Exam (elaborations)
CEH Practice Exam Questions and Answers
- Course
- Institution
CEH Practice Exam Questions and Answers
[Show more]
Content preview
CEH Practice Exam Questions andAnswers
A Certified Ethical Hacker follows a specific methodology for testing a system. Which
step comes after footprinting in the CEH methodology?Answers Scanning
You've been hired as part of a pen test team. During the in brief, you learn the client
wants the pen test attack to simulate a normal user who finds ways to elevate privileges
and create attacks. Which test type does the client want?Answers Gray box
Which of the following is true regarding an ethical hacker?Answers The ethical hacker
has authorization to proceed from the target owner.
You begin your first pen-test assignment by checking out IP address ranges owned by
the target as well as details of their domain name registration. Additionally, you visit job
boards and financial websites to gather any technical information online. What activity
are you performing?Answers Passive footprinting
You send a message across a network and are primarily concerned that it is not altered
during transit. Which security element ensures a message arrives at its destination with
no alteration?Answers Integrity
An ethical hacker is given no prior knowledge of the network and has a specific
framework in which to work. The agreement specifies boundaries, nondisclosure
agreements, and a completion date definition. Which of the following statements are
true?Answers A white hat is attempting a black box test.
Which of the following attacks is considered an integrity attack, where the attacker is not
concerned with deciphering the entirety of a plaintext message?Answers Bit flipping
As part of a pen test on a U.S. Government system, you discover files containing social
security numbers and other PII (Personally Identifiable Information) sensitive
information. You are asked about controls placed on dissemination of this information.
Which of the following acts should you check?Answers Privacy Act
Joe has spent a large amount of time learning hacking tools and techniques, and has
even passed certification exams to promote himself in the ethical hacking field. Joe
uses his talents during the election season to deface websites and launch denial of
service attacks against opponents of his candidate. Which answer most closely
correlates with Joe's actions?Answers Hactivism
, A hacker is attempting to gain access to a target inside a business. After trying several
methods, he gets frustrated and starts a denial of service attack against a server
attached to the target. Which security control is the hacker affecting?Answers
Availability
The security, functionality, and ease of use (SFE) triangle states which of the following
as true?Answers As security increases, ease of use decreases and functionality
decreases.
In which phase of the ethical hacking methodology would a hacker discover available
targets on a network?Answers Scanning and enumeration
Which of the following are potential drawbacks to a black box test? (Choose all that
apply.)Answers The client does not get a full picture of an internal attacker focused on
their systems. ; This test takes the longest amount of time to complete.
In which phase of a penetration test would an ethical hacker perform footprinting?
Answers Assessment
Which of the following would not be considered passive reconnaissance?Answers Ping
sweeping a range of IP addresses found through a DNS lookup
As part of the preparation phase for a pen test that you are participating in, the client
relays their intent to discover security flaws and possible remediation. They seem
particularly concerned about external threats and do not mention internal threats at all.
When defining scope, the threat of internal users is not added as part of the test. Which
test is this client ignoring?Answers Gray box
In which phase of an attack would vulnerability mapping occur?Answers Scanning and
enumeration
While performing a pen test, you find success in exploiting a machine. Your attack
vector took advantage of a common mistake—the Windows 7 installer script used to
load the machine left the administrative account with a default password. Which attack
did you successfully execute?Answers Operating system
A machine in your environment uses an open X-server to allow remote access. The X-
server access control is disabled, allowing connections from almost anywhere and with
little to no authentication measures. Which of the following are true statements
regarding this situation? (Choose all that apply.) A. An external vulnerability can take
advantage of the misconfigured X-server threat.Answers An external threat can take
advantage of the misconfigured X-server vulnerability. ; An internal threat can take
advantage of the misconfigured X-server vulnerability.
The benefits of buying summaries with Stuvia:
Guaranteed quality through customer reviews
Stuvia customers have reviewed more than 700,000 summaries. This how you know that you are buying the best documents.
Quick and easy check-out
You can quickly pay through credit card or Stuvia-credit for the summaries. There is no membership needed.
Focus on what matters
Your fellow students write the study notes themselves, which is why the documents are always reliable and up-to-date. This ensures you quickly get to the core!
Frequently asked questions
What do I get when I buy this document?
You get a PDF, available immediately after your purchase. The purchased document is accessible anytime, anywhere and indefinitely through your profile.
Satisfaction guarantee: how does it work?
Our satisfaction guarantee ensures that you always find a study document that suits you well. You fill out a form, and our customer service team takes care of the rest.
Who am I buying these notes from?
Stuvia is a marketplace, so you are not buying this document from us, but from seller millyphilip. Stuvia facilitates payment to the seller.
Will I be stuck with a subscription?
No, you only buy these notes for $12.49. You're not tied to anything after your purchase.
Can Stuvia be trusted?
4.6 stars on Google & Trustpilot (+1000 reviews)
73243 documents were sold in the last 30 days
Founded in 2010, the go-to place to buy study notes for 14 years now