CEH v12 Module 1-5 MCQ Test trtpoints 32/50 Email * [email protected] X_ Which of the following OS discovery techniques is used by an attacker to *0/1 identify a target machine's OS by observing the TTL values in the acquired scan result? © 0 discovery using Nmap x © 08 discovery using Nmap Script Engine © 08 discovery using IPv6 fingerprinting © 08 discovery using Unicornscan Correct answer © 08 discovery using UnicornscanOo@0°0 Oo@O00 Which of the following meta-features of the diamond model can helpa_—*1/1 security analyst analyze how an attacker was routed to the target network or system? Result Timestamp. Direction v Resource Which of the following types of scanning involves the process of an checking the services running on a target computer by sending a sequence of messages to break in? Banner grabbing Vulnerability scanning Port scanning v Network scanningX_ Which of the following activities of an organization on social networking *0/1 sites helps an attacker footprint or collect information regarding the type of business handled by the organization? © Promotion of products x © Background checks to hire employees © User support © User surveys Correct answer © Background checks to hire employees Which of the following is an online platform that can be used to collect *1/1 and analyze information about devices and websites available on the Internet? @ Spyse v © Zimperium's zips O Fik Imager © Dependency Walkerx Which of the following ntpdate parameters is used by an attackerto ——*0/1 perform a function that can force the time to always be stepped? Oo@O x Oa Correct answer @» X_ Which of the following practices can make the organization's network *0/1 susceptible to port scanning attempts? ‘Test how the network firewall and IDS manages fragmented packets using fragtest and fragroute. © Block inbound [CMP message types and all outbound ICMP type-3 unreachable messages at border routers arranged in front of the company’s main firewall. © Avoid using proxy servers to block fragmented or malformed packets. © “iiigure commercial firewalls to protect the network egeinet fast port scans XX and SYN floods. Correct answer © Avoid using proxy servers to block fragmented or malformed packets.X_ Vulnerability scanning solutions perform vulnerability penetration tests *0/1 on organizational networks in three steps. After performing which of the following steps does a pen tester enumerate the open ports and services along with the operating system on the target systems? CO Testing the services © Locating nodes @ Service and OS discovery x O Testing the os Correct answer @ Locating nodes v av Which of the following categories of information warfare involves the use of information systems against the virtual personas of individuals or groups and includes information terrorism, semantic attacks, and simula- warfare? O Electronic warfare © cyberwarfare v © Intelligence-based warfare O Economic warfareWhich of the following techniques does an attacker use to snoop onthe *1/1 communication between users or devices and record private information to launch passive attacks? © Eavesdropping v O ‘Session hijacking CO Privilege escalation O Spoofing Which of the following smtp-user-enum options is used to select the file *1/1 containing hostnames running the SMTP service? © ~tuser O 4file @ file v O +host Which of the following practices allows attackers to execute external *1/1 SNMP enumeration attempts on the target network? © Never change the default or current passwords v © Avoid using the “NoAuthNoPriv” mode © Encrypt credentials using the "AuthNoPriv” mode. © Regularly audit the network traffic.X_ Which of the following management information bases (MIBs) contains *0/1 object types for workstation and server services? O UNMIB2.MIB O MBILMB @ HostTmiB.MiB x O wWINs.MIB Correct answer © Lnmie2.miB In machine-learning classification techniques, which of the following isa _*1/1 subcategory of supervised learning that is used when the data classes are not separated or the data are continuous? Regression v Clusteringy Dimensionality reduction O00 ®@ ClassificationJoel, a professional hacker, has targeted an organization to steal a” sensitive information remotely. He was successful in the attack and was able to access sensitive data of the organization. He is now trying to wipe out the entries corresponding to his activities in the system to remain undetected, Which of the following hacking steps is Joel performing now? © Clearing logs v © Escalating privileges © Maintaining access O Gaining access Which of the following search engine tools helps an attacker use an an image as a search query and track the original source and details of images, such as photographs, profile pictures, and memes? O Mention O Intelius O Sublist3r ©@ Tineye vOo00 © Oo0o0 © Identify the tool used by attackers to enumerate AD users