100% satisfaction guarantee Immediately available after payment Both online and in PDF No strings attached
logo-home
CEH v12 Practice Questions with Correct Answers R232,49   Add to cart

Exam (elaborations)

CEH v12 Practice Questions with Correct Answers

 14 views  0 purchase
  • Course
  • CEH v12
  • Institution
  • CEH V12

CEH v12 Practice Questions with Correct Answers Identify the type of DNS configuration in which first DNS server on the internal network and second DNS in DMZ? A) EDNS B) Split DNS C) DNSSEC D) DynDNS - Answer-Split DNS The fraudster Lisandro, masquerading as a large car manufacturing c...

[Show more]

Preview 4 out of 109  pages

  • August 12, 2024
  • 109
  • 2024/2025
  • Exam (elaborations)
  • Questions & answers
  • CEH v12
  • CEH v12
avatar-seller
CEH v12 Practice Questions with
Correct Answers
Identify the type of DNS configuration in which first DNS server on the internal network
and second DNS in DMZ?

A) EDNS
B) Split DNS
C) DNSSEC
D) DynDNS - Answer-Split DNS

The fraudster Lisandro, masquerading as a large car manufacturing company recruiter,
massively sends out job offers via e-mail with the promise of a good salary, a friendly
team, unlimited coffee, and medical insurance. He attaches Microsoft Word or Excel
documents to his letters into which he embeds a special virus written in Visual Basic
that runs when the document is opened and infects the victim's computer. What type of
virus does Lisandro use?

A) Polymorphic code
B) Multipart virus
C) Stealth virus
D) Macro virus - Answer-Macro virus

As a result of the attack on the dating web service, Ivan received a dump of all user
passwords in a hashed form. Ivan recognized the hashing algorithm and started
identifying passwords. What tool is he most likely going to use if the service used
hashing without salt?

A) Dictionary attacks
B) Brute force
C) Rainbow table
D) XSS - Answer-Rainbow table

The Domain Name System (DNS) is the phonebook of the Internet. When a user tries to
access a web address like "example.com", web browser or application performs a DNS
Query against a DNS server, supplying the hostname. The DNS server takes the
hostname and resolves it into a numeric IP address, which the web browser can
connect to. Which of the proposed tools allows you to set different DNS query types and
poll arbitrarily specified servers?

A) Metasploit
B) Wireshark
C) Nslookup

,D) Nikto - Answer-Nslookup

Ivan, a black-hat hacker, performs a man-in-the-middle attack. To do this, it uses a
rogue wireless AP and embeds a malicious applet in all HTTP connections. When the
victims went to any web page, the applet ran. Which of the following tools could Ivan
probably use to inject HTML code?

A) Wireshark
B) Aircrack-ng
C) tcpdump
D) Ettercap - Answer-Ettercap

The ping utility is used to check the integrity and quality of connections in networks. In
the process, it sends an ICMP Echo-Request and captures the incoming ICMP Echo-
Reply, but quite often remote nodes block or ignore ICMP. Which of the options will
solve this problem?

A) Use arping
B) Use hping
C) Use traceroute
D) Use broadcast ping - Answer-Use hping

Which of the following is a component of IPsec that performs protocol-level functions
required to encrypt and decrypt the packets?

A) IPsec Policy Agent
B) Oakley
C) IPsec driver
D) Internet Key Exchange (IKE) - Answer-IPsec driver


Which of the following tools is a command-line vulnerability scanner that scans web
servers for dangerous files/CGIs?

A) Snort
B) Kon-Boot
C) John the Ripper
D) Nikto - Answer-Nikto

Michael, a technical specialist, discovered that the laptop of one of the employees
connecting to a wireless point couldn't access the internet, but at the same time, it can
transfer files locally. He checked the IP address and the default gateway. They are both
on 192.168.1.0/24. Which of the following caused the problem?

A) The laptop is using an invalid IP address
B) The laptop and the gateway are not on the same network
C) The laptop isn't using a private IP address

,D) The gateway is not routing to a public IP address - Answer-The gateway is not
routing to a public IP address

Josh, a security analyst, wants to choose a tool for himself to examine links between
data. One of the main requirements is to present data using graphs and link analysis.
Which of the following tools will meet John's requirements?

