Summer Special - 65% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: c4sdisc65

312-50v12 PDF

$38.5

$109.99

3 Months Free Update

  • Printable Format
  • Value of Money
  • 100% Pass Assurance
  • Verified Answers
  • Researched by Industry Experts
  • Based on Real Exams Scenarios
  • 100% Real Questions

312-50v12 PDF + Testing Engine

$61.6

$175.99

3 Months Free Update

  • Exam Name: Certified Ethical Hacker Exam (CEHv12)
  • Last Update: Jul 23, 2024
  • Questions and Answers: 572
  • Free Real Questions Demo
  • Recommended by Industry Experts
  • Best Economical Package
  • Immediate Access

312-50v12 Engine

$46.2

$131.99

3 Months Free Update

  • Best Testing Engine
  • One Click installation
  • Recommended by Teachers
  • Easy to use
  • 3 Modes of Learning
  • State of Art Technology
  • 100% Real Questions included

312-50v12 Practice Exam Questions with Answers Certified Ethical Hacker Exam (CEHv12) Certification

Question # 6

OpenSSL on Linux servers includes a command line tool for testing TLS. What is the name of the tool and the correct syntax to connect to a web server?

A.

openssl s_client -site www.website.com:443

B.

openssl_client -site www.website.com:443

C.

openssl s_client -connect www.website.com:443

D.

openssl_client -connect www.website.com:443

Full Access
Question # 7

When a normal TCP connection starts, a destination host receives a SYN (synchronize/start) packet from a source host and sends back a SYN/ACK (synchronize acknowledge). The destination host must then hear an ACK (acknowledge) of the SYN/ACK before the connection is established. This is referred to as the "TCP three-way handshake." While waiting for the ACK to the SYN ACK, a connection queue of finite size on the destination host keeps track of connections waiting to be completed. This queue typically empties quickly since the ACK is expected to arrive a few milliseconds after the SYN ACK.

How would an attacker exploit this design by launching TCP SYN attack?

A.

Attacker generates TCP SYN packets with random destination addresses towards a victim host

B.

Attacker floods TCP SYN packets with random source addresses towards a victim host

C.

Attacker generates TCP ACK packets with random source addresses towards a victim host

D.

Attacker generates TCP RST packets with random source addresses towards a victim host

Full Access
Question # 8

DHCP snooping is a great solution to prevent rogue DHCP servers on your network. Which security feature on switchers leverages the DHCP snooping database to help prevent man-in-the-middle attacks?

A.

Spanning tree

B.

Dynamic ARP Inspection (DAI)

C.

Port security

D.

Layer 2 Attack Prevention Protocol (LAPP)

Full Access
Question # 9

Which of the following tools is used to detect wireless LANs using the 802.11a/b/g/n WLAN standards on a linux platform?

A.

Kismet

B.

Abel

C.

Netstumbler

D.

Nessus

Full Access
Question # 10

Which of the following LM hashes represent a password of less than 8 characters? (Choose two.)

A.

BA810DBA98995F1817306D272A9441BB

B.

44EFCE164AB921CQAAD3B435B51404EE

C.

0182BD0BD4444BF836077A718CCDF409

D.

CEC52EB9C8E3455DC2265B23734E0DAC

E.

B757BF5C0D87772FAAD3B435B51404EE

F.

E52CAC67419A9A224A3B108F3FA6CB6D

Full Access
Question # 11

John, a professional hacker, targeted an organization that uses LDAP for accessing distributed directory services. He used an automated tool to anonymously query the IDAP service for sensitive information such as usernames. addresses, departmental details, and server names to launch further attacks on the target organization.

What is the tool employed by John to gather information from the IDAP service?

A.

jxplorer

B.

Zabasearch

C.

EarthExplorer

D.

Ike-scan

Full Access
Question # 12

Which of the following steps for risk assessment methodology refers to vulnerability identification?

A.

Determines if any flaws exist in systems, policies, or procedures

B.

Assigns values to risk probabilities; Impact values.

C.

Determines risk probability that vulnerability will be exploited (High. Medium, Low)

D.

Identifies sources of harm to an IT system. (Natural, Human. Environmental)

Full Access
Question # 13

Attacker Steve targeted an organization's network with the aim of redirecting the company's web traffic to another malicious website. To achieve this goal, Steve performed DNS cache poisoning by exploiting the vulnerabilities In the DNS server software and modified the original IP address of the target website to that of a fake website. What is the technique employed by Steve to gather information for identity theft?

A.

Pretexting

B.

Pharming

C.

Wardriving

D.

Skimming

Full Access
Question # 14

Which method of password cracking takes the most time and effort?

A.

Dictionary attack

B.

Shoulder surfing

C.

Rainbow tables

D.

Brute force

Full Access
Question # 15

A company’s policy requires employees to perform file transfers using protocols which encrypt traffic. You suspect some employees are still performing file transfers using unencrypted protocols because the employees do not like changes. You have positioned a network sniffer to capture traffic from the laptops used by employees in the data ingest department. Using Wireshark to examine the captured traffic, which command can be used as display filter to find unencrypted file transfers?

A.

tcp.port = = 21

B.

tcp.port = 23

C.

tcp.port = = 21 | | tcp.port = =22

D.

tcp.port ! = 21

Full Access
Question # 16

Eve is spending her day scanning the library computers. She notices that Alice is using a computer whose port 445 is active and listening. Eve uses the ENUM tool to enumerate Alice machine. From the command prompt, she types the following command.

312-50v12 question answer

What is Eve trying to do?

A.

Eve is trying to connect as a user with Administrator privileges

B.

Eve is trying to enumerate all users with Administrative privileges

C.

Eve is trying to carry out a password crack for user Administrator

D.

Eve is trying to escalate privilege of the null user to that of Administrator

Full Access
Question # 17

Which of the following algorithms can be used to guarantee the integrity of messages being sent, in transit, or stored?

A.

symmetric algorithms

B.

asymmetric algorithms

C.

hashing algorithms

D.

integrity algorithms

Full Access
Question # 18

Session splicing is an IDS evasion technique in which an attacker delivers data in multiple, small sized packets to the target computer, making it very difficult for an IDS to detect the attack signatures. Which tool can be used to perform session splicing attacks?

A.

tcpsplice

B.

Burp

C.

Hydra

D.

Whisker

Full Access
Question # 19

Peter is surfing the internet looking for information about DX Company. Which hacking process is Peter doing?

A.

Scanning

B.

Footprinting

C.

Enumeration

D.

System Hacking

Full Access
Question # 20

The company ABC recently contracts a new accountant. The accountant will be working with the financial statements. Those financial statements need to be approved by the CFO and then they will be sent to the accountant but the CFO is worried because he wants to be sure that the information sent to the accountant was not modified once he approved it. Which of the following options can be useful to ensure the integrity of the data?

A.

The CFO can use a hash algorithm in the document once he approved the financial statements

B.

The CFO can use an excel file with a password

C.

The financial statements can be sent twice, one by email and the other delivered in USB and the accountant can compare both to be sure is the same document

D.

The document can be sent to the accountant using an exclusive USB for that document

Full Access
Question # 21

Bob is acknowledged as a hacker of repute and is popular among visitors of "underground" sites.

Bob is willing to share his knowledge with those who are willing to learn, and many have expressed their interest in learning from him. However, this knowledge has a risk associated with it, as it can be used for malevolent attacks as well.

In this context, what would be the most effective method to bridge the knowledge gap between the "black" hats or crackers and the "white" hats or computer security professionals? (Choose the test answer.)

A.

Educate everyone with books, articles and training on risk analysis, vulnerabilities and safeguards.

B.

Hire more computer security monitoring personnel to monitor computer systems and networks.

C.

Make obtaining either a computer security certification or accreditation easier to achieve so more individuals feel that they are a part of something larger than life.

D.

Train more National Guard and reservist in the art of computer security to help out in times of emergency or crises.

Full Access
Question # 22

Which of the following tools are used for enumeration? (Choose three.)

A.

SolarWinds

B.

USER2SID

C.

Cheops

D.

SID2USER

E.

DumpSec

Full Access
Question # 23

What is correct about digital signatures?

A.

A digital signature cannot be moved from one signed document to another because it is the hash of the original document encrypted with the private key of the signing party.

B.

Digital signatures may be used in different documents of the same type.

C.

A digital signature cannot be moved from one signed document to another because it is a plain hash of the document content.

D.

Digital signatures are issued once for each user and can be used everywhere until they expire.

