Test CEH v4

Which of the following encryption algorithms uses two large prime numbers?. RSA. AES. El Gamal. RC5.

What can be said about asymmetric encryption?. The two keys are not related mathematically. The two keys are mathematically related. Both keys do the same thing. One key is shared between both parties.

What protection characteristics are in use with IPSec transport mode?. The header is encrypted. Both payload and message are encrypted. It provides authentication to the sender’s data. It provides encryption to the payload only.

Which of the following defines the private, non-routable IP address ranges?. RFC 1929. RFC 1918. NIST 1918. RFC 1921.

Which DNS record maps an IPv4 address to a hostname?. MX. A. AAA. MR.

What type of attack would you use if you wanted to gather passwords using the ticket exchanging protocol commonly used on networks that use Windows servers?. EternalBlue. Smurf. Kerberoasting. Rainbow tables.

You are a disgruntled worker who is trying to access a blocked website at your job. You attempted to use a proxy server, but the website was blocked too. You then attempt to change the URL into another format that may not be blocked by the firewall, such as binary. What are you attempting to do?. URL encoding. URL obfuscation. URL scrambling. URL encryption.

During an annual security training course you are facilitating, you place a call to another employee picked randomly who is not part of the training class. In this call, you state that you work in the help desk department and request their password in order to reset an account you noticed is locked. What risk are you demonstrating?. Social engineering. Weak passwords. Malware being installed by workers. Spam emails circulating the officeSpam emails circulating the office.

If you want to gather passwords from a Wi-Fi network, what technique would you be likely to use?. KRAKEN. BlueSnarf. Evil twin. Rogue AP.

What key size range does RC4 use within WEP?. 32 to 232 bits. 16 to 40 bits. 40 to 256 bits. 40 to 232 bits.

What command in Windows allows you to bring up a list of startup items, including their locations in the Registry or the file system?. Mslookup. MSConfig. Regedit. iexplorer.exe.

How many stages are used in the handshake to establish credentials in WPA/2/3?. Two. Three. Four. Five.

In SQL, what input value or term means everything?. *. ALL. SELECT. FROM.

You are trying to black box test a web application, but it’s being resistant to attack because of an authentication page at the top. What tool would you not use to find some direct access pages?. Metasploit. hping3. dirb. Burp Suite.

In Kerberos, which ticket is presented to a server to grant access to a service?. TGS. KDC. TGT. AS.

If you’ve compromised a system that has multiple network interfaces, what technique could you use to gain access to the other networks using the compromised system?. Kerberoasting. Trampolining. Privilege escalation. Pivoting.

You are sending messages that are used to force a wireless station to continue to send messages to reconnect to the wireless network. What kind of attack is this?. Evil twin. DeauthenticationDeauthentication. KRACK. Rogue AP.

How many different techniques could you use to scan for open UDP ports?. 1. 2. 5. 10.

What method is used to send a malicious URL using a text message?. Smishing. Vishing. Phishing. Whaling.

What tool could you use on a Windows system to collect information about the Windows network, including the workgroup or domain you are connected to?. ipconfig. netstat. MSConfig. nbtstat.

What type of attack might you use if you want to collect credentials by calling a user?. Spam. Social engineering. Whaling. Manipulation.

Which of these would be an example of operational technology?. Programmable logic controller. Wireless access point. Self-driving car. Graphical user interface.

What software technique tests for input values of programs and applications?. Fizzing. Fuzzing. Obfuscating. Encoding.

What might be a quick and easy way to attempt to compromise a mobile device?. SQL injection. Buffer overflow. Remote screen lock. Smishing.

At what stage within Kerberos is the subject authenticated?. When the client presents the TGS ticket. When the client receives the TGT. When the client requests an ST. When the client accesses the resources it requested.

As a black hat, you are targeting a server room that contains important data. Which unconventional method would you use to DoS the entire room?. Target the routers by DDoS. Conduct a Fraggle attack on the servers. Target the HVAC units. Change all the administrator login information.

What tool would you use to look for proof of concept exploit code on a system like Kali or ParrotOS?. Nessus. Zed Attack Proxy. Searchsploit. EDGAR.

What tool could you use to easily create an executable that could be deployed on a system to connect back to a command and control system?. msfvenom. hping3. ven0m0us. OpenVAS.

