CERTIFIED ETHICAL HACKER v11 MASTER SET 2021/2022

Which of the following information security elements guarantees that the sender of a message cannot later deny having sent the message and the recipient cannot deny having received the message? A Confidentiality B Non-repudiation C Availability D IntegrityCorrect answer - B A phase of the cyber kill chain methodology triggers the adversary's malicious code, which utilizes a vulnerability in the operating system, application, or server on a target system. At this stage, the organization may face threats such as authentication and authorization attacks, arbitrary code execution, physical security threats, and security misconfiguration. Which is this phase of the cyber kill chain methodology? A Reconnaissance B Weaponization C Exploitation D InstallationCorrect answer - C Which of the following is a category of hackers who are also known as crackers, use their extraordinary computing skills for illegal or malicious purposes, and are often involved in criminal activities? A Black hats B White hats C Suicide hackers D Script kiddiesCorrect answer - A John, a professional hacker, has launched an attack on a target organization to extract sensitive information. He was successful in launching the attack and gathering the required information. He is now attempting to hide the malicious acts by overwriting the server, system, and application logs to avoid suspicion. Which of the following phases of hacking is John currently in? A Maintaining access B Scanning C Clearing tracks D Gaining accessCorrect answer - C Which of the following risk management phases involves selecting and implementing appropriate controls for the identified risks to modify them? A Risk tracking and review B Risk identification C Risk treatment D Risk assessmentCorrect answer - C In which of the following incident handling and response phases are the identified security incidents analyzed, validated, categorized, and prioritized? A Incident recording and assignment B Incident triage C Containment D EradicationCorrect answer - B Which of the following phases of risk management is an ongoing iterative process that assigns priorities for risk mitigation and implementation plans to help determine the quantitative and qualitative value of risk? A Risk identification B Risk treatment C Risk tracking and review D Risk assessmentCorrect answer - D Jack, a security professional, was instructed to introduce a security standard to handle cardholder information for major debit, credit, prepaid, e-purse, ATM, and POS cards. In the process, Jack has employed a standard that offers robust and comprehensive standards as well as supporting materials to enhance payment-card data security. What is the security standard that Jack has employed? A HIPAA B SOX C DMCA D PCI DSSCorrect answer - D Morris, an attacker, has targeted an organization's network. To know the structure of the target network, he combined footprinting techniques with a network utility that helped him create diagrammatic representations of the target network. What is the network utility employed by Morris in the above scenario? A Netcraft B Tracert C Shodan D BuzzSumoCorrect answer - B Which of the following Google advanced search operators displays similar websites to the specified URL? A [site:] B [info:] C [inurl:] D [related:]Correct answer - D Which of the following techniques is used by an attacker to perform automated searches on the target website and collect specified information, such as employee names and email addresses? A Web spidering B Website mirroring C Monitoring of web updates D Website link extractionCorrect answer - A Jude, an attacker, has targeted an organization's communication network. While conducting initial footprinting, he used a Google dork to find the VoIP login portals of the organization. What is the Google dork that helped Jude find the VoIP login portals? A inurl:8080 intitle:"login" intext:"UserLogin" "English" B inurl:/voice/advanced/ intitle:Linksys SPA configuration C inurl:/remote/login?lang=en D !Host=*.