Certified Ethical Hacker v12 Topic 2
Question #: 81
Topic #: 1
You are a penetration tester tasked with testing the wireless network of your client Brakeme SA. You are attempting to break into the wireless network with the SSID “Brakeme-Internal.” You realize that this network uses WPA3 encryption.
Which of the following vulnerabilities is the promising to exploit?
A. Cross-site request forgery
B. Dragonblood
C. Key reinstallation attack
D. AP misconfiguration
Selected Answer: B
Question #: 79
Topic #: 1
George is a security professional working for iTech Solutions. He was tasked with securely transferring sensitive data of the organization between industrial systems. In this process, he used a short-range communication protocol based on the IEEE 203.15.4 standard. This protocol is used in devices that transfer data infrequently at a low rate in a restricted area, within a range of 10-100 m.
What is the short-range wireless communication technology George employed in the above scenario?
A. LPWAN
B. MQTT
C. NB-IoT
D. Zigbee
Selected Answer: D
Question #: 77
Topic #: 1
Ethical hacker Jane Smith is attempting to perform an SQL injection attack. She wants to test the response time of a true or false response and wants to use a second command to determine whether the database will return true or false results for user IDs.
Which two SQL injection types would give her the results she is looking for?
A. Out of band and boolean-based
B. Union-based and error-based
C. Time-based and union-based
D. Time-based and boolean-based
Selected Answer: D
Question #: 76
Topic #: 1
Judy created a forum. One day, she discovers that a user is posting strange images without writing comments. She immediately calls a security expert, who discovers that the following code is hidden behind those images:
What issue occurred for the users who clicked on the image?
A. This php file silently executes the code and grabs the user’s session cookie and session ID.
B. The code redirects the user to another site.
C. The code injects a new cookie to the browser.
D. The code is a virus that is attempting to gather the user’s username and password.
Selected Answer: A
Question #: 62
Topic #: 1
Which of the following allows attackers to draw a map or outline the target organization’s network infrastructure to know about the actual environment that they are going to hack?
A. Vulnerability analysis
B. Malware analysis
C. Scanning networks
D. Enumeration
Selected Answer: C
Question #: 57
Topic #: 1
This form of encryption algorithm is a symmetric key block cipher that is characterized by a 128-bit block size, and its key size can be up to 256 bits. Which among the following is this encryption algorithm?
A. HMAC encryption algorithm
B. Twofish encryption algorithm
C. IDEA
D. Blowfish encryption algorithm
Selected Answer: B
Question #: 47
Topic #: 1
Larry, a security professional in an organization, has noticed some abnormalities in the user accounts on a web server. To thwart evolving attacks, he decided to harden the security of the web server by adopting a few countermeasures to secure the accounts on the web server.
Which of the following countermeasures must Larry implement to secure the user accounts on the web server?
A. Retain all unused modules and application extensions.
B. Limit the administrator or root-level access to the minimum number of users.
C. Enable all non-interactive accounts that should exist but do not require interactive login.
D. Enable unused default user accounts created during the installation of an OS.
Selected Answer: B
Question #: 136
Topic #: 1
You’re the security manager for a tech company that uses a database to store sensitive customer data. You have implemented countermeasures against SQL injection attacks. Recently, you noticed some suspicious activities and suspect an attacker is using SQL injection techniques. The attacker is believed to use different forms of payloads in his SQL queries. In the case of a successful SQL injection attack, which of the following payloads would have the most significant impact?
A. UNION SELECT NULL, NULL, NULL — : This payload manipulates the UNION SQL operator, enabling the attacker to retrieve data from different database tables
B. ‘ OR username LIKE ‘%’: This payload uses the LIKE operator to search for a specific pattern in a column
C. ‘ OR ‘1’=’l: This payload manipulates the WHERE clause of an SQL statement, allowing the attacker to view unauthorized data
D. ‘ OR ‘a’=’a; DROP TABLE members; –: This payload combines the manipulation of the WHERE clause with a destructive action, causing data loss
Selected Answer: D
Question #: 190
Topic #: 1
You are the chief cybersecurity officer at CloudSecure Inc., and your team is responsible for securing a cloud based application that handles sensitive customer data. To ensure that the data is protected from breaches, you have decided to implement encryption for both data-at-rest and data-in-transit. The development team suggests using SSL/TLS for securing data in transit. However, you want to also implement a mechanism to detect if the data was tampered with during transmission. Which of the following should you propose?
A. Implement IPsec in addition to SSL/TLS.
B. Switch to using SSH for data transmission.
C. Encrypt data using the AES algorithm before transmission.
D. Use the cloud service provider’s built-in encryption services.
Selected Answer: A
Question #: 191
Topic #: 1
Sarah, a system administrator, was alerted of potential malicious activity on the network of her company. She discovered a malicious program spread through the instant messenger application used by her team. The attacker had obtained access to one of her teammate’s messenger accounts and started sending files across the contact list. Which best describes the attack scenario and what measure could have prevented it?
A. Insecure Patch Management; updating application software regularly
B. Instant Messenger Applications; verifying the sender’s identity before opening any files
C. Rogue/Decoy Applications; ensuring software is labeled as TRUSTED
D. Portable Hardware Media/Removable Devices; disabling Autorun functionality
Selected Answer: B
Question #: 65
Topic #: 1
Which IOS jailbreaking technique patches the kernel during the device boot so that it becomes jailbroken after each successive reboot?