Which of these tasks would you not use the website Shodan for?. Identifying webcams on the Internet. Identifying industrial control systems on the Internet. Identifying IP address ranges for a company. Identifying default passwords on the Internet.

What rotation cipher uses a matrix to map ciphertext to plain text and back?. Caesar. Vignere. Rot13. Rijndael.

What is the purpose of dividing networks?. To create larger networks. To create more broadcast domains. Ease of management. To aggregate networks together.

Who has responsibility for the operating system in a Platform as a Service (PaaS) offering with a cloud provider?. Client. Provider. Both. Neither.

Which of these would be a very common vulnerability in cloud computing deployments that could lead to exploitation?. Weak encryption. Bad programming. Lack of policies. Weak access management.

Which of the following is the highest classification level used by the U.S. government?. Top Secret. Secret. For Your Eyes Only. Confidential.

What type of attack is being attempted if an application received ABABABABABABABABAB as input to a variable that had been allocated 10 bytes?. Cross-site scripting. Buffer overflow. Heap spraying. Command injection.

What DNS record type is used to look up a hostname from an IP address?. MX. A. PTR. NS.

What technique might a malware author use that would be most effective to evade detection by anti-malware software?. Encryption. Packing. Compression. Polymorphism.

Which of these technologies would you use to remove malware in the network before it got to the endpoint?. Antivirus. Endpoint detection and response. Stateful firewall. Unified threat management device.

What online database could you use to locate source code that could help you compromise a system?. LinkedIn. Exploit-DB. Metasploit-DB. Twitter.

Which of these utilities would you use to capture passwords from the system Registry as well as from memory of a compromised system?. Nmap. LSASS. CryptCat. Mimikatz.

What technique may be the most effective at compromising a mobile device?. Port scanning. App Store. Password compromise. Phishing.

In the TCP three-way handshake, which is next after the initial SYN packet is sent?. An ACK is received. A SYN is received. A SYN/ACK is sent. An ACK is sent.

Which attack would be less likely to be successful against a web application in a cloud-native application architecture?. SQL injection. Cross-site scripting. XML external entity. Cross-site request forgery.

Which flag is used to terminate a connection that is only partially open?. FIN. RST. URG. SYN.

Which character means NOT when defining a Snort rule?. N. !. #. %.

What do NTFS alternate data streams provide?. They can hide a file behind another file. They prevent a file from being changed. They prevent a file from being moved. They prevent an unauthorized user from viewing the file.

What protocol would you be most likely to use to get a system on your local network to send you traffic that should be sent to another system instead?. SNMP. SMTP. FTP. ARP.

Which option describes the act of rummaging through trash to find important data?. Dumpster swimming. Social engineering. Dumpster collection. Dumpster diving.

As a black hat, you forge an identification badge and dress in clothes associated with a maintenance worker. You attempt to follow other maintenance personnel as they enter the power grid facility. What are you attempting to do?. Piggybacking. Social engineering. Tailgating. Impersonating.

Chris decides to download some music from a website while at work. When he opens the music files, a pop-up notification informs Chris that he must send $500 US to a PayPal account using the email address Shoju@scorpion.ru if he wants access to his system again. What do you think Chris may have installed?. Ransomware. Adware. Cryptoware. Trojan.

What server configuration groups them together and provides redundancy and fault tolerance?. Clustering. High availability. Fault tolerance. Server redundancy.

What type of label is given to a subject for security reasons?. Classification. Clearance. Secret. Confidential.

What do you need to enable on a network interface that allows you to see the radio headers in the communication?. Promiscuous mode. Radio mode. Monitor mode. Capture mode.

What mode on a network interface is necessary to capture traffic?. Promiscuous mode. Monitor mode. Capture mode. Interface mode.

As a security administrator, your web application firewall logs show the following. What do you think is going on? 10; DROP TABLE users --. CSRF. SQLI. XSS. XXE.

What is it called when you use a victim system as a router to get to other networks behind the compromised system?. Piggybacking. Social engineering. Pivoting. Auto-networking.

On what default port(s) does SCP operate?. TCP port 22. TCP port 21. TCP port 24. TCP ports 21 and 22.

Which key is used to encrypt messages to the owner of a certificate when using asymmetric encryption?. Public key. Private key. Symmetric key. PGP key.

For an anomaly-based IPS to run optimally, what first must be determined?. Updated signatures. Accurate rules set. Updated firmware. Network baseline set.

