CEH v12 Practice Questions with Correct Answers
Identify the type of DNS configuration in which first DNS server on the internal network and second DNS in DMZ?
A) EDNS
B) Split DNS
C) DNSSEC
D) DynDNS - Answer-Split DNS
The fraudster Lisandro, masquerading as a large car manufacturing c...
CEH v12 Practice Questions with
Correct Answers
Identify the type of DNS configuration in which first DNS server on the internal network
and second DNS in DMZ?
A) EDNS
B) Split DNS
C) DNSSEC
D) DynDNS - Answer-Split DNS
The fraudster Lisandro, masquerading as a large car manufacturing company recruiter,
massively sends out job offers via e-mail with the promise of a good salary, a friendly
team, unlimited coffee, and medical insurance. He attaches Microsoft Word or Excel
documents to his letters into which he embeds a special virus written in Visual Basic
that runs when the document is opened and infects the victim's computer. What type of
virus does Lisandro use?
A) Polymorphic code
B) Multipart virus
C) Stealth virus
D) Macro virus - Answer-Macro virus
As a result of the attack on the dating web service, Ivan received a dump of all user
passwords in a hashed form. Ivan recognized the hashing algorithm and started
identifying passwords. What tool is he most likely going to use if the service used
hashing without salt?
A) Dictionary attacks
B) Brute force
C) Rainbow table
D) XSS - Answer-Rainbow table
The Domain Name System (DNS) is the phonebook of the Internet. When a user tries to
access a web address like "example.com", web browser or application performs a DNS
Query against a DNS server, supplying the hostname. The DNS server takes the
hostname and resolves it into a numeric IP address, which the web browser can
connect to. Which of the proposed tools allows you to set different DNS query types and
poll arbitrarily specified servers?
A) Metasploit
B) Wireshark
C) Nslookup
,D) Nikto - Answer-Nslookup
Ivan, a black-hat hacker, performs a man-in-the-middle attack. To do this, it uses a
rogue wireless AP and embeds a malicious applet in all HTTP connections. When the
victims went to any web page, the applet ran. Which of the following tools could Ivan
probably use to inject HTML code?
A) Wireshark
B) Aircrack-ng
C) tcpdump
D) Ettercap - Answer-Ettercap
The ping utility is used to check the integrity and quality of connections in networks. In
the process, it sends an ICMP Echo-Request and captures the incoming ICMP Echo-
Reply, but quite often remote nodes block or ignore ICMP. Which of the options will
solve this problem?
A) Use arping
B) Use hping
C) Use traceroute
D) Use broadcast ping - Answer-Use hping
Which of the following is a component of IPsec that performs protocol-level functions
required to encrypt and decrypt the packets?
A) IPsec Policy Agent
B) Oakley
C) IPsec driver
D) Internet Key Exchange (IKE) - Answer-IPsec driver
Which of the following tools is a command-line vulnerability scanner that scans web
servers for dangerous files/CGIs?
A) Snort
B) Kon-Boot
C) John the Ripper
D) Nikto - Answer-Nikto
Michael, a technical specialist, discovered that the laptop of one of the employees
connecting to a wireless point couldn't access the internet, but at the same time, it can
transfer files locally. He checked the IP address and the default gateway. They are both
on 192.168.1.0/24. Which of the following caused the problem?
A) The laptop is using an invalid IP address
B) The laptop and the gateway are not on the same network
C) The laptop isn't using a private IP address
,D) The gateway is not routing to a public IP address - Answer-The gateway is not
routing to a public IP address
Josh, a security analyst, wants to choose a tool for himself to examine links between
data. One of the main requirements is to present data using graphs and link analysis.
Which of the following tools will meet John's requirements?
A) Palantir
B) Maltego
C) Analyst's Notebook
D) Metasploit - Answer-Maltego
What describes two-factor authentication for a credit card (using a card and pin)?
A) Something you know and something you are
B) Something you have and something you know
C) Something you are and something you remember
D) Something you have and something you are - Answer-Something you have and
something you know
Identify a vulnerability in OpenSSL that allows stealing the information protected under
normal conditions by the SSL/TLS encryption used to secure the internet?
A) SSL/TLS Renegotiation Vulnerability
B) POODLE
C) Heartbleed Bug
D) Shellshock - Answer-Heartbleed Bug
You make a series of interactive queries, choosing subsequent plaintexts based on the
information from the previous encryption. What type of attack are you trying to perform?
A) Adaptive chosen-plaintext attack
B) Ciphertext-only attack
C) Known-plaintext attack
D) Chosen-plaintext attack - Answer-Adaptive chosen-plaintext attack
Which of the following does not apply to IPsec?
A) Provides authentication
B) Use key exchange
C) Encrypts the payloads
D) Work at the Data Link Layer - Answer-Work at the Data Link Layer
Alex, a cybersecurity specialist, received a task from the head to scan open ports. One
of the main conditions was to use the most reliable type of TCP scanning. Which of the
following types of scanning would Alex use?
, A) NULL Scan
B) Half-open Scan
C) TCP Connect/Full Open Scan
D) Xmas Scan - Answer-TCP Connect/Full Open Scan
Which of the following Nmap options will you use if you want to scan fewer ports than
the default?
A) -p
B) -sP
C) -T
D) -F - Answer--F
You conduct an investigation and finds out that the browser of one of your employees
sent malicious request that the employee knew nothing about. Identify the web page
vulnerability that the attacker used to attack your employee?
A) Cross-Site Request Forgery (CSRF)
B) Command Injection Attacks
C) File Inclusion Attack
D) Hidden Field Manipulation Attack - Answer-Cross-Site Request Forgery (CSRF)
Which of the following program attack both the boot sector and executable files?
A) Stealth virus
B) Polymorphic virus
C) Macro virus
D) Multipartite virus - Answer-Multipartite virus
Which of the following is the type of violation when an unauthorized individual enters a
building following an employee through the employee entrance?
A) Reverse Social Engineering
B) Tailgating
C) Pretexting
D) Announced - Answer-Tailgating
Maria conducted a successful attack and gained access to a linux server. She wants to
avoid that NIDS will not catch the succeeding outgoing traffic from this server in the
future. Which of the following is the best way to avoid detection of NIDS?
A) Protocol Isolation
B) Out of band signaling
C) Encryption
D) Alternate Data Streams - Answer-Encryption
The benefits of buying summaries with Stuvia:
Guaranteed quality through customer reviews
Stuvia customers have reviewed more than 700,000 summaries. This how you know that you are buying the best documents.
Quick and easy check-out
You can quickly pay through EFT, credit card or Stuvia-credit for the summaries. There is no membership needed.
Focus on what matters
Your fellow students write the study notes themselves, which is why the documents are always reliable and up-to-date. This ensures you quickly get to the core!
Frequently asked questions
What do I get when I buy this document?
You get a PDF, available immediately after your purchase. The purchased document is accessible anytime, anywhere and indefinitely through your profile.
Satisfaction guarantee: how does it work?
Our satisfaction guarantee ensures that you always find a study document that suits you well. You fill out a form, and our customer service team takes care of the rest.
Who am I buying this summary from?
Stuvia is a marketplace, so you are not buying this document from us, but from seller Scholarsstudyguide. Stuvia facilitates payment to the seller.
Will I be stuck with a subscription?
No, you only buy this summary for R232,49. You're not tied to anything after your purchase.