CEH Certified Ethical Hacking Review Questions and Correct Answers
1 view 0 purchase
Course
Ethical Hacking
Institution
Ethical Hacking
White hat If you have been contracted to perform an attack against a target system, you are what type of hacker?
Hacktivist Which of the following describes an attacker who goes after a target to draw attention to a cause?
Low What level of knowledge about hacking does a script kiddie have?
Perm...
CEH Certified Ethical Hacking Review
Questions and Correct Answers
White hat ✅If you have been contracted to perform an attack against a target system,
you are what type of hacker?
Hacktivist ✅Which of the following describes an attacker who goes after a target to
draw attention to a cause?
Low ✅What level of knowledge about hacking does a script kiddie have?
Permission ✅Which of the following does an ethical hacker require to start evaluating
a system?
Complete knowledge ✅A white-box test means the tester has which of the following?
Suicide hacker ✅Which of the following describes a hacker who attacks without regard
for being caught or punished?
A description of expected behavior ✅What is a code of ethics?
Hacktivists ✅The group Anonymous is an example of what?
Legal reasons
Regulatory reasons
To perform an audit ✅Companies may require a penetration test for which of the
following reasons?
Get permission ✅What should a pentester do prior to initiating a new penetration test?
Hacks for political reasons ✅Which of the following best describes what a hacktivist
does?
Hacks without stealth ✅Which of the following best describes what a suicide hacker
does?
Gray hat ✅Which type of hacker may use their skills for both benign and malicious
goals at different times?
A lack of fear of being caught ✅What separates a suicide hacker from other attackers?
,White hat ✅Which of the following would most likely engage in the pursuit of
vulnerability research?
Passively uncovering vulnerabilities ✅Vulnerability research deals with which of the
following?
With no knowledge ✅How is black-box testing performed?
Gives proof ✅A contract is important because it does what?
Target of evaluation ✅What does TOE stand for?
A weakness ✅Which of the following best describes a vulnerability?
Application ✅At which layer of the OSI model does a proxy operate?
Layer 2 ✅If a device is using node MAC addresses to funnel traffic, what layer of the
OSI model is this device working in?
Windows ✅Which OS holds 90 percent of the desktop market and is one of our largest
attack surfaces?
443 ✅Which port uses SSL to secure web traffic?
Collision domain ✅What kind of domain resides on a single switchport?
Ring ✅Which network topology uses a token-based access methodology?
Layer 1 ✅Hubs operate at what layer of the OSI model?
SYN, SYN-ACK, ACK ✅What is the proper sequence of the TCP three-way-
handshake?
TCP ✅Which of these protocols is a connection-oriented protocol?
Telnet ✅A scan of a network client shows that port 23 is open; what protocol is this
aligned with?
49152 to 65535 ✅What port range is an obscure third-party application most likely to
use?
Packet ✅Which category of firewall filters is based on packet header data only?
,IDS ✅An administrator has just been notified of irregular network activity; what
appliance functions in this manner?
Mesh ✅Which topology has built-in redundancy because of its many client
connections?
All nodes attached to the same port ✅When scanning a network via a hardline
connection to a wired-switch NIC in promiscuous mode, what would be the extent of
network traffic you would expect to see?
Proxy ✅What device acts as an intermediary between an internal client and a web
resource?
NAT ✅Which technology allows the use of a single public address to support many
internal clients while also preventing exposure of internal IP addresses to the outside
world?
IPS ✅What network appliance senses irregularities and plays an active role in
stopping that irregular activity from continuing?
SMTP ✅You have selected the option in your IDS to notify you via email if it senses
any network irregularities. Checking the logs, you notice a few incidents but you didn't
receive any alerts. What protocol needs to be configured on the IDS?
Application firewall ✅Choosing a protective network appliance, you want a device that
will inspect packets at the most granular level possible while providing improved traffic
efficiency. What appliance would satisfy these requirements?
Shared key cryptography ✅Symmetric cryptography is also known as __________.
Certificate authority ✅Which of the following manages digital certificates?
Public key ✅Asymmetric encryption is also referred to as which of the following?
Nonreversible ✅Which of the following best describes hashing?
Hashing ✅A message digest is a product of which kind of algorithm?
Two keys ✅A public and private key system differs from symmetric because it uses
which of the following?
PKI system ✅A public key is stored on the local computer by its owner in a
__________.
, Number of keys ✅Symmetric key systems have key distribution problems due to
__________.
Integrity ✅What does hashing preserve in relation to data?
MD5 ✅Which of the following is a common hashing protocol?
A way of encrypting data in a reversible method ✅Which of the following best
describes PGP?
Securing transmitted data ✅SSL is a mechanism for which of the following?
PKI ✅Which system does SSL use to function?
Level 3 ✅In IPsec, encryption and other processes happen at which layer of the OSI
model?
Authentication services ✅In IPsec, what does Authentication Header (AH) provide?
Data security ✅In IPsec, what does Encapsulating Security Payload (ESP) provide?
During transmission ✅At what point can SSL be used to protect data?
PKI ✅Which of the following does IPsec use?
Netscape ✅Who first developed SSL?
AH/ESP ✅IPsec uses which two modes?
Investigation of a target ✅Which of the following best describes footprinting?
Port scanning ✅Which of the following is not typically used during footprinting?
To fine-tune search results ✅Why use Google hacking?
To gain information from human beings ✅What is the role of social engineering?
Check financial filings ✅What is EDGAR used to do?
Operators ✅Which of the following can be used to tweak or fine-tune search results?
Job boards ✅Which of the following can an attacker use to determine the technology
and structure within an organization?
The benefits of buying summaries with Stuvia:
Guaranteed quality through customer reviews
Stuvia customers have reviewed more than 700,000 summaries. This how you know that you are buying the best documents.
Quick and easy check-out
You can quickly pay through credit card or Stuvia-credit for the summaries. There is no membership needed.
Focus on what matters
Your fellow students write the study notes themselves, which is why the documents are always reliable and up-to-date. This ensures you quickly get to the core!
Frequently asked questions
What do I get when I buy this document?
You get a PDF, available immediately after your purchase. The purchased document is accessible anytime, anywhere and indefinitely through your profile.
Satisfaction guarantee: how does it work?
Our satisfaction guarantee ensures that you always find a study document that suits you well. You fill out a form, and our customer service team takes care of the rest.
Who am I buying these notes from?
Stuvia is a marketplace, so you are not buying this document from us, but from seller twishfrancis. Stuvia facilitates payment to the seller.
Will I be stuck with a subscription?
No, you only buy these notes for $12.99. You're not tied to anything after your purchase.