Which of the following attacks uses UDP packets to target the broadcast address and cause a DDoS?. Smurf. Fraggle. Land. Teardrop.

Which tool causes sockets to be used up and can cause services to freeze or crash?. Nmap. Slowloris. Cain & Abel. John the Ripper.

Which of these is a protocol might you expect to see used in an industrial control system to communicate with programmable logic controllers?. SCADA. Modbus. SMTP. SSH.

What do you call the simple device that is used to manage the lowest-level elements of an industrial control system?. Human machine interface. Object. Programmable logic controller. ICS.

What is a computing platform that provides a solution, hosted with a service provider, that customers could build applications on top of?. Platform as a Service. Software as Service. FTP. Web application.

What is the act of looking over the shoulder of a victim to capture the information being displayed on their machine?. Piggybacking. Impersonation. Shoulder surfing. Shoulder peering.

Which protocol has IPSec support natively?. IPv4. IPv6. IPX. AppleTalk.

Which of the following is used to control and monitor the web communications of users to the outside world?. NAT. IPSec. PAT. Proxy.

Which of the following allows networks to be subnetted into various sizes?. NAT. CIDR. OSPF. BGP.

As a network administrator, you are tasked to separate different networks in order to increase security. By doing so, you attempt to create networks for users with a “need to know” policy. What can you do to ensure that only the workstations for those users participate in those layer 2 networks?. Create broadcast multiple domains. Create VLANs. Maintain the collision domains. Implement a VPN solution.

At what layer does ICMP operate?. Layer 2. Layer 3. Layer 5. Layer 4.

What is an easy way to gather credentials from wireless users?. Deauthentication attack. Man in the middle. Evil twin. Rogue AP.

Why is address space layout randomization successful against buffer overflow attacks?. Return address keeps changing. Stack no longer exists. Return address is wrapped. Stack pointer moves.

Which type of network uses a group of zombie computers to carry out the commands of the bot master?. Zombie net. Zombie group. Botnet. Bot heard.

What protocol does the EternalBlue exploit make use of?. SMTP. RPC. Kerberos. SMB.

Why would an attacker use a Trojan?. To cause a DoS on a computer. To delete files on a computer. To encrypt the system. To get a user to run it.

Which of the following applications allows you to crack WEP passwords in a wireless network?. Cain & Abel. Wireshark. Traceroute. John the Ripper.

What tool could you use if you wanted to identify directories that did not show up in the spider of a website?. Wireshark. DIRB. Kismet. Setoolkit.

What tool could you use to fully automate a social engineering attack, like sending out a phishing campaign?. Nmap. Metasploit. Setoolkit. Aircrack.

What tool could you use to assist in capturing radio headers on wireless networks?. Nmap. Ettercap. Airmon-ng. Ophcrack.

You find the fping executable on a system. What was someone likely doing?. Crafting packets. Ping sweeps. Port scans. Exploiting a vulnerability in ICMP.

Which of the following devices allows an attacker to collect all the data traffic with minimal effort?. Layer 2 switch. Bridge. Router. Hub.

Which of the following describes a network appliance that acts as an intermediary server?. Stateful firewall. Packet filter firewall. Proxy firewall. Data server.

With Platform as a Service, which of these would you, as a consumer of the service, not be responsible for?. Application code. Customer database. Payment processing. Operating system.

What security property do you get from the use of a digital signature with email messages?. Confidentiality. Utility. Non-repudiation. Integrity.

Which of the following algorithms successfully implemented the public key cryptosystem?. AES. El Gammal. Diffie-Hellman. RSA.

What self-describing data description language might commonly be used to store or transmit information in a cloud-native application?. YAML. JSON. C. SQL.

Where would you go to get the name and contact information for the administrator of a domain?. DNS. EDGAR. RIR. LinkedIn.

A message that carries data and acknowledgments is called what?. Segment. Packet. Frame. Nibble.

You have located an RMI server on a target network. What information would you want to get from that server?. Development language. Applications being hosted. Developer identification. Protocol being used.

Which of the following is considered an AAA server?. Kerberos. Solaris. Apache. Exchange.

What does a stack pointer do?. It points to the next memory pointer in the stack. It points at the bottom of the stack. Memory does not use a stack pointer. It points at the top of the stack.

Apache OpenOffice and Microsoft Office have a built-in feature that allows the user to automate a series of specified commands. These commands usually assist with daily routine tasks. This feature can be used in conjunction with launching malware. What feature is this?. File sharing services. Object Link. Macro. Compression.

