Quiz-summary
0 of 10 questions completed
Questions:
- 1
- 2
- 3
- 4
- 5
- 6
- 7
- 8
- 9
- 10
Information
Certified Ethical Hacker Exam Practice Questions
You have already completed the quiz before. Hence you can not start it again.
Quiz is loading...
You must sign in or sign up to start the quiz.
You have to finish following quiz, to start this quiz:
Results
0 of 10 questions answered correctly
Your time:
Time has elapsed
You have reached 0 of 0 points, (0)
Categories
- Not categorized 0%
- 1
- 2
- 3
- 4
- 5
- 6
- 7
- 8
- 9
- 10
- Answered
- Review
-
Question 1 of 10
1. Question
Port scanning is the method of determining which ports on a network are open. What is this type of port scanning, which uses the FIN, URG, or PSH flag to poke at system ports?
Correct
Inverse TCP flag scanning is the process of sending TCP probe packets with or without TCP flags. If there is no response, then the port is open. If the response is RST, then the port is closed.
Incorrect
Inverse TCP flag scanning is the process of sending TCP probe packets with or without TCP flags. If there is no response, then the port is open. If the response is RST, then the port is closed.
-
Question 2 of 10
2. Question
What is this type of web server attack, wherein the attacker exploits vulnerabilities in the domain name system (DNS) servers, to turn initially small queries into much larger payloads, which are used to bring down the victim’s servers?
Correct
DNS Amplification also knows as Distributed Denial of Service (DDoS) attack, is a type of reflection attack which manipulates publicly-accessible domain name systems, making them flood a target with large quantities of UDP packets.
Incorrect
DNS Amplification also knows as Distributed Denial of Service (DDoS) attack, is a type of reflection attack which manipulates publicly-accessible domain name systems, making them flood a target with large quantities of UDP packets.
-
Question 3 of 10
3. Question
Directory traversal is a type of attack wherein the hacker attempts to access restricted directories and execute commands outside intended webserver directories. Which of the following commands can be used in this attack?
Correct
Directory traversal attack is also known as a path traversal attack, which aims to access files and directories that are stored outside the webroot folder. Here is an example of a command that can be used in this attack: http://www.testing.com/ . . / . . / . . / . . /etc/passwd
Incorrect
Directory traversal attack is also known as a path traversal attack, which aims to access files and directories that are stored outside the webroot folder. Here is an example of a command that can be used in this attack: http://www.testing.com/ . . / . . / . . / . . /etc/passwd
-
Question 4 of 10
4. Question
Web servers are computers running an operating system. It is connected to the back-end database running various applications. Any vulnerability in the applications, database, operating system, or in the network will lead to an attack on the webserver. What is this type of web server attack, which is defined as an advanced technique whereby an attacker exploits the behavior of a web server and cache so that a harmful HTTP response is served to other users?
Correct
Web cache poisoning has two phases. First, the attacker must work out how to get a response from the server that contains a dangerous payload. Once successful, they need to make sure that their response is cached and subsequently served to the intended victims.
Incorrect
Web cache poisoning has two phases. First, the attacker must work out how to get a response from the server that contains a dangerous payload. Once successful, they need to make sure that their response is cached and subsequently served to the intended victims.
-
Question 5 of 10
5. Question
Web application attack is the process of utilizing custom web applications embedded within social media sites, which can lead to the installation of malicious code into the computers to be used to gain unauthorized access. What is this type of web application attack wherein the attacker injects malicious script in a website by encoding the script in a web form?
Correct
Cross-site scripting (XSS) attack is the process of injecting malicious scripts into a benign and trusted website. Flaws that allow these attacks to succeed are quite widespread and occur anywhere a web application uses input from a user within the output it generates without validating or encoding it.
Incorrect
Cross-site scripting (XSS) attack is the process of injecting malicious scripts into a benign and trusted website. Flaws that allow these attacks to succeed are quite widespread and occur anywhere a web application uses input from a user within the output it generates without validating or encoding it.
-
Question 6 of 10
6. Question
ECC outlined the three main categories of SQL injection. What is this type of SQL injection, which occurs when the attacker knows the database is susceptible to injection, but the error messages and screen returns don’t come back to the attacker?
Correct
During a blind/inferential SQL injection, no data is transferred through the web application and the attacker would not be able to see the result of an attack in-band. Instead, an attacker can remodel the database structure by sending payloads, observing the web application’s response, and the resulting behaviour of the database server.
Incorrect
During a blind/inferential SQL injection, no data is transferred through the web application and the attacker would not be able to see the result of an attack in-band. Instead, an attacker can remodel the database structure by sending payloads, observing the web application’s response, and the resulting behaviour of the database server.
-
Question 7 of 10
7. Question
Wireless authentication can happen using these three main methods: Open System Authentication, Shared Key Authentication, and Centralized Authentication. What are the steps in an Open System Authentication process?
Correct
Open System Authentication (OSA) is a process by which a computer can gain access to a wireless network that uses the Wired Equivalent Privacy (WEP).
The OSA process includes the following:
(1) Probe request
(2) Probe response
(3) Authentication request
(4) Authentication response
(5) Association request
(6) Association responseIncorrect
Open System Authentication (OSA) is a process by which a computer can gain access to a wireless network that uses the Wired Equivalent Privacy (WEP).
The OSA process includes the following:
(1) Probe request
(2) Probe response
(3) Authentication request
(4) Authentication response
(5) Association request
(6) Association response -
Question 8 of 10
8. Question
Rooting or jailbreaking a device grants you administrative access to the device so you can do whatever you want with it. What is this type of jailbreaking technique, which is found in the system itself, and is leveraged to gain root access, modify the fstab, and patch the kernel?
Correct
A userland jailbreak allows the user level access but does not allow iBoot level access. It is found in the system itself and uses a hole to get root access and modify the fstab and patch the kernel. It cannot be tethered because nothing can cause a recovery mode loop.
Incorrect
A userland jailbreak allows the user level access but does not allow iBoot level access. It is found in the system itself and uses a hole to get root access and modify the fstab and patch the kernel. It cannot be tethered because nothing can cause a recovery mode loop.
-
Question 9 of 10
9. Question
Bluetooth hacking is a technique used to get information from another Bluetooth-enabled device without any permission from the host. What is this type of Bluetooth attack, which is defined as the process of accessing a Bluetooth-enabled device and remotely using its features?
Correct
Bluebugging is listed as one of the major Bluetooth attacks, wherein a skilled hacker can access mobile command on Bluetooth-enabled devices that are in discoverable mode.
Incorrect
Bluebugging is listed as one of the major Bluetooth attacks, wherein a skilled hacker can access mobile command on Bluetooth-enabled devices that are in discoverable mode.
-
Question 10 of 10
10. Question
What is defined as the communications network used by our vehicles, and refers to the spontaneous creation of a wireless network for vehicle-to-vehicle data exchange?
Correct
Vehicular Ad Hoc Networks (VANET) are created by applying the principles of Mobile Ad Hoc Networks (MANETs). It is the spontaneous creation of a wireless network or mobile devices to the domain of vehicles. VANETs are also a key part of the intelligent transportation system (ITS) framework.
Incorrect
Vehicular Ad Hoc Networks (VANET) are created by applying the principles of Mobile Ad Hoc Networks (MANETs). It is the spontaneous creation of a wireless network or mobile devices to the domain of vehicles. VANETs are also a key part of the intelligent transportation system (ITS) framework.