CERTIFIED ETHICAL HACKER
CERTIFICATION - CEH V10
ARP poisoning - correct answer ARP poisoning refers to flooding the target
machine's ARP cache with forged entries.
Grey box testing - correct answer A combination of black box and white box
testing that gives a full inspection of the system, simulating both outside and
inside attacks
NTP Enumeration - correct answer NTP stands for Network Time Protocol and its
role is to ensure that the networked computer clocks are synchronized. NTP
enumeration provides hackers with information about the hosts that are
connected to NTP server as well as IP addresses, system names, and operating
systems of the clients.
Active online attacks - correct answer Active online attacks require the attacker to
communicate with the target machine in order to crack the password.
Static malware analysis - correct answer Static analysis refers to analyzing
malware without running or installing it. The malware's binary code is examined
to determine if there are any data structures or function calls that have malicious
behavior.
Access control - correct answer Access control attack is someone tries to
penetrate a wireless network by avoiding access control measures, such as
Access Point MAC filters or Wi-Fi port access control.
Password guessing attack steps - correct answer Find the target's username
Create a password list
,Sort the passwords by the probability
Try each password
Sniffer - correct answer Packet sniffing programs are called sniffers and they are
designed to capture packets that contain information such as passwords, router
configuration, traffic, and more.
Data backup strategy steps - correct answer Identify important data
Choose the appropriate backup media
Choose the appropriate backup technology
Choose the appropriate RAID levels
Choose the appropriate backup method
Choose the appropriate location
Choose the backup type
Choose the appropriate backup solution
Perform a recovery test
WPA2-Personal - correct answer WPA2-Personal encryption uses a pre-shared
key (PSK) to protect the network access.
,Threat modeling - correct answer Threat modeling is an assessment approach in
which the security of an application is analyzed. It helps in identifying threats that
are relevant to the application, discovering application vulnerabilities, and
improve the security.
Administrative security policies - correct answer Administrative policies define
the behaviour of employees.
Doxing - correct answer Doxing is revealing and publishing personal information
about someone. It involves gathering private and valuable information about a
person or organization and then misusing that information for different reasons.
Recovery controls - correct answer Recovery controls are used after a violation
has happened and system needs to be restored to its persistent state. These may
include backup systems or disaster recovery.
Confidentiality attack - correct answer Confidentiality attack is where an attacker
attempts to intercept confidential information transmitted over the network.
Proprietary Methodologies - correct answer Proprietary methodologies are
usually devised by the security companies who offer pentesting services and as
such are kept confidential. Examples of proprietary methodologies include:
-IBM
-McAfee Foundstone
-EC-Council LPT
Five stages of hacking - correct answer Reconnaissance
Scanning
Gaining access
Maintaining access
Clearing tracks
, Script kiddies - correct answer Script kiddies are hackers who are new to hacking
and don't have much knowledge or skills to perform hacks. Instead, they use
tools and scripts developed by more experienced hackers.
Application keylogger - correct answer Application keylogger is designed to
observe the target's activity whenever they type something. It can record emails,
passwords, messages, browsing activities, and more.
Ethical hacking guidelines - correct answer No test should be performed without
an appropriate permission and authorization
Keep the test results confidential (usually an NDA is signed)
Perform only those tests that the client had previously agreed upon
CVSS - correct answer The Common Vulnerability Scoring System (CVSS)
provides a way to capture the principal characteristics of a vulnerability, and
produce a numerical score reflecting its severity. The numerical score can then
be translated into a qualitative representation (such as low, medium, high, and
critical) to help organizations properly assess and prioritize their vulnerability
management processes.
Man-in-the-middle attack - correct answer Man-in-the-middle attack is when an
attacker gains access to the communication channel between a target and server.
The attacker is then able to extract the information and data they need to gain
unauthorized access.
Breaking WPA/WPA2 Encryption: Brute-force WPA Keys - correct answer Brute-
Force WPA Keys is a technique in which the attacker uses dictionary or cracking
tools to break WPA encryption keys. This attack takes a lot of time to break the
key.
Web application threats - correct answer Attacks that take advantage of poorly
written code and lack of proper validation on input and output data. Some of
these attacks include SQL injection and cross-site scripting.
