CEH V11 PRACTICE TEST
D. Digital certificate - correct answer How is the public key distributed in an
orderly, controlled fashion so that the users can be sure
of the sender's identity?
A. Hash value
B. Digital signature
C. Private key
D. Digital certificate
E. All are DDOS tools - correct answer What do Trinoo, TFN2k, WinTrinoo, T-Sight,
and Stracheldraht have in common?
A. All are tools that can be used not only by hackers, but also security personnel
B. All are hacking tools developed by the legion of doom
C. All are tools that are only effective against Windows D. All are tools that are
only effective against Linux
E. All are DDOS tools
B. SOA, NS, A, and MX records - correct answer A zone file consists of which of
the following Resource Records (RRs)?
A. DNS, NS, PTR, and MX records
B. SOA, NS, A, and MX records
C. DNS, NS, AXFR, and MX records
D. SOA, NS, AXFR, and MX records
C. It replaces legitimate programs - correct answer Which of the following is the
primary objective of a rootkit?
,A. It creates a buffer overflow
B. It provides an undocumented opening in a program
C. It replaces legitimate programs
D. It opens a port to provide an unauthorized service
D. Email Spoofing - correct answer CompanyXYZ has asked you to assess the
security of their perimeter email gateway. From your office in New York, you craft
a specially formatted email message and send it across the Internet to an
employee of CompanyXYZ. The employee of CompanyXYZ is aware of your test.
Your email message looks like this:
From:
To: Subject: Test message
Date: 4/3/2017 14:37
The employee of CompanyXYZ receives your email message. This proves that
CompanyXYZ's email gateway doesn't prevent what?
A. Email Harvesting
B. Email Masquerading
C. Email Phishing
D. Email Spoofing
C. You attempt every single possibility until you exhaust all possible
combinations or discover the password - correct answer When discussing
passwords, what is considered a brute force attack?
A. You wait until the password expires
, B. You create hashes of a large number of words and compare it with the
encrypted passwords
C. You attempt every single possibility until you exhaust all possible
combinations or discover the password
D. You load a dictionary of words into your cracking program
E. You threaten to use the rubber hose on someone unless they reveal their
password
D. Try to hang around the local pubs or restaurants near the bank, get talking to a
poorly-paid or disgruntled employee, and offer them money if they'll abuse their
access privileges by providing you with sensitive information - correct answer
You are trying to break into a highly classified top-secret mainframe computer
with highest security system in place at Merclyn Barley Bank located in Los
Angeles. You know that conventional hacking doesn't work in this case, because
organizations such as banks are generally tight and secure when it comes to
protecting their systems. In other words, you are trying to penetrate an otherwise
impenetrable system.How would you proceed?
A. Launch DDOS attacks against Merclyn Barley Bank's routers and firewall
systems using 100, 000 or more "zombies" and "bots"
B. Look for "zero-day" exploits at various underground hacker websites in Russia
and China and buy the necessary exploits from these hackers and target the
bank's network
C. Try to conduct Man-in-the-Middle (MiTM) attack and divert the network traffic
going to the Merclyn Barley Bank's Webserver to that of your machine using DNS
Cache Poisoning techniques
D. Try to hang around the local pubs or restaurants near the bank, get talking to a
poorly-paid or disgruntled employee, and offer them money if they'll abuse their
access privileges by providing you with sensitive information
C. Cross-site-scripting attack - correct answer This is an attack that takes
advantage of a web site vulnerability in which the site displays content that
includes un-sanitized user-provided data. What is this attack?
A. URL Traversal attack
D. Digital certificate - correct answer How is the public key distributed in an
orderly, controlled fashion so that the users can be sure
of the sender's identity?
A. Hash value
B. Digital signature
C. Private key
D. Digital certificate
E. All are DDOS tools - correct answer What do Trinoo, TFN2k, WinTrinoo, T-Sight,
and Stracheldraht have in common?
A. All are tools that can be used not only by hackers, but also security personnel
B. All are hacking tools developed by the legion of doom
C. All are tools that are only effective against Windows D. All are tools that are
only effective against Linux
E. All are DDOS tools
B. SOA, NS, A, and MX records - correct answer A zone file consists of which of
the following Resource Records (RRs)?
A. DNS, NS, PTR, and MX records
B. SOA, NS, A, and MX records
C. DNS, NS, AXFR, and MX records
D. SOA, NS, AXFR, and MX records
C. It replaces legitimate programs - correct answer Which of the following is the
primary objective of a rootkit?
,A. It creates a buffer overflow
B. It provides an undocumented opening in a program
C. It replaces legitimate programs
D. It opens a port to provide an unauthorized service
D. Email Spoofing - correct answer CompanyXYZ has asked you to assess the
security of their perimeter email gateway. From your office in New York, you craft
a specially formatted email message and send it across the Internet to an
employee of CompanyXYZ. The employee of CompanyXYZ is aware of your test.
Your email message looks like this:
From:
To: Subject: Test message
Date: 4/3/2017 14:37
The employee of CompanyXYZ receives your email message. This proves that
CompanyXYZ's email gateway doesn't prevent what?
A. Email Harvesting
B. Email Masquerading
C. Email Phishing
D. Email Spoofing
C. You attempt every single possibility until you exhaust all possible
combinations or discover the password - correct answer When discussing
passwords, what is considered a brute force attack?
A. You wait until the password expires
, B. You create hashes of a large number of words and compare it with the
encrypted passwords
C. You attempt every single possibility until you exhaust all possible
combinations or discover the password
D. You load a dictionary of words into your cracking program
E. You threaten to use the rubber hose on someone unless they reveal their
password
D. Try to hang around the local pubs or restaurants near the bank, get talking to a
poorly-paid or disgruntled employee, and offer them money if they'll abuse their
access privileges by providing you with sensitive information - correct answer
You are trying to break into a highly classified top-secret mainframe computer
with highest security system in place at Merclyn Barley Bank located in Los
Angeles. You know that conventional hacking doesn't work in this case, because
organizations such as banks are generally tight and secure when it comes to
protecting their systems. In other words, you are trying to penetrate an otherwise
impenetrable system.How would you proceed?
A. Launch DDOS attacks against Merclyn Barley Bank's routers and firewall
systems using 100, 000 or more "zombies" and "bots"
B. Look for "zero-day" exploits at various underground hacker websites in Russia
and China and buy the necessary exploits from these hackers and target the
bank's network
C. Try to conduct Man-in-the-Middle (MiTM) attack and divert the network traffic
going to the Merclyn Barley Bank's Webserver to that of your machine using DNS
Cache Poisoning techniques
D. Try to hang around the local pubs or restaurants near the bank, get talking to a
poorly-paid or disgruntled employee, and offer them money if they'll abuse their
access privileges by providing you with sensitive information
C. Cross-site-scripting attack - correct answer This is an attack that takes
advantage of a web site vulnerability in which the site displays content that
includes un-sanitized user-provided data. What is this attack?
A. URL Traversal attack