A. Tethered jailbreaking
B. Semi-untethered jailbreaking
C. Semi-tethered jailbreaking
D. Untethered jailbreaking
Selected Answer: D
Question #: 33
Topic #: 1
Security administrator John Smith has noticed abnormal amounts of traffic coming from local computers at night. Upon reviewing, he finds that user data have been exfiltrated by an attacker. AV tools are unable to find any malicious software, and the IDS/IPS has not reported on any non-whitelisted programs.
What type of malware did the attacker use to bypass the company’s application whitelisting?
A. File-less malware
B. Zero-day malware
C. Phishing malware
D. Logic bomb malware
Selected Answer: A
Question #: 44
Topic #: 1
Consider the following Nmap output:
What command-line parameter could you use to determine the type and version number of the web server?
A. -sV
B. -sS
C. -Pn
D. -V
Selected Answer: A
Question #: 40
Topic #: 1
Bella, a security professional working at an IT firm, finds that a security breach has occurred while transferring important files. Sensitive data, employee usernames, and passwords are shared in plaintext, paving the way for hackers to perform successful session hijacking. To address this situation, Bella implemented a protocol that sends data using encryption and digital certificates.
Which of the following protocols is used by Bella?
A. FTPS
B. FTP
C. HTTPS
D. IP
Selected Answer: A
Question #: 93
Topic #: 1
You are using a public Wi-Fi network inside a coffee shop. Before surfing the web, you use your VPN to prevent intruders from sniffing your traffic.
If you did not have a VPN, how would you identify whether someone is performing an ARP spoofing attack on your laptop?
A. You should check your ARP table and see if there is one IP address with two different MAC addresses.
B. You should scan the network using Nmap to check the MAC addresses of all the hosts and look for duplicates.
C. You should use netstat to check for any suspicious connections with another IP address within the LAN.
D. You cannot identify such an attack and must use a VPN to protect your traffic.
Selected Answer: A
Question #: 82
Topic #: 1
What is the common name for a vulnerability disclosure program opened by companies in platforms such as HackerOne?
A. White-hat hacking program
B. Bug bounty program
C. Ethical hacking program
D. Vulnerability hunting program
Selected Answer: B
Question #: 151
Topic #: 1
Recently, the employees of a company have been receiving emails that seem to be from their colleagues, but with suspicious attachments. When opened, these attachments appear to install malware on their systems. The IT department suspects that this is a targeted malware attack. Which of the following measures would be the most effective in preventing such attacks?
A. Disabling Autorun functionality on all drives
B. Avoiding the use of outdated web browsers and email software
C. Regularly scan systems for any new files and examine them
D. Applying the latest patches and updating software programs
Selected Answer: D
Question #: 37
Topic #: 1
Kevin, a professional hacker, wants to penetrate CyberTech Inc’s network. He employed a technique, using which he encoded packets with Unicode characters. The company’s IDS cannot recognize the packets, but the target web server can decode them.
What is the technique used by Kevin to evade the IDS system?
A. Session splicing
B. Urgency flag
C. Obfuscating
D. Desynchronization
Selected Answer: C
Question #: 269
Topic #: 1
Which among the following is the best example of the third step (delivery) in the cyber kill chain?
A. An intruder creates malware to be used as a malicious attachment to an email.
B. An intruder’s malware is triggered when a target opens a malicious email attachment.
C. An intruder’s malware is installed on a targets machine.
D. An intruder sends a malicious attachment via email to a target.
Selected Answer: D
Question #: 237
Topic #: 1
A security analyst is preparing to analyze a potentially malicious program believed to have infiltrated an organization’s network. To ensure the safety and integrity of the production environment, the analyst decided to use a sheep dip computer for the analysis. Before initiating the analysis, what key step should the analyst take?
A. Install the potentially malicious program on the sheep dip computer.
B. Store the potentially malicious program on an external medium, such as a CD-ROM.
C. Run the potentially malicious program on the sheep dip computer to determine its behavior.
D. Connect the sheep dip computer to the organization’s internal network.
Selected Answer: B
Question #: 233
Topic #: 1
Martin, a Certified Ethical Hacker (CEH), is conducting a penetration test on a large enterprise network. He suspects that sensitive information might be leaking out of the network. Martin decides to use network sniffing as part of his testing methodology. Which of the following sniffing techniques should Martin employ to get a comprehensive understanding of the data flowing across the network?
A. Raw Sniffing
B. MAC Flooding
C. ARP Poisoning
D. DNS Poisoning
Selected Answer: A
Question #: 232
Topic #: 1
You are a security analyst of a large IT company and are responsible for maintaining the organization’s security posture. You are evaluating multiple vulnerability assessment tools for your network. Given that your network has a hybrid IT environment with on-premise and cloud assets, which tool would be most appropriate considering its comprehensive coverage and visibility, continuous scanning, and ability to monitor unexpected changes before they turn into breaches?
A. GFI LanCuard
B. Qualys Vulnerability Management
C. Open VAS
D. Nessus Professional
Selected Answer: B
Question #: 298
Topic #: 1
Morris, an attacker, wanted to check whether the target AP is in a locked state. He attempted using different utilities to identify WPS-enabled APs in the target wireless network. Ultimately, he succeeded with one special command-line utility.
Which of the following command-line utilities allowed Morris to discover the WPS-enabled APs?
A. wash
B. net view
C. macof
D. ntptrace
Selected Answer: A
Question #: 296
Topic #: 1
Kate dropped her phone and subsequently encountered an issue with the phone’s internal speaker. Thus, she is using the phone’s loudspeaker for phone calls and other activities. Bob, an attacker, takes advantage of this vulnerability and secretly exploits the hardware of Kate’s phone so that he can monitor the loudspeaker’s output from data sources such as voice assistants, multimedia messages, and audio files by using a malicious app to breach speech privacy.
