CEH V12 2 Exam Questions with Correct Answers
During a black-box pen test you attempt to pass IRC traffic over port 80/TCP from a compromised web enabled host. The traffic gets blocked; however, outbound HTTP traffic is unimpeded. What type of firewall is inspecting outbound traffic? - Answer-Appl...
CEH V12 2 Exam Questions with
Correct Answers
During a black-box pen test you attempt to pass IRC traffic over port 80/TCP from a
compromised web enabled host. The traffic gets blocked; however, outbound HTTP
traffic is unimpeded. What type of firewall is inspecting outbound traffic? - Answer-
Application
Tony is a penetration tester tasked with performing a penetration test. After gaining
initial access to a target system, he finds a list of hashed passwords. Which of the
following tools would not be useful for cracking the hashed passwords? - Answer-netcat
A company's Web development team has become aware of a certain type of security
vulnerability in their Web software. To mitigate the possibility of this vulnerability being
exploited, the team wants to modify the software requirements to disallow users from
entering HTML as input into their Web application. What kind of Web application
vulnerability likely exists in their software? - Answer-Cross-site scripting vulnerability
Hackers often raise the trust level of a phishing message by modeling the email to look
similar to the internal email used by the target company. This includes using logos,
formatting, and names of the target company. The phishing message will often use the
name of the company CEO, President, or Managers. The time a hacker spends
performing research to locate this information about a company is known as? - Answer-
Reconnaissance
You are a penetration tester tasked with testing the wireless network of your client
Brakeme SA. You are attempting to break into the wireless network with the SSID
"Brakeme-lnternal." You realize that this network uses WPA3 encryption, which of the
following vulnerabilities is the promising to exploit? - Answer-Dragonblood
Jack, a professional hacker, targets an organization and performs vulnerability scanning
on the target web server to identify any possible weaknesses, vulnerabilities, and
misconfigurations. In this process, Jack uses an automated tool that eases his work and
performs vulnerability scanning to find hosts, services, and other vulnerabilities in the
target server. Which of the following tools is used by Jack to perform vulnerability
scanning? - Answer-Netsparker
in this form of encryption algorithm, every Individual block contains 64-bit data, and
three keys are used, where each key consists of 56 bits. Which is this encryption
algorithm? - Answer-Triple Data Encryption standard
Which of the following is a command line packet analyzer similar to GUI-based
Wireshark? - Answer-tcpdump
, Which of the following antennas is commonly used in communications for a frequency
band of 10 MHz to VHF and UHF? - Answer-Yagi antenna
This TCP flag instructs the sending system to transmit all buffered data immediately. -
Answer-PSH
Which regulation defines security and privacy controls for Federal information systems
and organizations? - Answer-NIST-800-53
_________ is a type of phishing that targets high-profile executives such as CEOs,
CFOs, politicians, and celebrities who have access to confidential and highly valuable
information. - Answer-Whaling
By performing a penetration test, you gained access under a user account. During the
test, you established a connection with your own machine via the SMB service and
occasionally entered your login and password in plaintext. - Answer-.bash_history
An attacker is trying to redirect the traffic of a small office. That office is using their own
mail server, DNS server and NTP server because of the importance of their job. The
attacker gain access to the DNS server and redirect the direction www.google.com to
his own IP address. Now when the employees of the office want to go to Google they
are being redirected to the attacker machine. What is the name of this kind of attack? -
Answer-DNS spoofing
Ralph, a professional hacker, targeted Jane, who had recently bought new systems for
her company. After a few days, Ralph contacted Jane while masquerading as a
legitimate customer support executive, informing that her systems need to be serviced
for proper functioning and that customer support will send a computer technician. Jane
promptly replied positively. Ralph entered Jane's company using this opportunity and
gathered sensitive information by scanning terminals for passwords, searching for
important documents in desks, and rummaging bins. - Answer-Impersonation
A security analyst uses Zenmap to perform an ICMP timestamp ping scan to acquire
information related to the current time from the target host machine. Which of the
following Zenmap options must the analyst use to perform the ICMP timestamp ping
scan? - Answer--PP
Ricardo has discovered the username for an application in his target's environment. As
he has a limited amount of time, he decides to attempt to use a list of common
passwords he found on the Internet. He compiles them into a list and then feeds that list
as an argument into his password-cracking application. What type of attack is Ricardo
performing? - Answer-Dictionary
An attacker, using a rogue wireless AP, performed an MITM attack and injected an
HTML code to embed a malicious applet in all HTTP connections. When users
The benefits of buying summaries with Stuvia:
Guaranteed quality through customer reviews
Stuvia customers have reviewed more than 700,000 summaries. This how you know that you are buying the best documents.
Quick and easy check-out
You can quickly pay through EFT, credit card or Stuvia-credit for the summaries. There is no membership needed.
Focus on what matters
Your fellow students write the study notes themselves, which is why the documents are always reliable and up-to-date. This ensures you quickly get to the core!
Frequently asked questions
What do I get when I buy this document?
You get a PDF, available immediately after your purchase. The purchased document is accessible anytime, anywhere and indefinitely through your profile.
Satisfaction guarantee: how does it work?
Our satisfaction guarantee ensures that you always find a study document that suits you well. You fill out a form, and our customer service team takes care of the rest.
Who am I buying this summary from?
Stuvia is a marketplace, so you are not buying this document from us, but from seller Scholarsstudyguide. Stuvia facilitates payment to the seller.
Will I be stuck with a subscription?
No, you only buy this summary for R241,79. You're not tied to anything after your purchase.