CEH Exam Study Questions with Correct Answers
WPA2 uses AES for wireless data encryption at which of the following encryption levels? - Answer-128 bit and CCMP
What is the best description of SQL Injection? - Answer-It is an attack used to gain unauthorized access to a database.
The tester...
CEH Exam Study Questions with
Correct Answers
WPA2 uses AES for wireless data encryption at which of the following encryption
levels? - Answer-128 bit and CCMP
What is the best description of SQL Injection? - Answer-It is an attack used to gain
unauthorized access to a database.
The tester has been hired to do a web application security test. But after notices that the
site is dynamic and
must make use of a backend database. In order for the tester to see if SQL injection as
possible, what is the
first character that the tester should use to attempt to breaking a valid SQL request? -
Answer-Single quote
The Open Web Application Security Project (OWASP) is the worldwide not-for-profit
charitable organization
focused on improving the security of software. What item is the primary concern on
OWASP's Top Ten Project
Most Critical Web Application Security Risks? - Answer-Injection
You are attempting to man-in-the-middle a session. Which protocol will allow you to
guess a sequence
number? - Answer-TCP
Which mode of IPSec should you use to assure security and confidentiality of data
within the same LAN? - Answer-ESP transport mode
Which protocol is used for setting up secured channels between two devices, typically in
VPNs ? - Answer-IPSEC
Which of the following is a low-tech way of gaining unauthorized access to system? -
Answer-Social engineering
You are tasked to perform a penetration test. While you are performing information
gathering, you find an
employee list in Google. You find the receptionist's email, and you send her an email
changing the source
email to her boss's email (boss@company). In this email, you ask for a pdf with
information. She reads your
email and sends back a pdf with links. You exchange the pdf links with your malicious
links (these links contain
,malware) and send back the modified pdf, saying that the links don't work. She reads
your email, opens the
links, and her machine gets infected. You now have access to the company network.
What testing method did you use? - Answer-Social engineering
Jimmy is standing outside a secure entrance to a facility. He is pretending to having
tense conversation on his
cell phone as an authorized employee badges. Jimmy, while still on the phone, grabs
the door as it begins to
close.
What just happened? - Answer-Piggybacking
Scenario:
1. Victim opens the attacker's web site
2. Attacker sets of the web site which contains interesting and attractive content like "Do
you want to make
$1000 in a day?".
3. They can clicks to the interesting and attractive content url
4. Attacker creates a transparent 'iframe' in front of the URL which victim attempts to
click, so victim thinks that
he/she clicks the " do you want to make $1000 in a day?" URL but actually he/she clicks
to the content or URL
that exist in a transparent 'iframe' which is set up by the attacker.
What is the name of the attack which is mentioned in the scenario? - Answer-
ClickJacking attack
Jimmy is standing outside a secure entrance to a facility. He is pretending to having a
tense conversation on
his cell phone as an authorized employee badges in. Jimmy, while still on the phone,
grabs the door as it
begins to close. What just happened? - Answer-Tailgating
An attacker has installed a RAT on a host. The attacker wants to ensure that when a
user attempts to go to
"www.MyPersonalBank.com", that the user is directed to a phishing site.
Which file does the attacker need to modify? - Answer-Hosts
Which of the following is the BEST way to defend against network sniffing? - Answer-
Using encryption protocols to secure network communications
You are a Network Security Officer. You have two machines. The first machine
(192.168.0.99) has snort
installed, and the second machine (192.168.0.150) has kiwi syslog installed. You
performed a syn scan in your
network, and you noticed that kiwi syslog is not receiving the alert message from snort.
You decide to run
, wireshark in the snort machine to check if the message are going to the kiwi syslog
machine.
What wireshark filter will show the connections from the snort machine to kiwi syslog
machine? - Answer-tcp.dstport==514 && ip.dst == 192.168.0.150
Which of the following tools is used to analyze the files produced by several packet-
capture programs such as
tcpdump, WindDump, Wireshark, and EtherPeek? - Answer-tcptrace
How does the Address Resolution Protocol (ARP) work? - Answer-It sends a request
packet to all the network elements, asking for the MAC address from a specific IP.
Which of the following statements is TRUE?
A. Sniffers operate on Layer 3 of the OSI model.
B. Sniffers operate on the Layer 1 of the OSI model.
C. Sniffers operate on both Layer 2 & Layer 3 of the OSI model.
D. Sniffers operate on Layer 2 of the OSI model. - Answer-Sniffers operate on both
Layer 2 & Layer 3 of the OSI model.
An intrusion detection system, IDS, has alerted the network administrator to a possible
malicious sequence of
packets sent to a web server in the network's external DMZ. The packet traffic was
captured by the IDS and
saved to a PCAP file.
What type of network tool can be used to determine if these packets are genuinely
malicious or simply a false
positive? - Answer-Protocol analyzer
The configuration allows a wired or wireless network interface controller to pass all
traffic it receives to the
central processing unit (CPU), rather than passing only the frames that the controller is
intended to receive.
Which of the following is being described? - Answer-promiscuous mode
Which of the following tools can be used for passive OS fingerprinting? - Answer-
tcpdump
___________ Is a set of extensions to DNS that provide to DNS clients (resolvers)
origin authentication of DNS
data to reduce the threat of DNS poisoning, spoofing, and similar attacks types. -
Answer-DNSSEC
The "gray box testing" methodology enforces what kind of restriction? - Answer-The
internal operation of a system is only partly accessible to the tester
The benefits of buying summaries with Stuvia:
Guaranteed quality through customer reviews
Stuvia customers have reviewed more than 700,000 summaries. This how you know that you are buying the best documents.
Quick and easy check-out
You can quickly pay through credit card or Stuvia-credit for the summaries. There is no membership needed.
Focus on what matters
Your fellow students write the study notes themselves, which is why the documents are always reliable and up-to-date. This ensures you quickly get to the core!
Frequently asked questions
What do I get when I buy this document?
You get a PDF, available immediately after your purchase. The purchased document is accessible anytime, anywhere and indefinitely through your profile.
Satisfaction guarantee: how does it work?
Our satisfaction guarantee ensures that you always find a study document that suits you well. You fill out a form, and our customer service team takes care of the rest.
Who am I buying these notes from?
Stuvia is a marketplace, so you are not buying this document from us, but from seller Scholarsstudyguide. Stuvia facilitates payment to the seller.
Will I be stuck with a subscription?
No, you only buy these notes for $12.99. You're not tied to anything after your purchase.
