CEH v11 Practice Test Questions with Correct Answers
9 views 0 purchase
Course
CEH v11
Institution
CEH V11
CEH v11 Practice Test Questions with Correct Answers
What section of the vulnerability report is used to identify mitigation strategies that can be followed for a vulnerability?
A) Impact
B) Detection Result
C) Solution
D) Summary - Answer-C) Solution
What type of vulnerability assessment...
CEH v11 Practice Test Questions with
Correct Answers
What section of the vulnerability report is used to identify mitigation strategies that can
be followed for a vulnerability?
A) Impact
B) Detection Result
C) Solution
D) Summary - Answer-C) Solution
What type of vulnerability assessment involves validating that data is accessed through
security controls such as parameterized queries?
A) Passive
B) Wireless
C) Active
D) Database - Answer-D) Database
Don't hard code keys into source code - Answer-People will reverse engineer code so
they can find the key in your source code. Outsource to a TPM to be secure.
Encrypt keys with passwords or passphrases - Answer-Add a password to encryption
keys so they have to know password to view them.
Use IDS to monitor key exchanges - Answer-Looking at traffic or signature based
activity and if it is a known crypto attack it will recognize those signatures
What command would do a time-to-live ACK scan to possibly map firewall rules?
A) nmap --ttl 70 10.10.10.10 --packet-trace
B) nmap 10.10.10.10 --ttl-packet-trace
C) nmap -t 70 -l 10 10.10.10.10 --packet-ttl
D) nmap --ttl 10.10.10.10 --timetolive 70 - Answer-A) nmap --ttl 70 10.10.10.10 --packet-
trace
What could it mean if we do an nmap ACK scan using "nmap --A 10.10.10.10" and we
get back "All 1000 scanned ports on 10.10.10.10 are unfiltered"?
A) It means nmap needed administrative privileges to run this scan
B) It means nmap could not scan the system or determine the state of any of the ports
C) It means the scanned target is filtered by a separate firewall or IDS that blocked all
communication
D) It means the scan got responses and an RST packet back for each port - Answer-D)
It means the scan got responses and an RST packet back for each port
What nmap command would do a scan against a target setting only the Push flag on the
packets?
,A) nmap --scanflags PSH 10.10.10.10
B) nmap -sP 10.10.10.10
C) nmap -sF -flag PSH 10.10.10.10
D) nmap -tcp --scan flag push 10.10.10.10 - Answer-A) nmap --scanflags PSH
10.10.10.10
What option added to the nmap command "nmap -sF 10.10.10.10" can give you
additional information about the state of a port when running a scan?
A) -show-response
B) -show
C) --reason
D) --diagnostics - Answer-C) --reason
key stretching - Answer-A technique used to increase the strength of stored passwords.
it adds additional bits (called salts) and can help thwart brute force and rainbow table
attacks. PBKDF2 (password based key derivation function).
Which component of Public Key Infrastructure prescreens the certificate signing request
for initial enrollment and verifies the requestor?
A) Registration Authority
B) Enrollment Authority
C) Certificate Authority
D) Signing Authority - Answer-A) Registration Authority
Which attack method is a "chosen plain text attack" which is based on being able to
provide your own plain text input to get the encrypted output?
A) Fractional
B) Constituent
C) Differential
D) Linear - Answer-C) Differential
What are some of the details a Certificate contains?
A) Root key
B) Mode
C) Issuer name
D) Fingerprints
E) Validity - Answer-C) Issuer name
D) Fingerprints
E) Validity
Confidentiality - Answer-the assurance that messages and information are available
only to those who are authorized to view them. Method of assurance is encryption
integrity - Answer-Data has not been changed or modified (in an unauthorized way).
True to what it should be. Done with hashin algortihms
Availability - Answer-Ability to access the data or information systems when you need to
access it
,Authenticity - Answer-Everything is as it says it was in the metadata (i.e: the private key
of a user that accessed the data actually belongs to that user)
Non-repudiation - Answer-The security principle of providing proof that a transaction
occurred between identified parties. Repudiation occurs when one party in a transaction
denies that the transaction took place. Relates to the sender of information. They
cannot deny that they sent it based on a variety of factors.
