Test CEHv5

When an attacker is querying for a number of services or login information on a target system, what are they trying to accomplish?. Enumeration. Scanning. Footprinting. Fingerprinting.

Which of the following allows the adversary to obtain password information over the network in a passive manner?. Sniffing. Man in the middle. Password cracking. Account creation.

Which of the following passwords will take the most effort to crack?. P@$$w0rd. Pass123. $@($)!_. Thisismypasswordandnoonecanstealit.

Where are logs located on Linux systems?. /home/log. /var/log. /log/. /home/system32/log.

In Linux, which of the following accounts denotes the administrator?. Admin. Administrator. root. su.

Which of the following is another name for NAT overload?. PAT. NAT+. NAT port. PAT overload.

Which of the following is part of the overall portion of the SID?. UID. RID. USD. L5R.

What is accomplished by a combination of ping sweeping and port scanning a target?. Fingerprinting. Footprinting. Reconnaissance. Identification.

What response time measurement is used by default within the tracert program?. Seconds. Milliseconds. Minutes. None of the above.

What is the encryption key length in DES?. 64. 128. 56. 80.

Which of the following encryption ciphers replaced DES and was renamed AES?. RSA. AES. Rijndael. RC5.

What completes the three-way handshake in the TCP connection?. RST. SYN/ACK. ACK. FIN.

Using XOR, which of the following outputs a value of 1?. 0 + 1. 1 and 1. 0 and 0. 1 and 0.

What would you use an intrusion detection system for?. Blocking traffic. Filtering traffic based on header information. Generating alerts on traffic. Logging system messages.

Which of the following allows you to quickly search for websites that are vulnerable to SQL injections?. Google Dorks. Bing hacks. Tracert. 1=1'.

What is the size of each of the fields in a UDP header?. 16 bits. 32 bits. 8 bytes. 16 bytes.

The guest account under a Windows system has the RID of what?. Not a RID, but a SID of 502. RID 501. RID 1001. RID 1000.

When trying to identify all the workstations responding on a subnet, what is the quickest method you might choose?. Port scan. Anonymizer. Ping sweep. Web crawler.

What is the default port used for DNS?. 80. 22. 8080. 53.

Which of the following tools can be used to crack passwords?. Cain & Abel. ToneLoc. Wireshark. WarVOX.

Which flags would create a half-open connection if they are not responded to?. FIN. SYN. SYN/ACK. URG.

Which tool can be used to query DNS?. Twofish. Cain & Abel. WarVOX. dig.

Using Snort, which rule type allows for notification only if there is a match?. Drop. Alert. Pass. Block.

Which switch in Nmap allows for a full TCP connect scan?. -sS. -sU. -FC. -sT.

What type of control is a firewall?. Barrier. Administrator. Logical. Physical.

Which of the following denotes the root directory in Linux OS?. \. /. C:\. root/.

You call into the city manager’s office claiming to be a part of the help desk team. You ask the clerk for her username and password to install the latest Microsoft Office suite. What type of attack are you conducting?. Social engineering. Piggybacking. Masquerading. Tailgating.

You are driving in your vehicle looking for wireless access points to connect to. What type of attack are you conducting?. War dialing. Drive-by scanning. Warchalking. Wardriving.

What is the process called when you’re trying to inject bogus entries into the ARP table?. Enumeration. RARP. ARP poisoning. L2 dumping.

What type of application design is being used if the application is written using nothing but AWS Lambda functions?. Service-oriented. Virtualized. Serverless. Infrastructure as a Service.

An attacker was able to install a device at an unattended workstation and was able to recover passwords, account information, and other information the next day. What did the black hat install?. Keylogger. Key scanner. Rootkit. Trojan.

What command has been used to display the network configuration in Linux OS?. ipconfig. netstat. ls. ifconfig.

What directory holds the basic commands in the Linux OS?. /etc. /bin. /. /config.

An attacker is dressed as a postal worker. Holding some large boxes, he follows a group of workers to make his drop-off in the back of the facility. What is the attacker trying to conduct?. Phishing. Sliding. Piggybacking. Shimming.

