CEH cour SET2

Which part of the application handles user requests, directs them to the correct application component, and acts as an intermediary between the model and the view?. Model. View. Controller. Application Server.

Which of the following scanning techniques involves sending the first SYN message and responding with a RST message after receiving the SYN/ACK from the target?. Ping sweep. Xmas scan. SYN scan. UDP scan.

How can footprinting using tools like SpyFu and Whois benefit a hacker's approach to ethical hacking?. It helps identify potential targets and eliminate unsuitable tools. It speeds up the hacking process by automating attacks. It provides access to encrypted network traffic. It actively exploits vulnerabilities in the target systems.

In a Wireshark packet capture, what does the protocol "TCP" indicate in the packet details?. The type of encryption used for the packet. The routing path of the packet across the network. The transport protocol used for the packet. The network layer protocol of the packet.

What does Wireshark's default display format show for the time values in a packet capture?. Relative time since the start of the packet capture. Absolute time of day. Time since 1970 (epoch time). Time since the last packet.

What does the "-X" parameter do in tcpdump?. Displays extra verbose output. Writes captured packets to a file. Disables hostname resolution. Performs a hex dump of packet payload.

What is the purpose of using relative links in a cloned website for a social engineering attack?. To redirect users to a legitimate website. To create fake IP addresses for domain names. To prevent users from accessing the malicious site. To make the site available through a web server.

Which term refers to the practice of tricking individuals into revealing sensitive information, such as passwords or credit card numbers?. Phishing. Injection. Exploitation. Spoofing.

In the context of cryptography, what is the primary purpose of a Certificate Authority (CA)?. To encrypt data before it is transmitted over a network. To store private keys for secure data storage. To verify the identity of certificate holders and issue digital certificates. To manage and protect encryption keys for symmetric cryptography.

What is the primary goal of a bandwidth attack in a denial-of-service scenario?. To compromise the integrity of target systems. To overload the network connection with excessive traffic. To gain unauthorized access to the target application. To manipulate the availability of sensitive data.

A cybersecurity firm is hired by a financial institution to perform a security audit of their systems and ensure compliance with the Federal Managers Financial Integrity Act (FMFIA). The firm's ethical hackers will assess the safeguarding of funds, property, and assets, as well as compliance with applicable laws. Which federal act places the responsibility on organizations to safeguard funds, property, and assets, and ensures compliance with applicable laws, making it important for ethical hackers to assess security measures?. Freedom of Information Act (FoIA). Federal Information Security Management Act (FISMA). Privacy Act of 1974. Federal Managers Financial Integrity Act (FMFIA).

Which type of scan involves sending a packet with no flags set to determine how a target system responds?. FIN scan. Null scan. Xmas scan. SYN scan.

What type of malware is specifically designed to propagate across a network and self-replicate?. Virus. Trojan. Worm. Rootkit.

Why is multifactor authentication (MFA) important in a zero-trust security model?. It guarantees complete protection against all threats. It reduces the need for strong identity management. It ensures that all network traffic is encrypted. It adds an additional layer of user authentication.

Which type of attack exploits the characteristics of DNS responses to create a large volume of traffic directed at a target?. ICMP flood. SYN flood. DNS amplification. Smurf attack.

What is the role of SQL injection in a cyberattack?. It targets network infrastructure to overload servers. It manipulates user credentials for unauthorized access. It encrypts sensitive data to prevent unauthorized access. It replaces legitimate URLs with malicious links.

What is the main purpose of vulnerability research in the context of ethical hacking?. Actively exploiting security holes to gather information. Actively searching for potential security vulnerabilities. Conducting unauthorised penetration tests on systems. Preparing and signing nondisclosure agreements with clients.

Which phase of ethical hacking involves identifying potential vulnerabilities and weak points in a target system?. Reconnaissance. Exploitation. Post-exploitation. Social engineering.

What is the main purpose of demonstrating access in a penetration test?. To identify theoretical vulnerabilities in network services. To exploit listening network services and gain unauthorized access. To prove that a system has been compromised and document the results. To assess the effectiveness of social engineering attacks.

What is the purpose of the UDP checksum validation in tcpdump output?. To ensure proper delivery of UDP packets. To identify encrypted payload data. To calculate the total packet size. To verify the accuracy of captured packets.

Which layer of the OSI model does BPF (Berkeley Packet Filter) filtering operate at?. Application Layer. Transport Layer. Data Link Layer. Network Layer.

What does the term "Google hacking" primarily involve?. Manipulating search engine rankings to promote malicious websites. Exploiting vulnerabilities in the Google search engine. A technique to perform footprinting and information gathering using Google. A method of encrypting communication between hackers.

What is the primary purpose of vulnerability scanning in a cybersecurity assessment?. To exploit vulnerabilities and gain unauthorized access. To identify potential weaknesses in systems and applications. To simulate denial-of-service attacks. To bypass firewalls and intrusion detection systems.