Full Access
Question # 24

What is the known plaintext attack used against DES which gives the result that encrypting plaintext with one DES key followed by encrypting it with a second DES key is no more secure than using a single key?

A.

Man-in-the-middle attack

B.

Meet-in-the-middle attack

C.

Replay attack

D.

Traffic analysis attack

Full Access
Question # 25

Which of the following is a component of a risk assessment?

A.

Administrative safeguards

B.

Physical security

C.

DMZ

D.

Logical interface

Full Access
Question # 26

One of your team members has asked you to analyze the following SOA record.

What is the TTL? Rutgers.edu.SOA NS1.Rutgers.edu ipad.college.edu (200302028 3600 3600 604800 2400.)

A.

200303028

B.

3600

C.

604800

D.

2400

E.

60

F.

4800

Full Access
Question # 27

Which of the following program infects the system boot sector and the executable files at the same time?

A.

Polymorphic virus

B.

Stealth virus

C.

Multipartite Virus

D.

Macro virus

Full Access
Question # 28

Which type of security feature stops vehicles from crashing through the doors of a building?

A.

Bollards

B.

Receptionist

C.

Mantrap

D.

Turnstile

Full Access
Question # 29

What did the following commands determine?

312-50v12 question answer

A.

That the Joe account has a SID of 500

B.

These commands demonstrate that the guest account has NOT been disabled

C.

These commands demonstrate that the guest account has been disabled

D.

That the true administrator is Joe

E.

Issued alone, these commands prove nothing

Full Access
Question # 30

A network admin contacts you. He is concerned that ARP spoofing or poisoning might occur on his network. What are some things he can do to prevent it? Select the best answers.

A.

Use port security on his switches.

B.

Use a tool like ARPwatch to monitor for strange ARP activity.

C.

Use a firewall between all LAN segments.

D.

If you have a small network, use static ARP entries.

E.

Use only static IP addresses on all PC's.

Full Access
Question # 31

Which of the following represents the initial two commands that an IRC client sends to join an IRC network?

A.

USER, NICK

B.

LOGIN, NICK

C.

USER, PASS

D.

LOGIN, USER

Full Access
Question # 32

A technician is resolving an issue where a computer is unable to connect to the Internet using a wireless access point. The computer is able to transfer files locally to other machines, but cannot successfully reach the Internet. When the technician examines the IP address and default gateway they are both on the 192.168.1.0/24. Which of the following has occurred?

A.

The computer is not using a private IP address.

B.

The gateway is not routing to a public IP address.

C.

The gateway and the computer are not on the same network.

D.

The computer is using an invalid IP address.

Full Access
Question # 33

Given below are different steps involved in the vulnerability-management life cycle.

1) Remediation

2) Identify assets and create a baseline

3) Verification

4) Monitor

5) Vulnerability scan

6) Risk assessment

Identify the correct sequence of steps involved in vulnerability management.

A.

2-->5-->6-->1-->3-->4

B.

2-->1-->5-->6-->4-->3

C.

2-->4-->5-->3-->6--> 1

D.

1-->2-->3-->4-->5-->6

Full Access
Question # 34

During a black-box pen test you attempt to pass IRC traffic over port 80/TCP from a compromised web enabled host. The traffic gets blocked; however, outbound HTTP traffic is unimpeded. What type of firewall is inspecting outbound traffic?

A.

Circuit

B.

Stateful

C.

Application

D.

Packet Filtering

Full Access
Question # 35

Which of the following viruses tries to hide from anti-virus programs by actively altering and corrupting the chosen service call interruptions when they are being run?

A.

Macro virus

B.

Stealth/Tunneling virus

C.

Cavity virus

D.

Polymorphic virus

Full Access
Question # 36

Richard, an attacker, targets an MNC. in this process, he uses a footprinting technique to gather as much information as possible. Using this technique, he gathers domain information such as the target domain name, contact details of its owner, expiry date, and creation date. With this information, he creates a map of the organization's network and misleads domain owners with social engineering to obtain internal details of its network. What type of footprinting technique is employed by Richard?

A.

VoIP footprinting

B.

VPN footprinting

C.

Whois footprinting

D.

Email footprinting

Full Access
Question # 37

Eric has discovered a fantastic package of tools named Dsniff on the Internet. He has learnt to use these tools in his lab and is now ready for real world exploitation. He was able to effectively intercept communications between the two entities and establish credentials with both sides of the connections. The two remote ends of the communication never notice that Eric is relaying the information between the two. What would you call this attack?

A.

Interceptor

B.

Man-in-the-middle

C.

ARP Proxy

D.

Poisoning Attack

Full Access
Question # 38

Which iOS jailbreaking technique patches the kernel during the device boot so that it becomes jailbroken after each successive reboot?

A.

Tethered jailbreaking

B.

Semi-tethered jailbreaking

C.

Untethered jailbreaking

D.

Semi-Untethered jailbreaking

Full Access
Question # 39

Todd has been asked by the security officer to purchase a counter-based authentication system. Which of the following best describes this type of system?

A.

A biometric system that bases authentication decisions on behavioral attributes.

B.

A biometric system that bases authentication decisions on physical attributes.

C.

An authentication system that creates one-time passwords that are encrypted with secret keys.

D.

An authentication system that uses passphrases that are converted into virtual passwords.

Full Access
Question # 40

Techno Security Inc. recently hired John as a penetration tester. He was tasked with identifying open ports in the target network and determining whether the ports are online and any firewall rule sets are encountered. John decided to perform a TCP SYN ping scan on the target network. Which of the following Nmap commands must John use to perform the TCP SYN ping scan?

A.

nmap -sn -pp < target ip address >

B.

nmap -sn -PO < target IP address >

C.

nmap -sn -PS < target IP address >

D.

nmap -sn -PA < target IP address >

Full Access
Question # 41

An attacker redirects the victim to malicious websites by sending them a malicious link by email. The link appears authentic but redirects the victim to a malicious web page, which allows the attacker to steal the victim's data. What type of attack is this?

A.

Phishing

B.

Vlishing

C.

Spoofing

D.

DDoS

Full Access
Question # 42

When a security analyst prepares for the formal security assessment - what of the following should be done in order to determine inconsistencies in the secure assets database and verify that system is compliant to the minimum security baseline?

A.

Data items and vulnerability scanning

B.

Interviewing employees and network engineers

C.

Reviewing the firewalls configuration

D.

Source code review

Full Access
Question # 43

what firewall evasion scanning technique make use of a zombie system that has low network activity as well as its fragment identification numbers?

A.

Decoy scanning

B.

Packet fragmentation scanning

C.

Spoof source address scanning

D.

Idle scanning

Full Access
Question # 44

Attacker Lauren has gained the credentials of an organization's internal server system, and she was often logging in during irregular times to monitor the network activities. The organization was skeptical about the login times and appointed security professional Robert to determine the issue. Robert analyzed the compromised device to find incident details such as the type of attack, its severity, target, impact, method of propagation, and vulnerabilities exploited. What is the incident handling and response (IH&R) phase, in which Robert has determined these issues?

A.

Preparation

B.

Eradication

C.

Incident recording and assignment

D.

Incident triage

Full Access
Question # 45

Study the snort rule given below and interpret the rule. alert tcp any any --> 192.168.1.0/24 111

(content:"|00 01 86 a5|"; msG. "mountd access";)

A.

An alert is generated when a TCP packet is generated from any IP on the 192.168.1.0 subnet and destined to any IP on port 111

B.

An alert is generated when any packet other than a TCP packet is seen on the network and destined for the 192.168.1.0 subnet

C.

An alert is generated when a TCP packet is originated from port 111 of any IP address to the 192.168.1.0 subnet

D.

An alert is generated when a TCP packet originating from any IP address is seen on the network and destined for any IP address on the 192.168.1.0 subnet on port 111

Full Access
Question # 46

In this attack, a victim receives an e-mail claiming from PayPal stating that their account has been disabled and confirmation is required before activation. The attackers then scam to collect not one but two credit card numbers, ATM PIN number and other personal details. Ignorant users usually fall prey to this scam.

Which of the following statement is incorrect related to this attack?

A.

Do not reply to email messages or popup ads asking for personal or financial information

B.

Do not trust telephone numbers in e-mails or popup ads

C.

Review credit card and bank account statements regularly

D.

Antivirus, anti-spyware, and firewall software can very easily detect these type of attacks

E.

Do not send credit card numbers, and personal or financial information via e-mail

Full Access
Question # 47

env x=’(){ :;};echo exploit’ bash –c ‘cat/etc/passwd’

What is the Shellshock bash vulnerability attempting to do on a vulnerable Linux host?

