2
Ethical hacking essentials (EHE) module 9 Exam with verified || || || || || || || || ||
detailed answers ||
Mobile platform attack vectors make mobile phone platforms susceptible to malicious
|| || || || || || || || || || ||
attacks both from the network and upon physical compromise. - ✔✔True
|| || || || || || || || || ||
David, a professional hacker, was hired to attack mobile devices owned by an organization.
|| || || || || || || || || || || || || ||
He broadcasted a well-crafted text message with a malicious link to all the organization's
|| || || || || || || || || || || || || ||
mobile numbers to collect their personal and financial information. - ✔✔SMiShing
|| || || || || || || || || ||
SMiShing - ✔✔SMS phishing (also known as SMiShing) is a type of phishing fraud in
|| || || || || || || || || || || || || || ||
which an attacker uses SMS to send text messages containing deceptive links of malicious
|| || || || || || || || || || || || || ||
websites or telephone numbers to a victim. || || || || || ||
Click-jacking - ✔✔Clickjacking, also known as a user interface redress attack, is a malicious || || || || || || || || || || || || ||
technique used to trick web users into clicking something different from what they think
|| || || || || || || || || || || || || || ||
they are clicking.
|| ||
Framing - ✔✔Buffer overflow is an abnormality whereby a program, while writing data to a
|| || || || || || || || || || || || || ||
buffer, surfeits the intended limit and overwrites the adjacent memory.
|| || || || || || || || || ||
Simjacker - ✔✔Simjacker is a vulnerability associated with a SIM card's S@T browser
|| || || || || || || || || || || || ||
(SIMalliance Toolbox Browser), a pre-installed software incorporated in SIM cards to || || || || || || || || || || ||
provide a set of instructions. || || || ||
Sam, a professional hacker, was assigned to attack Bluetooth-enabled devices at a coffee
|| || || || || || || || || || || || ||
shop. He employed a process to compromise the Bluetooth devices that are set to
|| || || || || || || || || || || || || ||
discoverable mode, then sniffed sensitive data from targeted devices. - ✔✔Bluebugging
|| || || || || || || || || ||
, 2
Bluebugging - ✔✔Setting a mobile device's Bluetooth connection to "open" or the || || || || || || || || || || || ||
"discovery" mode and turning on the automatic Wi-Fi connection capability, particularly in
|| || || || || || || || || || || ||
public places, pose significant risks to mobile devices.
|| || || || || || ||
Man-in-the-mobile - ✔✔An attacker implants malicious code into the victim's mobile || || || || || || || || || || ||
device to bypass password verification systems that send one-time passwords (OTPs) via
|| || || || || || || || || || || ||
SMS or voice calls. Thereafter, the malware relays the gathered information to the attacker.
|| || || || || || || || || || || || ||
MAC flooding - ✔✔Switches maintain a translation table that maps various MAC addresses
|| || || || || || || || || || || || ||
to the physical ports on the switch. As a result, they can intelligently route packets from one
|| || || || || || || || || || || || || || || ||
host to another.
|| || ||
Bluesmacking - ✔✔A Bluesmacking attack occurs when an attacker sends an oversized || || || || || || || || || || || ||
ping packet to a victim's device, causing a buffer overflow. This type of attack is similar to
|| || || || || || || || || || || || || || || || ||
an Internet Control Message Protocol (ICMP) ping-of-death attack.
|| || || || || || ||
Which of the following mobile risks can be raised from failure to identify the user, failure to
|| || || || || || || || || || || || || || || || ||
maintain the user's identity, or weaknesses in session management? - ✔✔Insecure
|| || || || || || || || || || ||
authentication
Insecure authentication - ✔✔This category captures notions of authenticating the end user
|| || || || || || || || || || || ||
or bad session management such as failing to identify the user when it is required, failure to
|| || || || || || || || || || || || || || || ||
maintain the user's identity when it is required, weaknesses in session management.
|| || || || || || || || || || || ||
Improper platform usage - ✔✔This category covers the misuse of a platform feature or the
|| || || || || || || || || || || || || || ||
failure to use platform security controls. It includes Android intents, platform permissions,
|| || || || || || || || || || || ||
and the misuse of Touch ID, Keychain, or some other security control that is part of the
|| || || || || || || || || || || || || || || || ||
mobile device's OS. || ||
Ethical hacking essentials (EHE) module 9 Exam with verified || || || || || || || || ||
detailed answers ||
Mobile platform attack vectors make mobile phone platforms susceptible to malicious
|| || || || || || || || || || ||
attacks both from the network and upon physical compromise. - ✔✔True
|| || || || || || || || || ||
David, a professional hacker, was hired to attack mobile devices owned by an organization.
