CEH

Which of the following best describes a Denial-of-Service (DoS) attack?. Exploiting a weakness in an application. Disabling systems or networks by overwhelming them with traffic. Extracting sensitive information from a database. Redirecting user traffic to a fake website.

What is the main function of a SIEM (Security Information and Event Management) system?. Encrypting sensitive information. Aggregating and analyzing security alerts. Monitoring network bandwidth. Conducting social engineering tests.

Which of the following is a legal document that specifies the boundaries of ethical hacking?. Non-Disclosure Agreement. Firewall rule set. Penetration Testing Agreement. Service Level Agreement.

Which of the following is a preventive control for SQL injection attacks?. Encrypting data in transit. Using parameterized queries. Conducting social engineering tests. Disabling unused ports.

What is the purpose of network segmentation in cybersecurity?. To monitor traffic across all network devices. To isolate critical systems and limit access. To increase internet speed for users. To perform regular data backups.

What does a vulnerability assessment aim to identify?. Physical weaknesses in infrastructure. Potential weaknesses in a system that could be exploited. Only malware infections. Company policies on security.

Which of the following is a method for protecting against man-in-the-middle attacks?. Using multi-factor authentication. Enabling a firewall. Encrypting communication channels. Installing antivirus software.

What is an example of a common hashing algorithm?. RSA. AES. MD5. DES.

Which of the following tools is primarily used for vulnerability scanning?. Wireshark. Metasploit. Nessus. Burp Suite.

What type of malware can self-replicate and spread across networks?. Worm. Virus. Trojan. Rootkit.

What is the role of digital certificates in security?. To manage firewall rules. To verify the identity of parties in online communication. To detect vulnerabilities in systems. To monitor network traffic.

Which of the following is a common tool used for packet sniffing?. Nmap. Wireshark. Nessus. Metasploit.

What is the primary goal of ethical hacking?. To gain unauthorized access to data. To protect systems by identifying vulnerabilities. To disrupt online services. To exploit networks.

What type of attack involves an unauthorized individual disguising themselves as a legitimate user or system?. Spoofing. DDoS. Phishing. SQL Injection.

Which of the following is a method for mitigating brute-force attacks?. Using multi-factor authentication. Disabling firewalls. Implementing VPNs. Removing encryption.

What is the purpose of a penetration test?. To train employees on security awareness. To identify and exploit system vulnerabilities. To configure firewalls. To generate encryption keys.

Which of the following best describes the concept of a backdoor?. A form of encryption. A secret entry point into a system. A type of malware that replicates. A method for securing data.

What kind of attack is a cross-site scripting (XSS) attack?. Attack on databases. Injection of malicious code into web pages. Denial of Service attack. Network sniffing.

What is the role of a security operations center (SOC)?. To store encryption keys. To monitor and respond to cybersecurity incidents. To conduct vulnerability scans. To develop software patches.

Which of the following is used to discover open ports on a network?. Wireshark. Nmap. Nessus. Burp Suite.

Which of the following is a common indicator of a phishing attack?. Receiving an unsolicited email asking for login credentials. A system crash without explanation. Slower network performance. Data corruption in databases.

What is the primary difference between symmetric and asymmetric encryption?. Symmetric encryption uses one key, while asymmetric uses two. Asymmetric encryption is faster. Symmetric encryption cannot be used for data in transit. Asymmetric encryption does not require a key.

Which of the following describes a zero-day vulnerability?. A vulnerability that is not yet known to the software vendor. A vulnerability with no mitigation strategy. A vulnerability only found in outdated software. A vulnerability that cannot be exploited remotely.

What is the primary goal of social engineering attacks?. To manipulate individuals into revealing confidential information. To exploit software vulnerabilities. To gain physical access to systems. To destroy hardware.

Which of the following attacks is aimed at locking out users until a ransom is paid?. Worm. Spyware. Ransomware. Keylogger.

Which technique is often used in a man-in-the-middle (MITM) attack?. Traffic interception. Email spoofing. URL hijacking. Phishing.

What does "hashing" refer to in cybersecurity?. Encrypting data to ensure confidentiality. Creating a fixed-size representation of data for integrity checks. Scanning networks for vulnerabilities. Developing secure passwords.

What is the main characteristic of a botnet?. It is a single compromised machine. It is a network of infected machines controlled remotely. It performs encryption on data. It only affects wireless networks.

Which of the following attacks relies on sending multiple fraudulent emails?. Man-in-the-middle. Denial of service. Phishing. Session hijacking.

Which of the following tools is a command-line vulnerability scanner that scans web servers for dangerous files/CGIs?. Snort. Kon-Boot. John the Ripper. Nikto.

Michael, a technical specialist, discovered that the laptop of one of the employees connecting to a wireless point couldn't access the internet, but at the same time, it can transfer files locally. He checked the IP address and the default gateway. They are both on 192.168.1.0/24. Which of the following caused the problem?. The laptop is using an invalid IP address. The laptop and the gateway are not on the same network. The laptop isn't using a private IP address. The gateway is not routing to a public IP address.