* intext:enc_UserPassword=* ext:pcfCorrect answer - A Stokes, an attacker, decided to find vulnerable IoT devices installed in the target organization. In this process, he used an online tool that helped him gather information such as a device's manufacturer details, its IP address, and the location where it is installed. What is the online tool that Stokes used in the above scenario? A DuckDuckGo B Baidu C Shodan D BingCorrect answer - C CenSys Solutions hired Clark, a security professional, to enhance the Internet security of the organization. To achieve the goal, Clark employed a tool that provides various Internet security services, including anti-fraud and anti-phishing services, application testing, and PCI scanning. What is the tool used by Clark to perform the above activities? A Blisqy B OmniPeek C Netcraft D BTCrawlerCorrect answer - C Clark is a professional hacker. He targeted an organization for financial benefit and used various footprinting techniques to gather information about the target network. In this process, he employed a protocol used for querying databases that store the registered users or assignees of an Internet resource, such as a domain name, an IP address block, or an autonomous system. What is the protocol employed by Clark in the above scenario? A SMB B Whois C SNMP D FTPCorrect answer - B Which of the following tools in OSRFramework is used by attackers to check for a user profile on up to 290 different platforms? A B C D Correct answer - A What is the feature in FOCA that checks each domain to ascertain the host names configured in NS, MX, and SPF servers to discover the new host and domain names? A Common names B DNS search C Web search D Bing IPCorrect answer - B Which of the following countermeasures should be followed to safeguard the privacy, data, and reputation of an organization and to prevent information disclosure? A Keeping the domain name profile public B Enabling directory listings in the web servers C Avoiding domain-level cross-linking for critical assets D Turning on geolocation access on all mobile devicesCorrect answer - C Which of the following TCP communication flags notifies the transmission of a new sequence number and represents the establishment of a connection between two hosts? A FIN flag B SYN flag C PSH flag D RST flagCorrect answer - B Which of the following hping commands is used by an attacker to scan the entire subnet to detect live hosts in a target network? A hping3 -8 50-60 -S 10.0.0.25 -V B hping3 -F -P -U 10.0.0.25 -p 80 C hping3 -1 10.0.1.x --rand-dest -I eth0 D hping3 -9 HTTP -I eth0Correct answer - C Which of the following commands is used by an attacker to perform an ICMP ECHO ping sweep that can determine the live hosts from a range of IP addresses by sending ICMP ECHO requests to multiple hosts? A nmap -sn -PR 10.10.10.10 B nmap -sn -PU 10.10.10.10 C nmap -sn -PE 10.10.10.10 D nmap -sn -PE 10.10.10.5-15Correct answer - D Which of the following scanning techniques is used by an attacker to send a TCP frame to a remote device with the FIN, URG, and PUSH flags set? A Xmas scan B TCP Maimon scan C ACK flag probe scan D IDLE/IPID header scanCorrect answer - A A certain scanning technique has no three-way handshake, and the system does not respond when the port is open; when the port is closed, the system responds with an ICMP port unreachable message. Which of the following is this scanning technique? A List scanning B SCTP COOKIE ECHO scanning C IPv6 scanning D UDP scanningCorrect answer - D A certain type of port scanning technique is similar to the TCP SYN scan and can be performed quickly by scanning thousands of ports per second on a fast network that is not obstructed by a firewall, offering a strong sense of security. Which of the following is this type of port scanning technique? A IDLE/IPID header scanning B SCTP COOKIE ECHO scanning C SSDP scanning D SCTP INIT scanningCorrect answer - D An attacker performed OS banner grabbing on a target host. They analyzed the packets received from the target system and identified that the values of time to live (TTL) and TCP window size as 255 and 4128, respectively. What is the operating system of the target host on which the attacker performed banner grabbing? A Linux (Kernel 2.4 and 2.6) B Google Linux C Windows 98, Vista, and 7 (Server 2008) D iOS 12.4 (Cisco Routers)Correct answer - D Which of the following OS discovery techniques is used by an attacker to identify a target machine's OS by observing the TTL values in the acquired scan result? A OS discovery using Nmap B OS discovery using Unicornscan C OS discovery using Nmap Script Engine D OS discovery using IPv6 fingerprintingCorrect answer - B Which of the following IDS/firewall evasion techniques is used by an attacker to bypass Internet censors and evade certain IDS and firewall rules? A IP address decoy B Sending bad checksums C Source port manipulation D AnonymizersCorrect answer - D Through which of the following techniques can an attacker obtain a computer's IP address, alter the packet headers, and send request packets to a target machine while pretending to be a legitimate host? A IP address decoy B Source port manipulation