Year End Sale - Special Limited Time 55% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: 44314956B5

Good News !!! 312-50v11 Certified Ethical Hacker Exam (CEH v11) is now Stable and Pass

312-50v11 Certified Ethical Hacker Exam (CEH v11) Question and Answers

Certified Ethical Hacker Exam (CEH v11)

Last Update 12 hours ago
Total Questions : 528

312-50v11 Exam is stable now with all latest questions are added 12 hours ago. Just download our Full package and start your journey with ECCouncil Certified Ethical Hacker Exam (CEH v11) certification. All these ECCouncil Exam 312-50v11 questions are real and verified by our Experts in the related industry fields.

312-50v11 PDF

312-50v11 PDF (Printable)
$54
$119.99

312-50v11 Testing Engine

312-50v11 PDF (Printable)
$63
$139.99

312-50v11 PDF + Testing Engine

312-50v11 PDF (Printable)
$79.65
$176.99
Question # 1

What would be the purpose of running "wget 192.168.0.15 -q -S" against a web server?

Options:

A.  

Performing content enumeration on the web server to discover hidden folders

B.  

Using wget to perform banner grabbing on the webserver

C.  

Flooding the web server with requests to perform a DoS attack

D.  

Downloading all the contents of the web page locally for further examination

Discussion 0
Question # 2

Peter is surfing the internet looking for information about DX Company. Which hacking process is Peter doing?

Options:

A.  

Scanning

B.  

Footprinting

C.  

Enumeration

D.  

System Hacking

Discussion 0
Question # 3

Bella, a security professional working at an it firm, finds that a security breach has occurred while transferring important files. Sensitive data, employee usernames. and passwords are shared In plaintext, paving the way for hackers 10 perform successful session hijacking. To address this situation. Bella Implemented a protocol that sends data using encryption and digital certificates. Which of the following protocols Is used by Bella?

Options:

A.  

FTP

B.  

HTTPS

C.  

FTPS

D.  

IP

Discussion 0
Question # 4

Which of the following is the best countermeasure to encrypting ransomwares?

Options:

A.  

Use multiple antivirus softwares

B.  

Pay a ransom

C.  

Keep some generation of off-line backup

D.  

Analyze the ransomware to get decryption key of encrypted data

Discussion 0
Question # 5

The collection of potentially actionable, overt, and publicly available information is known as

Options:

A.  

Open-source intelligence

B.  

Real intelligence

C.  

Social intelligence

D.  

Human intelligence

Discussion 0
Question # 6

A new wireless client is configured to join a 802.11 network. This client uses the same hardware and software as many of the other clients on the network. The client can see the network, but cannot connect. A wireless packet sniffer shows that the Wireless Access Point (WAP) is not responding to the association requests being sent by the wireless client. What is a possible source of this problem?

Options:

A.  

The WAP does not recognize the client’s MAC address

B.  

The client cannot see the SSID of the wireless network

C.  

Client is configured for the wrong channel

D.  

The wireless client is not configured to use DHCP

Discussion 0
Question # 7

_________ is a type of phishing that targets high-profile executives such as CEOs, CFOs, politicians, and celebrities who have access to confidential and highly valuable information.

Options:

A.  

Spear phishing

B.  

Whaling

C.  

Vishing

D.  

Phishing

Discussion 0
Question # 8

Sam is working as a system administrator In an organization. He captured the principal characteristics of a vulnerability and produced a numerical score to reflect Its severity using CVSS v3.0 to property assess and prioritize the organization's vulnerability management processes. The base score that Sam obtained after performing cvss rating was 4.0. What is the CVSS severity level of the vulnerability discovered by Sam in the above scenario?

Options:

A.  

Medium

B.  

Low

C.  

Critical

D.  

High

Discussion 0
Question # 9

Attacker Rony Installed a rogue access point within an organization's perimeter and attempted to Intrude into its internal network. Johnson, a security auditor, identified some unusual traffic in the internal network that is aimed at cracking the authentication mechanism. He immediately turned off the targeted network and tested for any weak and outdated security mechanisms that are open to attack. What is the type of vulnerability assessment performed by Johnson in the above scenario?

Options:

A.  

Distributed assessment

B.  

Wireless network assessment

C.  

Most-based assessment

D.  

Application assessment

Discussion 0
Question # 10

What is not a PCI compliance recommendation?

