CEH v11 2024 Exam Questions with A Grade Solution
A pen tester is configuring a Windows laptop for a test. In setting up Wireshark, what river and library are required to allow the NIC to work in promiscuous mode?
A. Winpcap
B. Libpcap
C. Winprom
D. Awinpcap - Answer-A
Fingerprinting an Ope...
A pen tester is configuring a Windows laptop for a test. In setting up Wireshark, what
river and library are required to allow the NIC to work in promiscuous mode?
A. Winpcap
B. Libpcap
C. Winprom
D. Awinpcap - Answer-A
Fingerprinting an Operating System helps a cracker because:
A. It opens a security-delayed window based on the port being scanned
B. It defines exactly what software you have installed
C. It doesn't depend on the patches that have been applied to fix existing security holes
D. It informs the cracker of which vulnerabilities he may be able to exploit on your
system - Answer-D
Peter is surfing the internet looking for information about DX Company. Which hacking
process is Peter doing?
A. System Hacking
B. Scanning
C. Enumeration
D. Footprinting - Answer-D
What is the algorithm used by LM for Windows2000 SAM?
A. SHA
B. DES
C. SSL
D. MD4 - Answer-B
DHCP snooping is a great solution to prevent rogue DHCP servers on your network.
Which security feature on switchers leverages the DHCP snooping database to help
prevent man-in-the-middle attacks?
A. Dynamic ARP Inspection (DAI)
B. Spanning tree
C. Layer 2 Attack Prevention Protocol (LAPP)
D. Port security - Answer-A
As a Certified Ethical Hacker, you were contracted by a private firm to conduct an
external security assessment through penetration testing.What document describes the
,specifics of the testing, the associated violations, and essentially protects both the
organization's interest and your liabilities as a tester?
A. Non-Disclosure Agreement
B. Rules of Engagement
C. Service Level Agreement
D. Project Scope - Answer-B
A large mobile telephony and data network operator has a data center that houses
network elements. These are essentially large computers running on Linux. The
perimeter of the data center is secured with firewalls and IPS systems.What is the best
security policy concerning this setup?
A. Network elements must be hardened with user ids and strong passwords. Regular
security tests and audits should be performed.
B. The operator knows that attacks and down time are inevitable and should have a
backup site.
C. As long as the physical access to the network elements is restricted, there is no need
for additional measures.
D. There is no need for specific security measures on the network elements as long as
firewalls and IPS systems exist. - Answer-A
Techno Security Inc. recently hired John as a penetration tester. He was tasked with
identifying open ports in the target network and determining whether the ports are online
and any firewall rule sets are encountered.John decided to perform a TCP SYN ping
scan on the target network. Which of the following Nmap commands must John use to
perform the TCP SVN ping scan?
A. nmap -sn -PO < target IP address >
B. Anmap -sn -PS < target IP address >
C. nmap -sn -PA < target IP address >
D. nmap -sn -pp < target ip address > - Answer-B
What type of analysis is performed when an attacker has partial knowledge of inner-
workings of the application?
A. Announced
B. Grey-box
C. White-box
D. Black-box - Answer-B
The "black box testing" methodology enforces which kind of restriction?
A. Only the internal operation of a system is known to the tester.
B. The internal operation of a system is only partly accessible to the tester.
C. The internal operation of a system is completely known to the tester.
D. Only the external operation of a system is accessible to the tester. - Answer-D
A company's Web development team has become aware of a certain type of security
Vulnerability in their Web software. To mitigate the possibility of this vulnerability being
exploited, the team wants to modify the software requirements to disallow users from
,entering HTML as input into their Web application. What kind of Web application
vulnerability likely exists in their software?
A. SQL injection vulnerability
B. Web site defacement vulnerability
C. Cross-site Request Forgery vulnerability
D. Cross-site Scripting vulnerability - Answer-D
Which set of access control solutions implements two-factor authentication?