Josh, a security analyst, wants to choose a tool for himself to examine links between data. One of the main requirements is to present data using graphs and link analysis. Which of the following tools will meet John's requirements?. Palantir. Maltego. Analyst's Notebook. Metasploit.

What describes two-factor authentication for a credit card (using a card and pin)?. Something you know and something you are. Something you have and something you know. Something you are and something you remember. Something you have and something you are.

Identify a vulnerability in OpenSSL that allows stealing the information protected under normal conditions by the SSL/TLS encryption used to secure the internet?. SL/TLS Renegotiation Vulnerability. POODLE. Heartbleed Bug. Shellshock.

You make a series of interactive queries, choosing subsequent plaintexts based on the information from the previous encryption. What type of attack are you trying to perform?. Adaptive chosen-plaintext attack. Ciphertext-only attack. Known-plaintext attack. Chosen-plaintext attack.

Which of the following does not apply to IPsec?. Provides authentication. Use key exchange. Encrypts the payloads. Work at the Data Link Layer.

Alex, a cybersecurity specialist, received a task from the head to scan open ports. One of the main conditions was to use the most reliable type of TCP scanning. Which of the following types of scanning would Alex use?. NULL Scan. Half-open Scan. TCP Connect/Full Open Scan. Xmas Scan.

Which of the following Nmap options will you use if you want to scan fewer ports than the default?. -p. -sP. -T. -F.

You conduct an investigation and finds out that the browser of one of your employees sent malicious request that the employee knew nothing about. Identify the web page vulnerability that the attacker used to attack your employee?. Cross-Site Request Forgery (CSRF). Command Injection Attacks. File Inclusion Attack. Hidden Field Manipulation Attack.

Which of the following program attack both the boot sector and executable files?. Stealth virus. Polymorphic virus. Macro virus. Multipartite virus.

Which of the following is the type of violation when an unauthorized individual enters a building following an employee through the employee entrance?. Reverse Social Engineering. Tailgating. Pretexting. Announced.

Maria conducted a successful attack and gained access to a linux server. She wants to avoid that NIDS will not catch the succeeding outgoing traffic from this server in the future. Which of the following is the best way to avoid detection of NIDS?. Protocol Isolation. Out of band signaling. Encryption. Alternate Data Streams.

The company "Usual company" asked a cybersecurity specialist to check their perimeter email gateway security. To do this, the specialist creates a specially formatted email message: From: employee76@usualcompany.com To: employee34@usualcompany.com Subject: Test message Date: 5/8/2021 11:22 He sends this message over the Internet, and a "Usual company " employee receives it. This means that the gateway of this company doesn't prevent _____. Email phishing. Email harvesting. Email spoofing. Email masquerading.

How works the mechanism of a Boot Sector Virus?. Moves the MBR to another location on the Random-access memory and copies itself to the original location of the MBR. Overwrites the original MBR and only executes the new virus code. Modifies directory table entries to point to the virus code instead of the actual MBR. Moves the MBR to another location on the hard disk and copies itself to the original location of the MBR.

Which of the options presented below is not a Bluetooth attack?. Bluesnarfing. Bluesmacking. Bluejacking. Bluedriving.

Determine the type of SQL injection: SELECT * FROM user WHERE name='x' AND userid IS NULL; --';. UNION SQL Injection. End of Line Comment. Illegal/Logically Incorrect Query. Tautology.

Viktor, a white hat hacker, received an order to perform a penetration test from the company "Test us". He starts collecting information and finds the email of an employee of this company in free access. Viktor decides to send a letter to this email, "boss@testus.com". He asks the employee to immediately open the "link with the report" and check it. An employee of the company "Test us" opens this link and infects his computer. Thanks to these manipulations, Viktor gained access to the corporate network and successfully conducted a pentest. What type of attack did Viktor use?. Eavesdropping. Piggybacking. Tailgating. Social engineering.

Michael works as a system administrator. He receives a message that several sites are no longer available. Michael tried to go to the sites by URL, but it didn't work. Then he tried to ping the sites and enter IP addresses in the browser and it worked. What problem could Michael identify?. Traffic is blocked on UDP port 69. Traffic is blocked on UDP port 88. Traffic is blocked on UDP port 56. Traffic is blocked on UDP port 53.

Benjamin performs a cloud attack during the translation of the SOAP message in the TLS layer. He duplicates the body of the message and sends it to the server as a legitimate user. As a result of these actions, Benjamin managed to access the server resources to unauthorized access. Cloud Hopper. Side-channel. Cloudborne. Wrapping.

Ivan, an evil hacker, conducts an SQLi attack that is based on True/False questions. What type of SQLi does Ivan use?. DMS-specific SQLi. Compound SQLi. Blind SQLi. Classic SQLi.

Phillip, a cybersecurity specialist, needs a tool that can function as a network sniffer, record network activity, prevent and detect network intrusion. Which of the following tools is suitable for Phillip?. Nessus. Cain & Abel. Snort. Nmap.

With which of the following SQL injection attacks can an attacker deface a web page, modify or add data in a database and compromised data integrity?. Unauthorized access to an application. Information disclosure. Compromised Data Integrity. Loss of data availability.