Options:

A.  

Use a firewall between the public network and the payment card data.

B.  

Use encryption to protect all transmission of card holder data over any public network.

C.  

Rotate employees handling credit card transactions on a yearly basis to different departments.

D.  

Limit access to card holder data to as few individuals as possible.

Discussion 0
Question # 11

The following is an entry captured by a network IDS. You are assigned the task of analyzing this entry. You notice the value 0x90, which is the most common NOOP instruction for the Intel processor. You figure that the attacker is attempting a buffer overflow attack.

You also notice "/bin/sh" in the ASCII part of the output.

As an analyst what would you conclude about the attack?

Question # 11

Options:

A.  

The buffer overflow attack has been neutralized by the IDS

B.  

The attacker is creating a directory on the compromised machine

C.  

The attacker is attempting a buffer overflow attack and has succeeded

D.  

The attacker is attempting an exploit that launches a command-line shell

Discussion 0
Question # 12

What would be the fastest way to perform content enumeration on a given web server by using the Gobuster tool?

Options:

A.  

Performing content enumeration using the bruteforce mode and 10 threads

B.  

Shipping SSL certificate verification

C.  

Performing content enumeration using a wordlist

D.  

Performing content enumeration using the bruteforce mode and random file extensions

Discussion 0
Question # 13

Bobby, an attacker, targeted a user and decided to hijack and intercept all their wireless communications. He installed a fake communication tower between two authentic endpoints to mislead the victim. Bobby used this virtual tower to interrupt the data transmission between the user and real tower, attempting to hijack an active session, upon receiving the users request. Bobby manipulated the traffic with the virtual tower and redirected the victim to a malicious website. What is the attack performed by Bobby in the above scenario?

Options:

A.  

Wardriving

B.  

KRACK attack

C.  

jamming signal attack

D.  

aLTEr attack

Discussion 0
Question # 14

Why is a penetration test considered to be more thorough than vulnerability scan?

Options:

A.  

Vulnerability scans only do host discovery and port scanning by default.

B.  

A penetration test actively exploits vulnerabilities in the targeted infrastructure, while a vulnerability scan does not typically involve active exploitation.

C.  

It is not – a penetration test is often performed by an automated tool, while a vulnerability scan requires active engagement.

D.  

The tools used by penetration testers tend to have much more comprehensive vulnerability databases.

Discussion 0
Question # 15

An attacker is trying to redirect the traffic of a small office. That office is using their own mail server, DNS server and NTP server because of the importance of their job. The attacker gain access to the DNS server and redirect the direction www.google.com to his own IP address. Now when the employees of the office want to

go to Google they are being redirected to the attacker machine. What is the name of this kind of attack?

Options:

A.  

MAC Flooding

B.  

Smurf Attack

C.  

DNS spoofing

D.  

ARP Poisoning

Discussion 0
Question # 16

A penetration tester is performing the footprinting process and is reviewing publicly available information about an organization by using the Google search engine.

Which of the following advanced operators would allow the pen tester to restrict the search to the organization’s web domain?

Options:

A.  

[allinurl:]

B.  

[location:]

C.  

[site:]

D.  

[link:]

Discussion 0
Question # 17

Eric, a cloud security engineer, implements a technique for securing the cloud resources used by his organization. This technique assumes by default that a user attempting to access the network is not an authentic entity and verifies every incoming connection before allowing access to the network. Using this technique, he also imposed conditions such that employees can access only the resources required for their role.

What is the technique employed by Eric to secure cloud resources?

Options:

A.  

Serverless computing

B.  

Demilitarized zone

C.  

Container technology

D.  

Zero trust network

Discussion 0
Question # 18

During a black-box pen test you attempt to pass IRC traffic over port 80/TCP from a compromised web enabled host. The traffic gets blocked; however, outbound HTTP traffic is unimpeded. What type of firewall is inspecting outbound traffic?

Options:

A.  

Circuit

B.  

Stateful

C.  

Application

D.  

Packet Filtering

Discussion 0
Question # 19

Every company needs a formal written document which spells out to employees precisely what they are allowed to use the company's systems for, what is prohibited, and what will happen to them if they break the rules. Two printed copies of the policy should be given to every employee as soon as possible after they join the organization. The employee should be asked to sign one copy, which should be safely filed by the company. No one should be allowed to use the company's computer systems until they have signed the policy in acceptance of its terms.

