CEH Exam Prep Questions with Correct Answers
Which tool can be used to silently copy files from USB devices?
A. USB Grabber
B. USB Snoopy
C. USB Dumper
D. USB Sniffer - Answer-C
You have successfully gained access to your client's internal network and successfully comprised a Linux
server ...
CEH Exam Prep Questions
with Correct Answers
Which tool can be used to silently copy files from USB devices?
A. USB Grabber
B. USB Snoopy
C. USB Dumper
D. USB Sniffer - Answer-C
You have successfully gained access to your client's internal network and successfully
comprised a Linux
server which is part of the internal IP network. You want to know which Microsoft
Windows workstations have
file sharing enabled.
Which port would you see listening on these Windows machines in the network?
A. 445
B. 3389
C. 1433
D. 161 - Answer-A
How does the Address Resolution Protocol (ARP) work?
A. It sends a request packet to all the network elements, asking for the domain name
from a specific IP.
B. It sends a request packet to all the network elements, asking for the MAC address
from a specific IP.
C. It sends a reply packet for a specific IP, asking for the MAC address.
D. It sends a reply packet to all the network elements, asking for the MAC address from
a specific IP. - Answer-B
Which of the following statements is TRUE?
A. Sniffers operate on Layer 3 of the OSI model.
B. Sniffers operate on the Layer 1 of the OSI model.
C. Sniffers operate on both Layer 2 & Layer 3 of the OSI model.
D. Sniffers operate on Layer 2 of the OSI model. - Answer-C
An intrusion detection system, IDS, has alerted the network administrator to a possible
malicious sequence of
packets sent to a web server in the network's external DMZ. The packet traffic was
captured by the IDS and
,saved to a PCAP file.
What type of network tool can be used to determine if these packets are genuinely
malicious or simply a false
positive?
A. Protocol analyzer
B. Network sniffer
C. Intrusion Prevention System (IPS)
D. Vulnerability scanner - Answer-A
A penetration tester is conducting a port scan on a specific host. The tester found
several ports opened that
were confusing in concluding the OS version installed. Considering the NMAP result
below, which of the
following is likely to be installed on the target machine by the OS? Starting NMAP 5.21
at 2011-03-15 11:06
NMAP scan report for 172.16.40.65 Host is up (1.00s latency). Not shown: 993 closed
ports PORT STATE
SERVICE 21/tcp open ftp 23/tcp open telnet 80/tcp open http 139/tcp open netbios-ssn
515/tcp open 631/tcp
open ipp 9100/tcp open MAC Address: 00:00:48:0D:EE:8
A. The host is likely a printer.
B. The host is likely a Windows machine.
C. The host is likely a Linux machine.
D. The host is likely a router. - Answer-A
Using Windows CMD, how would an attacker list all the shares to which the current user
context has access?
A. NET CONFIG
B. NET VIEW
C. NET FILE
D. NET USE - Answer-B
Look at the following output. What did the hacker accomplish?
; <<>> DiG 9.7.-P1 <<>> axfr domain.com @192.168.1.105
;; global options: +cmd
domain.com. 3600 IN SOA srv1.domain.com. hostsrv1.domain.com. 131 900 600
86400 3600
domain.com. 600 IN A 192.168.1.102
domain.com. 600 IN A 192.168.1.105
domain.com. 3600 IN NS srv1.domain.com.
domain.com. 3600 IN NS srv2.domain.com.
vpn.domain.com. 3600 IN A 192.168.1.1
server.domain.com. 3600 IN A 192.168.1.3
office.domain.com. 3600 IN A 192.168.1.4
remote.domain.com. 3600 IN A 192.168.1.48
,support.domain.com. 3600 IN A 192.168.1.47
ns1.domain.com. 3600 IN A 192.168.1.41
ns2.domain.com. 3600 IN A 192.168.1.42
ns3.domain.com. 3600 IN A 192.168.1.34
ns4.domain.com. 3600 IN A 192.168.1.45
srv1.domain.com. 3600 IN A 192.168.1.102
srv2.domain.com. 1200 IN A 192.168.1.105
domain.com. 3600 IN SOA srv1.domain.com. hostsrv1.domain.com. 131 900 600
86400 3600
;; Query time: 269 msec
;; - Answer-B
You have successfully compromised a machine on the network and found a server that
is alive on the same
network. You tried to ping it but you didn't get any response back.