In virus scanning, what is the telltale sign of a virus?. Hash value. Signature. Definition. Trojan.

When a security administrator is trying to reduce physical access to the backup vault, what type of control will they implement?. Physical control. Technical control. Administrative control. Logical control.

What does a vulnerability scanner like Nessus not use to identify vulnerabilities?. Exploited service. Banners. Application headers. Vulnerability signature.

What type of attack would you be conducting in a car using a laptop with a Wi-Fi card in it?. Wardriving. DoS. Scanning. War dialing.

In Linux, how would you create a new user in terminal?. # useradd /home/samarea ssamarea. >useradd raeleah. cuser ray_j /home/ray_j. useradd savion.

In Linux, what method uses a brute-force effort to locate a file?. find. grep. |. search.

Which of the following would you not be able to access using an XML external entity injection attack?. Internal web page. File on the target system. User cookie from the browser. Network configuration.

As a white hat, your customer asks what type of assessments you can conduct. What are they?. Risk, threat, and vulnerability. Malware, risk, and exploit. Risk, vulnerability, and exploits. Risk, mitigation, and vulnerability.

A method that defends against a flooding attack and massive DoS attacks is referred to as what?. Defense in depth. Spam blocker. Flood safe. Flood guard.

A firewall that blocks all traffic by default is known as what?. Implicit allow. Implicit deny. Deny all. Implicit prevent all.

On which UDP ports does SNMP operate?. 53. 160 and 161. 161 and 162. 167.

In IPSec, what is known as the security association manager?. IKE. ISAKMP. VPN. ESP.

In WPA2, what AAA server can be used in the enterprise configuration?. RADIUS. Exchange. Solaris. NetWare.

The act of falsifying data is also known as what?. Boink. Packet crafting. Spoofing. Data diddling.

What would you use to inspect HTTP messages to determine whether there was attack traffic in the message so a decision could be made about whether to allow the traffic or not?. Stateful firewall. Anti-malware. Load balancer. Web application firewall.

As a black hat, you are sending inputs to a web application to be sent to the LDAP server. What are you trying to conduct?. SQL injection. X.25 injection. LDAP injection. LDAP fuzzing.

Which of the following allows the adversary to jump from the web directory to another part of the file system?. Directory traversal. Pivoting. Directory hopping. Directory shifting.

When applications create variable memory segments in a dynamic fashion, what type of memory is being used?. Stack. Heap. Virtual memory. Virtual stack.

As part of hardening a server, which of the following would the administrator want to configure prior to putting it into the DMZ?. Disable unnecessary ports. Open all ports. Disable all accounts. Reduce file restrictions.

This fragment is found in web server logs. What kind of attack is likely to be happening? && cat /etc/shadow. SQL injection. XML external entity. Cross-site request forgery. Command injection.

What is a unique identifier that is used in Snort?. SID. ID. PID. NID.

Which of the following tools can be used to steal cookies between a client and a server to use in a replay attack?. Mouse. Ferret. Ratpack. Nezumi.

Which option describes the architecture in the following image?. Kerberos. SESAME. TACACS. RADIUS.

What type of operation is being conducted in the following image?. Grant. Create. Take. Revoke.

What is missing from the following diagram?. Signature. Plain text. Hash value. Ciphertex.

What is missing from the following diagram?. Verification. Hashed value. Digital signature. Public key encrypting.

What would be the results of this XOR?. 01011000. 10100101. 10100111. 10010100.

What type of cipher is being depicted in the following image?. Caesar cipher. Polyalphabetic cipher. Monalphabetic cipher. One-time key pad.

What is the name of pointer that is missing in the following diagram?. SP. HP. MP. BP.

In the following screen shot, what sequence completes the three-way handshake with 23.253.184.229?. 5025. 1. 74. 64.

In the following screen shot, what flag is set on frame 57523?. 0x02. 0x00. 0x01. 0x20.

What tool could you safely use to perform dynamic analysis on a malware sample?. strings. Cuckoo Sandbox. Ollydbg. Cutter.

As seen in the following screen shot, is the current connection vulnerable to Heartbleed?. No. Heartbleed affects TLS 1.0.1 to 1.0.1f. No. Heartbleed affects only SSL 3.0. There is not enough information to tell. Heartbleed is not the vulnerability; it is a heartbeat.