chapter 10-13 CEH Certified ethical hacker

A security staff is preparing for a security audit and wants to know if additional security training for the end user would be beneficial. Which of the following methods would be the best option for testing the effectiveness of user training in the environment?

A. Vulnerability scanning

B. Application code reviews

C. Sniffing

D. Social engineering

Social engineering

What marks the major difference between a hacker and an ethical hacker (pen test team member)?

A. Nothing.

B. Ethical hackers never exploit vulnerabilities; they only point out their existence.

C. The tools they use.

D. The predefined scope and agreement made with the system owner.

The predefined scope and agreement made with the system owner.

Which of the following best describes a blue team?

A. Security team members defending a network

B. Security team members attacking a network

C. Security team members with full knowledge of the internal network

D. A performance group at Universal Studios in Orlando

Security team members defending a network

In which phase of a penetration test is scanning performed?

A. Pre-attack

B. Attack

C. Post-attack

D. Reconnaissance

Pre-attack

Which type of security assessment notifies the customer of vulnerabilities but does not actively or intentionally exploit them?

A. Vulnerability assessment

B. Scanning assessment

C. Penetration test

D. None of the above

Vulnerability assessment

Which of the following would be a good choice for an automated penetration test? (Choose two.)

A. Nmap

B. Netcat

C. Core Impact

D. CANVAS

Core Impact CANVAS

Which type of testing is generally faster and costs less but is susceptible to more false reporting and contract violation?

A. Internal

B. External

C. Manual

D. Automatic

Automatic

Joe is part of a penetration test team and is starting a test. The client has provided him a system on one of their subnets but did not provide any authentication information, network diagrams, or other notable data concerning the systems. Which type of test is Joe performing?

A. External, white box

B. External, black box

C. Internal, white box

D. Internal, black box

Internal, black box

Which of the following would you find in a final report from a full penetration test? (Choose all that apply.)

A. Executive summary

B. A list of findings from the test

C. The names of all the participants

D. A list of vulnerabilities patched or otherwise mitigated by the team

Executive summary A list of findings from the test The names of all the participants

Which type of security assessment is designed to check policies and procedures within an organization?

A. Security audit

B. Vulnerability assessment

C. Pen test

D. None of the above

Security audit

Which of the following best describes a red team?

A. Security team members defending a network

B. Security team members attacking a network

C. Security team members with full knowledge of the internal network

D. Security team members dedicated to policy audit review

Security team members attacking a network

An attacker creates a fake ID badge and waits next to an entry door to a secured facility. An authorized user swipes a key card and opens the door. The attacker follows the user inside. Which social engineering attack is in play here?

A. Piggybacking

B. Tailgating

C. Phishing

D. Shoulder surfing

Tailgating

An attacker has physical access to a building and wants to attain access credentials to the network using nontechnical means. Which of the following social engineering attacks is the best option?

A. Tailgating

B. Piggybacking

C. Shoulder surfing

D. Sniffing

Shoulder surfing

Bob decides to employ social engineering during part of his pen test. He sends an unsolicited e-mail to several users on the network advising them of potential network problems and provides a phone number to call. Later that day, Bob performs a DoS on a network segment and then receives phone calls from users asking for assistance. Which social engineering practice is in play here?

A. Phishing

B. Impersonation

C. Technical support

D. Reverse social engineering

Reverse social engineering

Phishing, pop-ups, and IRC channel use are all examples of which type of social engineering attack?

A. Human based

B. Computer based

C. Technical

D. Physical

Computer based

An attacker performs a who is search against a target organization and discovers the technical point of contact (POC) and site ownership e-mail addresses. He then crafts an e-mail to the owner from the technical POC, with instructions to click a link to see web statistics for the site. Instead, the link goes to a fake site where credentials are stolen. Which attack has taken place?

A. Phishing

B. Man in the middle

C. Spear phishing

D. Human based

Spear phishing

Which threat presents the highest risk to a target network or resource?

A. Script kiddies

B. Phishing

C. A disgruntled employee

D. A white-hat attacker

A disgruntled employee

Which of the following is not a method used to control or mitigate against static electricity in a computer room?

A. Positive pressure

B. Proper electrical grounding

C. Anti-static wrist straps

D. A humidity control system

Positive pressure

Phishing e-mail attacks have caused severe harm to a company. The security office decides to provide training to all users in phishing prevention. Which of the following are true statements regarding identification of phishing attempts? (Choose all that apply.)

A. Ensure e-mail is from a trusted, legitimate e-mail address source.

B. Verify spelling and grammar is correct.

C. Verify all links before clicking them.

D. Ensure the last line includes a known salutation and copyright entry (if required).

Ensure e-mail is from a trusted, legitimate e-mail address source.

Verify spelling and grammar is correct.

Verify all links before clicking them.

Lighting, locks, fences, and guards are all examples of __________ measures within physical security.

A. physical

B. technical

C. operational

D. exterior

physical

A man receives a text message on his phone purporting to be from Technical Services. The text advises of a security breach and provides a web link and phone number to follow up on. When the man calls the number, he turns over sensitive information. Which social engineering attack was this?

A. Phishing

B. Vishing

C. Smishing

D. Man in the middle

Smishing

Background checks on employees, risk assessments on devices, and policies regarding key management and storage are examples of __________ measures within physical security.

A. physical

B. technical

C. operational

D. None of the above

operational

Your organization installs mantraps in the entranceway. Which of the following attacks is it attempting to protect against?