What is the primary goal of XML External Entity (XXE) processing attacks?. Executing malicious scripts in a victim's browser. Stealing session information from cookies. Gaining unauthorized access to system files. Overwhelming a web server's resources.

Which cryptographic technique involves converting plaintext into a scrambled form using a key, making it unreadable without the corresponding key?. Encryption. Hashing. Steganography. Decryption.

What is the purpose of a "honeypot" in cybersecurity?. To intercept and redirect DDoS traffic away from the target system. To attract and gather information about potential attackers. To encrypt sensitive data during transmission. To analyze and identify vulnerabilities in web applications.

Which parameter is used to specify the network interface for capturing packets using tcpdump?. -n. -v. -w. -i.

What is the primary purpose of using elliptic curve cryptography (ECC) in modern encryption?. To increase the key size for stronger encryption. To generate more secure random numbers. To simplify the process of certificate management. To achieve strong encryption with shorter key lengths.

What role does social engineering play in information gathering?. It provides automated tools for reconnaissance. It helps hackers bypass firewalls and intrusion detection systems. It speeds up the hacking process by actively exploiting vulnerabilities. It exploits human interaction to obtain valuable information.

A software vulnerability that allows an attacker to execute arbitrary code or commands on a target system is known as: Malware. Phishing. Buffer overflow. Social engineering.

Which technique involves modifying an executable to hide its malicious behavior and evade detection?. Sandboxing. Obfuscation. Hashing. Virtualization.

What is the purpose of using a VPN (Virtual Private Network) for securing communications?. To prevent malware infections on endpoints. To encrypt network traffic and provide anonymity. To analyze network behavior and detect anomalies. To monitor and control access to network resources.

What is the primary role of the "model" in the model/view/controller pattern of a web application?. Rendering the user interface in the browser. Managing the structure and data of the application, often using a database server for storage. Handling user requests and directing them to the appropriate application component. Interacting with the client device and processing user input.

What is the primary goal of a SQL Injection attack?. To exploit vulnerabilities in cryptographic mechanisms. To manipulate data structures within XML files. To inject malicious SQL queries to manipulate or access a database. To overwhelm a web server's resources using malformed URLs.

What advantage does moving Active Directory to a cloud provider, such as Microsoft Azure, offer in terms of maintenance?. It eliminates the need for user management. It reduces the need for system administration staff. It automates network addressing changes. It provides enhanced encryption for data storage.

Which wireless attack aims to create a rogue access point with the same SSID as a legitimate network to trick users into connecting?. Evil twin attack. Deauthentication attack. Bluesniffing attack. Key reinstallation attack.

Which type of attack involves sending excessive traffic to a target system, causing it to become unavailable to legitimate users?. A. Denial of Service (DoS). Spoofing. Phishing. Man-in-the-Middle (MitM).

What is one potential challenge when using Python for writing malware?. Python has limited compatibility with different operating systems. Python interpreters are slower to execute than compiled programs. Python lacks support for network communication. Python requires a large number of external libraries.

What is the primary purpose of Cuckoo Sandbox?. To perform static analysis of malware samples. To execute malware and identify system changes. To simulate network attacks using custom payloads. To automate the process of code compilation.

What does a Certificate Revocation List (CRL) provide in a Public Key Infrastructure (PKI)?. A list of revoked certificates issued by a Certificate Authority (CA). A list of public keys for encrypting data. A list of valid digital certificates. A list of available cipher suites for secure communication.

What is the term for an ARP response sent without a corresponding ARP request?. Spoofed ARP. ARP flooding. Gratuitous ARP. ARP poisoning.

Which attack involves the reuse of network traffic to force a station to use an encryption key that the attacker already knows?. Evil twin attack. Deauthentication attack. Key reinstallation attack. Bluesniffing attack.

From a security standpoint, what is a potential benefit of resolving vulnerabilities in web applications through a solution like automatic updates and delivery?. It relieves the need for SSL/TLS encryption. It ensures that end users are always running up-to-date software. It reduces the need for third-party services. It eliminates the risk of data exposure during transmission.

What is the primary purpose of URL encoding in SQL injection attacks?. To make the URL look more appealing to users. To convert hexadecimal values to ASCII equivalents. To obscure text and prevent easy detection. To redirect users to a malicious website.

What is the primary function of the "view" component in a web application?. Managing the structure and data of the application. Handling user requests and directing them to the appropriate component. Interacting with the client device and processing user input. Rendering the user interface in the browser.

What is the purpose of the action defined at the beginning of Snort rules, such as "alert" in the provided example?. The action specifies the protocol used in the rule. The action defines the flow direction for the rule. The action determines the type of response or action to take when the rule matches. The action indicates the source and destination addresses for the rule.

What is the purpose of vulnerability scanning in cybersecurity?. To exploit known vulnerabilities in a target system. To identify security weaknesses and potential entry points in a network or system. To launch denial-of-service attacks on network devices. To create and deploy patches for software vulnerabilities.

In the Diffie-Hellman key exchange process, what is the role of the "common secret" color?. It represents the color of the base paint. It is used to encrypt the initial key value. It is exchanged between Alice and Bob to derive the key. It combines the random values added by both Alice and Bob.