What is this document called?

Options:

A.  

Information Audit Policy (IAP)

B.  

Information Security Policy (ISP)

C.  

Penetration Testing Policy (PTP)

D.  

Company Compliance Policy (CCP)

Discussion 0
Question # 20

One of your team members has asked you to analyze the following SOA record.

What is the TTL? Rutgers.edu.SOA NS1.Rutgers.edu ipad.college.edu (200302028 3600 3600 604800 2400.)

Options:

A.  

200303028

B.  

3600

C.  

604800

D.  

2400

E.  

60

F.  

4800

Discussion 0
Question # 21

When conducting a penetration test, it is crucial to use all means to get all available information about the target network. One of the ways to do that is by sniffing the network. Which of the following cannot be performed by the passive network sniffing?

Options:

A.  

Identifying operating systems, services, protocols and devices

B.  

Modifying and replaying captured network traffic

C.  

Collecting unencrypted information about usernames and passwords

D.  

Capturing a network traffic for further analysis

Discussion 0
Question # 22

Which of the following represents the initial two commands that an IRC client sends to join an IRC network?

Options:

A.  

USER, NICK

B.  

LOGIN, NICK

C.  

USER, PASS

D.  

LOGIN, USER

Discussion 0
Question # 23

Stephen, an attacker, targeted the industrial control systems of an organization. He generated a fraudulent email with a malicious attachment and sent it to employees of the target organization. An employee who manages the sales software of the operational plant opened the fraudulent email and clicked on the malicious attachment. This resulted in the malicious attachment being downloaded and malware being injected into the sales software maintained in the victim's system. Further, the malware propagated itself to other networked systems, finally damaging the industrial automation components. What is the attack technique used by Stephen to damage the industrial systems?

Options:

A.  

Spear-phishing attack

B.  

SMishing attack

C.  

Reconnaissance attack

D.  

HMI-based attack

Discussion 0
Question # 24

Steven connected his iPhone to a public computer that had been infected by Clark, an attacker. After establishing the connection with the public computer, Steven enabled iTunes WI-FI sync on the computer so that the device could continue communication with that computer even after being physically disconnected. Now, Clark gains access to Steven’s iPhone through the infected computer and is able to monitor and read all of Steven’s activity on the iPhone, even after the device is out of the communication zone.

Which of the following attacks is performed by Clark in above scenario?

Options:

A.  

IOS trustjacking

B.  

lOS Jailbreaking

C.  

Exploiting SS7 vulnerability

D.  

Man-in-the-disk attack

Discussion 0
Question # 25

John, a disgruntled ex-employee of an organization, contacted a professional hacker to exploit the organization. In the attack process, the professional hacker Installed a scanner on a machine belonging to one of the vktims and scanned several machines on the same network to Identify vulnerabilities to perform further exploitation. What is the type of vulnerability assessment tool employed by John in the above scenario?

Options:

A.  

Proxy scanner

B.  

Agent-based scanner

C.  

Network-based scanner

D.  

Cluster scanner

Discussion 0
Question # 26

A user on your Windows 2000 network has discovered that he can use L0phtcrack to sniff the SMB exchanges which carry user logons. The user is plugged into a hub with 23 other systems.

However, he is unable to capture any logons though he knows that other users are logging in.

What do you think is the most likely reason behind this?

Options:

A.  

There is a NIDS present on that segment.

B.  

Kerberos is preventing it.

C.  

Windows logons cannot be sniffed.

D.  

L0phtcrack only sniffs logons to web servers.

Discussion 0
Question # 27

Within the context of Computer Security, which of the following statements describes Social Engineering best?

Options:

A.  

Social Engineering is the act of publicly disclosing information

B.  

Social Engineering is the means put in place by human resource to perform time accounting

C.  

Social Engineering is the act of getting needed information from a person rather than breaking into a system

D.  

Social Engineering is a training program within sociology studies

Discussion 0
Question # 28

A technician is resolving an issue where a computer is unable to connect to the Internet using a wireless access point. The computer is able to transfer files locally to other machines, but cannot successfully reach the Internet. When the technician examines the IP address and default gateway they are both on the 192.168.1.0/24. Which of the following has occurred?

Options:

A.  

The computer is not using a private IP address.

B.  