A. Shoulder surfing

B. Tailgating

C. Dumpster diving

D. Eavesdropping

Tailgating

Which of the following doesn't define a method of transmitting data that violates

a security policy?

A. Backdoor channel

B. Session hijacking

C. Covert channel

D. Overt channel

Overt channel

Which of the following propagates without human interaction?

A. Trojan

B. Worm

C. Virus

D. MITM

Worm

Which of the following don't use ICMP in the attack? (Choose two.)

A. SYN flood

B. Ping of death

C. Smurf

D. Peer to peer

SYN flood Peer to peer

Which of the following is not a recommended step in recovering from a

malware infection?

A. Delete system restore points.

B. Back up the hard drive.

C. Remove the system from the network.

D. Reinstall from original media.

Back up the hard drive.

Which of the following are recommendations to protect against session hijacking?

(Choose two.)

A. Use only nonroutable protocols.

B. Use unpredictable sequence numbers.

C. Use a file verification application, such as Tripwire.

D. Use a good password policy.

E. Implement IPSec throughout the environment.

Use unpredictable sequence numbers. Implement IPSec throughout the environment.

Which of the following attacks an already-authenticated connection?

A. Smurf

B. Denial of service

C. Session hijacking

D. Phishing

Session hijacking

How does Tripwire (and programs like it) help against Trojan attacks?

A. Tripwire is an AV application that quarantines and removes malware

immediately.

B. Tripwire is an AV application that quarantines and removes malware after a

scan.

C. Tripwire is a file-integrity-checking application that rejects malware packets

intended for the kernel.

D. Tripwire is a file-integrity-checking application that notifies you when a system file has been altered, potentially indicating malware.

Tripwire is a file-integrity-checking application that notifies you when a system file has been altered, potentially indicating malware.

Which of the following DoS categories consumes all available bandwidth for the

system or service?

A. Fragmentation attacks

B. Volumetric attacks

C. Application attacks

D. TCP state-exhaustion attacks

Volumetric attacks

During a TCP data exchange, the client has offered a sequence number of 100,

and the server has offered 500. During acknowledgments, the packet shows

101 and 501, respectively, as the agreed-upon sequence numbers. With a window size of 5, which sequence numbers would the server willingly accept as part of this session?

A. 102 through 104

B. 102 through 501

C. 102 through 502

D. Anything above 501

102 through 104

Which of the following does not require the installation of any code on a target's

system and resides in RAM?

A. Fileless malware

B. RAMware

C. Trojan

D. Ransomware

Fileless malware

Which of the following best describes a DRDoS?

A. Multiple intermediary machines send the attack at the behest of the attacker.

B. The attacker sends thousands upon thousands of SYN packets to the machine with a false source IP address.

C. The attacker sends thousands of SYN packets to the target but never responds to any of the return SYN/ACK packets.

D. The attack involves sending a large number of garbled IP fragments with

overlapping, oversized payloads to the target machine.

Multiple intermediary machines send the attack at the behest of the attacker.

Which of the following best describes a teardrop attack?

A. The attacker sends a packet with the same source and destination address.

B. The attacker sends several overlapping, extremely large IP fragments.

C. The attacker sends UDP Echo packets with a spoofed address.

D. The attacker uses ICMP broadcast to DoS targets.

The attacker sends several overlapping, extremely large IP fragments.

Which of the following attacks acts as a man in the middle, exploiting fallback

mechanisms in TLS clients?

A. POODLE

B. Heartbleed

C. FREAK

D. DROWN

RC4 is a simple, fast encryption cipher. Which of the following is not true

regarding RC4?

A. RC4 can be used for web encryption.

B. RC4 uses block encryption.

C. RC4 is a symmetric encryption cipher.

D. RC4 can be used for file encryption.

An organization has decided upon AES with a 256-bit key to secure data exchange.

What is the primary consideration for this?

A. AES is slow.

B. The key size makes data exchange bulky and complex.

C. It uses a shared key for encryption.

D. AES is a weak cipher.

Joe and Bob are both ethical hackers and have gained access to a folder. Joe

has several encrypted files from the folder, and Bob has found one of them

unencrypted. Which of the following is the best attack vector for them to follow?

A. Cipher text only

B. Known plain text

C. Chosen cipher text

D. Replay

You are reviewing an organization's security plans and policies, and you want to add protection for the organization's laptops. Which effort listed protects system folders, files, and MBR until valid credentials are provided at pre-boot?

A. Cloud computing

B. SSL/TLS

C. Full disk encryption

D. AES

Which of the following is used to distribute a public key within the PKI system, verifying the user's identity to the recipient?

A. Digital signature

B. Hash value

C. Private key

D. Digital certificate

A hacker feeds plain-text files into a hash, eventually finding two or more that

create the same fixed-value hash result. This anomaly is known as what?

A. Collision

B. Chosen plain text

C. Hash value compromise

D. Known plain text

An attacker uses a Metasploit auxiliary exploit to send a series of small messages to a server at regular intervals. The server responds with 64Kb of data from its memory. Which of the following best describes the attack being used?

A. POODLE

B. Heartbleed

C. FREAK

D. DROWN

Which of the following statements is true regarding encryption algorithms?

A. Symmetric algorithms are slower, are good for bulk encryption, and have no

scalability problems.

B. Symmetric algorithms are faster, are good for bulk encryption, and have no

scalability problems.

C. Symmetric algorithms are faster, are good for bulk encryption, but have

scalability problems.

D. Symmetric algorithms are faster but have scalability problems and are not

suited for bulk encryption.