According to the Payment Card Industry Data Security Standard, when is it necessary to conduct external and internal penetration testing?. At least once every two years and after any significant upgrade or modification. At least one every three years or after any significant upgrade or modification. At least twice a year or after any significant upgrade or modification. At least once a year and after any significant upgrade or modification.

The attacker enters its malicious data into intercepted messages in a TCP session since source routing is disabled. He tries to guess the response of the client and server. What hijacking technique is described in this example?. TCP/IP. RST. Registration. Blind.

Which of the following is a logical collection of internet-connected devices such as computers, smartphones or internet of things (IoT) devices whose security has been breached and control ceded to a third party?. Botnet. Spear Phishing. Rootkit. Spambot.

Rajesh, the system administrator analyzed the IDS logs and noticed that when accessing the external router from the administrator's computer to update the router configuration, IDS registered alerts. What type of an alert is this?. False negative. True negative. True positive. False positive.

Which of the following requires establishing national standards for electronic health care transactions and national identifiers for providers, health insurance plans, and employers?. PCI-DSS. HIPAA. DMCA. SOX.

Let's assume that you decided to use PKI to protect the email you will send. At what layer of the OSI model will this message be encrypted and decrypted?. Session layer. Application layer. Presentation layer. Transport layer.

Mark, the network administrator, must allow UDP traffic on the host 10.0.0.3 and internet traffic in the host 10.0.0.2. In addition to the main task, he needs to allow all FTP traffic to the rest of the network and deny all other traffic. Mark applies his ACL configuration on the router, and everyone has a problem with accessing FTP. In addition, hosts that are allowed access to the internet cannot connect to it. In accordance with the following configuration, determine what happened on the network? access-list 102 deny tcp any any access-list 104 permit udp host 10.0.0.3 any access-list 110 permit tcp host 10.0.0.2 eq www any access-list 108 permit tcp any eq ftp any. The ACL 104 needs to be first because its UDP. The ACL 110 needs to be changed to port 80. The ACL for FTP must be before the ACL 110. The first ACL is denying all TCP traffic, and the router is ignoring the other ACLs.

Suppose your company has implemented identify people based on walking patterns and made it part pf physical control access to the office. The system works according to the following principle: The camera captures people walking and identifies employees, and then they must attach their RFID badges to access the office. Which of the following best describes this technology?. Biological motion cannot be used to identify people. The solution implements the two factors authentication: physical object and physical characteristic. The solution will have a high level of false positives. Although the approach has two phases, it actually implements just one authentication factor.

Which one of the following Google search operators allows restricting results to those from a specific website?. [site:]. [link:]. [inurl:]. [cache:].

Define Metasploit module used to perform arbitrary, one-off actions such as port scanning, denial of service, SQL injection and fuzzing?. Payload module. Auxiliary module. Exploit module. NOPS module.

Which of the following is a network software suite designed for 802.11 WEP and WPA-PSK keys cracking that can recover keys once enough data packets have been captured?. Aircrack-ng. wificracker. WLAN-crack. Airgaurd.

What is an automated software testing technique that involves providing invalid, unexpected, or random data as inputs to a computer program?. Security testing. Concolic Testing. Fuzz testing. Monkey testing.

Which of the following tools is a packet sniffer, network detector and IDS for 802.11(a,b,g,n) wireless LANs?. Nessus. Abel. Kismet. Nmap.

John, a system administrator, is learning how to work with new technology: Docker. He will use it to create a network connection between the container interfaces and its parent host interface. Which of the following network drivers is suitable for John?. Overlay networking. Macvlan networking. Host networking. Bridge networking.

The attacker posted a message and an image on the forum, in which he embedded a malicious link. When the victim clicks on this link, the victim's browser sends an authenticated request to a server. What type of attack did the attacker use?. Session hijacking. SQL injection. Cross-site scripting. Cross-site request forgery.

While using your bank's online servicing you notice the following string in the URL bar: http://www.MyPersonalBank.com/account?id=368940911028389&Damount=10980&Camount= 21 You observe that if you modify the Damount & Camount values and submit the request, that data on the web page reflect the changes. Which type of vulnerability is present on this site?. XSS Reflection. Cookie Tampering. SQL injection. Web Parameter Tampering.

The evil hacker Antonio is trying to attack the IoT device. He will use several fake identifies to create a strong illusion of traffic congestion, affecting communication between neighbouring nodes and networks. What kind of attack does Antonia perform?. Forged malicious device. Side-channel attack. Sybil attack. Exploit kits.

Which of the following can be designated as "Wireshark for CLI"?. Nessus. ethereal. John the Ripper. tcpdump.

What is the purpose of the demilitarized zone?. To scan all traffic coming through the DMZ to the internal network. To provide a place for a honeypot. To add protection to network devices. To add an extra layer of security to an organization's local area network.

Which of the following Nmap's commands allows you to most reduce the probability of detection by IDS when scanning common ports?. nmap -A --host-timeout 99-T1. nmap -sT -O -T0. nmap -sT -O -T2. nmap -A -Pn.