What is the type of attack Bob performed on Kate in the above scenario?
A. SIM card attack
B. aLTEr attack
C. Spearphone attack
D. Man-in-the-disk attack
Selected Answer: C
Question #: 295
Topic #: 1
Robert, a professional hacker, is attempting to execute a fault injection attack on a target IoT device. In this process, he injects faults into the power supply that can be used for remote execution, also causing the skipping of key instructions. He also injects faults into the clock network used for delivering a synchronized signal across the chip.
Which of the following types of fault injection attack is performed by Robert in the above scenario?
A. Frequency/voltage tampering
B. Optical, electromagnetic fault injection (EMFI)
C. Temperature attack
D. Power/clock/reset glitching
Selected Answer: D
Question #: 293
Topic #: 1
Kevin, an encryption specialist, implemented a technique that enhances the security of keys used for encryption and authentication. Using this technique, Kevin input an initial key to an algorithm that generated an enhanced key that is resistant to brute-force attacks.
What is the technique employed by Kevin to improve the security of encryption keys?
A. Key stretching
B. Public key infrastructure
C. Key derivation function
D. Key reinstallation
Selected Answer: A
Question #: 287
Topic #: 1
Calvin, a software developer, uses a feature that helps him auto-generate the content of a web page without manual involvement and is integrated with SSI directives. This leads to a vulnerability in the developed web application as this feature accepts remote user inputs and uses them on the page. Hackers can exploit this feature and pass malicious SSI directives as input values to perform malicious activities such as modifying and erasing server files.
What is the type of injection attack Calvin’s web application is susceptible to?
A. CRLF injection
B. Server-side template injection
C. Server-side JS injection
D. Server-side includes injection
Selected Answer: D
Question #: 286
Topic #: 1
Harris is attempting to identify the OS running on his target machine. He inspected the initial TTL in the IP header and the related TCP window size and obtained the following results:
TTL: 64 –
Window Size: 5840 –
What the OS running on the target machine?
A. Windows OS
B. Mac OS
C. Linux OS
D. Solaris OS
Selected Answer: C
Question #: 285
Topic #: 1
What would be the purpose of running “wget 192.168.0.15 -q -S” against a web server?
A. Performing content enumeration on the web server to discover hidden folders
B. Using wget to perform banner grabbing on the webserver
C. Flooding the web server with requests to perform a DoS attack
D. Downloading all the contents of the web page locally for further examination
Selected Answer: B
Question #: 284
Topic #: 1
James is working as an ethical hacker at Technix Solutions. The management ordered James to discover how vulnerable its network is towards footprinting attacks. James took the help of an open-source framework for performing automated reconnaissance activities. This framework helped James in gathering information using free tools and resources.
What is the framework used by James to conduct footprinting and reconnaissance activities?
A. OSINT framework
B. WebSploit Framework
C. Browser Exploitation Framework
D. SpeedPhish Framework
Selected Answer: A
Question #: 282
Topic #: 1
When considering how an attacker may exploit a web server, what is web server footprinting?
A. When an attacker creates a complete profile of the site’s external links and file structures
B. When an attacker uses a brute-force attack to crack a web-server password
C. When an attacker implements a vulnerability scanner to identity weaknesses
D. When an attacker gathers system-level data, including account details and server names
Selected Answer: D
Question #: 277
Topic #: 1
Leverox Solutions hired Arnold, a security professional, for the threat intelligence process. Arnold collected information about specific threats against the organization. From this information, he retrieved contextual information about security events and incidents that helped him disclose potential risks and gain insight into attacker methodologies. He collected the information from sources such as humans, social media, and chat rooms as well as from events that resulted in cyberattacks. In this process, he also prepared a report that includes identified malicious activities, recommended courses of action, and warnings for emerging attacks.
What is the type of threat intelligence collected by Arnold in the above scenario?
A. Strategic threat intelligence
B. Operational threat intelligence
C. Technical threat intelligence
D. Tactical threat intelligence
Selected Answer: B
Question #: 275
Topic #: 1
This type of injection attack does not show any error message. It is difficult to exploit as it returns information when the application is given SQL payloads that elicit a true or false response from the server. By observing the response, an attacker can extract sensitive information.
What type of attack is this?
A. Union SQL injection
B. Error-based SQL injection
C. Time-based SQL injection
D. Blind SQL injection
Selected Answer: D
Question #: 274
Topic #: 1
Roma is a member of a security team. She was tasked with protecting the internal network of an organization from imminent threats. To accomplish this task, Roma fed threat intelligence into the security devices in a digital format to block and identify inbound and outbound malicious traffic entering the organization’s network.
Which type of threat intelligence is used by Roma to secure the internal network?
A. Operational threat intelligence
B. Strategic threat intelligence
C. Tactical threat intelligence
D. Technical threat intelligence
Selected Answer: D
Question #: 273
Topic #: 1
Sam, a web developer, was instructed to incorporate a hybrid encryption software program into a web application to secure email messages. Sam used an encryption software, which is a free implementation of the OpenPGP standard that uses both symmetric-key cryptography and asymmetric-key cryptography for improved speed and secure key exchange.
What is the encryption software employed by Sam for securing the email messages?
