Quiz-summary
0 of 10 questions completed
Questions:
- 1
- 2
- 3
- 4
- 5
- 6
- 7
- 8
- 9
- 10
Information
Certified Ethical Hacker Exam Practice Questions
You have already completed the quiz before. Hence you can not start it again.
Quiz is loading...
You must sign in or sign up to start the quiz.
You have to finish following quiz, to start this quiz:
Results
0 of 10 questions answered correctly
Your time:
Time has elapsed
You have reached 0 of 0 points, (0)
Categories
- Not categorized 0%
- 1
- 2
- 3
- 4
- 5
- 6
- 7
- 8
- 9
- 10
- Answered
- Review
-
Question 1 of 10
1. Question
Social engineering is a manipulation technique that exploits human error to gain private information, access, or valuables. There are four social engineering vectors, one of which is impersonation. Which of the following sentences is true about impersonation?
Correct
Impersonation is considered to be more of a physical vector wherein the attacker is trying to gain access to a building or facility by pretending to be someone else. It can also be conducted through websites, in that users believe they are visiting one site when in fact they are visiting another.
Incorrect
Impersonation is considered to be more of a physical vector wherein the attacker is trying to gain access to a building or facility by pretending to be someone else. It can also be conducted through websites, in that users believe they are visiting one site when in fact they are visiting another.
-
Question 2 of 10
2. Question
Attackers can use several techniques to conduct a website attack. One of the most common techniques used in a website attack is the website cloning attack. Which of the following statements is true about the website cloning attack?
Correct
Website cloning attack refers to the process of copying or modifying an existing website design or script to create a new website. You can use the WinHTTrack and Wget tool to conduct this technique.
Incorrect
Website cloning attack refers to the process of copying or modifying an existing website design or script to create a new website. You can use the WinHTTrack and Wget tool to conduct this technique.
-
Question 3 of 10
3. Question
Wi-Fi is a wireless networking technology that allows devices such as computers, mobile devices, and other equipment to interface with the internet. It allows these devices to exchange information with one another, creating a network. There are two types of wireless networks: ad hoc network and infrastructure network. Which of the following sentences defines the infrastructure network?
Correct
An infrastructure network has a central device, which acts as a switch. In this type of network, computers don’t talk to one another directly. Instead, all messages go through an access point.
Incorrect
An infrastructure network has a central device, which acts as a switch. In this type of network, computers don’t talk to one another directly. Instead, all messages go through an access point.
-
Question 4 of 10
4. Question
Wireless networks have become an integral part of how we conduct our businesses. They ease many processes and help us get rid of the clutter caused by hundreds of wires. On the downside, wireless networks are much more vulnerable to attacks and intruders. One of the most common wireless attacks is the key reinstallation attack (KRACK). Which of the following statements best describes the KRACK?
Correct
The key reinstallation attack (KRACK) is an attack that is performed during the WPA2 handshake, which is during the initialization of the WPA2 connection. It exploits a vulnerability in WPA2 to steal data transmitted over networks. These attacks can result in the theft of sensitive information like login credentials, credit card numbers, and any other data the victim transmits over the web. KRACK can also be used to perform on-path attacks, serving the victim a fake website or injecting malicious code into a legitimate site.
Incorrect
The key reinstallation attack (KRACK) is an attack that is performed during the WPA2 handshake, which is during the initialization of the WPA2 connection. It exploits a vulnerability in WPA2 to steal data transmitted over networks. These attacks can result in the theft of sensitive information like login credentials, credit card numbers, and any other data the victim transmits over the web. KRACK can also be used to perform on-path attacks, serving the victim a fake website or injecting malicious code into a legitimate site.
-
Question 5 of 10
5. Question
Despite their advantages, web applications raise several security concerns stemming from improper encoding. Serious weaknesses or vulnerabilities allow attackers to gain direct and public access to databases to gather sensitive data, this is known as a web application attack. One of the most common web application attacks is the SQL injection attack. Which of the following statements best defines the SQL injection attack?
Correct
An SQL injection attack is an attack against the database server; it takes advantage of poor programming practices in the application code. This attack happens when a malicious user sends unexpected data through a web request. Sometimes, form data is passed directly into an SQL query from the application server to the database server to execute.
Incorrect
An SQL injection attack is an attack against the database server; it takes advantage of poor programming practices in the application code. This attack happens when a malicious user sends unexpected data through a web request. Sometimes, form data is passed directly into an SQL query from the application server to the database server to execute.