Jack sent an email to Jenny with a business proposal. Jenny accepted it and fulfilled all her obligations. Jack suddenly refused his offer when everything was ready and said taht he had never sent an email. Which of the following digital signature properties will help Jenny prove that Jack is lying?. Authentication. Non-Repudiation. Integrity. Confidentiality.

Identify the standard by the description: A regulation contains a set of guidelines that everyone who processes any electronic data in medicine should adhere to. It includes information on medical practices, ensuring that all necessary measures are in place while saving, accessing, and sharing any electronic medical data to secure patient data. FISMA. HIPAA. COBIT. ISO/IEC 27002.

After several unsuccessful attempts to extract cryptography keys using software methods, Mark is thinking about trying another code-breaking methodology. Which of the following will best suit Mark based on his unsuccessful attempts?. One-Time Pad. Frequency Analysis. Brute-Force. Trickery and Deceit.

What is meant by a "rubber-hose" attack in cryptography?. A backdoor is placed into a cryptographic algorithm by its creator. Attempting to decrypt ciphertext by making logical assumptions about the contents of the original plain text. Extraction of cryptographic secrets through coercion or torture. Forcing the targeted keystream through a hardware-accelerated device such as an ASIC.

Which of the following will allow you to prevent unauthorized network access to local area networks and other information assets by wireless devices?. AISS. WIPS. HIDS. NIDS.

Which of the following cipher is based on factoring the product of two large prime numbers?. MD5. RSA. RC5. SHA-1.

Which of the following web application attack inject the special character elements "Carriage Return" and "Line Feed" into the user's input to trick the web server, web application, or user into believing that the current object is terminated and a new object has been initiated?. HTML injection. Server-Side JS injection. CRLF injection. Log injection.

Which of the following is an encryption technique where data is encrypted by a sequence of photons that have a spinning trait while travelling from one end to another?. Elliptic Curve Cryptography. Quantum Cryptography. Homomorphic. Hardware-Based.

Alex, a cyber security specialist, should conduct a pentest inside the network, while he received absolutely no information about the attacked network. What type of testing will Alex conduct?. Internal, white-box. Internal, black-box. Internal, grey-box. External, black-box.

Which of the following command will help you launch the Computer Management Console from "Run" windows as a local administrator?. gpedit.msc. ncpa.cpl. services.msc. compmgmt.msc.

Which of the following SQL injection attack does an attacker usually bypassing user authentication and extract data by using a conditional OR clause so that the condition of the WHERE clause will always be true?. UNION SQLi. End-of-Line Comment. Tautology. Error-Based SQLi.

John, a cybersecurity specialist, received a copy of the event logs from all firewalls, Intrusion Detection Systems (IDS) and proxy servers on a company's network. He tried to match all the registered events in all the logs, and he found that their sequence didn't match. What can cause such a problem?. The attacker altered events from the logs. A proper chain of custody was not observed while collecting the logs. The security breach was a false positive. The network devices are not all synchronized.

Ivan, a black hat hacker, sends partial HTTP requests to the target web server to exhaust the target server's maximum concurrent connection pool. He wants to ensure that all additional connection attempts are rejected. What type of attack does Ivan implement?. Spoofed Session Flood. Slowloris. HTTP GET/POST. Fragmentation.

Viktor, the white hat hacker, conducts a security audit. He gains control over a user account and tries to access another account's sensitive information and files. How can he do this?. Fingerprinting. Shoulder-Surfing. Privilege Escalation. Port Scanning.

Which of the following options represents a conceptual characteristic of an anomaly-based IDS over a signature-based IDS?. Requires vendor updates for a new threat. Cannot deal with encrypted network traffic. Produces less false positives. Can identify unknown attacks.

Based on the following data, you need to calculate the approximate cost of recovery of the system operation per year: The cost of a new hard drive is $300 The chance of a hard drive failure is 1/3 The recovery specialist earns $10/hour Restore the OS and software to the new hard disk - 10 hours Restore the database form the last backup to the new hard disk - 4 hours Assume the EF = 1 (100%), calculate the SLE, ARO, and ALE. $146. $295. $440. $960.

Andrew is conducting a penetration test. He is now embarking on sniffing the target network. What is not available for Andrew when sniffing the network?. Collecting unencrypted information about usernames and passwords. Modifying and replaying captured network traffic. Capturing network traffic for further analysis. Identifying operating systems, services, protocols, and devices.

Your company has a risk assessment, and according to its results, the risk of a breach in the main company application is 40%. Your cybersecurity department has made changes to the application and requested a re-assessment of the risks. The assessment showed that the risk fell to 12%, with a risk threshold of 20%. Which of the following options would be the best from a business point of view?. Avoid the risk. Accept the risk. Introduce more controls to bring risk to 0%. Limit the risk.

Which of the following command-line flags set a stealth scan for Nmap?. -sM. sU. -sT. -sS.

Wireshark is one of the most important tools for a cybersecurity specialist. It is used for network troubleshooting, analysis, software, etc. You often have to work with a packet bytes pane. In what format is the data presented in this pane?. ASCII only. Decimal. Binary. Hexadecimal.

