CEH Tools

Which of the following deep and dark web searching tools helps an attacker obtain information about official government or federal databases and navigate anonymously without being traced?

ExoneraTor

Which of the following tools is used for gathering email account information from different public sources and checking whether an email was leaked using the haveibeenpwned.com API?

Infoga

Which of the following tools allows an attacker to extract information such as sender identity, mail server, sender’s IP address, location, and so on?

Email tracking tools

Steve, an attacker, wants to track the most shared content that belongs to the target organization. For this purpose, he used an advanced social search engine that displayed shared activity across all major social networks including Twitter, Facebook, LinkedIn, Google Plus, and Pinterest.

What is the tool employed by Steve in the above scenario?

BuzzSumo

Robert, an attacker, targeted a high-level executive of an organization and wanted to obtain information about the executive on the Internet. He employed a tool through which he discovered the target user on various social networking sites, along with the complete URL.

What is the tool used by Robert in the above scenario?

Sherlock

Jacob, a professional hacker, targeted an organization’s website to find a way into its network. To achieve his goal, he employed a footprinting tool that helped him in gathering confidential files and other relevant information related to the target website from public source-code repositories.

Identify the footprinting tool employed by Jacob in the above scenario.

Recon-ng

Which of the following tools allows attackers to construct and analyze social networks and obtain critical information about the target organization/users?

NodeXL

Jude, a professional hacker, targeted an organization’s web server. Jude wanted to extract the information removed from older copies or archived links of the target website. For this purpose, he employed an exploration tool that assisted him in retrieving the archived URLs of the target website.

Identify the tool employed by Jude in the above scenario.

Photon

Which of the following search engine tools helps an attacker use an image as a search query and track the original source and details of images, such as photographs, profile pictures, and memes?

TinEye

Which of the following web services provides useful information about a target company, such as the market value of the company’s shares, company profile, and competitor details?

investing.com

Which of the following tools allows attackers to search for people belonging to the target organization?

Spokeo

James, a professional hacker, targeted the employees of an organization to establish footprints in their network. For this purpose, he employed an online reconnaissance tool to extract information on individuals belonging to the target organization. The tool assisted James in obtaining employee information such as phone numbers, email addresses, address history, age, date of birth, family members, and social profiles.

Identify the tool employed by James in the above scenario.

Spokeo

Which of the following tools is a command-line search tool for Exploit-DB that allows taking a copy of the Exploit database for remote use?

SearchSploit

Peter, a professional hacker, targeted an organization’s network to gather as much information as possible to perform future attacks. For this purpose, he employed a reconnaissance framework that helped him gather confidential information such as private Secure Shell (SSH) and Secure Sockets Layer (SSL) keys as well as dynamic libraries from an online third-party repository.

Identify the online third-party repository targeted by Peter in the above scenario.

GitLab

Which of the following is a visualization and exploration tool that allows attackers to explore and understand graphs, create hypotheses, and discover hidden patterns between social networking connections?

Gephi

Which of the following tools does an attacker use to perform a query on the platforms included in OSRFramework?

searchfy.py

Which of the following is an online platform that can be used to collect and analyze information about devices and websites available on the Internet?

Spyse

Which of the following scanning tools is a mobile app for Android and iOS that provides complete network information, such as the IP address, MAC address, device vendor, and ISP location?

Fing

If a tester is attempting to ping a target that exists but receives no response or a response that states the destination is unreachable, ICMP may be disabled and the network may be using TCP. Which other option could the tester use to get a response from a host using TCP?

Hping

Which of the following open-source tools would be the best choice to scan a network for potential targets?

NMAP

Which of the following ping methods is effective in identifying active hosts similar to the ICMP timestamp ping, specifically when the administrator blocks the conventional ICMP ECHO ping?

ICMP address mask ping scan

A security engineer is attempting to perform scanning on a  company’s internal network to verify security policies of their networks. The engineer uses the following NMAP command: nmap –n –sS –P0 –p 80 \*\*\*.\*\*\*.\*\*.\*\*. What type of scan is this?

Stealth scan

Which of the following OS discovery techniques is used by an attacker to identify a target machine’s OS by observing the TTL values in the acquired scan result?

OS discovery using Unicornscan

Which of the following online resources helps an attacker in performing vulnerability research?