A) Palantir
B) Maltego
C) Analyst's Notebook
D) Metasploit - Answer-Maltego

What describes two-factor authentication for a credit card (using a card and pin)?

A) Something you know and something you are
B) Something you have and something you know
C) Something you are and something you remember
D) Something you have and something you are - Answer-Something you have and
something you know

Identify a vulnerability in OpenSSL that allows stealing the information protected under
normal conditions by the SSL/TLS encryption used to secure the internet?

A) SSL/TLS Renegotiation Vulnerability
B) POODLE
C) Heartbleed Bug
D) Shellshock - Answer-Heartbleed Bug

You make a series of interactive queries, choosing subsequent plaintexts based on the
information from the previous encryption. What type of attack are you trying to perform?

A) Adaptive chosen-plaintext attack
B) Ciphertext-only attack
C) Known-plaintext attack
D) Chosen-plaintext attack - Answer-Adaptive chosen-plaintext attack

Which of the following does not apply to IPsec?

A) Provides authentication
B) Use key exchange
C) Encrypts the payloads
D) Work at the Data Link Layer - Answer-Work at the Data Link Layer

Alex, a cybersecurity specialist, received a task from the head to scan open ports. One
of the main conditions was to use the most reliable type of TCP scanning. Which of the
following types of scanning would Alex use?

, A) NULL Scan
B) Half-open Scan
C) TCP Connect/Full Open Scan
D) Xmas Scan - Answer-TCP Connect/Full Open Scan

Which of the following Nmap options will you use if you want to scan fewer ports than
the default?

A) -p
B) -sP
C) -T
D) -F - Answer--F

You conduct an investigation and finds out that the browser of one of your employees
sent malicious request that the employee knew nothing about. Identify the web page
vulnerability that the attacker used to attack your employee?

A) Cross-Site Request Forgery (CSRF)
B) Command Injection Attacks
C) File Inclusion Attack
D) Hidden Field Manipulation Attack - Answer-Cross-Site Request Forgery (CSRF)

Which of the following program attack both the boot sector and executable files?

A) Stealth virus
B) Polymorphic virus
C) Macro virus
D) Multipartite virus - Answer-Multipartite virus

Which of the following is the type of violation when an unauthorized individual enters a
building following an employee through the employee entrance?

A) Reverse Social Engineering
B) Tailgating
C) Pretexting
D) Announced - Answer-Tailgating

Maria conducted a successful attack and gained access to a linux server. She wants to
avoid that NIDS will not catch the succeeding outgoing traffic from this server in the
future. Which of the following is the best way to avoid detection of NIDS?

A) Protocol Isolation
B) Out of band signaling
C) Encryption
D) Alternate Data Streams - Answer-Encryption

The benefits of buying summaries with Stuvia:

Guaranteed quality through customer reviews

Guaranteed quality through customer reviews

Stuvia customers have reviewed more than 700,000 summaries. This how you know that you are buying the best documents.

Quick and easy check-out

Quick and easy check-out

You can quickly pay through EFT, credit card or Stuvia-credit for the summaries. There is no membership needed.

Focus on what matters

Focus on what matters

Your fellow students write the study notes themselves, which is why the documents are always reliable and up-to-date. This ensures you quickly get to the core!

Frequently asked questions

What do I get when I buy this document?

You get a PDF, available immediately after your purchase. The purchased document is accessible anytime, anywhere and indefinitely through your profile.

Satisfaction guarantee: how does it work?

Our satisfaction guarantee ensures that you always find a study document that suits you well. You fill out a form, and our customer service team takes care of the rest.

Who am I buying this summary from?

Stuvia is a marketplace, so you are not buying this document from us, but from seller Scholarsstudyguide. Stuvia facilitates payment to the seller.

Will I be stuck with a subscription?

No, you only buy this summary for R232,49. You're not tied to anything after your purchase.

Can Stuvia be trusted?

4.6 stars on Google & Trustpilot (+1000 reviews)

75759 documents were sold in the last 30 days

Founded in 2010, the go-to place to buy summaries for 14 years now

Start selling
R232,49
  • (0)
  Buy now