CEH V12 3 Exam Questions with correct
Answers
Richard, an attacker, aimed to hack IoT devices connected to a target network. In this
process, Richard recorded the frequency required to share information between
connected devices. After obtaining the frequency, he captured the original data when
commands were initiated by the connected devices. Once the original data were
collected, he used free tools such as URH to segregate the command
sequence.Subsequently, he started injecting the segregated command sequence on the
same frequency into the IoT network, which repeats the captured signals of the
devices.What is the type of attack performed by Richard in the above scenario? -
Answer -Replay attack
_________ is a tool that can hide processes from the process list, can hide files,
registry entries, and intercept keystrokes. - Answer -RootKit
Firewalk has just completed the second phase (the scanning phase) and a technician
receives the output shown below. What conclusions can be drawn based on these scan
results?TCP port 21 no responseTCP port 22 no responseTCP port 23 Time-to-live
exceeded - Answer -The scan on port 23 passed through the filtering device. This
indicates that port 23 was not blocked at the firewall
A hacker is an intelligent individual with excellent computer skills and the ability to
explore a computer's software and hardware without the owner's permission. Their
intention can either be to simply gain knowledge or to illegally make changes.Which of
the following class of hacker refers to an individual who works both offensively and
defensively at various times? - Answer -Gray Hat
Which Metasploit Framework tool can help penetration tester for evading Anti-virus
Systems? - Answer -msfencode
Which of the following allows attackers to draw a map or outline the target
organization's network infrastructure to know about the actual environment that they are
going to hack. - Answer -Scanning networks
Which of the following programs is usually targeted at Microsoft Office products? -
Answer -Macro virus
How can rainbow tables be defeated? - Answer -Password salting
, What does the -oX flag do in an Nmap scan - Answer -Output the results in XML format
to a file
Mr. Omkar performed tool-based vulnerability assessment and found two vulnerabilities.
During analysis, he found that these issues are not true vulnerabilities. What will you
call these issues? - Answer -False positives
Henry is a penetration tester who works for XYZ organization. While performing
enumeration on a client organization, he queries the DNS server for a specific cached
DNS record. Further, by using this cached record, he determines the sites recently
visited by the organization's user. What is the enumeration technique used by Henry on
the organization? - Answer -DNS cache snooping
Kate dropped her phone and subsequently encountered an issue with the phone's
internal speaker. Thus, she is using the phone's loudspeaker for phone calls and other
activities. Bob, an attacker, takes advantage of this vulnerability and secretly exploits
the hardware of Kate's phone so that he can monitor the loudspeaker's output from data
sources such as voice assistants, multimedia messages, and audio files by using a
malicious app to breach speech privacy. What is the type of attack Bob performed on
Kate in the above scenario? - Answer -aLTEr attack
Which command can be used to show the current TCP/IP connections? - Answer -
Netstat
A new wireless client is configured to join a 802.11 network. This client uses the same
hardware and software as many of the other clients on the network. The client can see
the network, but cannot connect. A wireless packet sniffer shows that the Wireless
Access Point (WAP) is not responding to the association requests being sent by the
wireless client. What is a possible source of this problem? - Answer -The WAP does not
recognize the client's MAC address
Which system consists of a publicly available set of databases that contain domain
name registration contact information? - Answer -WHOIS
Your company was hired by a small healthcare provider to perform a technical
assessment on the network.What is the best approach for discovering vulnerabilities on
a Windows-based computer? - Answer -Use a scan tool like Nessus
To determine if a software program properly handles a wide range of invalid input, a
form of automated testing can be used to randomly generate invalid input in an attempt
to crash the program.What term is commonly used when referring to this type of
testing? - Answer -Fuzzing
The benefits of buying summaries with Stuvia:
Guaranteed quality through customer reviews
Stuvia customers have reviewed more than 700,000 summaries. This how you know that you are buying the best documents.
Quick and easy check-out
You can quickly pay through credit card for the summaries. There is no membership needed.
Focus on what matters
Your fellow students write the study notes themselves, which is why the documents are always reliable and up-to-date. This ensures you quickly get to the core!
Frequently asked questions
What do I get when I buy this document?
You get a PDF, available immediately after your purchase. The purchased document is accessible anytime, anywhere and indefinitely through your profile.
Satisfaction guarantee: how does it work?
Our satisfaction guarantee ensures that you always find a study document that suits you well. You fill out a form, and our customer service team takes care of the rest.
Who am I buying these notes from?
Stuvia is a marketplace, so you are not buying this document from us, but from seller millyphilip. Stuvia facilitates payment to the seller.
Will I be stuck with a subscription?
No, you only buy these notes for £9.33. You're not tied to anything after your purchase.