A. PGP
B. SMTP
C. GPG
D. S/MIME
Selected Answer: C
Question #: 272
Topic #: 1
Which wireless security protocol replaces the personal pre-shared key (PSK) authentication with Simultaneous Authentication of Equals (SAE) and is therefore resistant to offline dictionary attacks?
A. Bluetooth
B. WPA2-Enterprise
C. WPA3-Personal
D. ZigBee
Selected Answer: C
Question #: 271
Topic #: 1
Rebecca, a security professional, wants to authenticate employees who use web services for safe and secure communication. In this process, she employs a component of the Web Service Architecture, which is an extension of SOAP, and it can maintain the integrity and confidentiality of SOAP messages.
Which of the following components of the Web Service Architecture is used by Rebecca for securing the communication?
A. WS-Work Processes
B. WS-Security
C. WS-Policy
D. WSDL
Selected Answer: B
Question #: 270
Topic #: 1
Calvin, a grey-hat hacker, targets a web application that has design flaws in its authentication mechanism. He enumerates usernames from the login form of the web application, which requests users to feed data and specifies the incorrect field in case of invalid credentials. Later, Calvin uses this information to perform social engineering. Which of the following design flaws in the authentication mechanism is exploited by Calvin?
A. User impersonation
B. Insecure transmission of credentials
C. Password reset mechanism
D. Verbose failure messages
Selected Answer: D
Question #: 268
Topic #: 1
A group of hackers were roaming around a bank office building in a city, driving a luxury car. They were using hacking tools on their laptop with the intention to find a free-access wireless network.
What is this hacking process known as?
A. Wardriving
B. Spectrum analysis
C. Wireless sniffing
D. GPS mapping
Selected Answer: A
Question #: 267
Topic #: 1
According to the NIST cloud deployment reference architecture, which of the following provides connectivity and transport services to consumers?
A. Cloud connector
B. Cloud broker
C. Cloud provider
D. Cloud carrier
Selected Answer: D
Question #: 266
Topic #: 1
Geena, a cloud architect, uses a master component in the Kubernetes cluster architecture that scans newly generated pods and allocates a node to them. This component can also assign nodes based on factors such as the overall resource requirement, data locality, software/hardware/policy restrictions, and internal workload interventions.
Which of the following master components is explained in the above scenario?
A. Kube-apiserver
B. Etcd cluster
C. Kube-controller-manager
D. Kube-scheduler
Selected Answer: D
Question #: 265
Topic #: 1
Bill has been hired as a penetration tester and cyber security auditor for a major credit card company.
Which information security standard is most applicable to his role?
A. FISMA
B. Sarbanes-Oxley Act
C. HITECH
D. PCI-DSS
Selected Answer: D
Question #: 264
Topic #: 1
Mirai malware targets IoT devices.
After infiltration, it uses them to propagate and create botnets that are then used to launch which types of attack?
A. MITM attack
B. Password attack
C. Birthday attack
D. DDoS attack
Selected Answer: D
Question #: 263
Topic #: 1
Jacob works as a system administrator in an organization. He wants to extract the source code of a mobile application and disassemble the application to analyze its design flaws. Using this technique, he wants to fix any bugs in the application, discover underlying vulnerabilities, and improve defense strategies against attacks.
What is the technique used by Jacob in the above scenario to improve the security of the mobile application?
A. Reverse engineering
B. App sandboxing
C. Jailbreaking
D. Social engineering
Selected Answer: A
Question #: 261
Topic #: 1
To hide the file on a Linux system, you have to start the filename with a specific character.
What is the character?
A. Tilde (~)
B. Underscore (_)
C. Period (.)
D. Exclamation mark (!)
Selected Answer: C
Question #: 258
Topic #: 1
Jane is working as a security professional at CyberSol Inc. She was tasked with ensuring the authentication and integrity of messages being transmitted in the corporate network. To encrypt the messages, she implemented a security model in which every user in the network maintains a ring of public keys. In this model, a user needs to encrypt a message using the receiver’s public key, and only the receiver can decrypt the message using their private key.
What is the security model implemented by Jane to secure corporate messages?
A. Zero trust network
B. Secure Socket Layer (SSL)
C. Transport Layer Security (TLS)
D. Web of trust (WOT)
Selected Answer: D
Question #: 257
Topic #: 1
What is the following command used for?
A. Retrieving SQL statements being executed on the database
B. Creating backdoors using SQL injection
C. Enumerating the databases in the DBMS for the URL
D. Searching database statements at the IP address given
Selected Answer: C
Question #: 256
Topic #: 1
Which type of attack attempts to overflow the content-addressable memory (CAM) table in an Ethernet switch?
A. DDoS attack
B. Evil twin attack
C. DNS cache flooding
D. MAC flooding
Selected Answer: D
Question #: 255
Topic #: 1
Given below are different steps involved in the vulnerability-management life cycle.
1) Remediation
2) Identify assets and create a baseline
3) Verification
4) Monitor
5) Vulnerability scan
6) Risk assessment
Identify the correct sequence of steps involved in vulnerability management.
A. 2 → 5 → 6 → 1 → 3 → 4
B. 2 → 4 → 5 → 3 → 6 → 1
C. 2 → 1 → 5 → 6 → 4 → 3
D. 1 → 2 → 3 → 4 → 5 → 6
Selected Answer: A
Question #: 252
Topic #: 1
The security team of Debry Inc. decided to upgrade Wi-Fi security to thwart attacks such as dictionary attacks and key recovery attacks. For this purpose, the security team started implementing cutting-edge technology that uses a modern key establishment protocol called the simultaneous authentication of equals (SAE), also known as dragonfly key exchange, which replaces the PSK concept.