The gateway is not routing to a public IP address.

C.  

The gateway and the computer are not on the same network.

D.  

The computer is using an invalid IP address.

Discussion 0
Question # 29

What kind of detection techniques is being used in antivirus softwares that identifies malware by collecting data from multiple protected systems and instead of analyzing files locally it's made on the premiers environment-

Options:

A.  

VCloud based

B.  

Honypot based

C.  

Behaviour based

D.  

Heuristics based

Discussion 0
Question # 30

Andrew is an Ethical Hacker who was assigned the task of discovering all the active devices hidden by a restrictive firewall in the IPv4 range in a given target network.

Which of the following host discovery techniques must he use to perform the given task?

Options:

A.  

UDP scan

B.  

TCP Maimon scan

C.  

arp ping scan

D.  

ACK flag probe scan

Discussion 0
Question # 31

Windows LAN Manager (LM) hashes are known to be weak.

Which of the following are known weaknesses of LM? (Choose three.)

Options:

A.  

Converts passwords to uppercase.

B.  

Hashes are sent in clear text over the network.

C.  

Makes use of only 32-bit encryption.

D.  

Effective length is 7 characters.

Discussion 0
Question # 32

Which file is a rich target to discover the structure of a website during web-server footprinting?

Options:

A.  

Document root

B.  

Robots.txt

C.  

domain.txt

D.  

index.html

Discussion 0
Question # 33

Sam, a professional hacker. targeted an organization with intention of compromising AWS IAM credentials. He attempted to lure one of the employees of the organization by initiating fake calls while posing as a legitimate employee. Moreover, he sent phishing emails to steal the AWS 1AM credentials and further compromise the employee's account. What is the technique used by Sam to compromise the AWS IAM credentials?

Options:

A.  

Social engineering

B.  

insider threat

C.  

Password reuse

D.  

Reverse engineering

Discussion 0
Question # 34

Lewis, a professional hacker, targeted the loT cameras and devices used by a target venture-capital firm. He used an information-gathering tool to collect information about the loT devices connected to a network, open ports and services, and the attack surface area. Using this tool, he also generated statistical reports on broad usage patterns and trends. This tool helped Lewis continually monitor every reachable server and device on the Internet, further allowing him to exploit these devices in the network. Which of the following tools was employed by Lewis in the above scenario?

Options:

A.  

Censys

B.  

Wapiti

C.  

NeuVector

D.  

Lacework

Discussion 0
Question # 35

An attacker attaches a rogue router in a network. He wants to redirect traffic to a LAN attached to his router as part of a man-in-the-middle attack. What measure on behalf of the legitimate admin can mitigate this attack?

Options:

A.  

Make sure that legitimate network routers are configured to run routing protocols with authentication.

B.  

Disable all routing protocols and only use static routes

C.  

Only using OSPFv3 will mitigate this risk.

D.  

Redirection of the traffic cannot happen unless the admin allows it explicitly.

Discussion 0
Question # 36

While using your bank’s online servicing you notice the following string in the URL bar:

“http: // www. MyPersonalBank. com/ account?id=368940911028389 &Damount=10980&Camount=21”

You observe that if you modify the Damount & Camount values and submit the request, that data on the web page reflects the changes.

Which type of vulnerability is present on this site?

Options:

A.  

Cookie Tampering

B.  

SQL Injection

C.  

Web Parameter Tampering

D.  

XSS Reflection

Discussion 0
Question # 37

Wilson, a professional hacker, targets an organization for financial benefit and plans to compromise its systems by sending malicious emails. For this purpose, he uses a tool to track the emails of the target and extracts information such as sender identities, mall servers, sender IP addresses, and sender locations from different public sources. He also checks if an email address was leaked using the haveibeenpwned.com API. Which of the following tools is used by Wilson in the above scenario?

Options:

A.  

Factiva

B.  

Netcraft

C.  

infoga

D.  

Zoominfo

Discussion 0
Question # 38

This type of injection attack does not show any error message. It is difficult to exploit as it returns information when the application is given SQL payloads that elicit a true or false response from the server. By observing the response, an attacker can extract sensitive information. What type of attack is this?

Options:

A.  

Time-based SQL injection

B.  

Union SQL injection

C.  

Error-based SQL injection

D.  