Identify Secure Hashing Algorithm, which produces a 160-bit digest from a message on principles similar to those used in MD4 and MD5?. SHA-0. SHA-2. SHA-1. SHA-3.

Elon plans to make it difficult for the packet filter to determine the purpose of the packet when scanning. Which of the following scanning techniques will Elon use?. ACK scanning. SYN/FIN scanning using IP fragments. ICMP scanning. IPID scanning.

You analyze the logs and see the following output of logs from the machine with the IP address of 192.168.0.132: Time August 21 11:22:06 Port:20 Source:192.168.0.30 Destination:192.168.0.132 Protocol:TCP Time August 21 11:22:08 Port:21 Source:192.168.0.30 Destination:192.168.0.132 Protocol:TCP Time August 21 11:22:11 Port:22 Source:192.168.0.30 Destination:192.168.0.132 Protocol:TCP Time August 21 11:22:14 Port:23 Source:192.168.0.30 Destination:192.168.0.132 Protocol:TCP Time August 21 11:22:15 Port:25 Source:192.168.0.30 Destination:192.168.0.132 Protocol:TCP Time August 21 11:22:19 Port:80 Source:192.168.0.30 Destination:192.168.0.132 Protocol:TCP Time August 21 11:22:21 Port:443 Source:192.168.0.30 Destination:192.168.0.132 Protocol:TCP What conclusion can you make based on this output?. Port scan targeting 192.168.0.30. Teardrop attack targeting 192.168.0.132. Denial of service attack targeting 192.168.

What is a set of extensions to DNS that provide to DNS clients (resolvers) origin authentication, authenticated denial of existence and data integrity, but not availability or confidentiality?. Zone tranfer. Resource records. Resource tranfer. DNSSEC.

The firewall prevents packets from entering the organization through certain ports and applications. What does this firewall check?. Application layer port numbers and the transport layer headers. Presentation layer headers and session layer port numbers. Application layer headers and transport layer port numbers. Network layer headers and the session layer port numbers ✔✔Application layer headers and transport layer port numbers.

Which of the following protocols is used in a VPN for setting up a secure channel between two devices?. SET. PPP. PEM. IPSEC.

What is a "Collision attack?". Collision attacks try to change the hash. Collision attack on a hash tries to find two inputs producing the same hash value. Collision attacks attempt to recover information from a hash. Collision attacks break the hash into several parts, with the same bytes in each part to get the private key.

You managed to compromise a server with an IP address of10.10.0.5, and you want to get fast a list of all the machines in this network. Which of the following Nmap command will you need?. nmap -T4 -p 10.10.0.0/24. nmap -T4 -r 10.10.1.0/24. nmap -T4 -F 10.10.0.0/24. nmap -T4 -q 10.10.0.0/24.

Identify the type of jailbreaking which allows user-level access and does not allow iboot-level access?. Userland exploit. iBootrom exploit. iBoot exploit. iBoot exploit.

Which regulation defines security and privacy controls for all U.S. federal information systems except those related to national security?. HIPAA. EU Safe Harbor. NIST-800-53. PCI-DSS.

Which of the following methods is best suited to protect confidential information on your laptop which can be stolen while traveling?. Hidden folders. Full disk encryption. Password protected files. BIOS password.

The evil hacker Ivan has installed a remote access trojan on a host. He wants to be sure that when a victim attempts to go to "www.site.com" that the user is directed to a phishing site. Which file should Ivan change in this case?. Boot.ini. Sudoers. Hosts. Networks.

Which of the following UDP ports is usually used by Network Time Protocol (NTP)?. 19. 161. 177. 123.

Black hat hacker Ivan wants to implement a man-in-the-middle attack on the corporate network. For this, he connects his router to the network and redirects traffic to intercept packets. What can the administrator do to mitigate the attack?. Use only static routes in the corporation's network. Use the Open Shortest Path First (OSPF). Redirection of the traffic is not possible without the explicit admin's confirmation. Add message authentication to the routing protocol.

A hacker has gathered information about the daily activities of a target organization, Medical Associates, Inc., including the routine of the Federal Express driver who visits the building at the same time every day. The hacker plans to gain physical access to the building by exploiting the familiarity between the driver and the security personnel. Which of the following steps is the hacker most likely to take next in gaining unauthorized access to the target's network?. Creating a fake identity badge to impersonate an employee during working hours. Sending phishing emails to the receptionist to compromise her computer. Using social engineering to trick the office manager into revealing sensitive information. Hacking into the building's security system to disable the door buzzer.

In this form of encryption algorithm, every individual block contains 64-bit data, and three keys are used, where each key consists of 56 bits. Which is this encryption algorithm?. IDEA. Triple Data Encryption Standard. AES. MD5 encryption algorithm.

John is investigating web-application firewall logs and observers that someone is attempting to inject the following: What type of attack is this?. SQL injection. Buffer overflow. CSRF. XSS.

John, a professional hacker, performs a network attack on a renowned organization and gains unauthorized access to the target network. He remains in the network without being detected for a long time and obtains sensitive information without sabotaging the organization. Which of the following attack techniques is used by John?. Insider threat. Diversion theft. Spear-phishing sites. Advanced persistent threat.