A.

Removes the passwd file

B.

Changes all passwords in passwd

C.

Add new user to the passwd file

D.

Display passwd content to prompt

Full Access
Question # 48

While using your bank’s online servicing you notice the following string in the URL bar:

“http: // www. MyPersonalBank. com/ account?id=368940911028389 &Damount=10980&Camount=21”

You observe that if you modify the Damount & Camount values and submit the request, that data on the web page reflects the changes.

Which type of vulnerability is present on this site?

A.

Cookie Tampering

B.

SQL Injection

C.

Web Parameter Tampering

D.

XSS Reflection

Full Access
Question # 49

Peter, a Network Administrator, has come to you looking for advice on a tool that would help him perform SNMP enquires over the network.

Which of these tools would do the SNMP enumeration he is looking for? Select the best answers.

A.

SNMPUtil

B.

SNScan

C.

SNMPScan

D.

Solarwinds IP Network Browser

E.

NMap

Full Access
Question # 50

Identify the UDP port that Network Time Protocol (NTP) uses as its primary means of communication?

A.

113

B.

69

C.

123

D.

161

Full Access
Question # 51

Peter extracts the SIDs list from Windows 2000 Server machine using the hacking tool "SIDExtractor". Here is the output of the SIDs:

312-50v12 question answer

From the above list identify the user account with System Administrator privileges.

A.

John

B.

Rebecca

C.

Sheela

D.

Shawn

E.

Somia

F.

Chang

G.

Micah

Full Access
Question # 52

Attacker Simon targeted the communication network of an organization and disabled the security controls of NetNTLMvl by modifying the values of LMCompatibilityLevel, NTLMMinClientSec, and RestrictSendingNTLMTraffic. He then extracted all the non-network logon tokens from all the active processes to masquerade as a legitimate user to launch further attacks. What is the type of attack performed by Simon?

A.

Internal monologue attack

B.

Combinator attack

C.

Rainbow table attack

D.

Dictionary attack

Full Access
Question # 53

Bill has been hired as a penetration tester and cyber security auditor for a major credit card company. Which information security standard is most applicable to his role?

A.

FISMA

B.

HITECH

C.

PCI-DSS

D.

Sarbanes-OxleyAct

Full Access
Question # 54

Susan has attached to her company's network. She has managed to synchronize her boss's sessions with that of the file server. She then intercepted his traffic destined for the server, changed it the way she wanted to and then placed it on the server in his home directory.

What kind of attack is Susan carrying on?

A.

A sniffing attack

B.

A spoofing attack

C.

A man in the middle attack

D.

A denial of service attack

Full Access
Question # 55

What is the minimum number of network connections in a multihomed firewall?

A.

3

B.

5

C.

4

D.

2

Full Access
Question # 56

Although FTP traffic is not encrypted by default, which layer 3 protocol would allow for end-to-end encryption of the connection?

A.

SFTP

B.

Ipsec

C.

SSL

D.

FTPS

Full Access
Question # 57

You are the chief cybersecurity officer at CloudSecure Inc., and your team is responsible for securing a cloudbased application that handles sensitive customer data. To ensure that the data is protected from breaches, you

have decided to implement encryption for both data-at-rest and data-in-transit. The development team suggests using SSL/TLS for securing data in transit. However, you want to also implement a mechanism to detect if the data was tampered with during transmission. Which of the following should you propose?

A.

Implement IPsec in addition to SSL/TLS.

B.

Qswitch to using SSH for data transmission.

C.

Use the cloud service provider's built-in encryption services.

D.

Encrypt data using the AES algorithm before transmission.

Full Access
Question # 58

what is the correct way of using MSFvenom to generate a reverse TCP shellcode for windows?

A.

msfvenom -p windows/meterpreter/reverse_tcp LHOST=10.10.10.30 LPORT=4444 -f c

B.

msfvenom -p windows/meterpreter/reverse_tcp RHOST=10.10.10.30 LPORT=4444 -f c

C.

msfvenom -p windows/meterpreter/reverse_tcp LHOST=10.10.10.30 LPORT=4444 -f exe > shell.exe

D.

msfvenom -p windows/meterpreter/reverse_tcp RHOST=10.10.10.30 LPORT=4444 -f exe > shell.exe

Full Access
Question # 59

What is the file that determines the basic configuration (specifically activities, services, broadcast receivers, etc.) in an Android application?

A.

AndroidManifest.xml

B.

APK.info

C.

resources.asrc

D.

classes.dex

Full Access
Question # 60

You are the Network Admin, and you get a complaint that some of the websites are no longer accessible. You try to ping the servers and find them to be reachable. Then you type the IP address and then you try on the browser, and find it to be accessible. But they are not accessible when you try using the URL.

What may be the problem?

A.

Traffic is Blocked on UDP Port 53

B.

Traffic is Blocked on TCP Port 80

C.

Traffic is Blocked on TCP Port 54

D.

Traffic is Blocked on UDP Port 80

Full Access
Question # 61

Which DNS resource record can indicate how long any "DNS poisoning" could last?

A.

MX

B.

SOA

C.

NS

D.

TIMEOUT

Full Access
Question # 62

A user on your Windows 2000 network has discovered that he can use L0phtcrack to sniff the SMB exchanges which carry user logons. The user is plugged into a hub with 23 other systems.

However, he is unable to capture any logons though he knows that other users are logging in.

What do you think is the most likely reason behind this?

A.

There is a NIDS present on that segment.

B.

Kerberos is preventing it.

C.

Windows logons cannot be sniffed.

D.

L0phtcrack only sniffs logons to web servers.

Full Access
Question # 63

Bob is doing a password assessment for one of his clients. Bob suspects that security policies are not in place. He also suspects that weak passwords are probably the norm throughout the company he is evaluating. Bob is familiar with password weaknesses and key loggers.

Which of the following options best represents the means that Bob can adopt to retrieve passwords from his clients hosts and servers?

A.

Hardware, Software, and Sniffing.

B.

Hardware and Software Keyloggers.

C.

Passwords are always best obtained using Hardware key loggers.

D.

Software only, they are the most effective.

Full Access
Question # 64

Which of the following incident handling process phases is responsible for defining rules, collaborating human workforce, creating a back-up plan, and testing the plans for an organization?

A.

Preparation phase

B.

Containment phase

C.

Identification phase

D.

Recovery phase

Full Access
Question # 65

What ports should be blocked on the firewall to prevent NetBIOS traffic from not coming through the firewall if your network is comprised of Windows NT, 2000, and XP?

A.

110

B.

135

C.

139

D.

161

E.

445

F.

1024

Full Access
Question # 66

Which results will be returned with the following Google search query? site:target.com – site:Marketing.target.com accounting

A.

Results from matches on the site marketing.target.com that are in the domain target.com but do not include the word accounting.

B.

Results matching all words in the query.

C.

Results for matches on target.com and Marketing.target.com that include the word “accounting”

D.

Results matching “accounting” in domain target.com but not on the site Marketing.target.com

Full Access
Question # 67

Abel, a cloud architect, uses container technology to deploy applications/software including all its dependencies, such as libraries and configuration files, binaries, and other resources that run independently from other processes in the cloud environment. For the containerization of applications, he follows the five-tier container technology architecture. Currently. Abel is verifying and validating image contents, signing images, and sending them to the registries. Which of the following tiers of the container technology architecture Is Abel currently working in?

A.

Tier-1: Developer machines

B.

Tier-4: Orchestrators

C.

Tier-3: Registries

D.

Tier-2: Testing and accreditation systems

Full Access
Question # 68

Let's imagine three companies (A, B and C), all competing in a challenging global environment. Company A and B are working together in developing a product that will generate a major competitive advantage for them. Company A has a secure DNS server while company B has a DNS server vulnerable to spoofing. With a spoofing attack on the DNS server of company B, company C gains access to outgoing e-mails from company B. How do you prevent DNS spoofing?

A.

Install DNS logger and track vulnerable packets

B.

Disable DNS timeouts

C.

Install DNS Anti-spoofing

D.

Disable DNS Zone Transfer

Full Access
Question # 69

You just set up a security system in your network. In what kind of system would you find the following string of characters used as a rule within its configuration? alert tcp any any -> 192.168.100.0/24 21 (msg: ““FTP on the network!””;)

A.

A firewall IPTable

B.

FTP Server rule

C.

A Router IPTable

D.

