Exam (elaborations)
CEH v12 Exam Questions and Answers
- Course
- Institution
CEH v12 Exam Questions and Answers
[Show more]
Content preview
CEH v12 Exam Questions and AnswersALTEr Attack - Answer -an attacker pretends to be a real cell tower to the victim, while
at the same time also pretending to be the victim to the real network, and then
intercepts the communications between the victim and the real network.
Android Package Kit - Answer -with the file extension apk is the file format used by the
Android operating system, and a number of other Android-based operating systems for
distribution and installation of mobile apps, mobile games and middleware. It can be
written in either Java or Kotlin.
Archive Org - Answer -is an American digital library with the stated mission of "universal
access to all knowledge".
Armitage - Answer -is a graphical cyber attack management tool for the Metasploit
Project that visualizes targets and recommends exploits. It is a free and open source
network security tool notable for its contributions to red team collaboration allowing for:
shared sessions, data, and communication through a single Metasploit instance.
Auth0 - Answer -Rapidly integrate authentication and authorization for web, mobile, and
legacy applications so you can focus on your core business.
BeEF - Answer -is short for The Browser Exploitation Framework. It is a penetration
testing tool that focuses on the web browser.
Birthday Attack - Answer -This attack can be used to abuse communication between
two or more parties. The attack depends on the higher likelihood of collisions found
between random attack attempts and a fixed degree of permutations (pigeonholes).
Block Chain - Answer -is a type of distributed ledger technology (DLT) that consists of
growing list of records, called blocks, that are securely linked together using
cryptography.
Block Cipher Mode of Operation - Answer -an algorithm that uses a block cipher to
provide information security such as confidentiality or authenticity.
Electronic code book mode - Answer -The simplest (and not to be used anymore) of the
encryption modes (named after conventional physical codebooks). The message is
divided into blocks, and each block is encrypted separately.
,BlueBorne - Answer -is a type of security vulnerability with Bluetooth implementations in
Android, iOS, Linux and Windows. It affects many electronic devices such as laptops,
smart cars, smartphones and wearable gadgets.
Bluto - Answer -is a Python-based tool for DNS recon, DNS zone transfer testing, DNS
wild card checks, DNS brute forcing, e-mail enumeration and more.
Brute Force Attack - Answer -consists of an attacker submitting many passwords or
passphrases with the hope of eventually guessing correctly.
Buffer Overflow - Answer -is an anomaly whereby a program, while writing data to a
buffer, overruns the buffer's boundary and overwrites adjacent memory locations.
Burp Suite - Answer -is an integrated platform/graphical tool for performing security
testing of web applications.
Carrier Cloud - Answer -is a class of cloud that integrates wide area networks (WAN)
and other attributes of communications service providers' carrier grade networks to
enable the deployment of highly complex applications in the cloud.
Chosen Plaintext Attack (CPA) - Answer -is an attack model for cryptanalysis which
presumes that the attacker can obtain the ciphertexts for arbitrary plaintexts. The goal of
the attack is to gain information that reduces the security of the encryption scheme.
Ciphertext-Only Attack (COA) or Known Ciphertext Attack - Answer -is an attack model
for cryptanalysis where the attacker is assumed to have access only to a set of
ciphertexts. While the attacker has no channel providing access to the plaintext prior to
encryption, the attacker still has some knowledge of the plaintext. For instance, the
attacker might know the language in which the plaintext is written or the expected
statistical distribution of characters in the plaintext. Standard protocol data and
messages are commonly part of the plaintext in many deployed systems and can
usually be guessed or known efficiently on these systems.
Substitution Cipher - Answer -is a method of encrypting in which units of plaintext are
replaced with the ciphertext, in a defined manner, with the help of a key; the "units" may
be single letters (the most common), pairs of letters, triplets of letters, mixtures of the
above, and so forth. The receiver deciphers the text by performing the inverse process
to extract the original message.
An example of this is the Caesar cipher.
Transposition Cipher - Answer -is a method of encryption which scrambles the positions
of characters without changing the characters themselves.
Stream Cipher - Answer -is a symmetric key cipher where plaintext digits are combined
with a pseudorandom cipher
, Cipher Block Chaining - Answer -each block of plaintext is XORed with the previous
ciphertext block before being encrypted. This way, each ciphertext block depends on all
plaintext blocks processed up to that point.
Clickjacking - Answer -is a malicious technique of tricking a user into clicking on
something different from what the user perceives, thus potentially revealing confidential
information or allowing others to take control of their computer while clicking on
seemingly innocuous objects, including web pages.
Cloudborne Attack - Answer -Researchers detected a new vulnerability dubbed that
could allow attackers to implant backdoor in the firmware or BMC of bare metal servers
causing a variety of attack situations.
Cloud Hopper Attack - Answer -achieved its now well-known name due to the attackers'
compromise of the victims' managed service providers (MSP), leveraging these to jumo
from the MSPs' cloud to the target enterprises' networks.
Command Injection - Answer -is a cyber attack that involves executing arbitrary
commands on a host operating system (OS). Typically, the threat actor executes the
commands by exploiting an application vulnerability, such as insufficient input validation.
Content Management System (CMS) - Answer -is computer software used to manage
the creation and modification of digital content. Is typically used for enterprise content
management (ECM) and web content management (WCM).
Credential Stuffing - Answer -is a type of cyberattack in which the attacker collects
stolen account credentials, typically consisting of lists of usernames and/or email
addresses and the corresponding passwords (often from a data breach), and then uses
the credentials to gain unauthorized access to user accounts on other systems through
large-scale automated login requests directed against a web application.
Carriage Return Line Feed (CRLF) Attack - Answer -attack occurs when a user
manages to submit a line termination into an application. This is most commonly done
by modifying an HTTP parameter or URL.
Cross-Origin Resource Sharing (CORS) - Answer -is a mechanism that allows restricted
resources on a web page to be requested from another domain outside the domain from
which the first resource was served.
Cross Site Request Forgery (XSRF) - Answer -is a type of malicious exploit of a website
or web application where unauthorized commands are submitted from a user that the
web application trusts.
Cross-Site Scripting (XSS) - Answer -is a type of security vulnerability that can be found
in some web applications. These attacks enable attackers to inject client-side scripts
into web pages viewed by other users.
The benefits of buying summaries with Stuvia:
Guaranteed quality through customer reviews
Stuvia customers have reviewed more than 700,000 summaries. This how you know that you are buying the best documents.
Quick and easy check-out
You can quickly pay through credit card or Stuvia-credit for the summaries. There is no membership needed.
Focus on what matters
Your fellow students write the study notes themselves, which is why the documents are always reliable and up-to-date. This ensures you quickly get to the core!
Frequently asked questions
What do I get when I buy this document?
You get a PDF, available immediately after your purchase. The purchased document is accessible anytime, anywhere and indefinitely through your profile.
Satisfaction guarantee: how does it work?
Our satisfaction guarantee ensures that you always find a study document that suits you well. You fill out a form, and our customer service team takes care of the rest.
Who am I buying these notes from?
Stuvia is a marketplace, so you are not buying this document from us, but from seller millyphilip. Stuvia facilitates payment to the seller.
Will I be stuck with a subscription?
No, you only buy these notes for $12.49. You're not tied to anything after your purchase.
Can Stuvia be trusted?
4.6 stars on Google & Trustpilot (+1000 reviews)
73243 documents were sold in the last 30 days
Founded in 2010, the go-to place to buy study notes for 14 years now