Which type of attack involves sending a message via SMS to trick users into taking malicious actions?. Phishing attack. Smishing attack. Bluesniffing attack. Evil twin attack.

What is the main goal of an evil twin attack in wireless security?. To gather information about devices' capabilities and nearby networks. To impersonate a legitimate access point and collect data. To inject malicious scripts into web pages viewed by users.

Which part of the web application is responsible for executing business logic and may use different programming languages based on the application server?. Model. View. Controller. Application Server.

Which of the following is a social engineering attack that involves impersonating a legitimate entity via electronic communication to deceive individuals into revealing sensitive information?. Phishing. Shoulder surfing. Dumpster diving. War driving.

Which of the following Nmap commands launches a stealth SYN scan against each machine in a class C address space where target.example.com resides and tries to determine what operating system is running on each host that is up and running?. nmap -v target.example.com. nmap -sS -O target.example.com/24. nmap -sX -p 22,53,110,143,4564 198.116.*.1-127. nmap -XS -O target.example.com.

How do amplification attacks differ from traditional bandwidth attacks?. Amplification attacks focus on compromising network integrity. Amplification attacks exploit software vulnerabilities. Amplification attacks rely on excessive traffic generation. Amplification attacks use a small amount of input to generate a large response.

What is the difference between a vulnerability assessment and a penetration test?. A vulnerability assessment focuses on identifying weaknesses, while a penetration test attempts to exploit vulnerabilities. A vulnerability assessment simulates real-world attacks, while a penetration test is limited to scanning for known vulnerabilities. A vulnerability assessment only assesses network vulnerabilities, while a penetration test covers all aspects of cybersecurity. A vulnerability assessment uses manual techniques, while a penetration test relies on automated tools.

Which vulnerability scanning tool is commonly used to identify security vulnerabilities and misconfigurations in a network?. Nmap. Metasploit. Wireshark. Nessus.

In tcpdump output, what does "UDP, length 200" indicate?. The number of packets captured. The total size of the captured packet. The size of the UDP header. The amount of payload data.

What is the primary goal of dynamic malware analysis?. To observe the behavior of malware during execution and analyze its actions. To disassemble the malware and analyze its code. To uncover the encryption key used by the malware. To identify the author of the malware.

What is the primary advantage of the Diffie-Hellman key exchange approach?. It allows for the secure transmission of the encryption key. It generates a symmetric key for encryption and decryption. It encrypts messages using a stream cipher. It uses a block cipher with a fixed block size.

What is the primary purpose of a blind SQL injection attack?. To generate random SQL queries and overwhelm the database. To execute malicious code on the target system. To determine if a page is vulnerable to SQL injection. To encrypt data within the database.

What type of attack involves sending a large number of connection requests with fake source IP addresses, overwhelming the target's ability to respond?. DNS amplification. SYN flood. Smurf attack. ICMP flood.

Which type of malware analysis involves observing the behavior of the malware while it is running in a controlled environment?. Static analysis. Dynamic analysis. Behavioral analysis. Signature analysis.

Which type of scan involves sending a packet with the FIN, PSH, and URG flags set to probe for open ports?. Xmas scan. Null scan. SYN scan. ACK scan.

What is the primary function of a honeypot in a network security strategy?. To monitor and correlate network logs. To actively defend against intrusion attempts. To lure and deceive attackers for observation. To prevent unauthorized devices from connecting.

What is the primary goal of a cross-site scripting (XSS) attack?. Intercepting wireless traffic. Manipulating database queries. Creating a rogue access point. Injecting malicious scripts into web pages.

In a wireless deauthentication attack, what is the main goal of forcing stations to reauthenticate?. To disable the stations' wireless capabilities. To reduce the number of steps in the authentication handshake. To capture radio headers for encryption key derivation. To collect information from the authentication and handshake processes.

In the context of disassembly, what is the role of registers in assembly language?. Registers are used to store large amounts of data during program execution. Registers store operands and are used to perform operations in assembly language instructions. Registers hold the disassembled source code of a program. Registers are used to manage memory allocations for the program.

Which cryptographic algorithm uses a pair of keys, one for encryption and another for decryption?. RSA (Rivest‐Shamir‐Adleman). Diffie‐Hellman. DES (Data Encryption Standard). MD5 (Message Digest Algorithm 5).

Which of the following tools is commonly used for open-source vulnerability scanning and management?. Wireshark. Snort. Nessus. Netcat.

Snort is a Linux-based intrusion detection system. Which command enables Snort to use network intrusion detection (NIDS) mode assuming snort.conf is the name of your rules file and the IP address is 192.168.1.0 with Subnet Mask:255.255.255.0?. ./snort -c snort.conf 192.168.1.0/24. ./snort 192.168.1.0/24 -x snort.conf. ./snort -dev -l ./log -a 192.168.1.0/8 -c snort.conf. ./snort -dev -l ./log -h 192.168.1.0/24 -c snort.conf.