Motives/Goals/Objectives - Answer-Curiosity, bragging rights, disruption of business,
hacktivism (campion a cause), political, religious, terrorism (impact critical infrastructure
that cases human casualties), revenge, cyber crime ($$)
Passive Attack - Attack Classification - Answer-Attack where the attacker does not
interact with processing or communication activities, but only carries out observation
and data collection, as in network sniffing. Sensitive information in clear text on the
network. Think Wireshark. HARD TO DETECT
Active Attack - Attack Classification - Answer-Manipulation of data, disruption of
services, compromising individual systems or network at large. Easier to detect (e.x.:
DoS, DDoS, password attacks, session hijacking, privilege escalation, SQL injection,
remote code execution)
Close-In Attack - Attack Classification - Answer-Through proximity (typically physical)
you gather sensitive information. Shoulder surfing is an example.
Insider Attack - Attack Classification - Answer-Trusted individual who abuses their trust
on a network to gain information. More devastating. (e.x.: pod slurping where you exfil
incognito on a digital storage device)
Distribution Attacks - Attack Classification - Answer-Supply chain attacks. Access to
software or hardware of a vendor an attacker's target is going to use. Install malware
onto a device the end target will use. Typically nation state actors, APTs
Information Warfare - Answer-An attacker trying to gain a competitive edge over
opponents or adversaries.
C2 warfare - Answer-Command and control warfare is the control over compromised
targets or their systems and you have some sort of centralized management to control
those compromised systems.
Intelligence-Based Warfare - Answer-Design and protection of systems that seek
knowledge to dominate the battlespace and denial of knowledge to adversaries.
Stopping adversaries from also gaining the same knowledge as you.
, Electronic Warfare - Answer-Signal jamming, radar jamming. Stop communications of
an adversary talking to each other
psychological warfare - Answer-The use of propaganda, threats and other psychological
techniques to mislead, intimidate, demoralize, or otherwise influence the thinking or
behavior of an opponent. Disinformation campaign, scare tactics. Attack morale and
mental resolve
Hacker Warfare - Answer-This type of InfoWar varies from shutdown of systems, data
errors, theft of information, theft of services, system monitoring, false messaging, and
access to data.
Economic Warfare - Answer-Financially disrupt and adversaries economy. Can be in
terms of bringing down information systems so people can't use their business or
harming reputation so people choose another source for service.
cyber warfare - Answer-information terrorism and semantic attacks where an attacker
takes over a target system but the appearance of normalcy is maintained.
Offensive Information Warfare - Answer-web-based attacked system hacking, MITM
Defensive Information Warfare - Answer-Techniques we use to try and stop attacked.
Detection (IDS), prevention (IPS), alerting
Cyber Kill Chain - Reconnaissance (1) - Answer-Gathering and putting information
together about the target. Getting public info (email accounts, technologies used, DNS
spaces)
Cyber Kill Chain - Weaponization (2) - Answer-Finding possible exploitable
vulnerabilities in target system Create malicious deliverable payloads
Cyber Kill Chain - Exploitation (4) - Answer-Target actually interacts with the deliverable
Cyber Kill Chain - Installation (5) - Answer-Delivered malicious code will download more
"dirty" code. More functionality downloaded. Maintaining access.
Cyber Kill Chain - Command and Control (6) - Answer-Ability of attacker to control
target. Use encryption to hide communication, privilege escalation. Hide presence.
Cyber Kill Chain - Actions & Objectives (7) - Answer-Why did he attacker care to gain
access to the system? What do they want? Doing the thing that led them to want to get
on to the network.
The benefits of buying summaries with Stuvia:
Guaranteed quality through customer reviews
Stuvia customers have reviewed more than 700,000 summaries. This how you know that you are buying the best documents.
Quick and easy check-out
You can quickly pay through credit card or Stuvia-credit for the summaries. There is no membership needed.
Focus on what matters
Your fellow students write the study notes themselves, which is why the documents are always reliable and up-to-date. This ensures you quickly get to the core!
Frequently asked questions
What do I get when I buy this document?
You get a PDF, available immediately after your purchase. The purchased document is accessible anytime, anywhere and indefinitely through your profile.
Satisfaction guarantee: how does it work?
Our satisfaction guarantee ensures that you always find a study document that suits you well. You fill out a form, and our customer service team takes care of the rest.
Who am I buying these notes from?
Stuvia is a marketplace, so you are not buying this document from us, but from seller Scholarsstudyguide. Stuvia facilitates payment to the seller.
Will I be stuck with a subscription?
No, you only buy these notes for $14.99. You're not tied to anything after your purchase.