What system element is used to store information and is installed by the web server?. A text file. Cookies. HTML file. XML file.

You are walking around downtown picking up on open wireless access points. As you identify these access points, you place a symbol on a nearby building. What activity are you conducting?. War walking. Wardriving. Footprinting. Warchalking.

What type of virus can change or rewrite itself every time it infects a new file?. Polymorphic virus. Metamorphic virus. Trojan virus. Shell virus.

Which hashing algorithm was developed by the NSA and has a 160-bit output?. MD5. HAVAL. DSA. SHA-1.

Aside from port 80, what is another common port used to connect to a web server?. 8080. 21. 54. 110.

Which Nmap parameters utilizes the slowest scan?. -T 0. -sT. -T 5. -sX.

Which of the following applications is used to inspect packets?. Wireshark. Cain & Abel. Aircrack. Nmap.

What tool would make the most sense to use to identify IoT devices on a network?. Postman. Nmap. Samba. Cloudscan.

How would an administrator set a password for a user in Linux?. password user. chmod pass user pass123. pass user pass123. passwd user.

In Windows, what is the command to display the ARP cache?. ifconfig /-a. arp -a. -a arp. ipconfig /arp -a.

Which application can provide DNS zone transfer information?. Cain & Abel. ICMP. nslookup. Domain Name Service.

Which of the following is a top-level domain in DNS?. myserver.com. .com. http://myserver.com. http://www.myserver.com.

Which is the second phase in the ethical hacking methodology?. Reconnaissance. Maintaining access. Covering your tracks. Scanning.

What system uses a certificate authority?. Realm. SESAME. PKI. ICY Manipulator.

Which site can you use to search through a database of vulnerabilities?. nvd.nist.gov. google.com. hackmybox.net. breachthedoor.org.

As a business analyst, you study and collect information about your competitor using Google and the competitor’s website and products. Which of the following best defines the actions you are performing?. Google hacking. Espionage. Competitive intelligence. Tradecraft.

Which of the following relies on plaintext transmission when sending community strings as a means of authentication?. SFTP. SNMPv3. SNMPv1. Telnet.

Which of following is a protocol that can be used with WPA2?. RADIUS. SESAME. PKI. Kerberos.

A bank teller must have authorization with the bank manager to withdraw a large sum of money for the bank customer. Without the manager, she cannot accomplish the task. What access control is being performed in this scenario?. Job rotation. Separation of duties. Multifactor. Type 1 control.

What does an exploit take advantage of within a system or network?. Threat vector. Malware. A vulnerability. A threat surface.

Why would you use a RESTful design in your web application?. HTML is stateful. REST is a reliable protocol. HTTP is stateless. REST is mandated by RFC.

In order for a wireless client to connect to an access point to gain access or be challenged with authentication, what information must be known?. Key. Username and passwordUsername and password. X.509 certificate. SSID.

What must a user have in order to sniff the full stack of wireless traffic?. Wireless device set to promiscuous mode. Wireless device that has 2.4 GHz and 5 GHz set to read only. Wireless device set to monitor mode. Ettercap set to clone.

What command within the Linux OS can be used to delete files from a directory?. del. er. -rm. rm.

Your company has been targeted by a series of phishing emails. In order to deter the attack, you quickly tell your users to verify senders. How do you go about implementing this?. Ensure that the email is digitally signed. Call the sender and verify. Ensure that the email was not encrypted. Reply to their message and ask for their public key.

What cloud offering gives the customer the most responsibility?. Platform as a Service. Software as a Service. Storage as a Service. Infrastructure as a Service.

What type of malware can be used to provide backdoor access to a system?. Trojan. Rootkit. Root virus. Spyware.

Which type of software is considered a framework, a set of preinstalled tools, that aids in compromising and exploiting targeted systems?. Cain & Abel. Metasploit. Mutavault. Ettercap.

What sets up a null session using Windows?. ftp ://yourdomain.com. C$ \\yourdomain.com. net use \\yourdomain\ipc$ "" /u: "". netcat yourdomain.