What is happening?
A. ICMP could be disabled on the target server.
B. You need to run the ping command with root privileges.
C. TCP/IP doesn't support ICMP.
D. The ARP is disabled on the target server. - Answer-A
You have successfully comprised a server having an IP address of 10.10.0.5. You
would like to enumerate all
machines in the same network quickly.
What is the best nmap command you will use?
A. nmap -T4 -O 10.10.10.0/24
B. nmap -T4 -r 10.10.1.0/24
C. nmap -T4 -F 10.10.0.0/24
D. nmap -T4 -q 10.10.0.0/24 - Answer-C
Your company was hired by a small healthcare provider to perform a technical
assessment on the network.
What is the best approach for discovering vulnerabilities on a Windows-based
computer?
A. Check MITRE.org for the latest list of CVE findings
B. Create a disk image of a clean Windows installation
C. Use the built-in Windows Update tool
D. Use a scan tool like Nessus - Answer-D
Which of the following security operations is used for determining the attack surface of
an organization?
A. Using configuration management to determine when and where to apply security
patches
B. Training employees on the security policy regarding social engineering
C. Running a network scan to detect network services in the corporate DMZ
D. Reviewing the need for a security clearance for each employee - Answer-C
, You have compromised a server on a network and successfully opened a shell. You
aimed to identify all
operating systems running on the network. However, as you attempt to fingerprint all
machines in the network
using the nmap syntax below, it is not going through.
invictus@victim_server:~$ nmap -T4 -O 10.10.0.0/24
TCP/IP fingerprinting (for OS scan) xxxxxxx xxxxxx xxxxxxxxx
QUITTING!
What seems to be wrong?
A. The outgoing TCP/IP fingerprinting is blocked by the host firewall.
B. This is a common behavior for a corrupted nmap application.
C. OS Scan requires root privileges.
D. The nmap syntax is wrong. - Answer-C
Port scanning can be used as part of a technical assessment to determine network
vulnerabilities. The TCP
XMAS scan is used to identify listening ports on the targeted system.
If a scanned port is open, what happens?
A. The port will send a SYN.
B. The port will ignore the packets.
C. The port will send an RST.
D. The port will send an ACK - Answer-B
If the tester is attempting to ping a target that exists but receives no response or a
response that states the
destination is unreachable, ICMP may be disabled and the network may be using TCP.
Which other option
could the tester use to get a response from a host using TCP?
A. TCP ping
B. Broadcast ping
C. Traceroute
D. Hping - Answer-A
The "gray box testing" methodology enforces what kind of restriction?
A. Only the external operation of a system is accessible to the tester.
B. The internal operation of a system is completely known to the tester.
C. The internal operation of a system is only partly accessible to the tester.
D. Only the internal operation of a system is known to the tester. - Answer-C
The "black box testing" methodology enforces which kind of restriction?
The benefits of buying summaries with Stuvia:
Guaranteed quality through customer reviews
Stuvia customers have reviewed more than 700,000 summaries. This how you know that you are buying the best documents.
Quick and easy check-out
You can quickly pay through credit card or Stuvia-credit for the summaries. There is no membership needed.
Focus on what matters
Your fellow students write the study notes themselves, which is why the documents are always reliable and up-to-date. This ensures you quickly get to the core!
Frequently asked questions
What do I get when I buy this document?
You get a PDF, available immediately after your purchase. The purchased document is accessible anytime, anywhere and indefinitely through your profile.
Satisfaction guarantee: how does it work?
Our satisfaction guarantee ensures that you always find a study document that suits you well. You fill out a form, and our customer service team takes care of the rest.
Who am I buying these notes from?
Stuvia is a marketplace, so you are not buying this document from us, but from seller Scholarsstudyguide. Stuvia facilitates payment to the seller.
Will I be stuck with a subscription?
No, you only buy these notes for $12.99. You're not tied to anything after your purchase.