|| || || || || || || || || || || || || ||
He broadcasted a well-crafted text message with a malicious link to all the organization's
|| || || || || || || || || || || || || ||
mobile numbers to collect their personal and financial information. - ✔✔SMiShing
|| || || || || || || || || ||
SMiShing - ✔✔SMS phishing (also known as SMiShing) is a type of phishing fraud in
|| || || || || || || || || || || || || || ||
which an attacker uses SMS to send text messages containing deceptive links of malicious
|| || || || || || || || || || || || || ||
websites or telephone numbers to a victim. || || || || || ||
Click-jacking - ✔✔Clickjacking, also known as a user interface redress attack, is a malicious || || || || || || || || || || || || ||
technique used to trick web users into clicking something different from what they think
|| || || || || || || || || || || || || || ||
they are clicking.
|| ||
Framing - ✔✔Buffer overflow is an abnormality whereby a program, while writing data to a
|| || || || || || || || || || || || || ||
buffer, surfeits the intended limit and overwrites the adjacent memory.
|| || || || || || || || || ||
Simjacker - ✔✔Simjacker is a vulnerability associated with a SIM card's S@T browser
|| || || || || || || || || || || || ||
(SIMalliance Toolbox Browser), a pre-installed software incorporated in SIM cards to || || || || || || || || || || ||
provide a set of instructions. || || || ||
Sam, a professional hacker, was assigned to attack Bluetooth-enabled devices at a coffee
|| || || || || || || || || || || || ||
shop. He employed a process to compromise the Bluetooth devices that are set to
|| || || || || || || || || || || || || ||
discoverable mode, then sniffed sensitive data from targeted devices. - ✔✔Bluebugging
|| || || || || || || || || ||
, 2
Bluebugging - ✔✔Setting a mobile device's Bluetooth connection to "open" or the || || || || || || || || || || || ||
"discovery" mode and turning on the automatic Wi-Fi connection capability, particularly in
|| || || || || || || || || || || ||
public places, pose significant risks to mobile devices.
|| || || || || || ||
Man-in-the-mobile - ✔✔An attacker implants malicious code into the victim's mobile || || || || || || || || || || ||
device to bypass password verification systems that send one-time passwords (OTPs) via
|| || || || || || || || || || || ||
SMS or voice calls. Thereafter, the malware relays the gathered information to the attacker.
|| || || || || || || || || || || || ||
MAC flooding - ✔✔Switches maintain a translation table that maps various MAC addresses
|| || || || || || || || || || || || ||
to the physical ports on the switch. As a result, they can intelligently route packets from one
|| || || || || || || || || || || || || || || ||
host to another.
|| || ||
Bluesmacking - ✔✔A Bluesmacking attack occurs when an attacker sends an oversized || || || || || || || || || || || ||
ping packet to a victim's device, causing a buffer overflow. This type of attack is similar to
|| || || || || || || || || || || || || || || || ||
an Internet Control Message Protocol (ICMP) ping-of-death attack.
|| || || || || || ||
Which of the following mobile risks can be raised from failure to identify the user, failure to
|| || || || || || || || || || || || || || || || ||
maintain the user's identity, or weaknesses in session management? - ✔✔Insecure
|| || || || || || || || || || ||
authentication
Insecure authentication - ✔✔This category captures notions of authenticating the end user
|| || || || || || || || || || || ||
or bad session management such as failing to identify the user when it is required, failure to
|| || || || || || || || || || || || || || || ||
maintain the user's identity when it is required, weaknesses in session management.
|| || || || || || || || || || || ||
Improper platform usage - ✔✔This category covers the misuse of a platform feature or the
|| || || || || || || || || || || || || || ||
failure to use platform security controls. It includes Android intents, platform permissions,
|| || || || || || || || || || || ||
and the misuse of Touch ID, Keychain, or some other security control that is part of the
|| || || || || || || || || || || || || || || || ||
mobile device's OS. || ||