Taking binary code and converting it into a reversible ASCII string can be accomplished using what method?. Encoding to ASCII version 2. Hashing into MD5 or SHA-1. Using Base64 encoding. Converting to XML format.

A city clerk received an email providing details about transferring money to a supplier. The email provides a URL asking for credentials for city bank accounts so payments can be made to the supplier. The email address does not match the one used by the supplier. What may be the issue here?. Spear phishing. Theft. Whaling. Tradecraft.

Which of the following can be used to check for wireless signals?. AirCheck. Netcheck. Ncat. AirWare.

Which switch in Nmap allows the user to perform a fast scan?. -oX. -PT. -T4. -sS.

What flag is set to indicate data in the packet is a higher priority than other data?. URG. PRI. SYN. PSH.

A user who is scanning for a network size of 128 nodes would use what CIDR?. /24. /25. /28. /30.

An attacker uses a search engine to locate websites that are possibly vulnerable to SQL injections using special keywords known to the search engine. What search engine would they most likely be using?. Bing. Yahoo. Google. Whoami.

A supervisor suspects that there are fraudulent activities being conducted in the workplace. What option can the supervisor employ to confirm their suspicion?. Duty rotation. Forced vacation. Installation of spy cameras. Installation of spy equipment.

If a user wants to encrypt information using asymmetric encryption so keys don’t have to be shared in the open, what would they use?. The receiver’s shared key. The receiver’s pre-shared key. The receiver’s public key. The receiver’s private key.

Which record indicates the mapping of an IP address to a hostname?. MX. PTR. NS. CNAME.

Which value is used in association with firewalking?. TTL. TCP. ICMP. Max hop count.

A user side-loaded a popular app from an unauthorized third-party app store. When the user installed the app, it displayed a screen asking for payment and stating that if the payment was not received, the user would lose all access to data that was stored on their phone. What was installed on the user’s phone?. Trojan. Spyware. Malware. Ransomware.

Why would an attacker want to use bluesnarfing over bluejacking?. Bluejacking sends while bluesnarfing receives. Bluejacking receives while bluesnarfing sends. Bluejacking installs keyloggers. Bluesnarfing installs keyloggers.

Which of the following is considered open-source information?. Newspaper. Trade secrets. Information obtained from dumpster diving. Information obtained from a man-in-the-middle attack.

You receive a text message providing a link to a website with a message indicating you have vulnerabilities in your phone that need to be checked. What sort of an attack is this likely to be?. Spear phishing. Vishing. Smishing. Whaling.

Which method would allow an administrator to reduce the threat of DNS poisoning?. Increase refresh time rate. Statically assign DNS entries. Remove DNS entries. Remove refresh time rate.

Which Google hack allows the user to search for PDF documents that are located within a website?. filetype:pdf. inurl:pdf. typefile:pdf. file:pdf.

Which hash algorithm produces a 160-bit value?. MD5. SHA-1. SHA-256. Diffie-Hellman.

What standard format is used with certificate authorities?. X.509. X.500. 802.1X. PKI.

In which method are two keys that are mathematically related used?. Symmetric encryption. Pre-shared keys. Asymmetric encryption. Shared keys.

What key is included on a digital certificate?. The public key is stored on the certificate. The private key is stored on the certificate. The key is not stored on the certificate. Both the public and private key are stored on the certificate.

An attacker gained access to your system and has collected your authentication credentials as well as a lot of messages you were sending to a colleague using your company’s collaboration platform. What did the attacker likely install?. Malware. Virus. Keylogger. Key retriever.

What type of scan would you use to map firewall rulesets?. ACK. XMAS. NULL. SYN.

What is the default port used in POP3?. 110. 53. 443. 125.

Which of these would not be a reason to use automation in a cloud environment?. Fault tolerance. Repeatability. Consistency. Testability.

Which of the following has the best chance of alerting on previously unknown attacks on a network?. Signature-based IDS. Packet-based IDS. Behavior-based IDS. Rule-based IDS.

If you were to ARP poison the default gateway, what would be the expected results?. You will receive traffic on that specific virtual local area network. You will receive all the traffic on the current network associated with the gateway. You will not receive any traffic. You may cause a DoS on the network.