What is the Wi-Fi encryption technology implemented by Debry Inc.?
A. WPA
B. WEP
C. WPA3
D. WPA2
Selected Answer: C
Question #: 251
Topic #: 1
A penetration tester is performing the footprinting process and is reviewing publicly available information about an organization by using the Google search engine.
Which of the following advanced operators would allow the pen tester to restrict the search to the organization’s web domain?
A. [allinurl:] B. [location:] C. [site:] D. [link:]
Selected Answer: C
Question #: 249
Topic #: 1
Gregory, a professional penetration tester working at Sys Security Ltd., is tasked with performing a security test of web applications used in the company. For this purpose, Gregory uses a tool to test for any security loopholes by hijacking a session between a client and server. This tool has a feature of intercepting proxy that can be used to inspect and modify the traffic between the browser and target application. This tool can also perform customized attacks and can be used to test the randomness of session tokens.
Which of the following tools is used by Gregory in the above scenario?
A. Wireshark
B. Nmap
C. Burp Suite
D. CxSAST
Selected Answer: C
Question #: 248
Topic #: 1
Henry is a penetration tester who works for XYZ organization. While performing enumeration on a client organization, he queries the DNS server for a specific cached DNS record. Further, by using this cached record, he determines the sites recently visited by the organization’s user.
What is the enumeration technique used by Henry on the organization?
A. DNS zone walking
B. DNS cache snooping
C. DNS cache poisoning
D. DNSSEC zone walking
Selected Answer: B
Question #: 247
Topic #: 1
Alex, a cloud security engineer working in Eyecloud Inc. is tasked with isolating applications from the underlying infrastructure and stimulating communication via well-defined channels. For this purpose, he used an open-source technology that helped him in developing, packaging, and running applications; further, the technology provides PaaS through OS-level virtualization, delivers containerized software packages, and promotes fast software delivery.
What is the cloud technology employed by Alex in the above scenario?
A. Virtual machine
B. Docker
C. Zero trust network
D. Serverless computing
Selected Answer: B
Question #: 245
Topic #: 1
An ethical hacker is testing a web application of a financial firm. During the test, a ‘Contact Us’ form’s input field is found to lack proper user input validation, indicating a potential Cross-Site Scripting (XSS) vulnerability. However, the application has a stringent Content Security Policy (CSP) disallowing inline scripts and scripts from external domains but permitting scripts from its own domain. What would be the hacker’s next step to confirm the XSS vulnerability?
A. Utilize a script hosted on the application’s domain to test the form
B. Try to disable the CSP to bypass script restrictions
C. Inject a benign script inline to the form to see if it executes
D. Load a script from an external domain to test the vulnerability
Selected Answer: B
Question #: 242
Topic #: 1
In the process of footprinting a target website, an ethical hacker utilized various tools to gather critical information. The hacker encountered a target site where standard web spiders were ineffective due to a specific file in its root directory. However, they managed to uncover all the files and web pages on the target site, monitoring the resulting incoming and outgoing traffic while browsing the website manually. What technique did the hacker likely employ to achieve this?
A. Using the Netcraft tool to gather website information
B. Examining HTML source code and cookies
C. Using Photon to retrieve archived URLs of the target website from archive.org
D. User-directed spidering with tools like Burp Suite and WebScarab
Selected Answer: D
Question #: 241
Topic #: 1
During a penetration test, an ethical hacker is exploring the security of a complex web application. The application heavily relies on JavaScript for client-side input sanitization, with an apparent assumption that this alone is adequate to prevent injection attacks. During the investigation, the ethical hacker also notices that the application utilizes cookies to manage user sessions but does not enable the HttpOnly flag. This lack of flag potentially exposes the cookies to client-side scripts. Given these identified vulnerabilities, what would be the most effective strategy for the ethical hacker to exploit this application?
A. Instigate a Distributed Denial of Service (DDoS) attack to overload the server, capitalizing on potential weak server-side security.
B. Implement an SQL Injection attack to take advantage of potential unvalidated input and gain unauthorized database access.
C. Employ a brute-force attack to decipher user credentials, considering the lack of server-side validation.
D. Launch a Cross-Site Scripting (XSS) attack, aiming to bypass the client-side sanitization and exploit the exposure of session cookies.
Selected Answer: D
Question #: 240
Topic #: 1
As an IT intern, you have been asked to help set up a secure Wi-Fi network for a local coffee shop. The owners want to provide free Wi-Fi to their customers, but they are concerned about potential security risks. They are looking for a simple yet effective solution that would not require a lot of technical knowledge to manage. Which of the following security measures would be the most suitable in this context?
A. Disable the network’s SSID broadcast
B. Enable MAC address filtering
C. Require customers to use VPN when connected to the Wi-Fi
D. Implement WPA2 or WPA3 encryption
Selected Answer: D
Question #: 239
Topic #: 1
Your company, SecureTech Inc., is planning to transmit some sensitive data over an unsecured communication channel. As a cyber security expert, you decide to use symmetric key encryption to protect the data. However, you must also ensure the secure exchange of the symmetric key. Which of the following protocols would you recommend to the team to achieve this?
A. Switching all data transmission to the HTTPS protocol.
B. Implementing SSL certificates on your company’s web servers.
C. Utilizing SSH for secure remote logins to the servers.
D. Applying the Diffie-Hellman protocol to exchange the symmetric key.
Selected Answer: D
Question #: 236
Topic #: 1
A large multinational corporation is in the process of evaluating its security infrastructure to identify potential vulnerabilities. After a comprehensive analysis, they found multiple areas of concern, including time of check/time of use (TOC/TOU) errors, improper input handling, and poor patch management. Which of the following approaches will best help the organization mitigate the vulnerability associated with TOC/TOU errors?