An Intrusion Detection System

Full Access
Question # 70

You need to deploy a new web-based software package for your organization. The package requires three separate servers and needs to be available on the Internet. What is the recommended architecture in terms of server placement?

A.

All three servers need to be placed internally

B.

A web server facing the Internet, an application server on the internal network, a database server on the internal network

C.

A web server and the database server facing the Internet, an application server on the internal network

D.

All three servers need to face the Internet so that they can communicate between themselves

Full Access
Question # 71

The configuration allows a wired or wireless network interface controller to pass all traffic it receives to the Central Processing Unit (CPU), rather than passing only the frames that the controller is intended to receive. Which of the following is being described?

A.

Multi-cast mode

B.

Promiscuous mode

C.

WEM

D.

Port forwarding

Full Access
Question # 72

in this attack, an adversary tricks a victim into reinstalling an already-in-use key. This is achieved by manipulating and replaying cryptographic handshake messages. When the victim reinstall the key, associated parameters such as the incremental transmit packet number and receive packet number are reset to their initial values. What is this attack called?

A.

Chop chop attack

B.

KRACK

C.

Evil twin

D.

Wardriving

Full Access
Question # 73

Chandler works as a pen-tester in an IT-firm in New York. As a part of detecting viruses in the systems, he uses a detection method where the anti-virus executes the malicious codes on a virtual machine to simulate CPU and memory activities. Which type of virus detection method did Chandler use in this context?

A.

Heuristic Analysis

B.

Code Emulation

C.

Scanning

D.

Integrity checking

Full Access
Question # 74

In both pharming and phishing attacks, an attacker can create websites that look similar to legitimate sites with the intent of collecting personal identifiable information from its victims.

What is the difference between pharming and phishing attacks?

A.

In a pharming attack, a victim is redirected to a fake website by modifying their host configuration file or by exploiting vulnerabilities in DNS. In a phishing attack, an attacker provides the victim with a URL that is either misspelled or looks similar to the actual websites domain name

B.

In a phishing attack, a victim is redirected to a fake website by modifying their host configuration file or by exploiting vulnerabilities in DNS. In a pharming attack, an attacker provides the victim with a URL that is either misspelled or looks very similar to the actual websites domain name

C.

Both pharming and phishing attacks are purely technical and are not considered forms of social engineering

D.

Both pharming and phishing attacks are identical

Full Access
Question # 75

What two conditions must a digital signature meet?

A.

Has to be the same number of characters as a physical signature and must be unique.

B.

Has to be unforgeable, and has to be authentic.

C.

Must be unique and have special characters.

D.

Has to be legible and neat.

Full Access
Question # 76

Suppose your company has just passed a security risk assessment exercise. The results display that the risk of the breach in the main company application is 50%. Security staff has taken some measures and

implemented the necessary controls. After that, another security risk assessment was performed showing that risk has decreased to 10%. The risk threshold for the application is 20%. Which of the following risk decisions will be the best for the project in terms of its successful continuation with the most business profit?

A.

Accept the risk

B.

Introduce more controls to bring risk to 0%

C.

Mitigate the risk

D.

Avoid the risk

Full Access
Question # 77

An attacker has installed a RAT on a host. The attacker wants to ensure that when a user attempts to go to "www.MyPersonalBank.com ", the user is directed to a phishing site.

Which file does the attacker need to modify?

A.

Boot.ini

B.

Sudoers

C.

Networks

D.

Hosts

Full Access
Question # 78

What is the proper response for a NULL scan if the port is closed?

A.

SYN

B.

ACK

C.

FIN

D.

PSH

E.

RST

F.

No response

Full Access
Question # 79

A hacker is an intelligent individual with excellent computer skills and the ability to explore a computer’s software and hardware without the owner’s permission. Their intention can either be to simply gain knowledge or to illegally make changes.

Which of the following class of hacker refers to an individual who works both offensively and defensively at various times?

A.

White Hat

B.

Suicide Hacker

C.

Gray Hat

D.

Black Hat

Full Access
Question # 80

A bank stores and processes sensitive privacy information related to home loans. However, auditing has never been enabled on the system. What is the first step that the bank should take before enabling the audit feature?

A.

Perform a vulnerability scan of the system.

B.

Determine the impact of enabling the audit feature.

C.

Perform a cost/benefit analysis of the audit feature.

D.

Allocate funds for staffing of audit log review.

Full Access
Question # 81

You are tasked to perform a penetration test. While you are performing information gathering, you find an employee list in Google. You find the receptionist’s email, and you send her an email changing the source email to her boss’s email (boss@company). In this email, you ask for a pdf with information. She reads your email and sends back a pdf with links. You exchange the pdf links with your malicious links (these links contain malware) and send back the modified pdf, saying that the links don’t work. She reads your email, opens the links, and her machine gets infected. You now have access to the company network. What testing method did you use?

A.

Social engineering

B.

Piggybacking

C.

Tailgating

D.

Eavesdropping

Full Access
Question # 82

Which of the following Linux commands will resolve a domain name into IP address?

A.

>host-t a hackeddomain.com

B.

>host-t ns hackeddomain.com

C.

>host -t soa hackeddomain.com

D.

>host -t AXFR hackeddomain.com

Full Access
Question # 83

A penetration tester is performing the footprinting process and is reviewing publicly available information about an organization by using the Google search engine.

Which of the following advanced operators would allow the pen tester to restrict the search to the organization’s web domain?

A.

[allinurl:]

B.

[location:]

C.

[site:]

D.

[link:]

Full Access
Question # 84

Firewalls are the software or hardware systems that are able to control and monitor the traffic coming in and out the target network based on pre-defined set of rules. Which of the following types of firewalls can protect against SQL injection attacks?

A.

Data-driven firewall

B.

Packet firewall

C.

Web application firewall

D.

Stateful firewall

Full Access
Question # 85

A DDOS attack is performed at layer 7 to take down web infrastructure. Partial HTTP requests are sent to the web infrastructure or applications. Upon receiving a partial request, the target servers opens multiple connections and keeps waiting for the requests to complete.

Which attack is being described here?

A.

Desynchronization

B.

Slowloris attack

C.

Session splicing

D.

Phlashing

Full Access
Question # 86

A "Server-Side Includes" attack refers to the exploitation of a web application by injecting scripts in HTML pages or executing arbitrary code remotely.

Which web-page file type, if it exists on the web server, is a strong indication that the server is vulnerable to this kind of attack?

A.

.stm

B.

.html

C.

.rss

D.

.cms

Full Access
Question # 87

Sarah, a system administrator, was alerted of potential malicious activity on the network of her company. She

discovered a malicious program spread through the instant messenger application used by her team. The

attacker had obtained access to one of her teammate's messenger accounts and started sending files across

the contact list. Which best describes the attack scenario and what measure could have prevented it?

A.

Instant Messenger Applications; verifying the sender's identity before opening any files

B.

Insecure Patch Management; updating application software regularly

C.

Rogue/Decoy Applications; ensuring software is labeled as TRUSTED

D.

Portable Hardware Media/Removable Devices; disabling Autorun functionality

Full Access
Question # 88

You are a penetration tester and are about to perform a scan on a specific server. The agreement that you signed with the client contains the following specific condition for the scan: “The attacker must scan every port on the server several times using a set of spoofed sources IP addresses. ” Suppose that you are using Nmap to perform this scan. What flag will you use to satisfy this requirement?

A.

The -A flag

B.

The -g flag

C.

The -f flag

D.

The -D flag

Full Access
Question # 89

One of your team members has asked you to analyze the following SOA record. What is the version?

Rutgers.edu.SOA NS1.Rutgers.edu ipad.college.edu (200302028 3600 3600 604800 2400.) (Choose four.)

A.

200303028

B.

3600

C.

604800

D.

2400

E.

60

F.

4800

Full Access
Question # 90

You are a cybersecurity consultant for a global organization. The organization has adopted a Bring Your Own Device (BYOD)policy, but they have recently experienced a phishing incident where an employee's device was compromised. In the investigation, you discovered that the phishing attack occurred through a third-party email app that the employee had installed. Given the need to balance security and user autonomy under the BYOD policy, how should the organization mitigate the risk of such incidents? Moreover, consider a measure that would prevent similar attacks without overly restricting the use of personal devices.

A.

Provide employees with corporate-owned devices for work-related tasks.

B.

Implement a mobile device management solution that restricts the installation of non-approved applications.

C.

Require all employee devices to use a company-provided VPN for internet access.

D.

Conduct regular cybersecurity awareness training, focusing on phishing attacks.