Blind SQL injection

Discussion 0
Question # 39

This is an attack that takes advantage of a web site vulnerability in which the site displays content that includes un-sanitized user-provided data.

Question # 39

What is this attack?

Options:

A.  

Cross-site-scripting attack

B.  

SQL Injection

C.  

URL Traversal attack

D.  

Buffer Overflow attack

Discussion 0
Question # 40

Garry is a network administrator in an organization. He uses SNMP to manage networked devices from a remote location. To manage nodes in the network, he uses MI

B.  

which contains formal descriptions of all network objects managed by SNMP. He accesses the contents of MIB by using a web browser either by entering the IP address and Lseries.mlb or by entering the DNS library name and Lseries.mlb. He is currently retrieving information from an MIB that contains object types for workstations and server services. Which of the following types of MIB is accessed by Garry in the above scenario?

Options:

A.  

LNMIB2.MIB

B.  

WINS.MIB

C.  

DHCP.MIS

D.  

MIB_II.MIB

Discussion 0
Question # 41

By performing a penetration test, you gained access under a user account. During the test, you established a connection with your own machine via the SMB service and occasionally entered your login and password in plaintext.

Which file do you have to clean to clear the password?

Options:

A.  

.X session-log

B.  

.bashrc

C.  

.profile

D.  

.bash_history

Discussion 0
Question # 42

In the field of cryptanalysis, what is meant by a “rubber-hose" attack?

Options:

A.  

Attempting to decrypt cipher text by making logical assumptions about the contents of the original plain text.

B.  

Extraction of cryptographic secrets through coercion or torture.

C.  

Forcing the targeted key stream through a hardware-accelerated device such as an ASI

C.  

D.  

A backdoor placed into a cryptographic algorithm by its creator.

Discussion 0
Question # 43

Vlady works in a fishing company where the majority of the employees have very little understanding of IT let alone IT Security. Several information security issues that Vlady often found includes, employees sharing password, writing his/her password on a post it note and stick it to his/her desk, leaving the computer unlocked, didn’t log out from emails or other social media accounts, and etc.

After discussing with his boss, Vlady decided to make some changes to improve the security environment in his company. The first thing that Vlady wanted to do is to make the employees understand the importance of keeping confidential information, such as password, a secret and they should not share it with other persons.

Which of the following steps should be the first thing that Vlady should do to make the employees in his company understand to importance of keeping confidential information a secret?

Options:

A.  

Warning to those who write password on a post it note and put it on his/her desk

B.  

Developing a strict information security policy

C.  

Information security awareness training

D.  

Conducting a one to one discussion with the other employees about the importance of information security

Discussion 0
Question # 44

OpenSSL on Linux servers includes a command line tool for testing TLS. What is the name of the tool and the correct syntax to connect to a web server?

Options:

A.  

openssl s_client -site www.website.com:443

B.  

openssl_client -site www.website.com:443

C.  

openssl s_client -connect www.website.com:443

D.  

openssl_client -connect www.website.com:443

Discussion 0
Question # 45

Robin, a professional hacker, targeted an organization's network to sniff all the traffic. During this process.

Robin plugged in a rogue switch to an unused port in the LAN with a priority lower than any other switch in the network so that he could make it a root bridge that will later allow him to sniff all the traffic in the network.

What is the attack performed by Robin in the above scenario?

Options:

A.  

ARP spoofing attack

B.  

VLAN hopping attack

C.  

DNS poisoning attack

D.  

STP attack

Discussion 0
Question # 46

Which of the following is an extremely common IDS evasion technique in the web world?

Options:

A.  

Spyware

B.  

Subnetting

C.  

Unicode Characters

D.  

Port Knocking

Discussion 0
Question # 47

Bill has been hired as a penetration tester and cyber security auditor for a major credit card company. Which information security standard is most applicable to his role?

Options:

A.  

FISMA

B.  

HITECH

C.  

PCI-DSS

D.  

Sarbanes-OxleyAct

Discussion 0
Question # 48

Bob was recently hired by a medical company after it experienced a major cyber security breach. Many patients are complaining that their personal medical records are fully exposed on the Internet and someone can find them with a simple Google search. Bob's boss is very worried because of regulations that protect those data. Which of the following regulations is mostly violated?

Options:

A.  

HIPPA/PHl

B.  

Pll

C.  

PCIDSS

D.  