MITRE CVE

Which of the following command-line tools displays the CPU and memory information or thread statistics?

PsList

Which of the following windows utilities allow an attacker to perform NetBIOS enumeration?

nbtstat

Which of the following tools supports the nbstat.nse script that allows attackers to retrieve the target’s NetBIOS names and MAC addresses?

NMAP

Robert, a professional hacker, was tasked with retrieving critical information from a target network. For this purpose, Robert employed a command-line tool to fetch information from all the network sub-nodes such as routers and switches in the form of an object identifier (OID), which is part of the management information base (MIB).

Identify the tool employed by Robert in the above scenario.

Snmpwalk

Which of the following management information bases (MIBs) contains object types for workstation and server services?

LNMIB2.MIB

Which of the following LDAP enumeration tools is used by an attacker to access the directory listings within Active Directory or other directory services?

AD Explorer

Identify the tool used by attackers to enumerate AD users and perform different searches using specific filters.

Ldapsearch

George, a professional hacker, wanted to test his computer skills. So, he decided to execute an attack on a company and access important files of the company. In this process, he performed NFS enumeration using a tool to download important files shared through the NFS server.

Which of the following tools helps George perform NFS enumeration?

RPCScan

Which of the following tools is a framework that contains an SMTP enumeration module that allows attackers to connect to the target SMTP server and enumerate usernames using predefined wordlists?

Metsploit

Which of the following tools allows an attacker to scan domains and obtain a list of subdomains, records, IP addresses, and other valuable information from a target host?

NMAP

Which of the following tools is used by an attacker for SMTP enumeration and to extract all the email header parameters, including confirm/urgent flags?

NetScanTools Pro

Which of the following enumeration tools allows an attacker to fetch the IPv6 address of a machine through SNMP?

Enyx

Greg, a professional hacker, targeted an organization and performed user enumeration on a remote system of the target organization. In this process, he used a command-line utility to successfully gather the list of users who are logged into the remote system and their login times.

Which of the following command-line utilities was employed by Greg for user enumeration?

Finger

Which of the following tool is a DNS interrogation tool?

Dig

John, an ethical hacker, is performing a vulnerability assessment on an organization’s network. He used tools such as fuzzers to discover and identify previously unknown vulnerabilities in the system and tested whether a product is resistant to a known vulnerability.

Which of the following types of vulnerability assessment tools did John employ?

Depth assessment tools

Which of the following tools will scan a network to perform vulnerability checks and compliance auditing?

Nessus

Sanya is a security analyst in a multinational company who wants to schedule scans across multiple scanners, use wizards to easily and quickly create policies, and send results via email to her boss. Which vulnerability assessment tool should she use to get the best results?

Nessus Professional

Which of the following types of vulnerability assessment tools provides security assessment by testing vulnerabilities in the applications and operating system by providing standard controls?

Scope assessment tools

Which of the following tools helps an ethical hacker detect buffer overflow vulnerabilities in an application?

OllyDbg

Jake, a professional hacker, was hired to perform attacks on a target organization and disrupt its services. In this process, Jake decided to exploit a buffer overflow vulnerability and inject malicious code into the buffer to damage files. He started performing a stack-based buffer overflow to gain shell access to the target system.

Which of the following types of registers in the stack-based buffer overflow stores the address of the next data element to be stored onto the stack?

ESP

Jude, a security professional in an organization, decided to strengthen the security of the applications used by the organization. In this process, he used a buffer-overflow detection tool that recognizes buffer overflow vulnerabilities in the applications.

Which of the following tools helps Jude detect buffer overflow vulnerabilities?

Splint

Which of the following vulnerability repositories is available online and allows attackers access to information about various software vulnerabilities?

https://vulners.com

Which of the following is a password cracking tool that allows attackers to reset the passwords of the Windows local administrator, domain administrator, and other user accounts?

Secure Shell Brute Forcer

Aster, a professional hacker, was tasked with identifying insecurities in an organizational network. For this purpose, Aster employed a toolset to perform security checks and find insecurities, which can be exploited to launch active attacks.

Which of the following tools did Aster employ in the above scenario?

GhostPack Seatbelt

Which of the following misconfigured services allows attackers to deploy Windows OS without the intervention of an administrator?