-
Question 6 of 10
6. Question
Cross-Site Scripting (XSS) attacks are a type of injection in which malicious scripts are injected into otherwise benign and trusted websites. This attack occurs when an attacker uses a web application to send malicious codes generally in the form of a browser side script to a different end-user. There are three ways to run a cross-site scripting attack: persistent cross-site scripting, reflected cross-site scripting, and document object model (DOM). Which of the following statements best describes the reflected cross-site scripting attack?
Correct
The reflected cross-site scripting attack is the simplest variety of cross-site scripting. It arises when an application receives data in an HTTP request and includes the data within the immediate response in an unsafe way. Reflected attacks are delivered to victims via another route, such as email message, or some other website. When a user is tricked into clicking on a malicious link, submitting a specially crafted form, or even just browsing a malicious site, the injected code travels to the vulnerable website, which reflects the attack on the user’s browser. The browser then executes the code because it came from a trusted server.
Incorrect
The reflected cross-site scripting attack is the simplest variety of cross-site scripting. It arises when an application receives data in an HTTP request and includes the data within the immediate response in an unsafe way. Reflected attacks are delivered to victims via another route, such as email message, or some other website. When a user is tricked into clicking on a malicious link, submitting a specially crafted form, or even just browsing a malicious site, the injected code travels to the vulnerable website, which reflects the attack on the user’s browser. The browser then executes the code because it came from a trusted server.
-
Question 7 of 10
7. Question
The Denial-of-Service (DoS) attack is the process of flooding the target with traffic or sending it information that triggers a crash, making the machine or network inaccessible to its intended users. There are several types of denial of service attacks, one of which is the Local Area Network Denial (LAND) attack. Which of the following statements defines a LAND attack?
Correct
The Local Area Network Denial (LAND) attack sets the source and destination information of a TCP segment to be the same. This sends the segment into a loop in the operating system, as it is processed as an outbound, then an inbound, and so forth. This loop would lock up the system.
Incorrect
The Local Area Network Denial (LAND) attack sets the source and destination information of a TCP segment to be the same. This sends the segment into a loop in the operating system, as it is processed as an outbound, then an inbound, and so forth. This loop would lock up the system.
-
Question 8 of 10
8. Question
An application exploit is where an attacker gets control of the execution path of a program. There are a couple of ways to change the flow of execution of a program, one of which is by conducting the buffer overflow attack. Which of the following statements is true about the buffer overflow attack?
Correct
The buffer overflow attack takes advantage of a memory structure called the stack. The stack is a section of memory where data is stored while program functions are executing. The goal of a buffer overflow attack is to inject a section of code, called shellcode, that the attacker wants to be executed. The place in the stack where the return address is kept needs to point to the space in memory where the shellcode now resides.
Incorrect
The buffer overflow attack takes advantage of a memory structure called the stack. The stack is a section of memory where data is stored while program functions are executing. The goal of a buffer overflow attack is to inject a section of code, called shellcode, that the attacker wants to be executed. The place in the stack where the return address is kept needs to point to the space in memory where the shellcode now resides.
-
Question 9 of 10
9. Question
The attack life cycle is a sequence of events that an attacker goes through to successfully infiltrate a network and exfiltrate data from it. Which of the following sentences describes the establishment of the foothold phase in the attack life cycle?
Correct
The establishment of the foothold phase is the third phase in the attack life cycle. In this phase, the attacker will have gained access previously, but here they strengthen their position. This may come from installing a means to get back in anytime they want without having to rely on the initial compromise vector. This may also involve establishing a command and control mechanism.
Incorrect
The establishment of the foothold phase is the third phase in the attack life cycle. In this phase, the attacker will have gained access previously, but here they strengthen their position. This may come from installing a means to get back in anytime they want without having to rely on the initial compromise vector. This may also involve establishing a command and control mechanism.
-
Question 10 of 10
10. Question
Symmetric key cryptography is a type of encryption scheme in which the same key is used both to encrypt and decrypt messages. Any symmetric key algorithm can be either a stream or a block cipher. Which of the following sentences is true about a block cipher?
Correct
Block ciphers take the entire block of data to be encrypted and turn it into fixed-length blocks. If the total length of the data isn’t multiple of the block size, the last block is padded to get to the size of the block. It may commonly use a block length of 64 bits. An example of a block cipher that uses a symmetric key is the Data Encryption Standard (DES).
Incorrect
Block ciphers take the entire block of data to be encrypted and turn it into fixed-length blocks. If the total length of the data isn’t multiple of the block size, the last block is padded to get to the size of the block. It may commonly use a block length of 64 bits. An example of a block cipher that uses a symmetric key is the Data Encryption Standard (DES).