CEH Certifiaction Exam

Which of the following mobile security best practices for users is concerned with geotages?
Click the card to flip 👆
1 / 125
Terms in this set (125)
You work for a company that is implementing symmetric cryptography to process payment applications such as card transactions where personally identfiable information (PII) needs to be protected to prevent identity theft or fraudulent charges. Which of the following algorithm types would be best for transmitting large amounts of data?
Heather has been hired to work in a firm's cybersecurity division. Her role will included both offensive and defensive tasks. Which of the following roles applies to Heather?A member of the purple team.Which of the following ports are used by null sessions on your network?139 and 445Which of the following types of web server attacks is characterized by altering or vandalizing a website's appearance in an attempt to humiliate, discredit, or annoy the victim?Website DefacementJoe, a bookkeeper, works in a cubicle environment and is often called away from his desk. Joe doesn't want to sign out of his computer each time he leaves. Which of the following is the best solutions for securing Joe's workstation?Configure the screen saver to require a passwordHeather wants to gain remote access Randy's machine. She has developed a program and hidden it inside a legitimate program that she is sure Randy will install on his machine. Which of the following types of malware is she using?Trojan HorseA ping sweep is used to scan a range of IP addresses to look for live systems. A ping sweep can also alert a security system, which could result in an alarm being triggered or an attempt being blocked. Which type of scan is being used?Network scanWhich of the following techniques involves adding random bits of data to a password before it is stored as a hash?Password saltingYou are the cybersecurity specialist for your company and have been hired to perform a penetration test. You have been using Wireshark to capture and analyze packets. Knowing that HTTP POST data can sometimes be easy prey for hackers, you have used the http.request.method==POST Wireshark filter. The results of that filter are shown in the image. After analyzing the captured information, which of the following would be your biggest concern?Clear text passwords are shown.Which document explains the details of an objective-based test?Scope of workWhich statement best describes a suicide hacker?This hacker is only concerned with taking down their target for a cause. They have no concerns about being caught.Daphne suspects a Trojan horse is installed on her system. She wants to check all active network connections to see which programs are making connections and the FQDN of where those programs are connecting to. Which command will allow her to do this?netstat -f -bCompliments, misinformation, feigning ignorance, and being a good listener are tactics of which social engineering techniqueElicitationYou are instant messaging a coworker, and you get a malicious link. Which type of social engineering attack is this?SpimYou are using an iOS device. You want to scan networks, websites, and ports to find open network devices. Which of the following network mapping tools should you use?ScanyThere are two non-government sites that provide lists of valuable information for ethical hackers. Which of the following best describes the Full Disclosure site?A mailing list that often shows the newest vulnerabilities before other sources.Jessica needs to set up a firewall to protect her internal network form the internet. Which of the following would be the best type of firewall for her to use>HardwareWhich of the following best describes the verification phase of the vulnerability management life cycle?Proves your work to management and generates verifiable evidence to show that your patchin and hardening implementations have been effective.When it comes to obfuscation mechanisms, nmap has the ability to generate decoys, meaning that detection of the actual scanning system becomes much more difficult. which of the following is the proper nmap command?nmap -D RND:10 target_IP_addressFrank, an attacker, has gained access to your network. He decides to cause an illegal instruction. He watches the timing to handle an illegal instruction. Which of the following is he testing for?A virtual machineJohn, a security specialist, conducted a review of the company's website. He discovered that sensitive company information was publicly available. Which of the following information sharing policies did he discover were being violated.An internet policyWhich of the following best describes a web application?A web application is software that has been installed on a web server.Nmap provides many commands and scripts that are used to evade firewalls and intrusion detection systems. Which of the following is the proper nmap command to use the decoy option?nmap -D RND:25 of the following best describes a stateful inspection?Determines the legitimacy of traffic based on the state of the connection from which the traffic originated.Which