Exam (elaborations)
CEH v11 EXAM | Questions And Answers Latest {} A+ Graded | 100% Verified
- Course
- Institution
CEH v11 EXAM | Questions And Answers Latest {} A+ Graded | 100% Verified
[Show more]
Content preview
CEH v11 EXAM | Questions And Answers Latest {2024- 2025} A+ Graded | 100% VerifiedThe "black box testing" methodology enforces which kind of restriction?
A. Only the internal operation of a system is known to the tester.
B. The internal operation of a system is only partly accessible to the tester.
C. The internal operation of a system is completely known to the tester.
D. Only the external operation of a system is accessible to the tester. - D
A company's Web development team has become aware of a certain type of security Vulnerability in
their Web software. To mitigate the possibility of this vulnerability being exploited, the team wants to
modify the software requirements to disallow users from entering HTML as input into their Web
application. What kind of Web application vulnerability likely exists in their software?
A. SQL injection vulnerability
B. Web site defacement vulnerability
C. Cross-site Request Forgery vulnerability
D. Cross-site Scripting vulnerability - D
Which set of access control solutions implements two-factor authentication?
A. USB token and PIN
B. Fingerprint scanner and retina scanner
C. Password and PIN
D. Account and password - A
A large company intends to use Blackberry for corporate mobile phones and a security analyst is
assigned to evaluate the possible threats. The analyst will use the Blackjacking attack method to
demonstrate how an attacker could circumvent perimeter defences and gain access to the corporate
network. What tool should the analyst use to perform a Blackjacking attack?
A. Paros Proxy
B. BBProxy
C. BBCrack
D. Blooover - B
,An ethical hacker for a large security research firm performs penetration tests, vulnerability tests, and
risk assessments. A friend recently started a company and asks the hacker to perform a penetration test
and vulnerability assessment of the new company as a favour. What should the hacker's next step be
before starting work on this job?
A. Start by foot printing the network and mapping out a plan of attack.
B. Ask the employer for authorization to perform the work outside the company.
C. Begin the reconnaissance phase with passive information gathering and then move into active
information gathering.
D. Use social engineering techniques on the friend's employees to help identify areas that may be
susceptible to attack. - B
You are looking for SQL injection vulnerability by sending a special character to web applications. Which
of the following is the most useful for quick validation?
A. Double quotation
B. Backslash
C. Semicolon
D. Single quotation - D
Fingerprinting VPN firewalls is possible with which of the following tools?
A. Angry IP
B. Nikto
C. Ike-scan
D. Arp-scan - C
In the field of cryptanalysis, what is meant by a "rubber-hose" attack?
A. Attempting to decrypt cipher text by making logical assumptions about the contents of the original
plain text.
B. Forcing the targeted key stream through a hardware-accelerated device such as an ASIC.
C. Extraction of cryptographic secrets through coercion or torture.
D. A backdoor placed into a cryptographic algorithm by its creator. - C
,Why should the security analyst disable/remove unnecessary ISAPI filters?
A. To defend against webserver attacks
B. To defend against wireless attacks
C. To defend against jailbreaking
D. To defend against social engineering attacks - A
Cross-site request forgery involves:
A. A request sent by a malicious user from a browser to a server
B. Modification of a request by a proxy between client and server
C. A browser making a request to a server without the user's knowledge
D. A server making a request to another server without the user's knowledge - C
Bob, your senior colleague, has sent you a mail regarding a deal with one of the clients. You are
requested to accept the offer and you oblige. After 2 days. Bob denies that he had ever sent a mail.
What do you want to ""know"" to prove yourself that it was Bob who had send a mail?
A. Authentication
B. Confidentiality
C. Integrity
D. Non-Repudiation - D
Which of the following attacks exploits web age vulnerabilities that allow an attacker to force an
unsuspecting user's browser to send malicious requests they did not intend?
A. Command Injection Attacks
B. File Injection Attack
C. Cross-Site Request Forgery (CSRF)
D. Hidden Field Manipulation Attack - C
Windows file servers commonly hold sensitive files, databases, passwords and more. Which of the
following choices would be a common vulnerability that usually exposes them?
, A. Cross-Site Scripting
B. SQL Injection
C. CRLF injection
D. Missing patches - D
Developers at your company are creating a web application which will be available for use by anyone on
the Internet, The developers have taken the approach of implementing a Three-Tier Architecture for the
web application. The developers are now asking you which network should the Presentation Tier (front-
end web server) be placed in?
A. isolated vlan network
B. Mesh network
C. DMZ network
D. Internal network - A
A medium-sized healthcare IT business decides to implement a risk management strategy. Which of the
following is NOT one of the five basic responses to risk?
A. Delegate
B. Avoid
C. Mitigate
D. Accept - A
Some clients of TPNQM SA were redirected to a malicious site when they tried to access the TPNQM
main site. Bob, a system administrator at TPNQM SA, found that they were victims of DNS Cache
Poisoning. What should Bob recommend to deal with such a threat?
A. The use of double-factor authentication
B. The use of security agents in clients' computers
C. Client awareness
D. The use of DNSSEC - D
What is the purpose of a demilitarized zone on a network?
The benefits of buying summaries with Stuvia:
Guaranteed quality through customer reviews
Stuvia customers have reviewed more than 700,000 summaries. This how you know that you are buying the best documents.
Quick and easy check-out
You can quickly pay through credit card or Stuvia-credit for the summaries. There is no membership needed.
Focus on what matters
Your fellow students write the study notes themselves, which is why the documents are always reliable and up-to-date. This ensures you quickly get to the core!
Frequently asked questions
What do I get when I buy this document?
You get a PDF, available immediately after your purchase. The purchased document is accessible anytime, anywhere and indefinitely through your profile.
Satisfaction guarantee: how does it work?
Our satisfaction guarantee ensures that you always find a study document that suits you well. You fill out a form, and our customer service team takes care of the rest.
Who am I buying these notes from?
Stuvia is a marketplace, so you are not buying this document from us, but from seller oneclass. Stuvia facilitates payment to the seller.
Will I be stuck with a subscription?
No, you only buy these notes for $13.48. You're not tied to anything after your purchase.
Can Stuvia be trusted?
4.6 stars on Google & Trustpilot (+1000 reviews)
78998 documents were sold in the last 30 days
Founded in 2010, the go-to place to buy study notes for 14 years now