Certified Ethical Hacker CEH v11 Questions and Answers Explanation Included

Question 1: Incorrect An unauthorized individual enters a building following an employee through the employee entrance after the lunch rush. What type of breach has the individual just performed?  A. Reverse Social Engineering (Incorrect)  B. Tailgating (Correct)  C. Piggybacking  D. Announced Explanation This is a common way for someone to gather information about a company and their security procedures. Identify what measures are in place security guards, alarms, bio-metrics, and even observe other employees of how they login to machines and maybe even perform shoulder surfing or find a security badge to gain further access into secure areas of the building. Question 2: Incorrect Which of the following is the best countermeasure to encrypting ransomwares?  A. Use multiple antivirus softwares  B. Keep some generation of off-line backup (Correct)  C. Analyze the ransomware to get decryption key of encrypted data (Incorrect)  D. Pay a ransom Explanation Ransomware is a malicious way to encrypt and steal valuable information to a company which can cripple them financially. It's always a best practice to ensure you have backups stored off the network or inaccessible from other devices to prevent all your data from being attacked. Question 3: Skipped If an attacker uses the command SELECT*FROM user WHERE name = "˜x' AND userid IS NULL; --"˜; which type of SQL injection attack is the attacker performing?  A. End of Line Comment  B. UNION SQL Injection  C. Illegal/Logically Incorrect Query  D. Tautology (Correct) Explanation - Attackers intentionally insert bad input into an application, causing it to throw database errors. - The attacker reads the database-level error messages that result in order to find an SQL injection vulnerability in the application. - Based on this, the attacker then injects SQL queries that are specifically designed to compromise the data security of the application. Question 4: Skipped Sophia travels a lot and worries that her laptop containing confidential documents might be stolen. What is the best protection that will work for her?  A. Full Disk encryption (Correct)  B. BIOS password