ISO 2002

Discussion 0
Question # 49

An organization has automated the operation of critical infrastructure from a remote location. For this purpose, all the industrial control systems are connected to the Internet. To empower the manufacturing process, ensure the reliability of industrial networks, and reduce downtime and service disruption, the organization deckled to install an OT security tool that further protects against security incidents such as cyber espionage, zero-day attacks, and malware. Which of the following tools must the organization employ to protect its critical infrastructure?

Options:

A.  

Robotium

B.  

BalenaCloud

C.  

Flowmon

D.  

IntentFuzzer

Discussion 0
Question # 50

Which of the following allows attackers to draw a map or outline the target organization's network infrastructure to know about the actual environment that they are going to hack.

Options:

A.  

Enumeration

B.  

Vulnerability analysis

C.  

Malware analysis

D.  

Scanning networks

Discussion 0
Question # 51

Which utility will tell you in real time which ports are listening or in another state?

Options:

A.  

Netstat

B.  

TCPView

C.  

Nmap

D.  

Loki

Discussion 0
Question # 52

Which type of malware spreads from one system to another or from one network to another and causes similar types of damage as viruses do to the infected system?

Options:

A.  

Rootkit

B.  

Trojan

C.  

Worm

D.  

Adware

Discussion 0
Question # 53

Abel, a cloud architect, uses container technology to deploy applications/software including all its dependencies, such as libraries and configuration files, binaries, and other resources that run independently from other processes in the cloud environment. For the containerization of applications, he follows the five-tier container technology architecture. Currently. Abel is verifying and validating image contents, signing images, and sending them to the registries. Which of the following tiers of the container technology architecture Is Abel currently working in?

Options:

A.  

Tier-1: Developer machines

B.  

Tier-4: Orchestrators

C.  

Tier-3: Registries

D.  

Tier-2: Testing and accreditation systems

Discussion 0
Question # 54

Attacker Rony installed a rogue access point within an organization's perimeter and attempted to intrude into its internal network. Johnson, a security auditor, identified some unusual traffic in the internal network that is aimed at cracking the authentication mechanism. He immediately turned off the targeted network and tested for any weak and outdated security mechanisms that are open to attack. What is the type of vulnerability assessment performed by johnson in the above scenario?

Options:

A.  

Host-based assessment

B.  

Wireless network assessment

C.  

Application assessment

D.  

Distributed assessment

Discussion 0
Question # 55

Which type of sniffing technique is generally referred as MiTM attack?

Question # 55

Options:

A.  

Password Sniffing

B.  

ARP Poisoning

C.  

Mac Flooding

D.  

DHCP Sniffing

Discussion 0
Question # 56

Jack, a professional hacker, targets an organization and performs vulnerability scanning on the target web server to identify any possible weaknesses, vulnerabilities, and misconfigurations. In this process, Jack uses an automated tool that eases his work and performs vulnerability scanning to find hosts, services, and other vulnerabilities in the target server. Which of the following tools is used by Jack to perform vulnerability scanning?

Options:

A.  

Infoga

B.  

WebCopier Pro

C.  

Netsparker

D.  

NCollector Studio

Discussion 0
Question # 57

#!/usr/bin/python import socket buffer=[““A””] counter=50 while len(buffer)<=100: buffer.append (““A””*counter)

counter=counter+50 commands= [““HELP””,““STATS .””,““RTIME .””,““LTIM

E.  

””,““SRUN .”’,““TRUN .””,““GMON

.””,““GDOG .””,““KSTET .”,““GTER .””,““HTER .””, ““LTER .”,““KSTAN .””] for command in commands: for

buffstring in buffer: print ““Exploiting”” +command +““:””+str(len(buffstring)) s=socket.socket(socket.AF_INET,

socket.SOCK_STREAM) s.connect((‘127.0.0.1’, 9999)) s.recv(50) s.send(command+buffstring) s.close()

What is the code written for?

Options:

A.  

Denial-of-service (DOS)

B.  

Buffer Overflow

C.  

Bruteforce

D.  

Encryption

Discussion 0
Question # 58

What is the following command used for?

net use \targetipc$ "" /u:""

Options:

A.  

Grabbing the etc/passwd file

B.  

Grabbing the SAM

C.  

Connecting to a Linux computer through Samba.

D.  

This command is used to connect as a null session

E.  