Full Access
Question # 91

You are a cybersecurity consultant for a healthcare organization that utilizes Internet of Medical Things (loMT) devices, such as connected insulin pumps and heart rate monitors, to provide improved patientcare. Recently, the organization has been targeted by ransomware attacks. While the IT infrastructure was unaffected due to robust security measures, they are worried that the loMT devices could be potential entry points for future

attacks. What would be your main recommendation to protect these devices from such threats?

A.

Implement multi-factor authentication for all loMT devices.

B.

Disable all wireless connectivity on loMT devices.

C.

Use network segmentation to isolate loMT devices from the main network.

D.

Regularly change the IP addresses of all loMT devices.

Full Access
Question # 92

Which of the following allows attackers to draw a map or outline the target organization's network infrastructure to know about the actual environment that they are going to hack.

A.

Enumeration

B.

Vulnerability analysis

C.

Malware analysis

D.

Scanning networks

Full Access
Question # 93

Your network infrastructure is under a SYN flood attack. The attacker has crafted an automated botnet to

simultaneously send 's' SYN packets per second to the server. You have put measures in place to manage ‘f

SYN packets per second, and the system is designed to deal with this number without any performance issues.

If 's' exceeds ‘f', the network infrastructure begins to show signs of overload. The system's response time

increases exponentially (24k), where 'k' represents each additional SYN packet above the ff limit. Now, considering 's=500' and different 'f values, in which scenario is the server most likely to experience overload and significantly increased response times?

A.

f=510: The server can handle 510 SYN packets per second, which is greater than what the attacker is sending. The system stays stable, and the response time remains unaffected

B.

f=495: The server can handle 495 SYN packets per second. The response time drastically rises (245 = 32 times the normal), indicating a probable system overload

C.

f=S05: The server can handle 505 SYN packets per second. In this case, the response time increases but not as drastically (245 = 32 times the normal), and the systern might still function, albeit slowly

D.

f=420: The server can handle 490 SYN packets per second. With 's' exceeding ‘f by 10, the response time shoots up (2410 = 1024 times the usual response time), indicating a system overload

Full Access
Question # 94

Stephen, an attacker, targeted the industrial control systems of an organization. He generated a fraudulent email with a malicious attachment and sent it to employees of the target organization. An employee who manages the sales software of the operational plant opened the fraudulent email and clicked on the malicious attachment. This resulted in the malicious attachment being downloaded and malware being injected into the sales software maintained in the victim's system. Further, the malware propagated itself to other networked systems, finally damaging the industrial automation components. What is the attack technique used by Stephen to damage the industrial systems?

A.

Spear-phishing attack

B.

SMishing attack

C.

Reconnaissance attack

D.

HMI-based attack

Full Access
Question # 95

Which tier in the N-tier application architecture is responsible for moving and processing data between the tiers?

A.

Presentation tier

B.

Application Layer

C.

Logic tier

D.

Data tier

Full Access
Question # 96

Which rootkit is characterized by its function of adding code and/or replacing some of the operating-system kernel code to obscure a backdoor on a system?

A.

User-mode rootkit

B.

Library-level rootkit

C.

Kernel-level rootkit

D.

Hypervisor-level rootkit

Full Access
Question # 97

Mary found a high vulnerability during a vulnerability scan and notified her server team. After analysis, they sent her proof that a fix to that issue had already been applied. The vulnerability that Marry found is called what?

A.

False-negative

B.

False-positive

C.

Brute force attack

D.

Backdoor

Full Access
Question # 98

Kevin, an encryption specialist, implemented a technique that enhances the security of keys used for encryption and authentication. Using this technique, Kevin input an initial key to an algorithm that generated an enhanced key that is resistant to brute-force attacks. What is the technique employed by Kevin to improve the security of encryption keys?

A.

Key derivation function

B.

Key reinstallation

C.

A Public key infrastructure

D.

Key stretching

Full Access
Question # 99

Ben purchased a new smartphone and received some updates on it through the OTA method. He received two messages: one with a PIN from the network operator and another asking him to enter the PIN received from the operator. As soon as he entered the PIN, the smartphone started functioning in an abnormal manner. What is the type of attack performed on Ben in the above scenario?

A.

Advanced SMS phishing

B.

Bypass SSL pinning

C.

Phishing

D.

Tap 'n ghost attack

Full Access
Question # 100

Elante company has recently hired James as a penetration tester. He was tasked with performing enumeration on an organization's network. In the process of enumeration, James discovered a service that is accessible to external sources. This service runs directly on port 21. What is the service enumerated byjames in the above scenario?

A.

Border Gateway Protocol (BGP)

B.

File Transfer Protocol (FTP)

C.

Network File System (NFS)

D.

Remote procedure call (RPC)

Full Access
Question # 101

Kate dropped her phone and subsequently encountered an issue with the phone's internal speaker. Thus, she is using the phone's loudspeaker for phone calls and other activities. Bob, an attacker, takes advantage of this vulnerability and secretly exploits the hardware of Kate's phone so that he can monitor the loudspeaker's output from data sources such as voice assistants, multimedia messages, and audio files by using a malicious app to breach speech privacy. What is the type of attack Bob performed on Kate in the above scenario?

A.

Man-in-the-disk attack

B.

aLTEr attack

C.

SIM card attack

D.

Spearphone attack

Full Access
Question # 102

Insecure direct object reference is a type of vulnerability where the application does not verify if the user is authorized to access the internal object via its name or key. Suppose a malicious user Rob tries to get access to the account of a benign user Ned.

Which of the following requests best illustrates an attempt to exploit an insecure direct object reference vulnerability?

A.

“GET /restricted/goldtransfer?to=Rob&from=1 or 1=1’ HTTP/1.1Host: westbank.com”

B.

“GET /restricted/\r\n\%00account%00Ned%00access HTTP/1.1 Host: westbank.com”

C.

“GET /restricted/accounts/?name=Ned HTTP/1.1 Host westbank.com”

D.

“GET /restricted/ HTTP/1.1 Host: westbank.com

Full Access
Question # 103

An IT company has just implemented new security controls to their network and system setup. As a Certified Ethical Hacker, your responsibility is to assess the possible vulnerabilities in the new setup. You are given the information that the network and system are adequately patched with the latest updates, and all employees have gone through recent cybersecurity awareness training. Considering the potential vulnerability sources,

what is the best initial approach to vulnerability assessment?

A.

Checking for hardware and software misconfigurations to identify any possible loopholes

B.

Evaluating the network for inherent technology weaknesses prone to specific types of attacks

C.

Investigating if any ex-employees still have access to the company’s system and data

D.

Conducting social engineering tests to check if employees can be tricked into revealing sensitive information

Full Access
Question # 104

Which of the following options represents a conceptual characteristic of an anomaly-based IDS over a signature-based IDS?

A.

Produces less false positives

B.

Can identify unknown attacks

C.

Requires vendor updates for a new threat

D.

Cannot deal with encrypted network traffic

Full Access
Question # 105

Jack, a professional hacker, targets an organization and performs vulnerability scanning on the target web server to identify any possible weaknesses, vulnerabilities, and misconfigurations. In this process, Jack uses an automated tool that eases his work and performs vulnerability scanning to find hosts, services, and other vulnerabilities in the target server. Which of the following tools is used by Jack to perform vulnerability scanning?

A.

Infoga

B.

WebCopier Pro

C.

Netsparker

D.

NCollector Studio

Full Access
Question # 106

Which protocol is used for setting up secure channels between two devices, typically in VPNs?

A.

PEM

B.

ppp

C.

IPSEC

D.

SET

Full Access
Question # 107

Cross-site request forgery involves:

A.

A request sent by a malicious user from a browser to a server

B.

Modification of a request by a proxy between client and server

C.

A browser making a request to a server without the user’s knowledge

D.

A server making a request to another server without the user’s knowledge

Full Access
Question # 108

if you send a TCP ACK segment to a known closed port on a firewall but it does not respond with an RST. what do you know about the firewall you are scanning?

A.

There is no firewall in place.

B.

This event does not tell you encrypting about the firewall.

C.

It is a stateful firewall

D.

It Is a non-stateful firewall.

Full Access
Question # 109

An ethical hacker is hired to conduct a comprehensive network scan of a large organization that strongly suspects potential intrusions into their internal systems. The hacker decides to employ a combination of scanning tools to obtain a detailed understanding of the network. Which sequence of actions would provide the most comprehensive information about the network's status?

A.

Initiate with Nmap for a ping sweep, then use Metasploit to scan for open ports and services, and finally use Hping3 to perform remote OS fingerprinting

B.