of the following tools can be used to create botnets?Shark, PlugBot, and Poison IvyCreating an area of the network where offending traffic is forwarded and dropped is known as _________?Black hole filteringWhich of the following best describes the heuristic or behavior-based detection method?Searches for execution path hooking, which allows a function value in an accessible environment to be changed.If an attacker's intent is to discover and then use sensitive data like passwords, session cookies, and other security configurations such as UDDI, SOAP, and WSDL, which of the following cloud computing attacks is he using?Service hijacking through network sniffing.Which of the following best describes a lock shim?A thin, stiff piece of metal.You have been asked to perform a penetration test for a company to see if any sensitive information can be captured by a potential hacker. You have used Wireshark to capture a series of packets. Using the tcp contains Invoice filter, you have found one packet. Using the captured information shown, which of the following is the name of the company requesting payment?ACME, IncSam has used malware to access Sally's computer on the network. He has found information that will allow him to use the underlying NTLM to escalate his privileges without needing the plaintext password. Which of the following types of attacks did he use?Pass the hashYou are working on firewall evasion countermeasures and are specifically looking for a tool to expose TTL vulnerabilities. Which of the following tools would you use?FirewalkingCarl received a phone call from a woman who states that she is calling from his bank. She tells him that someone has tried to access his checking account and she needs him to confirm his account number and password to discuss further details. He gives her his account number and password. Which of the following types of non-technical password attack has occured?Social engineeringWhich of the following is the third step in the ethical hacking methodology?Gain accessAn attack that targets senior executives and high-profile victims is referred to as:WhalingWhich of the following best describes a non-disclosure agreement?A common legal contract outlining confidential material that will be shared during the assessment.Which of the following malware types shows the user signs of potential harm that could occur if the user doesn't take a certain action?ScarewareWho would be most likely to erase only parts of the system logs file?A black hat hackerA client asking for small deviations from the scope of work is called:Scope creepWhich of the following cryptography attacks is characterized by the attacker having access to both the plain text and the resulting ciphertext, but does not allow the attacker to choose the plain text?Known plain textWhich of the following best describes the scan with ACK evasion method?Helps determine whether the firewall is stateful or stateless and whether or not the ports are open.Which of the following services is most targeted during the reconnaissance phase of a hacking attack?DNSIP address spoofing, fragmentation attacks, using proxy servers, ICMP tunneling, and ACK tunneling are all examples of which of the following firewall penetration testing techniques?TCP packet filteringHugh, a security consultant, recommended the use of an internal and external DNS to provide an extra layer of security. Which of the following DNS countermeasures is being used?Split DNSYou get a call from one of your best customers. The customer is asking about your company's employees, teams, and managers. What should you do?You should not provide any information and forward the call to the help desk.A hacker finds a system that has a poorly design and unpatched program installed. He wants to create a backdoor for himself. Which of the following tools could he use to establish a backdoor?MetasploitAny attack involving human interaction of some kind is referred to as:Social engineeringMiguel is performing a penetration test on his client's web-based application. Which penetration test frameworks should Miguel utilize?OWASPA hacker finds a target machine but wants to avoid getting caught, so the hacker finds another system to take the blame. This system is frequently called a zombie machine because it's disposable and creates a good distraction. Which of the following port scans is being used?Idle scanWhich of the following best describes the HTTP Request/Response TRACE?Performs a loopback test to a target resource.Which of the following best describes an anti-virus sensor system?A collection of software that detects and analyzes malware.Which of the following describes the exploitation stage of the mobile device penetration testing process?The use of man-in-the-middle attacks, spoofing, and other attacks to take advantage of client-side vulnerabilities.Which of the following explains why web servers are often targeted by attackers?Web servers provide an easily found, publicly accessible entrance to a network that users are encouraged to enter into and browse.While performing a penetration test, you captured