A. Regular patching of servers, firmware, operating system, and applications
B. Ensuring atomicity of operations between checking and using data resources
C. Frequently updating firewall configurations to prevent intrusion attempts
D. Implementing stronger encryption algorithms for all data transfers
Selected Answer: B
Question #: 231
Topic #: 1
While performing a security audit of a web application, an ethical hacker discovers a potential vulnerability. The application responds to logically incorrect queries with detailed error messages that divulge the underlying database’s structure. The ethical hacker decides to exploit this vulnerability further. Which type of SQL Injection attack is the ethical hacker likely to use?
A. UNION SQL Injection
B. Error-based SQL Injection
C. In-band SQL Injection
D. Blind/Inferential SQL Injection
Selected Answer: B
Question #: 227
Topic #: 1
A penetration tester is conducting an assessment of a web application for a financial institution. The application uses form-based authentication and does not implement account lockout policies after multiple failed login attempts. Interestingly, the application displays detailed error messages that disclose whether the username or password entered is incorrect. The tester also notices that the application uses HTTP headers to prevent clickjacking attacks but does not implement Content Security Policy (CSP). With these observations, which of the following attack methods would likely be the most effective for the penetration tester to exploit these vulnerabilities and attempt unauthorized access?
A. The tester could exploit a potential SQL Injection vulnerability to manipulate the application’s database.
B. The tester could execute a Brute Force attack, leveraging the lack of account lockout policy and the verbose error messages to guess the correct credentials.
C. The tester could execute a Man-in-the-Middle (MitM) attack to intercept and modify the HTTP headers for a Clickjacking attack.
D. The tester could launch a Cross-Site Scripting (XSS) attack to steal authenticated session cookies, potentially bypassing the clickjacking protection.
Selected Answer: B
Question #: 223
Topic #: 1
A Certified Ethical Hacker is attempting to gather information about a target organization’s network structure through network footprinting. During the operation, they encounter ICMP blocking by the target system’s firewall. The hacker wants to ascertain the path that packets take to the host system from a source, using an alternative protocol. Which of the following actions should the hacker consider next?
A. Use UDP Traceroute in the Linux operating system by executing the ‘traceroute’ command with the destination IP or domain name.
B. Use the ICMP Traceroute on the Windows operating system as it is the default utility.
C. Use the ARIN Whois database search tool to find the network range of the target network.
D. Utilize the Path Analyzer Pro to trace the route from the source to the destination target systems.
Selected Answer: A
Question #: 215
Topic #: 1
You are a cloud security expert at CloudGuard Inc. working with a client who plans to transition their infrastructure to a public cloud. The client expresses concern about potential data breaches and wants to ensure that only authorized personnel can access certain sensitive resources. You propose implementing a Zero Trust security model. Which of the following best describes how the Zero Trust model would enhance the security of their cloud resources?
A. It operates on the principle of least privilege, verifying each request as if it is from an untrusted source, regardless of its location.
B. It encrypts all data stored in the cloud, ensuring only authorized users can decrypt it.
C. It uses multi-factor authentication for all user accounts.
D. It ensures secure data transmission by implementing SSL/TLS protocols.
Selected Answer: A
Question #: 214
Topic #: 1
A cyber attacker has initiated a series of activities against a high-profile organization following the Cyber Kill Chain Methodology. The attacker is presently in the “Delivery” stage. As an Ethical Hacker, you are trying to anticipate the adversary’s next move. What is the most probable subsequent action from the attacker based on the Cyber Kill Chain Methodology?
A. The attacker will attempt to escalate privileges to gain complete control of the compromised system.
B. The attacker will exploit the malicious payload delivered to the target organization and establish a foothold.
C. The attacker will initiate an active connection to the target system to gather more data.
D. The attacker will start reconnaissance to gather as much information as possible about the target.
Selected Answer: B
Question #: 201
Topic #: 1
A large e-commerce organization is planning to implement a vulnerability assessment solution to enhance its security posture. They require a solution that imitates the outside view of attackers, performs well-organized inference-based testing, scans automatically against continuously updated databases, and supports multiple networks. Given these requirements, which type of vulnerability assessment solution would be most appropriate?
A. Inference-based assessment solution
B. Tree-based assessment approach
C. Product-based solution installed on a private network
D. Service-based solution offered by an auditing firm
Selected Answer: D
Question #: 200
Topic #: 1
In the process of setting up a lab for malware analysis, a cybersecurity analyst is tasked to establish a secure environment using a sheep dip computer. The analyst must prepare the testbed while adhering to best practices. Which of the following steps should the analyst avoid when configuring the environment?
A. Installing malware analysis tools on the guest OS
B. Connecting the system to the production network during the malware analysis
C. Simulating Internet services using tools such as INetSim
D. Installing multiple guest operating systems on the virtual machine(s)
Selected Answer: B
Question #: 198
Topic #: 1
As the Chief Information Security Officer (CISO) at a large university, you are responsible for the security of a campus-wide Wi-Fi network that serves thousands of students, faculty, and staff. Recently, there has been a rise in reports of unauthorized network access, and you suspect that some users are sharing their login credentials. You are considering deploying an additional layer of security that could effectively mitigate this issue. What would be the most suitable measure to implement in this context?