You are attempting to run an Nmap port scan on a web server. Which of the following commands would result in a scan of common ports with the least amount of noise in order to evade IDS?. nmap -A - Pn. nmap -sP -p-65535 -T5. nmap -sT -O -T0. nmap -A --host-timeout 99 -T1.

This wireless security protocol allows 192-bit minimum-strength security protocols and cryptographic tools to protect sensitive data, such as GCMP-256, HMAC-SHA384, and ECDSA using a 384-bit elliptic curve. Which is this wireless security protocol?. WPA3-Personal. WPA3-Enterprise. WPA2-Enterprise. WPA2-Personal.

What are common files on a web server that can be misconfigured and provide useful information for a hacker such as verbose error messages?. httpd.conf. administration.config. php.ini. idq.dll.

Gerard, a disgruntled ex-employee of Sunglass IT Solutions, targets this organization to perform sophisticated attacks and bring down its reputation in the market. To launch the attacks process, he performed DNS footprinting to gather information about DNS servers and to identify the hosts connected in the target network. He used an automated tool that can retrieve information about DNS zone data including DNS domain names, computer names, IP addresses, DNS records, and network Whois records. He further exploited this information to launch other sophisticated attacks. What is the tool employed by Gerard in the above scenario?. Towelroot. Knative. zANTI. Bluto.

Tony is a penetration tester tasked with performing a penetration test. After gaining initial access to a target system, he finds a list of hashed passwords. Which of the following tools would not be useful for cracking the hashed passwords?. Hashcat. John the Ripper. THC-Hydra. netcat.

Which of the following Google advanced search operators helps an attacker in gathering information about websites that are similar to a specified target URL?. [inurl:]. [info:]. [site:]. [related:].

You are a penetration tester working to test the user awareness of the employees of the client XYZ. You harvested two employees’ emails from some public sources and are creating a client-side backdoor to send it to the employees via email. Which stage of the cyber kill chain are you at?. Reconnaissance. Weaponization. Command and control. Exploitation.

While performing an Nmap scan against a host, Paola determines the existence of a firewall. In an attempt to determine whether the firewall is stateful or stateless, which of the following options would be best to use?. -sA. -sX. -sT. -sF.

A newly joined employee, Janet, has been allocated an existing system used by a previous employee. Before issuing the system to Janet, it was assessed by Martin, the administrator. Martin found that there were possibilities of compromise through user directories, registries, and other system parameters. He also identified vulnerabilities such as native configuration tables, incorrect registry or file permissions, and software configuration errors. What is the type of vulnerability assessment performed by Martin?. Database assessment. Host-based assessment. Credentialed assessment. Distributed assessment.

Jane, an ethical hacker, is testing a target organization’s web server and website to identify security loopholes. In this process, she copied the entire website and its content on a local drive to view the complete profile of the site’s directory structure, file structure, external links, images, web pages, and so on. This information helps Jane map the website’s directories and gain valuable information. What is the attack technique employed by Jane in the above scenario?. Session hijacking. Website mirroring. Website defacement. Web cache poisoning.

An organization is performing a vulnerability assessment for mitigating threats. James, a pen tester, scanned the organization by building an inventory of the protocols found on the organization’s machines to detect which ports are attached to services such as an email server, a web server, or a database server. After identifying the services, he selected the vulnerabilities on each machine and started executing only the relevant tests. What is the type of vulnerability assessment solution that James employed in the above scenario?. Service-based solutions. Product-based solutions. Tree-based assessment. Inference-based assessment.

Taylor, a security professional, uses a tool to monitor her company’s website, analyze the website’s traffic, and track the geographical location of the users visiting the company’s website. Which of the following tools did Taylor employ in the above scenario?. Webroot. Web-Stat. WebSite-Watcher. WAFW00F.

Becky has been hired by a client from Dubai to perform a penetration test against one of their remote offices. Working from her location in Columbus, Ohio, Becky runs her usual reconnaissance scans to obtain basic information about their network. When analyzing the results of her Whois search, Becky notices that the IP was allocated to a location in Le Havre, France. Which regional Internet registry should Becky go to for detailed information?. ARIN. LACNIC. APNIC. RIPE.

Harry, a professional hacker, targets the IT infrastructure of an organization. After preparing for the attack, he attempts to enter the target network using techniques such as sending spear-phishing emails and exploiting vulnerabilities on publicly available servers. Using these techniques, he successfully deployed malware on the target system to establish an outbound connection. What is the APT lifecycle phase that Harry is currently executing?. Initial intrusion. Persistence. Cleanup. Preparation.

Robin, a professional hacker, targeted an organization’s network to sniff all the traffic. During this process, Robin plugged in a rogue switch to an unused port in the LAN with a priority lower than any other switch in the network so that he could make it a root bridge that will later allow him to sniff all the traffic in the network. What is the attack performed by Robin in the above scenario?. ARP spoofing attack. STP attack. DNS poisoning attack. VLAN hopping attack.

An attacker utilizes a Wi-Fi Pineapple to run an access point with a legitimate-looking SSID for a nearby business in order to capture the wireless password. What kind of attack is this?. MAC spoofing attack. War driving attack. Phishing attack. Evil-twin attack.

