Cristian Osvaldo Gómez
Quiz von , erstellt am more than 1 year ago

ceh

722
0
0
Cristian Osvaldo Gómez
Erstellt von Cristian Osvaldo Gómez vor etwa 2 Jahre
Schließen

Test CEH 3

Frage 1 von 20

1

Abel, a security professional, conducts penetration testing in his client organization to check for any security loopholes. He launched an attack on the DHCP servers by broadcasting forged DHCP requests and leased all the DHCP addresses available in the DHCP scope until the server could not issue any more IP addresses. This led to a DoS attack, and as a result, legitimate employees were unable to access the client's network. Which of the following attacks did Abel perform in the above scenario?

Wähle eine der folgenden:

  • DHCP starvation

  • VLAN hopping

  • Rogue DHCP server attack

  • STP attack

Erklärung

Frage 2 von 20

1

What is the file that determines the basic configuration (Specifically activities, services, broadcast receivers, etc..) in an Android application?

Wähle eine der folgenden:

  • resources.asrc

  • classes.dex

  • Androidmanifest.xml

  • APK.info

Erklärung

Frage 3 von 20

1

Which of the following protocols can be used to secure an LDAP service against anonymous queries?

Wähle eine der folgenden:

  • RADIUS

  • SSO

  • NTLM

  • WPA

Erklärung

Frage 4 von 20

1

When analyzing the IDS logs, the system administrator noticed an alert was logged when the external router was accessed from the administrator's Computer to update the router configuration. What type of an alert is this?

Wähle eine der folgenden:

  • False negative

  • True negative

  • False positive

  • True positive

Erklärung

Frage 5 von 20

1

Suppose that you test an application for the SQL injection vulnerability. You know that the backend database is based on Microsoft SQL Server. In the login/password form. you enter the following credentials:
Username: attack' or 1-1 --
Password: 123456
Based on the above credentials, which of the following SQL commands are you expecting to be executed by the server, if there is indeed an SQL injection vulnerability?

Wähle eine der folgenden:

  • select * from Users where UserName = 'attack’ or 1=1--’ and UserPassword=’123456’

  • select from Users where UserName = 'attack or 1-1 - and UserPassword = '123456

  • select from Users where UserName = 'attack or 1=1 -- and UserPassword = '123456"

  • select from Users where UserName = 'attack" or 1=1 -- and UserPassword = '123456"

Erklärung

Frage 6 von 20

1

Jane invites her friends Alice and John over for a LAN party. Alice and John access Jane's wireless network without a password. However, Jane has a long, complex password on her router. What attack has likely occurred?

Wähle eine der folgenden:

  • Evil twin

  • Wardriving

  • Piggybacking

  • Wireless sniffing

Erklärung

Frage 7 von 20

1

The network users are complaining because their systems are slowing down. Further every time they attempt to go to a website, they receive a series of pop-ups with advertisements. What type of malware have the systems been infected with?

Wähle eine der folgenden:

  • Spyware

  • Virus

  • Adware

  • Spyware.

Erklärung

Frage 8 von 20

1

Ralph, a professional hacker, targeted Jane, who had recently bought new systems for her company. After a few days, Ralph contacted Jane while masquerading as a legitimate customer support executive, informing that her systems need to be serviced for proper functioning and that customer support will send a computer technician. Jane promptly replied positively. Ralph entered Jane's company using this opportunity and gathered sensitive information by scanning terminals for passwords, searching for important documents in desks, and rummaging bins.
What is the type of attack technique Ralph used on Jane?

Wähle eine der folgenden:

  • Shoulder surfing

  • Impersonation

  • Eavesdropping

  • Dumpster diving

Erklärung

Frage 9 von 20

1

Susan, a software developer, wants her web API to update other applications with the latest information. For this purpose, she uses a user-defined HTTP callback or push APIs that are raised based on trigger events; when invoked, this feature supplies data to other applications so that users can instantly receive real-time information. Which of the following techniques is employed by Susan?

Wähle eine der folgenden:

  • Web shells

  • SOAP API

  • Webhooks

  • REST API

Erklärung

Frage 10 von 20

1

If you send a TCP ACK segment to a known closed port on a firewall but it does not
respond with an RST, what do you know about the firewall you are scanning?

