CEH V12 EXAM VERSION 4 2026 FINAL
REVIEW BUNDLED SOLUTION PACKAGE
◉ You discover that an attacker has used filesnarf to attack your
network. Which of the following best describes what this tool does?
1 Floods a switched LAN with random MAC addresses
2 Automates the import of log data from over 200 common network
devices
3 Discovers hosts and services on a computer network.
4 Sniffs NFS traffic on the network. Answer: 4
Filesnarf sniffs Network File System (NFS) traffic on the network.
The macof tool floods a switched LAN with random MAC addresses.
Filesnarf and macof are both tools in the dsniff suite of tools.
Webspy is a web reporting tool that automates the process of importing
log data from over 200 common network devices.
,Network Mapper (Nmap) discovers hosts and services on a computer
network.
◉ You have recently discovered that an attacker has successfully carried
out a session sniffing attack. Which description best describes this
attack?
1 The attacker inserted malicious coding into a link that appeared to be
from a trustworthy source.
2 The attacker captured information from a legitimate session and used
the session ID from the legitimate session to connect to a computer on
your network.
3 The attacker added SQL code to a Web form input box to gain access
to resources or make changes to data.
4 The attacker masqueraded as a trusted host by using an IP address
from within the network being attacked.. Answer: 2
In a session sniffing attack, the attacker captures information from a
legitimate session and uses the session ID from the legitimate session to
connect to a computer on your network.
,In a cross-site scripting attack, the attacker inserts malicious coding into
a link that appears to be from a trustworthy source.
In a SQL injection attack, the attacker adds SQL code to a Web form
input box to gain access to resources or make changes to data.
In an IP spoofing attack, the attacker masquerades as a trusted host to
conceal his identity by using an IP address from within the network
being attacked.
◉ Your IT security team defends against privilege escalation with the
following countermeasures: •Encryption for sensitive company data
•Services run as unprivileged accounts
•Multi-factor authentication and authorization
Which additional countermeasure would BEST enhance the current
defense?
1 Patch critical systems regularly
2 Perform debugging during stress tests
3 Implement privilege separation for custom programs
4 Limit interactive logon privileges. Answer: 4
, To best enhance the defense against privilege escalation, you should
limit interactive logon privileges. Restricting users to the least amount of
required privileges required to effectively do their job will prevent an
attacker from gaining administrative access from a low-level account.
You should patch critical systems regularly, but this is very low in the
list of countermeasures you should use against privilege escalation.
Regular patching of systems will reduce zero-day attacks against OS
vulnerabilities. A vulnerability may be exploited for an attacker to
escalate privilege.
You should perform debugging during stress tests, but this is not the best
defense against privilege escalation. During stress tests (where there are
large number of instances and simulated users), unusual errors could
result in privilege escalation, which an attacker could then recreate.
You should implement privilege separation for custom code, but this is
not the best defense against privilege escalation. Separating privilege is
accomplished by dividing a program into parts, so that each part is
limited to a smaller subset of privileges. This methodology reduces the
likelihood that an attacker could escalate privilege, because they would
need to string together the parts to get full privilege given to the
program.
◉ Which kind of security mechanism would require a retina scan and a
fingerprint scan as logon credentials?
REVIEW BUNDLED SOLUTION PACKAGE
◉ You discover that an attacker has used filesnarf to attack your
network. Which of the following best describes what this tool does?
1 Floods a switched LAN with random MAC addresses
2 Automates the import of log data from over 200 common network
devices
3 Discovers hosts and services on a computer network.
4 Sniffs NFS traffic on the network. Answer: 4
Filesnarf sniffs Network File System (NFS) traffic on the network.
The macof tool floods a switched LAN with random MAC addresses.
Filesnarf and macof are both tools in the dsniff suite of tools.
Webspy is a web reporting tool that automates the process of importing
log data from over 200 common network devices.
,Network Mapper (Nmap) discovers hosts and services on a computer
network.
◉ You have recently discovered that an attacker has successfully carried
out a session sniffing attack. Which description best describes this
attack?
1 The attacker inserted malicious coding into a link that appeared to be
from a trustworthy source.
2 The attacker captured information from a legitimate session and used
the session ID from the legitimate session to connect to a computer on
your network.
3 The attacker added SQL code to a Web form input box to gain access
to resources or make changes to data.
4 The attacker masqueraded as a trusted host by using an IP address
from within the network being attacked.. Answer: 2
In a session sniffing attack, the attacker captures information from a
legitimate session and uses the session ID from the legitimate session to
connect to a computer on your network.
,In a cross-site scripting attack, the attacker inserts malicious coding into
a link that appears to be from a trustworthy source.
In a SQL injection attack, the attacker adds SQL code to a Web form
input box to gain access to resources or make changes to data.
In an IP spoofing attack, the attacker masquerades as a trusted host to
conceal his identity by using an IP address from within the network
being attacked.
◉ Your IT security team defends against privilege escalation with the
following countermeasures: •Encryption for sensitive company data
•Services run as unprivileged accounts
•Multi-factor authentication and authorization
Which additional countermeasure would BEST enhance the current
defense?
1 Patch critical systems regularly
2 Perform debugging during stress tests
3 Implement privilege separation for custom programs
4 Limit interactive logon privileges. Answer: 4
, To best enhance the defense against privilege escalation, you should
limit interactive logon privileges. Restricting users to the least amount of
required privileges required to effectively do their job will prevent an
attacker from gaining administrative access from a low-level account.
You should patch critical systems regularly, but this is very low in the
list of countermeasures you should use against privilege escalation.
Regular patching of systems will reduce zero-day attacks against OS
vulnerabilities. A vulnerability may be exploited for an attacker to
escalate privilege.
You should perform debugging during stress tests, but this is not the best
defense against privilege escalation. During stress tests (where there are
large number of instances and simulated users), unusual errors could
result in privilege escalation, which an attacker could then recreate.
You should implement privilege separation for custom code, but this is
not the best defense against privilege escalation. Separating privilege is
accomplished by dividing a program into parts, so that each part is
limited to a smaller subset of privileges. This methodology reduces the
likelihood that an attacker could escalate privilege, because they would
need to string together the parts to get full privilege given to the
program.
◉ Which kind of security mechanism would require a retina scan and a
fingerprint scan as logon credentials?