and perform *1/1 different searches using specific filters. Ladpsearch v DNSRecon netstat Portary Identify the practice that makes an organizational network susceptible to *1/1 SMTP enumeration attacks. Do not limit the number of accepted connections from a source. v Do not share internal IP/host information or mail relay system information Ignore emails to unknown recipients by configuring SMTP servers. Disable the open relay feature.George, a professional hacker, wanted to test his computer skills. So,he | *1/1 decided to execute an attack on a company and access important files of the company. In this process, he performed NFS enumeration using a tool to download important files shared through the NFS server. Which of the following tools helps George perform NFS enumeration? © KeyGrabber © Dependency Walker @ rPcscan v © ollydbg X Smith, an ethical hacker, was hired to perform a vulnerability analysis and *0/1 security audit on an organization. He used a vulnerability management tool for the assessment and documented variations and findings including the final report, along with remediation steps to mitigate the identified risks. Which of the following elements of the vulnerability report includes each host's detailed information and contains the name and address of the host, operating system type, and date of the test? CO Risk Assessment © Recommendations O Findings @ Assessment scope and objectives x Correct answer @ FindingsX Bob recently joined an organization and completed his training. His work *0/1 involved dealing with important documents of the organization. On one Sunday, he connected to the corporate network by providing authentication credentials to access a file online from his residence. Which of the following elements of information security was demonstrated in the above scenario? O Integrity O Non-tepudiation © Authenticity x O Availability Correct answer © Availability YY Which of the following tools is used by an attacker for SMTP enumeration *1/1 and to extract all the email header parameters, including confirm/urgent flags? © Snmpcheck O Wireshark O Xplorer © NetscanTools Pro vWhich of the following tools allows an attacker to scan domains and *1/1 obtain a list of subdomains, records, IP addresses, and other valuable information from a target host? O cSploit O Ray © Nmap v O Experian Which NMAP feature can a tester implement or adjust while scanning for *1/1 open ports to avoid detection by the network's IDS? © IeMP ping sweep to determine which hosts on the network are not available © Traceroute to control the path of the packets sent during the scan © Timing options to slow the speed that the port scan is conducted v CO Fingerprinting to identify which operating systems are running on the network Y_ Which of the following tools consists of a publicly available set of an databases that contain personal information of domain owners? © Metadata extraction tools O Traceroute tools © WHOIs lookup tools v © Web spidering toolsWhich of the following terms refers to the process of reducing the “mn severity of vulnerabilities in the vulnerability management life cycle? @ Remediation v © Vulnerability assessment O Verification O Risk assessment Y Which of the following is a visualization and exploration tool that allows *1/1 attackers to explore and understand graphs, create hypotheses, and discover hidden patterns between social networking connections? O Mention © theHarvester O Netcraft © Gephi v Y Which of the following commands allows attackers to fetch the SNMP *1/1 server type and operating system? © nmap -sU-p 161 ~script=snmp-processes © nmap -p 25-script=smtp-open-relay © nmap -p 25 ~script=smtp-enum-users © nmap -s -p 161 ~script=snmp-sysdescr vX_ Which of the following protocols is widely used by Internet service von providers (ISPs) to maintain huge routing tables and efficiently process Internet traffic? O sp O BoP © TFIP x O Fie Correct answer © scp Robert, a professional hacker, was tasked with retrieving critical an information from a target network. For this purpose, Robert employed a command-line tool to fetch information from all the network sub-nodes such as routers and switches in the form of an object identifier (01D), which is part of the management information base (MIB). Identify the tool employed by Robert in the above scenario. O Factiva © snmpwalk v O Tor Browser O SpokeoWhich of the following tools does an attacker use to perform a query on *1/1 the platforms included in OSRFramework? @ searchfy.py v O usutypy O domainfy.py O mailty.py Which of the following tools are useful in extracting information about *1/1 ‘the geographical location of routers, servers, and IP devices in a network? © Website mirroring tools CO Web spidering tools @ Traceroute tools v © Email tracking toolsO00 ®@ Oo0O0®@ Juan is the administrator of a Windows domain for a