Enumeration of Cisco routers

Discussion 0
Question # 59

An attacker runs netcat tool to transfer a secret file between two hosts.

Question # 59

He is worried about information being sniffed on the network.

How would the attacker use netcat to encrypt the information before transmitting onto the wire?

Options:

A.  

Machine A: netcat -l -p -s password 1234 < testfileMachine B: netcat 1234

B.  

Machine A: netcat -l -e magickey -p 1234 < testfileMachine B: netcat 1234

C.  

Machine A: netcat -l -p 1234 < testfile -pw passwordMachine B: netcat 1234 -pw password

D.  

Use cryptcat instead of netcat

Discussion 0
Question # 60

You are tasked to perform a penetration test. While you are performing information gathering, you find an employee list in Google. You find the receptionist’s email, and you send her an email changing the source email to her boss’s email (boss@company). In this email, you ask for a pdf with information. She reads your email and sends back a pdf with links. You exchange the pdf links with your malicious links (these links contain malware) and send back the modified pdf, saying that the links don’t work. She reads your email, opens the links, and her machine gets infected. You now have access to the company network. What testing method did you use?

Options:

A.  

Social engineering

B.  

Piggybacking

C.  

Tailgating

D.  

Eavesdropping

Discussion 0
Question # 61

Internet Protocol Security IPsec is actually a suite pf protocols. Each protocol within the suite provides different functionality. Collective IPsec does everything except.

Options:

A.  

Protect the payload and the headers

B.  

Encrypt

C.  

Work at the Data Link Layer

D.  

Authenticate

Discussion 0
Question # 62

Which of these is capable of searching for and locating rogue access points?

Options:

A.  

HIDS

B.  

WISS

C.  

WIPS

D.  

NIDS

Discussion 0
Question # 63

While scanning with Nmap, Patin found several hosts which have the IP ID of incremental sequences. He then decided to conduct: nmap -Pn -p- -si kiosk.adobe.com www.riaa.com. kiosk.adobe.com is the host with incremental IP ID sequence. What is the purpose of using "-si" with Nmap?

Options:

A.  

Conduct stealth scan

B.  

Conduct ICMP scan

C.  

Conduct IDLE scan

D.  

Conduct silent scan

Discussion 0
Question # 64

If executives are found liable for not properly protecting their company’s assets and information systems, what type of law would apply in this situation?

Options:

A.  

Criminal

B.  

International

C.  

Common

D.  

Civil

Discussion 0
Question # 65

In the context of password security, a simple dictionary attack involves loading a dictionary file (a text file full of dictionary words) into a cracking application such as L0phtCrack or John the Ripper, and running it against user accounts located by the application. The larger the word and word fragment selection, the more effective the dictionary attack is. The brute force method is the most inclusive, although slow. It usually tries every possible letter and number combination in its automated exploration. If you would use both brute force and dictionary methods combined together to have variation of words, what would you call such an attack?

Options:

A.  

Full Blown

B.  

Thorough

C.  

Hybrid

D.  

BruteDics

Discussion 0
Question # 66

You are analysing traffic on the network with Wireshark. You want to routinely run a cron job which will run the capture against a specific set of IPs - 192.168.8.0/24. What command you would use?

Options:

A.  

wireshark --fetch ''192.168.8*''

B.  

wireshark --capture --local masked 192.168.8.0 ---range 24

C.  

tshark -net 192.255.255.255 mask 192.168.8.0

D.  

sudo tshark -f''net 192 .68.8.0/24''

Discussion 0
Question # 67

Mason, a professional hacker, targets an organization and spreads Emotet malware through malicious script. After infecting the victim's device. Mason further used Emotet to spread the infection across local networks and beyond to compromise as many machines as possible. In this process, he used a tool, which is a self-extracting RAR file, to retrieve information related to network resources such as writable share drives. What is the tool employed by Mason in the above scenario?

Options:

A.  

NetPass.exe

B.  

Outlook scraper

C.  

WebBrowserPassView

D.  

Credential enumerator

Discussion 0
Question # 68

The network team has well-established procedures to follow for creating new rules on the firewall. This includes having approval from a manager prior to implementing any new rules. While reviewing the firewall configuration, you notice a recently implemented rule but cannot locate manager approval for it. What would be a good step to have in the procedures for a situation like this?

Options:

A.  

