CEH v11 Exam Questions with Correct Answers
Which of the following tools did Bob employ to gather the above information? - Answer-FCC ID search
The network users are complaining because their systems are slowing down. Further, every time they attempt to go to a website, they receive a series ...
CEH v11 Exam Questions
with Correct Answers
Which of the following tools did Bob employ to gather the above information? - Answer-
FCC ID search
The network users are complaining because their systems are slowing down. Further,
every time they attempt to go to a website, they receive a series of pop-ups with
advertisements. What type of malware have the systems been infected with? - Answer-
Adware
In the Common Vulnerability Scoring System (CVSS) v3.1 severity ratings, what range
does medium vulnerability fall in? - Answer-0.1 - 3.9 Low
4.0 - 6.9 Medium
7.0 - 8.9 High
9.0 - 10.0 Critical
What piece of hardware on a computer's motherboard generates encryption keys and
only releases a part of the key so that decrypting a disk on a new piece of hardware is
not possible? - Answer-TPM (Trusted Platform Module)
What is the first step for a hacker conducting a DNS cache poisoning (DNS spoofing)
attack against an organization? - Answer-The attacker makes a request to the DNS
resolver
Security administrator John Smith has noticed abnormal amounts of traffic coming from
local computers at night. Upon reviewing, he finds that user data have been exfiltrated
by an attacker. AV tools are unable to find any malicious software, and the IDS/IPS has
not reported on any non-whitelisted programs.
What type of malware did the attacker use to bypass the company's application
whitelisting? - Answer-File-less malware (uses legitimate programs to infect a computer,
does not rely on files and leaves no footprint)
An attacker redirects the victim to malicious websites by sending them a malicious link
by email. The link appears authentic but redirects the victim to a malicious web page,
which allows the attacker to steal the victim's data. What type of attack is this? -
Answer-Phishing
, To invisibly maintain access to a machine, an attacker utilizes a rootkit that sits
undetected in the core components of the operating system. What is this type of rootkit
an example of? - Answer-Kernel rootkit
Samuel, a security administrator, is assessing the configuration of a web server. He
noticed that the server permits SSLv2 connections, and the same private key certificate
is used on a different server that allows SSLv2 connections. This vulnerability makes
the web server vulnerable to attacks as the SSLv2 server can leak key information.
Which of the following attacks can be performed by exploiting the above vulnerability? -
Answer-DROWN attack (Decrypting RSA with Obsolete and Weakened eNcryption)
John, a professional hacker, decided to use DNS to perform data exfiltration on a target
network. In this process, he embedded malicious data into the DNS protocol packets
that even DNSSEC cannot detect. Using this technique, John successfully injected
malware to bypass a firewall and maintained communication with the victim machine
and C&C server. What is the technique employed by John to bypass the firewall? -
Answer-DNS tunneling
A DDoS attack is performed at layer 7 to take down web infrastructure. Partial HTTP
requests are sent to the web infrastructure or applications. Upon receiving a partial
request, the target servers opens multiple connections and keeps waiting for the
requests to complete. Which attack is being described here? - Answer-Slowloris attack
Which type of virus can change its own code and then cipher itself multiple times as it
replicates? - Answer-Stealth virus
Garry is a network administrator in an organization. He uses SNMP to manage
networked devices from a remote location. To manage nodes in the network, he uses
MIB, which contains formal descriptions of all network objects managed by SNMP. He
accesses the contents of MIB by using a web browser either by entering the IP address
and Lseries.mib or by entering the DNS library name and Lseries.mib. He is currently
retrieving information from an MIB that contains object types for workstations and server
services.
Which of the following types of MIB is accessed by Garry in the above scenario? -
Answer-LNMIB2.mib
What is the port to block first in case you are suspicious that an IoT device has been
compromised? - Answer-48101
This wireless security protocol allows 192-bit minimum-strength security protocols and
cryptographic tools to protect sensitive data, such as GCMP-256, HMAC-SHA384, and
ECDSA using a 384-bit elliptic curve. Which is this wireless security protocol? - Answer-
WPA3-Enterprise
The benefits of buying summaries with Stuvia:
Guaranteed quality through customer reviews
Stuvia customers have reviewed more than 700,000 summaries. This how you know that you are buying the best documents.
Quick and easy check-out
You can quickly pay through credit card or Stuvia-credit for the summaries. There is no membership needed.
Focus on what matters
Your fellow students write the study notes themselves, which is why the documents are always reliable and up-to-date. This ensures you quickly get to the core!
Frequently asked questions
What do I get when I buy this document?
You get a PDF, available immediately after your purchase. The purchased document is accessible anytime, anywhere and indefinitely through your profile.
Satisfaction guarantee: how does it work?
Our satisfaction guarantee ensures that you always find a study document that suits you well. You fill out a form, and our customer service team takes care of the rest.
Who am I buying these notes from?
Stuvia is a marketplace, so you are not buying this document from us, but from seller Scholarsstudyguide. Stuvia facilitates payment to the seller.
Will I be stuck with a subscription?
No, you only buy these notes for $12.99. You're not tied to anything after your purchase.