Use Hping3 for an ICMP ping scan on the entire subnet, then use Nmap for a SYN scan on identified active hosts, and finally use Metasploit to exploit identified vulnerabilities

C.

Start with Hping3 for a UDP scan on random ports, then use Nmap for a version detection scan, and finally use Metasploit to exploit detected vulnerabilities

D.

Begin with NetScanTools Pro for a general network scan, then use Nmap for OS detection and version detection, and finally perform an SYN flooding with Hping3

Full Access
Question # 110

What is the most common method to exploit the “Bash Bug” or “Shellshock” vulnerability?

A.

SYN Flood

B.

SSH

C.

Through Web servers utilizing CGI (Common Gateway Interface) to send a malformed environment variable to a vulnerable Web server

D.

Manipulate format strings in text fields

Full Access
Question # 111

When conducting a penetration test, it is crucial to use all means to get all available information about the target network. One of the ways to do that is by sniffing the network. Which of the following cannot be performed by the passive network sniffing?

A.

Identifying operating systems, services, protocols and devices

B.

Modifying and replaying captured network traffic

C.

Collecting unencrypted information about usernames and passwords

D.

Capturing a network traffic for further analysis

Full Access
Question # 112

Heather’s company has decided to use a new customer relationship management tool. After performing the appropriate research, they decided to purchase a subscription to a cloud-hosted solution. The only administrative task that Heather will need to perform is the management of user accounts. The provider will take care of the hardware, operating system, and software administration including patching and monitoring. Which of the following is this type of solution?

A.

SaaS

B.

IaaS

C.

CaaS

D.

PasS

Full Access
Question # 113

Your company, SecureTech Inc., is planning to transmit some sensitive data over an unsecured communication channel. As a cyber security expert, you decide to use symmetric key encryption to protect the data. However,

you must also ensure the secure exchange of the symmetric key. Which of the following protocols would you recommend to the team to achieve this?

A.

Implementing SSL certificates on your company's web servers.

B.

Applying the Diffie-Hellman protocol to exchange the symmetric key.

C.

Switching all data transmission to the HTTPS protocol.

D.

Utilizing SSH for secure remote logins to the servers.

Full Access
Question # 114

Sophia is a shopping enthusiast who spends significant time searching for trendy outfits online. Clark, an attacker, noticed her activities several times and sent a fake email containing a deceptive page link to her social media page displaying all-new and trendy outfits. In excitement, Sophia clicked on the malicious link and logged in to that page using her valid credentials. Which of the following tools is employed by Clark to create the spoofed email?

A.

PyLoris

B.

Slowloris

C.

Evilginx

D.

PLCinject

Full Access
Question # 115

Louis, a professional hacker, had used specialized tools or search engines to encrypt all his browsing activity and navigate anonymously to obtain sensitive/hidden information about official government or federal databases. After gathering the Information, he successfully performed an attack on the target government organization without being traced. Which of the following techniques is described in the above scenario?

A.

Dark web footprinting

B.

VoIP footpnnting

C.

VPN footprinting

D.

website footprinting

Full Access
Question # 116

As a security analyst for Sky Secure Inc., you are working with a client that uses a multi-cloud strategy, utilizing services from several cloud providers. The client wants to implement a system that will provide unified security management across all their cloud platforms. They need a solution that allows them to consistently enforce security policies, identify and respond to threats, and maintain visibility of all their cloud resources. Which of the following should you recommend as the best solution?

A.

Use a hardware-based firewall to secure all cloud resources.

B.

implement separate security management tools for each cloud platform.

C.

Use a Cloud Access Security Broker (CASB).

D.

Rely on the built-in security features of each cloud platform.

Full Access
Question # 117

A cyber attacker has initiated a series of activities against a high-profile organization following the Cyber Kill

Chain Methodology. The attacker is presently in the “Delivery” stage. As an Ethical Hacker, you are trying to

anticipate the adversary's next move. What is the most probable subsequent action from the attacker based on

the Cyber Kill Chain Methodology?

A.

The attacker will attempt to escalate privileges to gain complete control of the compromised system.

B.

The attacker will exploit the malicious payload delivered to the target organization and establish a foothold.

C.

The attacker will initiate an active connection to the target system to gather more data.

D.

The attacker will start reconnaissance to gather as much information as possible about the target.

Full Access
Question # 118

Bob, your senior colleague, has sent you a mail regarding a deal with one of the clients. You are requested to accept the offer and you oblige. After 2 days, Bab denies that he had ever sent a mail. What do you want to ““know”” to prove yourself that it was Bob who had send a mail?

A.

Non-Repudiation

B.

Integrity

C.

Authentication

D.

Confidentiality

Full Access
Question # 119

Rebecca, a security professional, wants to authenticate employees who use web services for safe and secure communication. In this process, she employs a component of the Web Service Architecture, which is an extension of SOAP, and it can maintain the integrity and confidentiality of SOAP messages.

Which of the following components of the Web Service Architecture is used by Rebecca for securing the communication?

A.

WSDL

B.

WS Work Processes

C.

WS-Policy

D.

WS-Security

Full Access
Question # 120

You want to analyze packets on your wireless network. Which program would you use?

A.

Wireshark with Airpcap

B.

Airsnort with Airpcap

C.

Wireshark with Winpcap

D.

Ethereal with Winpcap

Full Access
Question # 121

Which of the following provides a security professional with most information about the system’s security posture?

A.

Phishing, spamming, sending trojans

B.

Social engineering, company site browsing tailgating

C.

Wardriving, warchalking, social engineering

D.

Port scanning, banner grabbing service identification

Full Access
Question # 122

While performing an Nmap scan against a host, Paola determines the existence of a firewall. In an attempt to determine whether the firewall is stateful or stateless, which of the following options would be best to use?

A.

-sA

B.

-sX

C.

-sT

D.

-sF

Full Access
Question # 123

You want to do an ICMP scan on a remote computer using hping2. What is the proper syntax?

A.

hping2 host.domain.com

B.

hping2 --set-ICMP host.domain.com

C.

hping2 -i host.domain.com

D.

hping2 -1 host.domain.com

Full Access
Question # 124

What is the following command used for?

sqlmap.py-u ,,http://10.10.1.20/?p=1 &forumaction=search" -dbs

A.

Creating backdoors using SQL injection

B.

A Enumerating the databases in the DBMS for the URL

C.

Retrieving SQL statements being executed on the database

D.

Searching database statements at the IP address given

Full Access
Question # 125

Alex, a cloud security engineer working in Eyecloud Inc. is tasked with isolating applications from the underlying infrastructure and stimulating communication via well-defined channels. For this purpose, he used an open-source technology that helped him in developing, packaging, and running applications; further, the technology provides PaaS through OS-level visualization, delivers containerized software packages, and promotes fast software delivery. What is the cloud technology employed by Alex in the above scenario?

A.

Virtual machine

B.

Serverless computing

C.

Docker

D.

Zero trust network

Full Access
Question # 126

Which of the following tactics uses malicious code to redirect users' web traffic?

A.

Spimming

B.

Pharming

C.

Phishing

D.

Spear-phishing

Full Access
Question # 127

An audacious attacker is targeting a web server you oversee. He intends to perform a Slow HTTP POST attack, by manipulating 'a' HTTP connection. Each connection sends a byte of data every 'b' second, effectively holding up the connections for an extended period. Your server is designed to manage 'm' connections per second, but any connections exceeding this number tend to overwhelm the system. Given ‘a=100' and variable 'm', along with the attacker's intention of maximizing the attack duration 'D=a*b', consider the following scenarios. Which is most likely to result in the longest duration of server unavailability?

A.

m=110, b=20: Despite the attacker sending 100 connections, the server can handle 110 connections per

second, therefore likely staying operative, regardless of the hold-up time per connection

B.

m=90, b=15: The server can manage 90 connections per second, but the attacker's 100 connections

exceed this, and with each connection held up for 15 seconds, the attack duration could be significant

C.

95, b=10: Here, the server can handle 95 connections per second, but it falls short against the

attacker's 100 connections, albeit the hold-up time per connection is lower

D.

m=105, b=12: The server can manage 105 connections per second, more than the attacker's 100

connections, likely maintaining operation despite a moderate hold-up time

Full Access
Question # 128

Miley, a professional hacker, decided to attack a target organization's network. To perform the attack, she used a tool to send fake ARP messages over the target network to link her MAC address with the target system's IP address. By performing this, Miley received messages directed to the victim's MAC address and further used the tool to intercept, steal, modify, and block sensitive communication to the target system. What is the tool employed by Miley to perform the above attack?