If you were moving your IT infrastructure from on-premise to a cloud service provider, what might you be most concerned about that would be different from what you have already?. Password complexity. No encryption. Application design complexity. Inability to implement security controls.

Which of the following AAA servers provides asymmetric encryption?. Kerberos. RADIUS. SESAME. FTP.

Which of the following tools allows some users to monitor all network activity?. Nmap. Metasploit. Wireshark. Netcraft.

What is the default command port for FTP?. 22. 21. 20. 23.

Which of the following are not objects in Active Directory?. Users. Computers. Printers. Files.

Which of the following tools uses Metasploit to launch attacks like phishing campaigns?. Setoolkit. Ettercap. Mimikatz. Netcat.

What tool could you use to discover previously unknown vulnerabilities in a network service or local application?. Nmap. Peach. Mimikatz. Rubeus.

Which of the following will inform the user that the port is closed by the client itself?. ICMP Type 3, Code 3. ICMP Type 3. ICMP Type 1, Code 1. ICMP Type 3, Code 2.

Which of the following layers in the OSI model contains the Transport layer in the TCP/IP model?. Session and Transport. Transport. Network and Transport. Data and Network.

Which of the following encapsulates the header and the trailer?. Data Link layer. Transport layer. Application layer. Data Link layer with the logical link controller set.

What program can be used to discover firewalls?. Metasploit. traceroute. nslookup. dig.

Which of the following has no flags set and does not respond if a port is open?. XMAS scan. NULL scan. Half-open connection. ACK scan.

Which of the following aids in fingerprinting a machine?. Port scan. nslookup. dig. The -sF switch in Nmap.

Which DNS record type provides the port and services the server is hosting?. SRV. PTR. SVR. A.

To establish a TCP connection, what must be sent first?. ACK. Hello packet. Broadcast packet. SYN.

An X.509 certificate uses what value to uniquely identify it?. Authentication number. Serial number. Private key. Public key.

Which encryption algorithm uses two large prime numbers factored together?. El Gammal. Diffie-Hellman. RSA. AES.

Which is the initial value of the SID that is used to annotate an administrator’s account?. 500. 100. 5000. 1.

Which is the last step of the CEH hacking methodology?. Maintain access. Cover your tracks. Scrub the logs. Corrupt data.

What file within the Linux OS contains administrative information about a user?. /etc/shadow. /etc/passwd. /home. /home/profile.

What port number is used by NetBIOS for name services?. UDP port 137. TCP port 139. UDP port 190. None.

Which rule type allows for logs and alerts in Snort?. Drop. Pass. Alert. Block.

What protocol developed initially for serial connections may be used by ICS/SCADA infrastructure?. SNMP. Modbus. SMTP. XML.

Which utility will display active network connections on a host?. Netcat. netstat. Nmap. Ns.

What flag(s) is (are) set in the following screen shot?. FIN. ACK, FIN. ACK. None.

As shown in the following screen shot, what destination port is the current TLS connection being associated with?. 51738. 443. 0101. Not enough information available.

What port is stackoverflow connected with in the following screen shot?. 42024. 520303. 52017. 52020.

As shown in the following screen shot, what is the TTL value?. 128. 58. 64. 57.

As shown in the following screen shot, at what hop did the user potentially encounter a firewall?. 10. 14. 15. 19.

What is the source address being used in the terminal output shown in the following screen shot?. 74.125.21.113. 24.42.128.1. 192.168.1.1. 192.168.1.133.

What would the server provide according to the following diagram?. Server authentication. Key. Symmetric key. Access to client.

As shown in the following image, who has both read and execute permissions for one object?. Raeleah. Samarea. Ray J. Savion.

According to the following image, what browser is the user using?. Google Chrome. Internet Explorer. Mozilla Firefox. Opera.

As shown in the following screen shot, which of these provides the alias record under the members.tripod.com zone?. CNAME. A. rayojo.tripod.com. IN.

In the following screen shot, what SSID is using the highest channel?. Rokugan5. Rokugan24. I can see you. Allen202.