CyberTech Inc. recently experienced SQL injection attacks on its official website. The company appointed Bob, a security professional, to build and incorporate defensive strategies against such attacks. Bob adopted a practice whereby only a list of entities such as the data type, range, size, and value, which have been approved for secured access, is accepted. What is the defensive technique employed by Bob in the above scenario?. Whitelist validation. Output encoding. Blacklist validation. Enforce least privileges.

Joe works as an IT administrator in an organization and has recently set up a cloud computing service for the organization. To implement this service, he reached out to a telecom company for providing Internet connectivity and transport services between the organization and the cloud service provider. In the NIST cloud deployment reference architecture, under which category does the telecom company fall in the above scenario?. Cloud consumer. Cloud broker. Cloud auditor. Cloud carrier.

Bobby, an attacker, targeted a user and decided to hijack and intercept all their wireless communications. He installed a fake communication tower between two authentic endpoints to mislead the victim. Bobby used this virtual tower to interrupt the data transmission between the user and real tower, attempting to hijack an active session. Upon receiving the user’s request, Bobby manipulated the traffic with the virtual tower and redirected the victim to a malicious website. What is the attack performed by Bobby in the above scenario?. aLTEr attack. Jamming signal attack. Wardriving. KRACK attack.

John, a professional hacker, targeted an organization that uses LDAP for accessing distributed directory services. He used an automated tool to anonymously query the LDAP service for sensitive information such as usernames, addresses, departmental details, and server names to launch further attacks on the target organization. What is the tool employed by John to gather information from the LDAP service?. ike-scan. Zabasearch. JXplorer. EarthExplorer.

Annie, a cloud security engineer, uses the Docker architecture to employ a client/server model in the application she is working on. She utilizes a component that can process API requests and handle various Docker objects, such as containers, volumes, images, and networks. What is the component of the Docker architecture used by Annie in the above scenario?. Docker objects. Docker daemon. Docker client. Docker registries.

Bob, an attacker, has managed to access a target IoT device. He employed an online tool to gather information related to the model of the IoT device and the certifications granted to it. Which of the following tools did Bob employ to gather the above information?. FCC ID search. Google image search. search.com. EarthExplorer.

What piece of hardware on a computer’s motherboard generates encryption keys and only releases a part of the key so that decrypting a disk on a new piece of hardware is not possible?. CPU. UEFI. GPU. TPM.

Gilbert, a web developer, uses a centralized web API to reduce complexity and increase the integrity of updating and changing data. For this purpose, he uses a web service that uses HTTP methods such as PUT, POST, GET, and DELETE and can improve the overall performance, visibility, scalability, reliability, and portability of an application. What is the type of web-service API mentioned in the above scenario?. RESTful API. JSON-RPC. SOAP API. REST API.

To create a botnet, the attacker can use several techniques to scan vulnerable machines. The attacker first collects information about a large number of vulnerable machines to create a list. Subsequently, they infect the machines. The list is divided by assigning half of the list to the newly compromised machines. The scanning process runs simultaneously. This technique ensures the spreading and installation of malicious code in little time. Which technique is discussed here?. Subnet scanning technique. Permutation scanning technique. Hit-list scanning technique. Topological scanning technique.

Nicolas just found a vulnerability on a public-facing system that is considered a zero-day vulnerability. He sent an email to the owner of the public system describing the problem and how the owner can protect themselves from that vulnerability. He also sent an email to Microsoft informing them of the problem that their systems are exposed to. What type of hacker is Nicolas?. Black hat. White hat. Gray hat. Red hat.

Sophia is a shopping enthusiast who spends significant time searching for trendy outfits online. Clark, an attacker, noticed her activities several times and sent a fake email containing a deceptive page link to her social media page displaying all-new and trendy outfits. In excitement, Sophia clicked on the malicious link and logged in to that page using her valid credentials. Which of the following tools is employed by Clark to create the spoofed email?. Evilginx. Slowloris. PLCinject. PyLoris.

Sophia is a shopping enthusiast who spends significant time searching for trendy outfits online. Clark, an attacker, noticed her activities several times and sent a fake email containing a deceptive page link to her social media page displaying all-new and trendy outfits. In excitement, Sophia clicked on the malicious link and logged in to that page using her valid credentials. Which of the following tools is employed by Clark to create the spoofed email?. Evilginx. Slowloris. PLCinject. PyLoris.

John, a disgruntled ex-employee of an organization, contacted a professional hacker to exploit the organization. In the attack process, the professional hacker installed a scanner on a machine belonging to one of the victims and scanned several machines on the same network to identify vulnerabilities to perform further exploitation. What is the type of vulnerability assessment tool employed by John in the above scenario?. Agent-based scanner. Network-based scanner. Cluster scanner. Proxy scanner.

Joel, a professional hacker, targeted a company and identified the types of websites frequently visited by its employees. Using this information, he searched for possible loopholes in these websites and injected a malicious script that can redirect users from the web page and download malware onto a victim's machine. Joel waits for the victim to access the infected web application so as to compromise the victim's machine. Which of the following techniques is used by Joel in the above scenario?. Watering hole attack. DNS rebinding attack. MarioNet attack. Clickjacking attack.

