CEH v11 3&4 Exam Questions with
Answers
Which of the following is the best description of The final phase of every successful
hacking - Clearing tracks?
During a cyberattack, a hacker corrupts the event logs on all machines.
A hacker gains access to a server through an exploitable vulnerability.
After a system is breached, a hacker creates a backdoor.
During a cyberattack, a hacker injects a rootkit into a server. - Answer-During a
cyberattack, a hacker corrupts the event logs on all machines.
Such techniques as, for example, password cracking or enumeration are much more
efficient and faster if performed using a wordlist. Of course, there are a huge number of
them in different directions on the Internet or already installed in your Kali or Parrot OS,
but an attacker can create his wordlist specifically for the target he is attacking. This
requires conducting intelligence and collecting information about the victim. Many tools
allow you to automate this process.
Which of the following tools can scan a website and create a wordlist?
Psiphon
Orbot
CeWL
Shadowsocks - Answer-CeWL
Incorrectly configured S3 buckets are among the most common and widely targeted
attack vectors. All it takes is one or two clicks to upload sensitive data to the wrong
bucket or change permissions on a bucket from private to public. Which one of the
following tools can you use to enumerate bucket permissions?
DumpsterDiver
S3 Inspector
Sysdig
Ruler - Answer-S3 Inspector
What type of cryptography is used in IKE, SSL, and PGP?
Secret Key
Digest
Public Key
Hash - Answer-Public Key
,As a result of the attack on the dating web service, Ivan received a dump of all user
passwords in a hashed form. Ivan recognized the hashing algorithm and started
identifying passwords. What tool is he most likely going to use if the service used
hashing without salt?
Rainbow table
XSS
Brute force
Dictionary attacks - Answer-Rainbow table
Which of the following best describes of counter-based authentication system?
An authentication system that uses passphrases that are converted into virtual
passwords.
An authentication system that creates one-time passwords that are encrypted with
secret keys.
An authentication system that bases authentication decisions on physical attributes.
An authentication system that bases authentication decisions on behavioural attributes.
- Answer-An authentication system that creates one-time passwords that are encrypted
with secret keys.
Black-hat hacker Ivan wants to determine the status of ports on a remote host. He
wants to do this quickly but imperceptibly for IDS systems. For this, he uses a half-open
scan that doesn't complete the TCP three-way handshake. What kind of scanning does
Ivan use?
FIN scan
PSH Scan
XMAS scans
TCP SYN (Stealth) Scan - Answer-TCP SYN (Stealth) Scan
Jack, a cybersecurity specialist, plans to do some security research for the embedded
hardware he uses. He wants to perform side-channel power analysis and glitching
attacks during this research. Which of the following will Jack use?
John, a black hacker, is trying to do an SMTP enumeration. What useful information can
John gather during a Simple Mail Transfer Protocol enumeration?
,He can use two internal commands VRFY and EXPN, which provide information about
valid users, email addresses, etc.
He can use the internal command RCPT provides a list of ports open.
He can find information about the daily outgoing message limits before mailboxes are
locked.
He can receive a list of all mail proxy server addresses used by the company. - Answer-
He can use two internal commands VRFY and EXPN, which provide information about
valid users, email addresses, etc.
Which term from the following describes a set of vulnerabilities that allows spyware to
be installed on smartphones with the iOS operating system, allowing those who
conducted espionage to track and monitor every action on the device?
What is the name of the risk assessment method that allows you to study how various
types of negative events (violations, failures or destructions) can affect the main
activities of the company and key business processes?
Emergency Plan Response (EPR)
Business Impact Analysis (BIA)
Disaster Recovery Planning (DRP)
Risk Mitigation - Answer-Business Impact Analysis (BIA)
Which of the following services run on TCP port 123 by default?
POP3
DNS
Telnet
NTP - Answer-NTP
Jenny, a pentester, conducts events to detect viruses in systems. She uses a detection
method where the anti-virus executes the malicious codes on a virtual machine to
simulate CPU and memory activities. Which of the following methods does Jenny use?
, An attacker stole financial information from a bank by compromising only a single
server. After that, the bank decided to hire a third-party organization to conduct a full
security assessment. Cybersecurity specialists have been provided with information
about this case, and they need to provide an initial recommendation. Which of the
following will be the best recommendation?
Require all employees to change their passwords immediately.
Issue new certificates to the web servers from the root certificate authority.
Move the financial data to another server on the same IP subnet.
Place a front-end web server in a demilitarized zone that only handles external web
traffic. - Answer-Place a front-end web server in a demilitarized zone that only handles
external web traffic.
Which of the following is a component of IPsec that performs protocol-level functions
required to encrypt and decrypt the packets?
An attacker gained access to a Linux host and stolen the password file from
/etc/passwd. Which of the following scenarios best describes what an attacker can do
with this file?
The attacker can perform actions as a user because he can open it and read the user
ids and corresponding passwords.
Nothing because he cannot read the file because it is encrypted.
The attacker can perform actions as root because the file reveals the passwords to the
root user only.
Nothing because the password file does not contain the passwords themselves. -
Answer-Nothing because the password file does not contain the passwords themselves.
Which of the following best describes the operation of the Address Resolution Protocol?
It sends a reply packet for a specific IP, asking for the MAC address.
It sends a request packet to all the network elements, asking for the MAC address from
a specific IP.
It sends a reply packet to all the network elements, asking for the MAC address from a
specific IP.
The benefits of buying summaries with Stuvia:
Guaranteed quality through customer reviews
Stuvia customers have reviewed more than 700,000 summaries. This how you know that you are buying the best documents.
Quick and easy check-out
You can quickly pay through credit card or Stuvia-credit for the summaries. There is no membership needed.
Focus on what matters
Your fellow students write the study notes themselves, which is why the documents are always reliable and up-to-date. This ensures you quickly get to the core!
Frequently asked questions
What do I get when I buy this document?
You get a PDF, available immediately after your purchase. The purchased document is accessible anytime, anywhere and indefinitely through your profile.
Satisfaction guarantee: how does it work?
Our satisfaction guarantee ensures that you always find a study document that suits you well. You fill out a form, and our customer service team takes care of the rest.
Who am I buying these notes from?
Stuvia is a marketplace, so you are not buying this document from us, but from seller Scholarsstudyguide. Stuvia facilitates payment to the seller.
Will I be stuck with a subscription?
No, you only buy these notes for $11.99. You're not tied to anything after your purchase.