to access the mobile device.

D Don't install too many applications.

Question 47:
Which of the following detection methods is Jerry using in the case that Jerry runs a tool to scan a clean
system to create a database. The tool then scans the system again and compares the second scan to the
clean database?

A Cross view-based

B Integrity-based

C Signature-based

D Behavior-based
Question 48:
What is the network administrator taking countermeasures against in the case your network administrator
is configuring settings so the switch shuts down a port when the max number of MAC addresses is
reached?

A Filtering

B Spoofing

C Sniffing

D Hijacking

Question 49:
What is the best Nmap command you will use if you have successfully comprised a server having an IP
address of 10.10.0.5 and you want to enumerate all machines in the same network quickly?

A nmap -T4 -F 10.10.0.0/24

B nmap -T4 -r 10.10.1.0/24

C nmap -T4 -O 10.10.0.0/24

D nmap -T4 -q 10.10.0.0/24

Question 50:
What type of firewall is inspecting outbound traffic in the following case?
During a black-box pen test, you attempt to send IRC traffic from a hacked web-enabled server via port
80/TCP. The traffic is restricted, but outboundHTTP traffic is unimpeded.

A Packet Filtering

B Circuit

C Stateful

D Application
Answer:

Question 1: A

Question 2: D

Question 3: C

Question 4: A

Question 5: A

Question 6: B

Question 7: D

Question 8: C

Question 9: C

Question 10: C

Question 11: A

Question 12: B

Question 13: A

Question 14: B

Question 15: B

Question 16: C

Question 17: D

Question 18: D

Question 19: D

Question 20: C

Question 21: A
Question 22: A

Question 23: D

Question 24: A

Question 25: C

Question 26: D

Question 27: B

Question 28: C

Question 29: B

Question 30: B

Question 31: D

Question 32: B

Question 33: B

Question 34: D

Question 35: C

Question 36: B

Question 37: A

Question 38: C

Question 39: B

Question 40: A

Question 41: C

Question 42: D

Question 43: A

Question 44: C

Question 45: A
Question 46: B

Question 47: B

Question 48: C

Question 49: A

Question 50: C