Wähle eine der folgenden:

  • This event does notell you anything about the firewall

  • There is no firewall in place

  • It is a non-stateful firewall

  • It is a stateful firewall

Erklärung

Frage 11 von 20

1

There are multiple cloud deployment options depending on how isolated a customer's resources are from those of other customers. Shared environments share the costs and allow each customer to enjoy lower operations expenses. One solution is for a customer to join with a group of users or organizations to share a cloud environment. What is this cloud deployment option called?

Wähle eine der folgenden:

  • Public

  • Private

  • Hybrid

  • Community

Erklärung

Frage 12 von 20

1

In this form of encryption algorithm, every individual block contains 64-bit data, and three keys are used, where each key consists of 56 bits. Which is this encryption algorithm?

Wähle eine der folgenden:

  • IDEA

  • MD5 encryption algorithm

  • Triple Data Encryption Standard

  • AES

Erklärung

Frage 13 von 20

1

Larry, a security professional in an organization, has noticed some abnormalities in the user accounts on a web server. To thwart evolving attacks, he decided to harden the security of the web server by adopting a few countermeasures to secure the accounts on the web server.
Which of the following countermeasures must Larry implement to secure the user accounts on the web server?

Wähle eine der folgenden:

  • Limit the administrator or root-level access to the minimum number of users

  • Enable unused default user accounts created during the installation of an OS

  • Enable all non-interactive accounts that should exist but do not require interactive login

  • Retain all unused modules and application extensions

Erklärung

Frage 14 von 20

1

A post-breach forensic investigation revealed that a known vulnerability in Apache Struts was to blame for the Equifax data breach that affected 143 million customers. A fix was available from the software vendor for several months prior to the intrusion. This is likely a failure in which of the following security processes?

Wähle eine der folgenden:

  • Security awareness training

  • Vendor risk management

  • Secure development lifecycle

  • Patch management

Erklärung

Frage 15 von 20

1

Harry, a professional hacker, targets the IT infrastructure of an organization. After preparing for the attack, he attempts to enter the target network using techniques such as sending spear-phishing emails and exploiting vulnerabilities on publicly available servers. Using these techniques, he successfully deployed malware on the target system to establish an outbound connection.
What is the APT lifecycle phase that Harry is currently executing?

Wähle eine der folgenden:

  • Preparation

  • Persistence

  • Initial intrusion

  • Cleanup

Erklärung

Frage 16 von 20

1

This wireless security protocol allows 192-bit minimum-strength security protocols and cryptographic tools to protect sensitive data, such as GCMP-256, HMAC-SHA384, and ECDSA using a 384-bit elliptic curve.
Which is this wireless security protocol?

Wähle eine der folgenden:

  • WPA2-Personal

  • WPA3-Enterprise

  • WPA2-Enterprise

  • WPA3-Personal

Erklärung

Frage 17 von 20

1

Which of the following information security controls creates an appealing isolated
environment for hackers to prevent them from compromising critical targets while
simultaneously gathering information about the hacker?

Wähle eine der folgenden:

  • Honeypot

  • Intrusion detection system

  • Botnet

  • Firewall

Erklärung

Frage 18 von 20

1

What would be the fastest way to perform content enumeration on a given web server by using the Gobuster tool?

Wähle eine der folgenden:

  • Skipping SSL certificate verification

  • Performing content enumeration using the bruteforce mode and random file extensions

  • Performing content enumeration using the bruteforce mode and 10 threads

  • Performing content enumeration using a wordlist

Erklärung

Frage 19 von 20

1

Sam is a penetration tester hired by Inception Tech, a security organization. He was asked to perform port scanning on a target host in the network. While performing the given task, Sam sends FIN/ACK probes and determines that an RST packet is sent in response by the target host, indicating that the port is closed. What is the port scanning technique used by Sam to discover open ports?

Wähle eine der folgenden:

  • IDLE/IPID header scan

  • TCP Maimon scan

  • ACK flag probe scan

  • Xmas scan

Erklärung

Frage 20 von 20

1

There have been concerns in your network that the wireless network component is not sufficiently secure. You perform a vulnerability scan of the wireless network and find that it is using an old encryption protocol that was designed to mimic wired encryption. What encryption protocol is being used?

Wähle eine der folgenden:

  • WPA1

  • RADIUS

  • WEP

  • WPA3

Erklärung