Security administrator John Smith has noticed abnormal amounts of traffic coming from local computers at night. Upon reviewing, he finds that user data have been exfiltrated by an attacker. AV tools are unable to find any malicious software, and the IDS/IPS has not reported on any non-whitelisted programs. What type of malware did the attacker use to bypass the company's application whitelisting?. File-less malware. Zero-day malware. Phishing malware. Logic bomb malware.

Dorian is sending a digitally signed email to Poly. With which key is Dorian signing this message and how is Poly validating it?. Dorian is signing the message with his public key, and Poly will verify that the message came from Dorian by using Dorian's private key. Dorian is signing the message with Poly's private key, and Poly will verify that the message came from Dorian by using Dorian's public key. Dorian is signing the message with his private key, and Poly will verify that the message came from Dorian by using Dorian's public key. Dorian is signing the message with Poly's public key, and Poly will verify that the message came from Dorian by using Dorian's public key.

Scenario: Joe turns on his home computer to access personal online banking. When he enters the URL www.bank.com, the website is displayed, but it prompts him to re-enter his credentials as if he has never visited the site before. When he examines the website URL closer, he finds that the site is not secure and the web address appears different. What type of attack he is experiencing?. DHCP spoofing. DoS attack. ARP cache poisoning. DNS hijacking.

Boney, a professional hacker, targets an organization for financial benefits. He performs an attack by sending his session ID using an MITM attack technique. Boney first obtains a valid session ID by logging into a service and later feeds the same session ID to the target employee. The session ID links the target employee to Boney's account page without disclosing any information to the victim. When the target employee clicks on the link, all the sensitive payment details entered in a form are linked to Boney's account. What is the attack performed by Boney in the above scenario?. Forbidden attack. CRIME attack. Session donation attack. Session fixation attack.

Kevin, a professional hacker, wants to penetrate CyberTech Inc's network. He employed a technique, using which he encoded packets with Unicode characters. The company's IDS cannot recognize the packets, but the target web server can decode them. What is the technique used by Kevin to evade the IDS system?. Session splicing. Urgency flag. Obfuscating. Desynchronization.

Suppose that you test an application for the SQL injection vulnerability. You know that the backend database is based on Microsoft SQL Server. In the login/password form, you enter the following credentials: Based on the above credentials, which of the following SQL commands are you expecting to be executed by the server, if there is indeed an SQL injection vulnerability?. select * from Users where UserName = 'attack' ' or 1=1 -- and UserPassword = '123456'. select * from Users where UserName = 'attack' or 1=1 -- and UserPassword = '123456'. select * from Users where UserName = 'attack or 1=1 -- and UserPassword = '123456'. select * from Users where UserName = 'attack' or 1=1 --' and UserPassword = '123456'.

Which of the following commands checks for valid users on an SMTP server?. RCPT. CHK. VRFY. EXPN.

How can footprinting using tools like SpyFu and Whois benefit a hacker's approach to ethical hacking?. It helps identify potential targets and eliminate unsuitable tools. It actively exploits vulnerabilities in the target systems. It provides access to encrypted network traffic. It speeds up the hacking process by automating attacks.

What does Wireshark's default display format show for the time values in a packet capture?. Relative time since the start of the packet capture. Absolute time of day. Time since 1970 (epoch time). Time since the last packet.

Which term refers to the practice of tricking individuals into revealing sensitive information, such as passwords or credit card numbers?. Phishing. Injection. Exploitation. Spoofing.

In the context of cryptography, what is the primary purpose of a Certificate Authority (CA)?. To encrypt data before it is transmitted over a network. To store private keys for secure data storage. To verify the identity of certificate holders and issue digital certificates. To manage and protect encryption keys for symmetric cryptography.

What is the primary goal of a bandwidth attack in a denial-of-service scenario?. To compromise the integrity of target systems. To overload the network connection with excessive traffic. To gain unauthorized access to the target application. To manipulate the availability of sensitive data.

A cybersecurity firm is hired by a financial institution to perform a security audit of their systems and ensure compliance with the Federal Managers Financial Integrity Act (FMFIA). The firm's ethical hackers will assess the safeguarding of funds, property, and assets, as well as compliance with applicable laws. Which federal act places the responsibility on organizations to safeguard funds, property, and assets, and ensures compliance with applicable laws, making it important for ethical hackers to assess security measures?. Freedom of Information Act (FoIA). Federal Information Security Management Act (FISMA). Privacy Act of 1974. Federal Managers Financial Integrity Act (FMFIA).

Why is multifactor authentication (MFA) important in a zero-trust security model?. It guarantees complete protection against all threats. It reduces the need for strong identity management. It ensures that all network traffic is encrypted. It adds an additional layer of user authentication.

What is the main purpose of vulnerability research in the context of ethical hacking?. Actively exploiting security holes to gather information. Actively searching for potential security vulnerabilities. Conducting unauthorised penetration tests on systems. Preparing and signing nondisclosure agreements with clients.