Unattended installs

Which of the following vulnerabilities allows attackers to trick a processor to exploit speculative execution to read restricted data?

Spectre

Which of the following vulnerabilities is found in all the Intel processors and ARM processors deployed by Apple (and others) and leads to tricking a process to access out of bounds memory by exploiting CPU optimization mechanisms such as speculative execution?

Meltdown

Malcolm, a professional hacker, targeted a Windows-based system to gain backdoor access. For this purpose, he escalated privileges by replacing the Windows App switcher accessibility feature with cmd.exe to gain backdoor access when a key combination is pressed at the login screen.

Identify the Windows accessibility feature exploited by Malcolm in the above scenario.

C:\\Windows\\System32\\AtBroker.exe

Which of the following tools allows attackers to obtain detailed information about the kernel, which can be used to escalate privileges on the target system?

linpostexp

Which of the following is a post-exploitation tool used to check for common misconfigurations and find a way to escalate privileges?

BeRoot

Ray, a professional hacker, was hired to gather sensitive information from an organization. In the attack process, he used a tool to determine which DLLs are executable requests without an absolute path and to place his malicious DLL high up the search path so that it gets invoked before the original DLL.

Which of the following tools helps Ray perform the above task?

Robber

A pen tester is using Metasploit to exploit an FTP server and pivot to a LAN. How will the pen tester pivot using Metasploit?

Create a route statement in the meterpreter.

Which of the following is a shim that runs in the user mode and is used by attackers to bypass UAC and perform different attacks including the disabling of Windows Defender and backdoor installation?

RedirectEXE

Which of the following tools allows attackers to perform a DCSync attack to retrieve password hashes of other domain controllers?

Mimikatz

Which of the following is sophisticated malware that targets Windows machines, spreads its infection from one machine to another, and is distributed via a fake malicious Telegram installer?

Purple Fox rootkit

Which of the following is malicious code concealed within UEFI firmware in SPI flash, scheduled to be executed at a specific time?

MoonBounce

Which of the following Windows command-line tools is utilized by an attacker to overwrite data for preventing recovery in the future and also encrypt and decrypt data in NTFS partitions?

Cipher.exe

Which of the following is used by an attacker to manipulate the log files?

SECEVENT.EVT

Which of the following is a sh-compatible shell that stores command history in a file?

BASH

Which of the following malware components performs the desired activity when activated and is used by attackers for deleting or modifying files, degrading the system performance, opening ports, and changing settings to compromise system security?

Payload

Which of the following malware components contains code or a sequence of commands that can take advantage of a bug or vulnerability in a digital system or device?

Exploit

Which of the following malware components is a piece of software that can conceal the existence of malware and can be used to elude antivirus detection?

Crypter

Which component of the malware conceals the malicious code via various techniques, thus making it hard for security mechanisms to detect or remove it?

Obfuscator

A technique allows attackers to inject malicious macros into Windows-based files and host them on their servers. When a user opens the document, the malicious template is automatically retrieved from the remote server by evading security systems. Identify this technique

Rich Text Format Injection

Identify the PUA that compels users to download unwanted programs that have features of peer-to-peer file sharing.

Torrent

Which of the following are programs that are automatically installed and configured in a system to call a set of contacts at several locations without the user’s consent?

Dialers

Which of the following tools is used by an attacker to employ a wrapper that can bind a Trojan executable with genuine-looking .EXE applications, such as games or office applications?

IExpress Wizard

Which of the following Rootkit Trojans performs targeted attacks against various organizations and arrives on the infected system by being downloaded and executed by the Trickler dubbed "DoubleFantasy," covered by TSL20110614-01 (Trojan.Win32.Micstus.A)?

EquationDrug Rootkit

Which of the following Trojans uses port number 1863 to perform attack?

XtremeRAT

Identify the Botnet Trojan that exhibits the following characteristics:

* Login attempts with 60 different factory default username and password pairs


* Built for multiple CPU architectures (x86, ARM, Sparc, PowerPC, Motorola)
* Connects to CnC to allows the attacker to specify an attack vector
* Increases bandwidth usage for infected bots
* Identifies and removes competing malware

Mirai

A hacker wants to encrypt and compress 32-bit executables and .NET apps without affecting their direct functionality. Which of the following cryptor tools should be used by the hacker?