A.

Gobbler

B.

KDerpNSpoof

C.

BetterCAP

D.

Wireshark

Full Access
Question # 129

To hide the file on a Linux system, you have to start the filename with a specific character. What is the character?

A.

Exclamation mark (!)

B.

Underscore (_)

C.

Tilde H

D.

Period (.)

Full Access
Question # 130

An ethical hacker is hired to evaluate the defenses of an organization's database system which is known to employ a signature-based IDS. The hacker knows that some SQL Injection evasion techniques may allow him

to bypass the system's signatures. During the operation, he successfully retrieved a list of usernames from the database without triggering an alarm by employing an advanced evasion technique. Which of the following

could he have used?

A.

Utilizing the char encoding function to convert hexadecimal and decimal values into characters that pass-through SQL engine parsing

B.

Using the URL encoding method to replace characters with their ASCII codes in hexadecimal form

C.

Implementing sophisticated matches such as “OR ‘john' = john" in place of classical matches like "OR 1-1"

D.

Manipulating white spaces in SQL queries to bypass signature detection

Full Access
Question # 131

What is the BEST alternative if you discover that a rootkit has been installed on one of your computers?

A.

Copy the system files from a known good system

B.

Perform a trap and trace

C.

Delete the files and try to determine the source

D.

Reload from a previous backup

E.

Reload from known good media

Full Access
Question # 132

You went to great lengths to install all the necessary technologies to prevent hacking attacks, such as expensive firewalls, antivirus software, anti-spam systems and intrusion detection/prevention tools in your company's network. You have configured the most secure policies and tightened every device on your network. You are confident that hackers will never be able to gain access to your network with complex security system in place.

Your peer, Peter Smith who works at the same department disagrees with you.

He says even the best network security technologies cannot prevent hackers gaining access to the network because of presence of "weakest link" in the security chain.

What is Peter Smith talking about?

A.

Untrained staff or ignorant computer users who inadvertently become the weakest link in your security chain

B.

"zero-day" exploits are the weakest link in the security chain since the IDS will not be able to detect these attacks

C.

"Polymorphic viruses" are the weakest link in the security chain since the Anti-Virus scanners will not be able to detect these attacks

D.

Continuous Spam e-mails cannot be blocked by your security system since spammers use different techniques to bypass the filters in your gateway

Full Access
Question # 133

Alice, a professional hacker, targeted an organization's cloud services. She infiltrated the targets MSP provider by sending spear-phishing emails and distributed custom-made malware to compromise user accounts and gain remote access to the cloud service. Further, she accessed the target customer profiles with her MSP account, compressed the customer data, and stored them in the MSP. Then, she used this information to launch further attacks on the target organization. Which of the following cloud attacks did Alice perform in the above scenario?

A.

Cloud hopper attack

B.

Cloud cryptojacking

C.

Cloudborne attack

D.

Man-in-the-cloud (MITC) attack

Full Access
Question # 134

which type of virus can change its own code and then cipher itself multiple times as it replicates?

A.

Stealth virus

B.

Tunneling virus

C.

Cavity virus

D.

Encryption virus

Full Access
Question # 135

This form of encryption algorithm is asymmetric key block cipher that is characterized by a 128-bit block size, and its key size can be up to 256 bits. Which among the following is this encryption algorithm?

A.

Twofish encryption algorithm

B.

HMAC encryption algorithm

C.

IDEA

D.

Blowfish encryption algorithm

Full Access
Question # 136

There are multiple cloud deployment options depending on how isolated a customer's resources are from those of other customers. Shared environments share the costs and allow each customer to enjoy lower operations expenses. One solution Is for a customer to Join with a group of users or organizations to share a cloud environment. What is this cloud deployment option called?

A.

Hybrid

B.

Community

C.

Public

D.

Private

Full Access
Question # 137

Ricardo has discovered the username for an application in his targets environment. As he has a limited amount of time, he decides to attempt to use a list of common passwords he found on the Internet. He compiles them into a list and then feeds that list as an argument into his password-cracking application, what type of attack is Ricardo performing?

A.

Known plaintext

B.

Password spraying

C.

Brute force

D.

Dictionary

Full Access
Question # 138

Sam, a professional hacker. targeted an organization with intention of compromising AWS IAM credentials. He attempted to lure one of the employees of the organization by initiating fake calls while posing as a legitimate employee. Moreover, he sent phishing emails to steal the AWS 1AM credentials and further compromise the employee's account. What is the technique used by Sam to compromise the AWS IAM credentials?

A.

Social engineering

B.

insider threat

C.

Password reuse

D.

Reverse engineering

Full Access
Question # 139

Windows LAN Manager (LM) hashes are known to be weak.

Which of the following are known weaknesses of LM? (Choose three.)

A.

Converts passwords to uppercase.

B.

Hashes are sent in clear text over the network.

C.

Makes use of only 32-bit encryption.

D.

Effective length is 7 characters.

Full Access
Question # 140

What is the purpose of DNS AAAA record?

A.

Authorization, Authentication and Auditing record

B.

Address prefix record

C.

Address database record

D.

IPv6 address resolution record

Full Access
Question # 141

Tremp is an IT Security Manager, and he is planning to deploy an IDS in his small company. He is looking for an IDS with the following characteristics: - Verifies success or failure of an attack - Monitors system activities Detects attacks that a network-based IDS fails to detect - Near real-time detection and response - Does not require additional hardware - Lower entry cost Which type of IDS is best suited for Tremp's requirements?

A.

Gateway-based IDS

B.

Network-based IDS

C.

Host-based IDS

D.

Open source-based

Full Access
Question # 142

Which utility will tell you in real time which ports are listening or in another state?

A.

Netstat

B.

TCPView

C.

Nmap

D.

Loki

Full Access
Question # 143

Within the context of Computer Security, which of the following statements describes Social Engineering best?

A.

Social Engineering is the act of publicly disclosing information

B.

Social Engineering is the means put in place by human resource to perform time accounting

C.

Social Engineering is the act of getting needed information from a person rather than breaking into a system

D.

Social Engineering is a training program within sociology studies

Full Access
Question # 144

The network administrator at Spears Technology, Inc has configured the default gateway Cisco router's access-list as below:

You are hired to conduct security testing on their network.

You successfully brute-force the SNMP community string using a SNMP crack tool.

The access-list configured at the router prevents you from establishing a successful connection.

You want to retrieve the Cisco configuration from the router. How would you proceed?

A.

Use the Cisco's TFTP default password to connect and download the configuration file

B.

Run a network sniffer and capture the returned traffic with the configuration file from the router

C.

Run Generic Routing Encapsulation (GRE) tunneling protocol from your computer to the router masking your IP address

D.

Send a customized SNMP set request with a spoofed source IP address in the range -192.168.1.0

Full Access
Question # 145

joe works as an it administrator in an organization and has recently set up a cloud computing service for the organization. To implement this service, he reached out to a telecom company for providing Internet connectivity and transport services between the organization and the cloud service provider, in the NIST cloud deployment reference architecture, under which category does the telecom company fall in the above scenario?

A.

Cloud booker

B.

Cloud consumer

C.

Cloud carrier

D.

Cloud auditor

Full Access
Question # 146

what are common files on a web server that can be misconfigured and provide useful Information for a hacker such as verbose error messages?

A.

httpd.conf

B.

administration.config

C.

idq.dll

D.

php.ini

Full Access
Question # 147

Sam is working as a system administrator In an organization. He captured the principal characteristics of a vulnerability and produced a numerical score to reflect Its severity using CVSS v3.0 to property assess and prioritize the organization's vulnerability management processes. The base score that Sam obtained after performing cvss rating was 4.0. What is the CVSS severity level of the vulnerability discovered by Sam in the above scenario?

A.

Medium

B.

Low

C.

Critical

D.

High

Full Access
Question # 148

During the enumeration phase. Lawrence performs banner grabbing to obtain information such as OS details and versions of services running. The service that he enumerated runs directly on TCP port 445.

Which of the following services is enumerated by Lawrence in this scenario?

A.

Server Message Block (SMB)

B.

Network File System (NFS)

C.

Remote procedure call (RPC)

D.

Telnet

Full Access
Question # 149

While scanning with Nmap, Patin found several hosts which have the IP ID of incremental sequences. He then decided to conduct: nmap -Pn -p- -si kiosk.adobe.com www.riaa.com. kiosk.adobe.com is the host with incremental IP ID sequence. What is the purpose of using "-si" with Nmap?