A. Implement network segmentation
B. Deploy a VPN for the entire campus
C. Enforce a policy of regularly changing Wi-Fi passwords
D. Implement 802.1X authentication
Selected Answer: D
Question #: 197
Topic #: 1
An ethical hacker is hired to evaluate the defenses of an organization’s database system which is known to employ a signature-based IDS. The hacker knows that some SQL Injection evasion techniques may allow him to bypass the system’s signatures. During the operation, he successfully retrieved a list of usernames from the database without triggering an alarm by employing an advanced evasion technique. Which of the following could he have used?
A. Utilizing the char encoding function to convert hexadecimal and decimal values into characters that pass-through SQL engine parsing
B. Implementing sophisticated matches such as “OR john’ = ‘john'” in place of classical matches like “OR 1=1”
C. Manipulating white spaces in SQL queries to bypass signature detection
D. Using the URL encoding method to replace characters with their ASCII codes in hexadecimal form
Selected Answer: B
Question #: 196
Topic #: 1
You have been given the responsibility to ensure the security of your school’s web server. As a step towards this, you plan to restrict unnecessary services running on the server. In the context of web server security, why is this step considered important?
A. Unnecessary services eat up server memory; save memory resources.
B. Unnecessary services could contain vulnerabilities; minimize the attack surface.
C. Unnecessary services reveal server software; hide software details.
D. Unnecessary services slow down the server; optimize server speed.
Selected Answer: B
Question #: 194
Topic #: 1
As a security consultant, you are advising a startup that is developing an IoT device for home security. The device communicates with a mobile app, allowing homeowners to monitor their homes in real time. The CEO is concerned about potential Man-in-the-Middle (MitM) attacks that could allow an attacker to intercept and manipulate the device’s communication. Which of the following solutions would best protect against such attacks?
A. Use CAPTCHA on the mobile app’s login screen.
B. Implement SSL/TLS encryption for data transmission between the IoT device and the mobile app.
C. Limit the range of the IoT device’s wireless signals.
D. Frequently change the IoT device’s IP address.
Selected Answer: A
Question #: 193
Topic #: 1
As a security analyst for SkySecure Inc., you are working with a client that uses a multi-cloud strategy, utilizing services from several cloud providers. The client wants to implement a system that will provide unified security management across all their cloud platforms. They need a solution that allows them to consistently enforce security policies, identify and respond to threats, and maintain visibility of all their cloud resources. Which of the following should you recommend as the best solution?
A. Use a Cloud Access Security Broker (CASB).
B. Use a hardware-based firewall to secure all cloud resources.
C. Implement separate security management tools for each cloud platform.
D. Rely on the built-in security features of each cloud platform.
Selected Answer: A
Question #: 192
Topic #: 1
A multinational organization has recently faced a severe information security breach. Investigations reveal that the attacker had a high degree of understanding of the organization’s internal processes and systems. This knowledge was utilized to bypass security controls and corrupt valuable resources. Considering this event, the security team is contemplating the type of attack that occurred and the steps they could have taken to prevent it. Choose the most plausible type of attack and a countermeasure that the organization could have employed:
A. Insider attacks and the organization should have implemented robust access control and monitoring.
B. Distribution attack and the organization could have ensured software and hardware integrity checks.
C. Passive attack and the organization should have used encryption techniques.
D. Active attack and the organization could have used network traffic analysis.
Selected Answer: A
Question #: 184
Topic #: 1
Your company suspects a potential security breach and has hired you as a Certified Ethical Hacker to investigate. You discover evidence of footprinting through search engines and advanced Google hacking techniques. The attacker utilized Google search operators to extract sensitive information. You further notice queries that indicate the use of the Google Hacking Database (CHDB) with an emphasis on VPN footprinting. Which of the following Google advanced search operators would be the LEAST useful in providing the attacker with sensitive VPN-related information?
A. location: This operator finds information for a specific location
B. inurl: This operator restricts the results to only the pages containing the specified word in the URL
C. link: This operator searches websites or pages that contain links to the specified website or page
D. intitle: This operator restricts results to only the pages containing the specified term in the title
Selected Answer: C
Question #: 183
Topic #: 1
During an ethical hacking engagement, you have been assigned to evaluate the security of a large organization’s network. While examining the network traffic, you notice numerous incoming requests on various ports from different locations that show a pattern of an orchestrated attack. Based on your analysis, you deduce that the requests are likely to be automated scripts being run by unskilled hackers. What type of hacker classification does this scenario most likely represent?
A. Script Kiddies trying to compromise the system using pre-made scripts.
B. Gray Hats testing system vulnerabilities to help vendors improve security.
C. White Hats conducting penetration testing to identify security weaknesses.
D. Black Hats trying to exploit system vulnerabilities for malicious intent.
Selected Answer: A
Question #: 182
Topic #: 1
During an attempt to perform an SQL injection attack, a certified ethical hacker is focusing on the identification of database engine type by generating an ODBC error. The ethical hacker, after injecting various payloads, finds that the web application returns a standard, generic error message that does not reveal any detailed database information. Which of the following techniques would the hacker consider next to obtain useful information about the underlying database?
A. Utilize a blind injection technique that uses time delays or error signatures to extract information
B. Try to insert a string value where a number is expected in the input field
C. Attempt to compromise the system through OS-level command shell execution
D. Use the UNION operator to combine the result sets of two or more SELECT statements
Selected Answer: A
Question #: 181
Topic #: 1
An organization has been experiencing intrusion attempts despite deploying an Intrusion Detection System (IDS) and Firewalls. As a Certified Ethical Hacker, you are asked to reinforce the intrusion detection process and recommend a better rule-based approach. The IDS uses Snort rules and the new recommended tool should be able to complement it. You suggest using YARA rules with an additional tool for rule generation. Which of the following tools would be the best choice for this purpose and why?