BitCrypter

Which of the following Trojan construction kits is used to create user-specified Trojans by selecting from the various options available?

DarkHorse Trojan Virus Maker

Which of the following is not a remote access Trojan?

* Kedi RAT
* Netwire
* Wingbird
* Theef

Wingbird

Steve, a professional hacker, was hired to target the IoT and routing devices of a target organization. For this purpose, Steve employed an exploit kit to distribute DDoS functionalities to devices installed on the target network.

Which of the following exploit kits did Steve employ in the above scenario?

BotenaGo

While preparing testbeds for malware analysis, which of the following techniques is used to manually perform dynamic analysis?

Sandbox

Identify the monitoring tool that exhibits the following features:

* Reliable capture of process details, including image path, command line, user and session ID.
* Configurable and moveable columns for any event property.
* Filters can be set for any data field, including fields not configured as columns.
* Advanced logging architecture scales to tens of millions of captured events and gigabytes of log data.
* Process tree tool shows the relationship of all processes referenced in a trace.
* Native log format preserves all data for loading in a different Process Monitor instance

Process monitor

Which of the following is an application that is used for determining file types and can easily add its own algorithms for detecting or modifying existing signatures?

Detect It Easy (DIE)

Which of the following tools allows security analysts to retrieve information about one or more ELF object files and extract static artifacts from an ELF executable?

readelf

Asher, a security analyst, was tasked with analyzing a recent malware incident at an organization. For this purpose, Asher employed a malware analysis platform that scans files, URLs, end points, and memory dumps. It helped Asher extract strings from the malware samples and in identifying whether those strings are used in other files.

Identify the tool employed by Asher in the above scenario.

Intezer

Which of the following is an executable file format in iOS similar to the Portable Executable (PE) format for Windows and ELF for Linux?

Mach-O

Identify the utility that can be used to view Mach-O executable files and find information regarding the logical pages associated with those files.

pagestuff

Identify the tool that allows security analysts to identify malicious code and Objective-C methods such as deleteAppBySelf during malware analysis.

pagestuff

Which of the following tools allows security analysts to parse a malicious Office document to identify the streams that contain macros?

oledump

Jeremy, a professional hacker, targeted a Windows-based system of a government agency that contained confidential files. Using fileless malware, Jeremy compromised the legitimate Windows processes on the target machine and established a secure C2 communication channel to it without any open listening port.

Identify the fileless malware used by Jeremy in the above scenario.

SockDetour

Identify the fileless malware that allows attackers to create a stealthy backup backdoor that can continue operation even after the primary backdoor is detached from the infected machine.

SockDetour

Which of the following tools helps an attacker in performing malware disassembly?

Ghirda

Richard, a system engineer in an organization, was instructed to monitor the network for any abnormal activities. For this purpose, he used a tool to check active TCP connections, ports on which the computer is listening, Ethernet statistics, the IP routing table, IPv4 statistics, and IPv6 statistics.

Which of the following tools was employed by Richard in the above scenario?

Netstat

By conducting which of the following monitoring techniques can a security professional identify the presence of any malware that manipulates HKEY_LOCAL_MACHINE\\System\\CurrentControlSet\\Services registry keys to hide its processes? 

Windows Services Monitoring

Which of the following is a debugging tool that allows security experts to identify the language used for programming malware and APIs and to reveal their function?

x64Dbg

Which of the following acts as an interface between an application and the kernel and provides an interface for processes that are activated by an OS?

Syscalls

Identify the malware based on the Go programming language that is designed to be compatible with common OSes such as Windows, macOS, and Linux and is delivered through a downloadable application to cryptocurrency users to steal their private keys and gain access to their crypto wallets.

ElectroRAT

Which of the following malware is also known as Sodinokib and is dangerous ransomware associated with the GOLD SOUTHFIELD threat group that provides ransomware as a service (RaaS) for performing targeted attacks against multi-national companies?

REvil

Which of the following tools is an antivirus program that is used to detect viruses?

ClamWin

Which of the following tools helps an attacker perform an ARP poisoning attack?

BetterCAP

Which of the following techniques is also a type of network protocol for PNAC that is used to defend against MAC address spoofing and to enforce access control at the point where a user joins the network?

IEEE 802.1X suites