A. USB token and PIN
B. Fingerprint scanner and retina scanner
C. Password and PIN
D. Account and password - Answer-A
A large company intends to use Blackberry for corporate mobile phones and a security
analyst is assigned to evaluate the possible threats. The analyst will use the
Blackjacking attack method to demonstrate how an attacker could circumvent perimeter
defences and gain access to the corporate network. What tool should the analyst use to
perform a Blackjacking attack?
A. Paros Proxy
B. BBProxy
C. BBCrack
D. Blooover - Answer-B
An ethical hacker for a large security research firm performs penetration tests,
vulnerability tests, and risk assessments. A friend recently started a company and asks
the hacker to perform a penetration test and vulnerability assessment of the new
company as a favour. What should the hacker's next step be before starting work on
this job?
A. Start by foot printing the network and mapping out a plan of attack.
B. Ask the employer for authorization to perform the work outside the company.
C. Begin the reconnaissance phase with passive information gathering and then move
into active information gathering.
D. Use social engineering techniques on the friend's employees to help identify areas
that may be susceptible to attack. - Answer-B
You are looking for SQL injection vulnerability by sending a special character to web
applications. Which of the following is the most useful for quick validation?
A. Double quotation
B. Backslash
C. Semicolon
D. Single quotation - Answer-D
Fingerprinting VPN firewalls is possible with which of the following tools?
A. Angry IP
B. Nikto
C. Ike-scan
, D. Arp-scan - Answer-C
In the field of cryptanalysis, what is meant by a "rubber-hose" attack?
A. Attempting to decrypt cipher text by making logical assumptions about the contents
of the original plain text.
B. Forcing the targeted key stream through a hardware-accelerated device such as an
ASIC.
C. Extraction of cryptographic secrets through coercion or torture.
D. A backdoor placed into a cryptographic algorithm by its creator. - Answer-C
Why should the security analyst disable/remove unnecessary ISAPI filters?
A. To defend against webserver attacks
B. To defend against wireless attacks
C. To defend against jailbreaking
D. To defend against social engineering attacks - Answer-A
Cross-site request forgery involves:
A. A request sent by a malicious user from a browser to a server
B. Modification of a request by a proxy between client and server
C. A browser making a request to a server without the user's knowledge
D. A server making a request to another server without the user's knowledge - Answer-
C
Bob, your senior colleague, has sent you a mail regarding a deal with one of the clients.
You are requested to accept the offer and you oblige. After 2 days. Bob denies that he
had ever sent a mail. What do you want to ""know"" to prove yourself that it was Bob
who had send a mail?
A. Authentication
B. Confidentiality
C. Integrity
D. Non-Repudiation - Answer-D
Which of the following attacks exploits web age vulnerabilities that allow an attacker to
force an unsuspecting user's browser to send malicious requests they did not intend?
A. Command Injection Attacks
B. File Injection Attack
C. Cross-Site Request Forgery (CSRF)
D. Hidden Field Manipulation Attack - Answer-C
Windows file servers commonly hold sensitive files, databases, passwords and more.
Which of the following choices would be a common vulnerability that usually exposes
them?
A. Cross-Site Scripting
B. SQL Injection
C. CRLF injection
D. Missing patches - Answer-D
The benefits of buying summaries with Stuvia:
Guaranteed quality through customer reviews
Stuvia customers have reviewed more than 700,000 summaries. This how you know that you are buying the best documents.
Quick and easy check-out
You can quickly pay through credit card or Stuvia-credit for the summaries. There is no membership needed.
Focus on what matters
Your fellow students write the study notes themselves, which is why the documents are always reliable and up-to-date. This ensures you quickly get to the core!
Frequently asked questions
What do I get when I buy this document?
You get a PDF, available immediately after your purchase. The purchased document is accessible anytime, anywhere and indefinitely through your profile.
Satisfaction guarantee: how does it work?
Our satisfaction guarantee ensures that you always find a study document that suits you well. You fill out a form, and our customer service team takes care of the rest.
Who am I buying these notes from?
Stuvia is a marketplace, so you are not buying this document from us, but from seller Scholarsstudyguide. Stuvia facilitates payment to the seller.
Will I be stuck with a subscription?
No, you only buy these notes for $13.39. You're not tied to anything after your purchase.