C Packet fragmentation D IP address spoofingCorrect answer - D Larry, a professional hacker, was hired to launch a few attacks on an organization. In the process, he identified that FTP server ports are open and performed enumeration on FTP to find the software version and state of existing vulnerabilities for performing further exploitations. What is the FTP port number that Larry has targeted? A TCP 25 B TCP 20/21 C TCP/UDP 5060, 5061 D TCP 179Correct answer - B Which of the following Net View commands is used by an attacker to view all the available shares in a domain? A net view computername /ALL B net view /domain:domain name C net view /domain D net view computernameCorrect answer - C Which of the following commands is used by the SNMP manager continuously to retrieve all the data stored in an array or table? A GetResponse B GetNextRequest C GetRequest D SetRequestCorrect answer - B George hired an attacker named Joan to perform a few attacks on a competitor organization and gather sensitive information. In this process, Joan performed enumeration activities on the target organization's systems to access the directory listings within Active Directory. What is the type of enumeration that Joan has performed in the above scenario? A SNMP enumeration B LDAP enumeration C NTP enumeration D NetBIOS enumerationCorrect answer - B Sam, an ethical hacker, is launching an attack on a target company. He performed various enumeration activities to detect any existing vulnerabilities on the target network and systems. In this process, he performed NTP enumeration and executed some commands to acquire the list of hosts connected to the NTP server. Which of the following NTP enumeration commands helps Sam in collecting system information such as the number of time samples from several time sources? A ntptrace B ntpdc C ntpdate D ntpqCorrect answer - C Jim, a professional hacker, was hired to perform an attack on an organization. In the attack process, Jim targeted the SMTP server of the target organization and performed SMTP enumeration using the smtp-user-enum tool. He used some options in the tool to gather the usernames of the target organization's employees. Which of the following options did Jim use in the SMTP command for guessing the username from among EXPN, VRFY, and RCPT TO? A -m n B -u user C -M mode D -p portCorrect answer - C Given below are the different phases of the vulnerability management lifecycle. 1) Monitor 2) Vulnerability scan 3) Identify assets and create a baseline 4) Risk assessment 5) Verification 6) Remediation What is the correct sequence of phases involved in the vulnerability management lifecycle? A 1 → 2 → 3 → 4 → 5 → 6 B 2 → 1 → 5 → 3 → 6 → 4 C 3 → 2 → 4 → 6 → 5 → 1 D 3 → 1 → 4 → 5 → 6 → 2Correct answer - C Jaden, a security professional in an organization, introduced new tools and services into the organization. Before introducing the tools, he had to evaluate whether the tools are effective and appropriate for the organization. He used a publicly available and free-to- use list of standardized identifiers for software vulnerabilities and exposures to evaluate the tools. Which of the following databases did Jaden use to evaluate the tools and services? A LACNIC B CVE C Whois D ARINCorrect answer - B Edward, a security professional in an organization, was instructed by higher officials to calculate the severity of the organization' s systems.In the process, he used CVSS, a published standard that provides an open framework for communicating the characteristics and impacts of IT vulnerabilities. He used three metrics provided by CVSS for measuring vulnerabilities. Which of the following CVSS metrics represents the features that continue to change during the lifetime of the vulnerability? A Base metric B Environmental metric C Temporal metric D Overall scoreCorrect answer - C Which of the following types of vulnerability assessment sniffs the traffic present on the network to identify the active systems, network services, applications, and vulnerabilities? A Active assessment B Passive assessment C Credentialed assessment D Distributed assessmentCorrect answer - B Ben, an ethical hacker, was hired by an organization to check its security levels. In the process, Ben examined the network from a hacker's perspective to identify exploits and vulnerabilities accessible to the outside world by using devices such as firewalls, routers, and servers. Which of the following types of vulnerability assessment did Ben perform on the organization? A Active assessment B Passive assessment C External assessment D Internal assessmentCorrect answer - C