a few HTTP POST packets using Wireshark. After examining the selected packet, which of the following concerns or recommendations will you include in your report?Passwords are being sent in clear text.Rudy is analyzing a piece of malware discovered in a pentest. He has taken a snapshot of the test system and will run the malware. He will take a snapshot afterwards and monitor different components such as ports, processes, event logs, and more for any changes. Which of the following processes is he using?Host integrity monitoringJames, a hacker, has hacked into a Unix system and wants to change the timestamps on some files to hide his tracks. Which of the following timestamp tools would he most likely use?TouchA goal-based penetration test needs to have specific goals. Using SMART goals is extremely useful for this. What does SMART stand for?Specific/Measurable/Attainable/Relevant/TimelyKaren received a report of all the mobile devices on the network. This report showed the total risk score, summary of revealed vulnerabilities, and remediation suggestions. Which of the following types of software generated this report?A vulnerability scannerAn attacker conducts a normal port scan on a host and detects protocols used by a Windows operating system and protocols used by a Linux operating system. Which of the following might this indicate?A honeypotThe list of cybersecurity resources below are provided by which of the following government sites? Information exchange Training and exercises Risk and vulnerability assessments Data synthesis and analysis Operational planning and coordination Watch operations Incident response and recoveryCISAWhich of the following is considered an out-of-band distribution method for private key encryption?Copying the key to a USB drive.This government resource is a community-developed list of common software security weaknesses. They strive to create commonality in the descriptions of weaknesses of software security. Which of the following government resources is described?CWEWhich of the following is an open-source cryptography toolkit that implements SSL and TLS network protocols and the related cryptography standards required by them?OpenSSLA penetration tester discovers a vulnerable application and is able to hijack a website's URL hyperlink session ID. The penetration tester is able to intercept the session ID; when the vulnerable application sends the URL hyperlink to the website, the session IDs are embedded in the hyperlink. Which of the following types of session hijacking countermeasures is the penetration tester using?Session fixation attackDaphne has determined that she has malware on her Linux machine. She prefers to only use open-source software. Which anti-malware software should she use?ClamAVWhich of the following describes the risks of spyware that are particular to mobile devices?Spyware can monitor and log call histories, GPS locations, and text messages.Julie is looking for a honeypot detection tool that is capable of packet manipulation. Which of the following tools should she use?Snort inlineAn ethical hacker is running an assessment test on your networks and systems. The assessment test includes the following items: Inspecting physical security Checking open ports on network devices and router configurations Scanning for Trojans, spyware, viruses, and malware Evaluating remote management processes Determining flaws and patches on the internal network systems, devices, and servers Which of the following assessment tests is being performed?Internal assessmentBrandon is helping Fred with his computer. He needs Fred to enter his username and password into the system. Fred enters the username and password while Brandon is watching him. Brandon explains to Fred that it is not a good idea to allow anyone to watch you type in usernames or passwords. Which type of social engineering attack is Fred referring to?Shoulder surfingAnti-malware software utilizes different methods to detect malware. One of these methods is scanning. Which of the following best describes scanning?Scanning uses live system monitoring to detect malware immediately. This technique utilizes a database that needs to be updated regularly. Scanning is the quickest way to catch malware programs.Heather is in the middle of performing a penetration test when her client asks her to also check the security of an additional server. Which of the following documents does she need to submit before performing the additional task?Change orderWhich of the following steps in an Android penetration test checks for a vulnerability hackers use to break down the browser's sandbox using infected JavaScript code?Check for a cross-application-scripting errorWhich of the following includes a list of resolved vulnerabilities?Security vulnerability summaryWhich of the following is another name for the signature-based detection method?Misuse detectionWhich of the following uses on-the-fly encryption, meaning the data is automatically encrypted immediately before it is saved and decrypted immediately after it is loaded?VeraCryptIn this lab, your task is to: Install the smart card key readers Install the IP security cameras Install the Restricted Access sign on the networking closet door Install the visitor log on the Lobby desk Complete this lab as follows: Install the smart card key readers as follows:On the Shelf, expand Door Locks.Drag a Smart Card Reader from the shelf to the highlighted location outside the building's front door.Drag a Smart Card Reader from the shelf to the highlighted location outside the Networking Closet's door. Install the IP security cameras as follows:On the Shelf, expand CCTV Cameras.Drag the IP Security Camera from the shelf to the highlighted circle inside the Networking Closet.Drag the IP Security Camera from the shelf to just outside the Networking Closet. Install the Restricted Access sign as follows:On the Shelf, expand Restricted Access Signs.Drag the Restricted Access Sign from the shelf to the Networking Closet door. Install the visitor log as follows:On the Shelf, expand Visitor Logs.Drag the Visitor Log from the shelf to the Lobby desk.Which of the following best describes what SOX does?Implements accounting and disclosure requirements that increase transparency.Which of the following is used to remove files and clear the internet browsing history?CCleanerYou believe your system has been hacked. Which of the following is the first thing you should check?System log filesWhich of the following best describes the countermeasures you would take against a cross-site request forgery attack?Log off immediately after using a web application. Clear the history after using a web application, and don't allow your browser to save your login details.Which of the following describes a session ID?A unique token that a server assigns for the duration of a client's communications with the server.Which of the following elements is generally considered the weakest link in an organization's security?HumanEnable the TPM Activate the TPM Turn on BitLocker for the System (C:) drive Save the recovery key on CorpServer Encrypt the entire drive Run BitLocker system check Explanation In this lab, your task is to configure BitLocker drive encryption as follows: Turn on TPM in the BIOS. Activate TPM in the BIOS. Turn on BitLocker for the Local Drive (C:) drive. Save the recovery key to \\CorpServer\BU-Office1. Run the BitLocker system check. Encrypt the entire Local Drive (C:) drive. Complete this lab as follows: In the search field on the taskbar, enter Control Panel. Select System and Security. Select BitLocker Drive Encryption. Select Turn on BitLocker next to C:. Notice, at the bottom of the window, that Windows indicates that a TPM was not found. Select Cancel. Select Start. Select Power. Select Restart to restart Office1 and activate TPM. When the TestOut logo appears, press Delete to enter the BIOS. Turn on and activate TPM as follows:In the left pane, expand Security.Select TPM Security.In the right pane, select TPM Security to turn TPM security on.Select Apply.Select Activate.Select Apply.Select Exit. Turn on BitLocker as follows:After Office1 finishes rebooting, in the search field, enter Control Panel.Select System and Security.Select BitLocker Drive Encryption.Select Turn on BitLocker. Now Windows is able to begin the Drive Encryption setup.Select Next.Select Restart.Press F10.Select Next. Save the recovery key to \\CorpServer\BU-Office1 as follows:Select Save to a file to back up your recovery key to a file.Browse the network to \\CorpServer\BU-Office1.Select Save.After your recovery key is saved, click Next. Select Encrypt entire drive; then click Next. Leave the default setting selected when choosing the encryption mode and click Next. Select Run BitLocker system check; then click Continue. Select Restart now. When encryption is complete, click Close. Open File Explorer and verify that the Local Disk (C:) drive shows the lock icon.Which of the following is a sign of a network-based intrusion?New or unusual protocols and services running.Which of the following Bluetooth discovery tool commands will show the Bluetooth MAC address, clock offset, and class of each discovered device?hcitool inqWhich of the following is the most basic way to counteract SMTP exploitations?Ignore messages to unknown recipients instead of sending back error messages.During a penetration test, Heidi runs into an ethical situation she's never faced before and is unsure how to proceed. Which of the following should she do?Reach out to an attorney for legal advice.Which of the following IDS detection types compare behavior to baseline profiles or network behavior baselines?Anomaly-basedWhich of the following is a common corporate policy that would be reviewed during a penetration test?Password policyRandy was just hired as a penetration tester for the red team. Which of the following best describes the red team?Performs offensive security tasks to test the network's security.Which of the following has five layers of structure that include Edge technology, Access gateway, Internet, Middleware, and Application?IoT architectureWhich of the following best describes what FISMA does?Defines how federal