global corporation. *1/1 He uses his knowledge to scan the internal network to find vulnerabilities without the authorization of his boss; he tries to perform an attack and gain access to an AIX server to show the results to his boss. What kind of role is shown in the scenario? Gray hat hacker v Black hat hacker White hat hacker Annoying employee Which of the following commands allows an attacker to list all the SMTP. *1/1 commands available in the nmap directory? nmap -p 25, 365, 587 -script=smtp-commands v map -p 25 -s =smtp-enum-users nmap -T4 -p 53 -script dns-brute map -p 25 -script=smtp-open-relay 5>6>2>4 @ 1555352654 x O 655453251 Correct answer © 15355265204X_ You are doing research on SQL injection attacks. Which of the following *0/1 combination of Google operators will you use to find all Wikipedia pages that contain information about SQL, injection attacks, or SQL injection techniques? © site-Wikipedia.org related:"SQL Injection” x © allinurl: Wikipedia.org intitle:"SQL Injection” CO site:Wikipedia.org intitle:*SQL Injection’ © SAL injection site: Wikipedia.org Correct answer © SAL injection site:-Wikipedia.org X_ Which of the following is NOT an objective of network scanning? * on © Discover the services running CO Discover the network's live hosts O Discover usernames and passwords © Discover the app running x Correct answer © Discover usernames and passwords_Bayron is the CEO of a medium size company with regional operations in *1/1 America. He recently hired a security analyst to implement an Information Security Management System (|SMS) to minimize risk and limit the impact of a security breach. The analyst was asked to design and implement patch management, vulnerability management, IDS deployment, and security incident handling procedures for the company. Which of these is a reactive process? Security incident handling v Vulnerability management IDS deployment OoO00 ®@ Patch management Which of the following practices allows attackers to spoof the IP an addresses of users to enter a network illegitimately? Avoid configuring routers to verify the data packets using their signatures by \/ storing the arriving data packet digests. Use a secure VPN while accessing public Internet services such as free Wi-Fi and hotspots. Implement digital certificate authentication mechanisms such as domain and two- way auth certificate verification. Enhance the integrity and confidentiality of websites by migrating from IPv4 to IPv6 during development. Oo 0 0 ®Which of the following LDAP enumeration tools is used by an attacker to *1/1 access the directory listings within Active Directory or other directory services? O xorc © Adexplorer v O Slowloris O HULK Y_ Which of the following TCP communication flags notifies the an transmission of a new sequence number and represents the establishment of a connection between two hosts? O RsT flag O FINflag O PSH flag @ syn flag vOo 0 8 0 OoO0@O0O Which Google search query will search for any files a target “mn certifiedhacker.com may have? allinurt: certifiedhacker.com ext:xml | ext:conf | extienf | ext:reg | extinf | ext:rdp | ext:cfg | ext:txt | ext:ora | extini site: certifiedhacker.com filetype:xml | filetype:conf | filetype-cnf | filetypereg| filetype:inf | fletype:rdp | filetype:cfg | filetype:txt | filetype:ora | filetypesini site: certifiedhacker.com ext:xm| || ext:conf || ext:enf || ext:reg || extiinf Il ext:tdp || ext:cfg || ext:bxt || ext:ora || ext:ini site: certifiedhacker.com intextxml | intext:conf | intext:onf | intext:reg | intext:inf | intextrdp | intexticfg | intext:txt | intextrora | intextiini Which of the following protocols can be protected from enumeration by *1/1 simply blocking access to TCP/UDP port 161 on agent devices? FIP. SNMP v SMTP SMBWhich of the following types of vulnerability assessment solutions starts *1/1 by building an inventory of the protocols, services, and vulnerabilities found on a machine and executes only the relevant tests? O Sservice-based solutions O Product-based solutions © Tree-based assessment @ Inference-based assessment v Y Which of the following commands is used by an SNMP agent to meeta*1/1 request made by the SNMP manager? @ GetResponse v O SetRequest CO GetNextRequest O SettheRequest Which of the following NTP commands determines where the NTP server *1/1 obtains the time from and follows the chain of NTP servers back to its primary time source? O tpg © aiptrace v O otpdate O ntpdeY Which of the following commands allows attackers to retrieve the a” archived URLs of a target website from archive.org? © theHarvester -d microsoft.com -1 200-b linkedin © ‘theHarvester -d microsoft -1 200 -b linkedin O cew! www.certifiedhacker.com © photon.py-u http//www.certifiedhacker com -1 3 -t 200 -wayback v This form was created inside of Hackerschool.n. Does this form look suspicious? Report Google Forms