A. yarGen – Because it generates YARA rules from strings identified in malware files while removing strings that also appear in goodware files
B. Koodous – Because it combines social networking with antivirus signatures and YARA rules to detect malware
C. YaraRET – Because it helps in reverse engineering Trojans to generate YARA rules
D. AutoYara – Because it automates the generation of YARA rules from a set of malicious and benign files
Selected Answer: A
Question #: 179
Topic #: 1
As a junior security analyst for a small business, you are tasked with setting up the company’s first wireless network. The company wants to ensure the network is secure from potential attacks. Given that the company’s workforce is relatively small and the need for simplicity in managing network security, which of the following measures would you consider a priority to protect the network?
A. Hide the network SSID
B. Enable WPA2 or WPA3 encryption on the wireless router
C. Implement a MAC address whitelist
D. Establish a regular schedule for changing the network password
Selected Answer: B
Question #: 178
Topic #: 1
In your cybersecurity class, you are learning about common security risks associated with web servers. One topic that comes up is the risk posed by using default server settings. Why is using default settings on a web server considered a security risk, and what would be the best initial step to mitigate this risk?
A. Default settings allow unlimited login attempts; setup account lockout
B. Default settings reveal server software type; change these settings
C. Default settings cause server malfunctions; simplify the settings
D. Default settings enable auto-updates; disable and manually patch
Selected Answer: B
Question #: 147
Topic #: 1
During a red team assessment, a CEH is given a task to perform network scanning on the target network without revealing its IP address. They are also required to find an open port and the services available on the target machine. What scanning technique should they employ, and which command in Zenmap should they use?
A. Use SCTP INIT Scan with the command “-sY”
B. Use UDP Raw ICMP Port Unreachable Scanning with the command “-sU”
C. Use the ACK flag probe scanning technique with the command “-sA”
D. Use the IDLE/IPID header scan technique with the command “-sI”
Selected Answer: D
Question #: 175
Topic #: 1
You are a cybersecurity consultant at SecureIoT Inc. A manufacturing company has contracted you to strengthen the security of their Industrial IoT (IIoT) devices used in their operational technology (OT)environment. They are concerned about potential attacks that could disrupt their production lines and compromise safety. They have an advanced firewall system in place, but you know this alone is not enough. Which of the following measures should you suggest to provide comprehensive protection for their IIoT devices?
A. Increase the frequency of changing passwords on all IIoT devices.
B. Use the same encryption standards for IIoT devices as for IT devices.
C. Rely on the existing firewall and install antivirus software on each IIoT device.
D. Implement network segmentation to separate IIoT devices from the rest of the network.
Selected Answer: D
Question #: 174
Topic #: 1
During a recent vulnerability assessment of a major corporation’s IT systems, the security team identified several potential risks. They want to use a vulnerability scoring system to quantify and prioritize these vulnerabilities. They decide to use the Common Vulnerability Scoring System (CVSS). Given the characteristics of the identified vulnerabilities, which of the following statements is the most accurate regarding the metric types used by CVSS to measure these vulnerabilities?
A. Temporal metric represents the inherent qualities of a vulnerability.
B. Base metric represents the inherent qualities of a vulnerability.
C. Temporal metric involves measuring vulnerabilities based on a specific environment or implementation.
D. Environmental metric involves the features that change during the lifetime of the vulnerability.
Selected Answer: B
Question #: 172
Topic #: 1
An IT company has just implemented new security controls to their network and system setup. As a Certified Ethical Hacker, your responsibility is to assess the possible vulnerabilities in the new setup. You are given the information that the network and system are adequately patched with the latest updates, and all employees have gone through recent cybersecurity awareness training. Considering the potential vulnerability sources, what is the best initial approach to vulnerability assessment?
A. Conducting social engineering tests to check if employees can be tricked into revealing sensitive information
B. Checking for hardware and software misconfigurations to identify any possible loopholes
C. Evaluating the network for inherent technology weaknesses prone to specific types of attacks
D. Investigating if any ex-employees still have access to the company’s system and data
Selected Answer: B
Question #: 168
Topic #: 1
You are a cybersecurity trainee tasked with securing a small home network. The homeowner is concerned about potential “Wi-Fi eavesdropping,” where unauthorized individuals could intercept the wireless communications. What would be the most effective first step to mitigate this risk, considering the simplicity and the residential nature of the network?
A. Disable the network’s SSID broadcast
B. Enable encryption on the wireless network
C. Enable MAC address filtering
D. Reduce the signal strength of the wireless router
Selected Answer: B
Question #: 161
Topic #: 1
You are a security analyst for CloudSec, a company providing cloud security solutions. One of your clients, a financial institution, wants to shift its operations to a public cloud while maintaining a high level of security control. They want to ensure that they can monitor all their cloud resources continuously and receive real-time alerts about potential security threats. They also want to enforce their security policies consistently across all cloud workloads. Which of the following solutions would best meet these requirements?
A. Implement a Virtual Private Network (VPN) for secure data transmission.
B. Deploy a Cloud Access Security Broker (CASB).
C. Use multi-factor authentication for all cloud user accounts.
D. Use client-side encryption for all stored data.
Selected Answer: B