A.

Conduct stealth scan

B.

Conduct ICMP scan

C.

Conduct IDLE scan

D.

Conduct silent scan

Full Access
Question # 150

What is the main security service a cryptographic hash provides?

A.

Integrity and ease of computation

B.

Message authentication and collision resistance

C.

Integrity and collision resistance

D.

Integrity and computational in-feasibility

Full Access
Question # 151

Why containers are less secure that virtual machines?

A.

Host OS on containers has a larger surface attack.

B.

Containers may full fill disk space of the host.

C.

A compromise container may cause a CPU starvation of the host.

D.

Containers are attached to the same virtual network.

Full Access
Question # 152

Password cracking programs reverse the hashing process to recover passwords. (True/False.)

A.

True

B.

False

Full Access
Question # 153

E-mail scams and mail fraud are regulated by which of the following?

A.

18 U.S.C. par. 1030 Fraud and Related activity in connection with Computers

B.

18 U.S.C. par. 1029 Fraud and Related activity in connection with Access Devices

C.

18 U.S.C. par. 1362 Communication Lines, Stations, or Systems

D.

18 U.S.C. par. 2510 Wire and Electronic Communications Interception and Interception of Oral Communication

Full Access
Question # 154

Which of the following statements is FALSE with respect to Intrusion Detection Systems?

A.

Intrusion Detection Systems can be configured to distinguish specific content in network packets

B.

Intrusion Detection Systems can easily distinguish a malicious payload in an encrypted traffic

C.

Intrusion Detection Systems require constant update of the signature library

D.

Intrusion Detection Systems can examine the contents of the data n context of the network protocol

Full Access
Question # 155

What type of analysis is performed when an attacker has partial knowledge of inner-workings of the application?

A.

Black-box

B.

Announced

C.

White-box

D.

Grey-box

Full Access
Question # 156

Suppose that you test an application for the SQL injection vulnerability. You know that the backend database

is based on Microsoft SQL Server. In the login/password form, you enter the following credentials:

Username: attack' or 1=1 -

Password: 123456

Based on the above credentials, which of the following SQL commands are you expecting to be executed by the server, if there is indeed an SQL injection vulnerability?

A.

select * from Users where UserName = 'attack'' or 1=1 -- and UserPassword = '123456'

B.

select * from Users where UserName = 'attack' or 1=1 -- and UserPassword = '123456'

C.

select * from Users where UserName = 'attack or 1=1 -- and UserPassword = '123456'

D.

select * from Users where UserName = 'attack' or 1=1 --' and UserPassword = '123456'

Full Access
Question # 157

Ethical backer jane Doe is attempting to crack the password of the head of the it department of ABC company. She Is utilizing a rainbow table and notices upon entering a password that extra characters are added to the password after submitting. What countermeasure is the company using to protect against rainbow tables?

A.

Password key hashing

B.

Password salting

C.

Password hashing

D.

Account lockout

Full Access
Question # 158

_________ is a tool that can hide processes from the process list, can hide files, registry entries, and intercept keystrokes.

A.

Trojan

B.

RootKit

C.

DoS tool

D.

Scanner

E.

Backdoor

Full Access
Question # 159

You are attempting to crack LM Manager hashed from Windows 2000 SAM file. You will be using LM Brute force hacking tool for decryption. What encryption algorithm will you be decrypting?

A.

MD4

B.

DES

C.

SHA

D.

SSL

Full Access
Question # 160

Gerard, a disgruntled ex-employee of Sunglass IT Solutions, targets this organization to perform sophisticated attacks and bring down its reputation in the market. To launch the attacks process, he performed DNS footprinting to gather information about ONS servers and to identify the hosts connected in the target network. He used an automated tool that can retrieve information about DNS zone data including DNS domain names, computer names. IP addresses. DNS records, and network Who is records. He further exploited this information to launch other sophisticated attacks. What is the tool employed by Gerard in the above scenario?

A.

Knative

B.

zANTI

C.

Towelroot

D.

Bluto

Full Access
Question # 161

Henry Is a cyber security specialist hired by BlackEye - Cyber security solutions. He was tasked with discovering the operating system (OS) of a host. He used the Unkornscan tool to discover the OS of the target system. As a result, he obtained a TTL value, which Indicates that the target system is running a Windows OS. Identify the TTL value Henry obtained, which indicates that the target OS is Windows.

A.

64

B.

128

C.

255

D.

138

Full Access
Question # 162

Which of the following DoS tools is used to attack target web applications by starvation of available sessions on the web server?

The tool keeps sessions at halt using never-ending POST transmissions and sending an arbitrarily large content-length header value.

A.

My Doom

B.

Astacheldraht

C.

R-U-Dead-Yet?(RUDY)

D.

LOIC

Full Access
Question # 163

In order to tailor your tests during a web-application scan, you decide to determine which web-server version is hosting the application. On using the sV flag with Nmap. you obtain the following response:

80/tcp open http-proxy Apache Server 7.1.6

what Information-gathering technique does this best describe?

A.

WhOiS lookup

B.

Banner grabbing

C.

Dictionary attack

D.

Brute forcing

Full Access
Question # 164

This kind of password cracking method uses word lists in combination with numbers and special characters:

A.

Hybrid

B.

Linear

C.

Symmetric

D.

Brute Force

Full Access
Question # 165

Robin, an attacker, is attempting to bypass the firewalls of an organization through the DNS tunneling method in order to exfiltrate data. He is using the NSTX tool for bypassing the firewalls. On which of the following ports should Robin run the NSTX tool?

A.

Port 53

B.

Port 23

C.

Port 50

D.

Port 80

Full Access
Question # 166

Clark, a professional hacker, was hired by an organization lo gather sensitive Information about its competitors surreptitiously. Clark gathers the server IP address of the target organization using Whole footprinting. Further, he entered the server IP address as an input to an online tool to retrieve information such as the network range of the target organization and to identify the network topology and operating system used in the network. What is the online tool employed by Clark in the above scenario?

A.

AOL

B.

ARIN

C.

DuckDuckGo

D.

Baidu

Full Access
Question # 167

What kind of detection techniques is being used in antivirus softwares that identifies malware by collecting data from multiple protected systems and instead of analyzing files locally it's made on the premiers environment-

A.

VCloud based

B.

Honypot based

C.

Behaviour based

D.

Heuristics based

Full Access
Question # 168

George is a security professional working for iTech Solutions. He was tasked with securely transferring sensitive data of the organization between industrial systems. In this process, he used a short-range communication protocol based on the IEEE 203.15.4 standard. This protocol is used in devices that transfer data infrequently at a low rate in a restricted area, within a range of 10-100 m. What is the short-range wireless communication technology George employed in the above scenario?

A.

MQTT

B.

LPWAN

C.

Zigbee

D.

NB-IoT

Full Access
Question # 169

You are trying to break into a highly classified top-secret mainframe computer with highest security system in place at Merclyn Barley Bank located in Los Angeles.

You know that conventional hacking doesn't work in this case, because organizations such as banks are generally tight and secure when it comes to protecting their systems.

In other words, you are trying to penetrate an otherwise impenetrable system.

How would you proceed?

A.

Look for "zero-day" exploits at various underground hacker websites in Russia and China and buy the necessary exploits from these hackers and target the bank's network

B.

Try to hang around the local pubs or restaurants near the bank, get talking to a poorly-paid or disgruntled employee, and offer them money if they'll abuse their access privileges by providing you with sensitive information

C.

Launch DDOS attacks against Merclyn Barley Bank's routers and firewall systems using 100, 000 or more "zombies" and "bots"

D.

Try to conduct Man-in-the-Middle (MiTM) attack and divert the network traffic going to the Merclyn Barley Bank's Webserver to that of your machine using DNS Cache Poisoning techniques

Full Access
Question # 170

Gavin owns a white-hat firm and is performing a website security audit for one of his clients. He begins by running a scan which looks for common misconfigurations and outdated software versions. Which of the following tools is he most likely using?

A.

Nikto

B.

Nmap

C.

Metasploit

D.

Armitage

Full Access
Question # 171

What do Trinoo, TFN2k, WinTrinoo, T-Sight, and Stracheldraht have in common?

A.

All are hacking tools developed by the legion of doom

B.

All are tools that can be used not only by hackers, but also security personnel

C.

All are DDOS tools

D.

All are tools that are only effective against Windows

E.

All are tools that are only effective against Linux

Full Access