Have the network team document the reason why the rule was implemented without prior manager approval.

B.  

Monitor all traffic using the firewall rule until a manager can approve it.

C.  

Do not roll back the firewall rule as the business may be relying upon it, but try to get manager approval as soon as possible.

D.  

Immediately roll back the firewall rule until a manager can approve it

Discussion 0
Question # 69

Which wireless security protocol replaces the personal pre-shared key (PSK) authentication with Simultaneous Authentication of Equals (SAE) and is therefore resistant to offline dictionary attacks?

Options:

A.  

WPA3-Personal

B.  

WPA2-Enterprise

C.  

Bluetooth

D.  

ZigBee

Discussion 0
Question # 70

What tool can crack Windows SMB passwords simply by listening to network traffic?

Options:

A.  

This is not possible

B.  

Netbus

C.  

NTFSDOS

D.  

L0phtcrack

Discussion 0
Question # 71

You are programming a buffer overflow exploit and you want to create a NOP sled of 200 bytes in the program exploit.c

Question # 71

What is the hexadecimal value of NOP instruction?

Options:

A.  

0x60

B.  

0x80

C.  

0x70

D.  

0x90

Discussion 0
Question # 72

Study the snort rule given below:

Question # 72

From the options below, choose the exploit against which this rule applies.

Options:

A.  

WebDav

B.  

SQL Slammer

C.  

MS Blaster

D.  

MyDoom

Discussion 0
Question # 73

which of the following Bluetooth hacking techniques refers to the theft of information from a wireless device through Bluetooth?

Options:

A.  

Bluesmacking

B.  

Bluebugging

C.  

Bluejacking

D.  

Bluesnarfing

Discussion 0
Question # 74

A network administrator discovers several unknown files in the root directory of his Linux FTP server. One of the files is a tarball, two are shell script files, and the third is a binary file is named "nc." The FTP server's access logs show that the anonymous user account logged in to the server, uploaded the files, and extracted the contents of the tarball and ran the script using a function provided by the FTP server's software. The “ps” command shows that the “nc” file is running as process, and the netstat command shows the “nc” process is listening on a network port.

What kind of vulnerability must be present to make this remote attack possible?

Options:

A.  

File system permissions

B.  

Privilege escalation

C.  

Directory traversal

D.  

Brute force login

Discussion 0
Question # 75

George is a security professional working for iTech Solutions. He was tasked with securely transferring sensitive data of the organization between industrial systems. In this process, he used a short-range communication protocol based on the IEEE 203.15.4 standard. This protocol is used in devices that transfer data infrequently at a low rate in a restricted area, within a range of 10-100 m. What is the short-range wireless communication technology George employed in the above scenario?

Options:

A.  

MQTT

B.  

LPWAN

C.  

Zigbee

D.  

NB-IoT

Discussion 0
Question # 76

What is the following command used for?

sqlmap.py-u ,,http://10.10.1.20/?p=1 &forumaction=search" -dbs

Options:

A.  

Creating backdoors using SQL injection

B.  

A Enumerating the databases in the DBMS for the URL

C.  

Retrieving SQL statements being executed on the database

D.  

Searching database statements at the IP address given

Discussion 0
Question # 77

User A is writing a sensitive email message to user B outside the local network. User A has chosen to use PKI to secure his message and ensure only user B can read the sensitive email. At what layer of the OSI layer does the encryption and decryption of the message take place?

Options:

A.  

Application

B.  

Transport

C.  

Session

D.  

Presentation

Discussion 0
Question # 78

Given below are different steps involved in the vulnerability-management life cycle.

1) Remediation

2) Identify assets and create a baseline

3) Verification

4) Monitor

5) Vulnerability scan

6) Risk assessment

Identify the correct sequence of steps involved in vulnerability management.

Options:

A.  

2-->5-->6-->1-->3-->4

B.  

2-->1-->5-->6-->4-->3

C.  

2-->4-->5-->3-->6--> 1

D.  

1-->2-->3-->4-->5-->6

Discussion 0
Question # 79

If a tester is attempting to ping a target that exists but receives no response or a response that states the destination is unreachable, ICMP may be disabled and the network may be using TCP. Which other option could the tester use to get a response from a host using TCP?

Options:

A.  

Traceroute

B.  

Hping

C.  

TCP ping

D.  

Broadcast ping

Discussion 0