CERTIFICATION - CEH V10
ARP poisoning - correct answer ARP poisoning refers to flooding the target
machine's ARP cache with forged entries.
Grey box testing - correct answer A combination of black box and white box
testing that gives a full inspection of the system, simulating both outside and
inside attacks
NTP Enumeration - correct answer NTP stands for Network Time Protocol and its
role is to ensure that the networked computer clocks are synchronized. NTP
enumeration provides hackers with information about the hosts that are
connected to NTP server as well as IP addresses, system names, and operating
systems of the clients.
Active online attacks - correct answer Active online attacks require the attacker to
communicate with the target machine in order to crack the password.
Static malware analysis - correct answer Static analysis refers to analyzing
malware without running or installing it. The malware's binary code is examined
to determine if there are any data structures or function calls that have malicious
behavior.
Access control - correct answer Access control attack is someone tries to
penetrate a wireless network by avoiding access control measures, such as
Access Point MAC filters or Wi-Fi port access control.
Password guessing attack steps - correct answer Find the target's username
Create a password list
,Sort the passwords by the probability
Try each password
Sniffer - correct answer Packet sniffing programs are called sniffers and they are
designed to capture packets that contain information such as passwords, router
configuration, traffic, and more.
Data backup strategy steps - correct answer Identify important data
Choose the appropriate backup media
Choose the appropriate backup technology
Choose the appropriate RAID levels
Choose the appropriate backup method
Choose the appropriate location
Choose the backup type
Choose the appropriate backup solution
Perform a recovery test
WPA2-Personal - correct answer WPA2-Personal encryption uses a pre-shared
key (PSK) to protect the network access.
,Threat modeling - correct answer Threat modeling is an assessment approach in
which the security of an application is analyzed. It helps in identifying threats that
are relevant to the application, discovering application vulnerabilities, and
improve the security.
Administrative security policies - correct answer Administrative policies define
the behaviour of employees.
Doxing - correct answer Doxing is revealing and publishing personal information
about someone. It involves gathering private and valuable information about a
person or organization and then misusing that information for different reasons.
Recovery controls - correct answer Recovery controls are used after a violation
has happened and system needs to be restored to its persistent state. These may
include backup systems or disaster recovery.
Confidentiality attack - correct answer Confidentiality attack is where an attacker
attempts to intercept confidential information transmitted over the network.
Proprietary Methodologies - correct answer Proprietary methodologies are
usually devised by the security companies who offer pentesting services and as
such are kept confidential. Examples of proprietary methodologies include:
-IBM
-McAfee Foundstone
-EC-Council LPT
Five stages of hacking - correct answer Reconnaissance
Scanning
Gaining access
Maintaining access
Clearing tracks
, Script kiddies - correct answer Script kiddies are hackers who are new to hacking
and don't have much knowledge or skills to perform hacks. Instead, they use
tools and scripts developed by more experienced hackers.
Application keylogger - correct answer Application keylogger is designed to
observe the target's activity whenever they type something. It can record emails,
passwords, messages, browsing activities, and more.
Ethical hacking guidelines - correct answer No test should be performed without
an appropriate permission and authorization
Keep the test results confidential (usually an NDA is signed)
Perform only those tests that the client had previously agreed upon
CVSS - correct answer The Common Vulnerability Scoring System (CVSS)
provides a way to capture the principal characteristics of a vulnerability, and
produce a numerical score reflecting its severity. The numerical score can then
be translated into a qualitative representation (such as low, medium, high, and
critical) to help organizations properly assess and prioritize their vulnerability
management processes.
Man-in-the-middle attack - correct answer Man-in-the-middle attack is when an
attacker gains access to the communication channel between a target and server.
The attacker is then able to extract the information and data they need to gain
unauthorized access.
Breaking WPA/WPA2 Encryption: Brute-force WPA Keys - correct answer Brute-
Force WPA Keys is a technique in which the attacker uses dictionary or cracking
tools to break WPA encryption keys. This attack takes a lot of time to break the
key.
Web application threats - correct answer Attacks that take advantage of poorly
written code and lack of proper validation on input and output data. Some of
these attacks include SQL injection and cross-site scripting.