government data, operations, and assets are handled.Ann has a corner office that looks out on a patio that is frequently occupied by tourists. She likes the convenience of her Bluetooth headset paired to her smartphone, but is concerned that her conversations could be intercepted by an attacker sitting on the patio. Which of the following countermeasures would be the most effective for protecting her conversations?Lower the Bluetooth power setting on the smartphone and headset.Using Wireshark, you have used a filter to help capture only the desired types of packets. Using the information shown in the image, which of the following best describes the effects of using the host filter?Only packets with in either the source or destination address are captured.Which of the following is the process of determining the configuration of ACLs by sending a firewall TCP and UDP packets?FirewalkingWhich key area in the mobile device security model is supported by device designers requiring passwords, biometrics, and two-factor authentication methods?Access controlsYou are looking for a vulnerability assessment tool that detects vulnerabilities in mobile devices and gives you a report containing a total risk score, a summary of revealed vulnerabilities, and remediation suggestions. Which of the following vulnerability assessment tools should you use?SecurityMetrics MobileXavier is doing reconnaissance. He is gathering information about a company and its employees by going through their social media content. Xavier is using a tool that pulls information from social media postings that were made using location services. What is the name of this tool?EchosecPatrick is planning a penetration test for a client. As part of this test, he will perform a phishing attack. He needs to create a virus to distribute through email and run a custom script that will let him track who has run the virus. Which of the following programs will allow him to create this virus?JPSWhich of the following is the first step you should take if malware is found on a system?Isolate the system from the network immediately.During an authorized penetration test, Michael discovers a vulnerability that could affect his client's partner's network. Which of the following actions should he take?Inform the client and leave it to them to inform the partner.You have implemented a regular backup schedule for a Windows system, backing up data files every night and creating a system image backup once per week. For security reasons, your company has decided not to store a redundant copy of the backup media at an off-site location. Which of the following would be the best backup and storage option?Use incremental backups and store them in a locked fireproof safe.During an authorized penetration test, Michael discovered his client's financial records. Which of the following should he do?Ignore the records and move on.What port does a DNS zone transfer use?TCP 53An attacker is attempting to determine whether a system is a honeypot. Which of the following actions should the attacker take?Craft a malicious probe packet to scan for services.In a world where so much private information is stored and transferred digitally, it is essential to proactively discover weaknesses. An ethical hacker's assessment sheds light on the flaws that can open doors for malicious attackers. Which of the following types of assessments does an ethical hacker complete to expose these weaknesses?Vulnerability assessmentWhich of the following encryption tools would prevent a user from reading a file that they did not create and does not require you to encrypt an entire drive?EFSA hacker has gained physical access to a system and has changed an administrator's account password. Which of the following tools did the hacker most likely use to accomplish this?Ultimate Boot CDYou want a list of all open UDP and TCP ports on your computer. You also want to know which process opened the port, which user created the process, and what time is was created. Which of the following scanning tools should you use?CurrportsWhich of the following are protocols included in the IPsec architecture?IKE, AH, and ESPThe Stuxnet worm was discovered in 2010 and was used to gain sensitive information on Iran's industrial infrastructure. This worm was probably active for about five years before being discovered. During this time, the attacker had access to the target. Which type of attack was Stuxnet?APTThe process of analyzing an organization's security and determining its security holes is known as:Threat modelingMark, an ethical hacker, is looking for a honeypot tool that will simulate a mischievous protocol such as devil or mydoom. Which of the following honeypot tools should he use?HoneyBOTWhich of the following tools enables security professionals to audit and validate the behavior of security devices?Traffic IQ ProfessionalWhich of the following assessment types can monitor and alert on attacks but cannot stop them?PassiveCharles found a song he wrote being used without his permission in a video on YouTube. Which law will help him protect his work?DMCA