Quiz-summary
0 of 30 questions completed
Questions:
- 1
- 2
- 3
- 4
- 5
- 6
- 7
- 8
- 9
- 10
- 11
- 12
- 13
- 14
- 15
- 16
- 17
- 18
- 19
- 20
- 21
- 22
- 23
- 24
- 25
- 26
- 27
- 28
- 29
- 30
Information
Certified Ethical Hacker Exam Practice Questions
You have already completed the quiz before. Hence you can not start it again.
Quiz is loading...
You must sign in or sign up to start the quiz.
You have to finish following quiz, to start this quiz:
Results
0 of 30 questions answered correctly
Your time:
Time has elapsed
You have reached 0 of 0 points, (0)
Categories
- Not categorized 0%
- 1
- 2
- 3
- 4
- 5
- 6
- 7
- 8
- 9
- 10
- 11
- 12
- 13
- 14
- 15
- 16
- 17
- 18
- 19
- 20
- 21
- 22
- 23
- 24
- 25
- 26
- 27
- 28
- 29
- 30
- Answered
- Review
-
Question 1 of 30
1. Question
The Open Systems Interconnection (OSI) model is created by the International Organization for Standardization to help refer to boundaries between functions within a network stack. It is consists of seven layers. Which of the following statements defines the transport layer in the OSI model?
Correct
The transport layer is the fourth layer in the open system interconnection (OSI) model. It takes care of segmenting messages for transmission and provides logical communication between application processes running on different hosts within a layered architecture of protocols and other network components.
Incorrect
The transport layer is the fourth layer in the open system interconnection (OSI) model. It takes care of segmenting messages for transmission and provides logical communication between application processes running on different hosts within a layered architecture of protocols and other network components.
-
Question 2 of 30
2. Question
Internet Protocol (IP) provides a standard set of rules for sending and receiving data over the Internet. Several headers are defined for IP, one of which is the checksum header. Which of the following sentences defines the checksum header?
Correct
The checksum header is a 16-bit value that is used to determine whether the header is intact. It is defined as a 1’s complement sum of the 16-bit words in the header.
Incorrect
The checksum header is a 16-bit value that is used to determine whether the header is intact. It is defined as a 1’s complement sum of the 16-bit words in the header.
-
Question 3 of 30
3. Question
The configuration of a network is the key to determine its performance. It is the way a network is arranged, including the physical or logical description of how links and nodes are set up to relate to each other. There are numerous ways a network can be arranged, one of which is the mesh topology. Which of the following descriptions defines a mesh topology?
Correct
In a mesh topology, systems are wired directly to one another. This topology setup allows for most transmissions to be distributed even if one of the connections goes down. It is a topology commonly used for wireless networks.
Incorrect
In a mesh topology, systems are wired directly to one another. This topology setup allows for most transmissions to be distributed even if one of the connections goes down. It is a topology commonly used for wireless networks.
-
Question 4 of 30
4. Question
An Internet Protocol (IP) address is an identifier for a computer or device on a TCP/IP network. There are two versions of IP that currently coexist in the global internet: Internet Protocol version 4 and Internet Protocol version 6. Which of the following statements is true about IPv4?
Correct
Internet Protocol version 4 (IPv4) is the most widely used version of the Internet Protocol. It uses 4 octets and 32-bit addresses for ethernet communication in five classes: A, B, and C have a different bit length for addressing the network host. Class D addresses are reserved for multicasting, while class E addresses are reserved for future use.
Incorrect
Internet Protocol version 4 (IPv4) is the most widely used version of the Internet Protocol. It uses 4 octets and 32-bit addresses for ethernet communication in five classes: A, B, and C have a different bit length for addressing the network host. Class D addresses are reserved for multicasting, while class E addresses are reserved for future use.
-
Question 5 of 30
5. Question
Cloud computing is the process of storing and accessing data and programs over the internet instead of your computer’s hard drive. Cloud computing services come in different forms, one of which is the Platform as a Service (PaaS). Which of the following statements best describes PaaS?
Correct
Platform as a Service (PaaS) delivers a framework for developers that they can build upon and use to create customized applications. All servers, storage, and networking can be managed by the enterprise or a third-party provider while the developers can maintain the management of the applications.
Incorrect
Platform as a Service (PaaS) delivers a framework for developers that they can build upon and use to create customized applications. All servers, storage, and networking can be managed by the enterprise or a third-party provider while the developers can maintain the management of the applications.
-
Question 6 of 30
6. Question
A firewall is a network security device that monitors incoming and outgoing network traffic and decides whether to allow or block specific traffic based on a defined set of security rules. Which of the following statements is true about application layer firewalls?
Correct
Application layer firewalls are devices that can make decisions based on what is happening in the application layer protocol and then have the ability to drop the message. Examples of this firewall include Session Border Controllers (SBC) and Web Application Firewall (WAF).
Incorrect
Application layer firewalls are devices that can make decisions based on what is happening in the application layer protocol and then have the ability to drop the message. Examples of this firewall include Session Border Controllers (SBC) and Web Application Firewall (WAF).
-
Question 7 of 30
7. Question
An intrusion detection system (IDS) is a device or software application that monitors a network for malicious activity or policy violations. There are two different types of IDS: host-based IDS and network IDS. Which of the following sentences is true about host-based IDS?
Correct
A host-based intrusion detection system (IDS) watches activity on a local system, such as changes to a critical system. It also monitors the log files generated by your applications, creating a historical record of activities, and functions allowing you to quickly search them for anomalies and signs that an intrusion may have occurred.
Incorrect
A host-based intrusion detection system (IDS) watches activity on a local system, such as changes to a critical system. It also monitors the log files generated by your applications, creating a historical record of activities, and functions allowing you to quickly search them for anomalies and signs that an intrusion may have occurred.
-
Question 8 of 30
8. Question
Syslog protocol is a logging protocol that began as the logging mechanism for the Simple Mail Transfer Protocol (SMTP) server Sendmail. It not only has an easy-to-understand syntax in the creation and reading of messages; it also can be used for remote logging, as well as local logging. If you’re using a Windows system, which folder are the log messages sent?
Correct
On Windows systems, log messages are sent to the event subsystem. Instead of the text-based messages that syslog uses, the event subsystem uses a binary storage system. An advantage of the way the event subsystem stores data is that it can be queried as though it were a database.
Incorrect
On Windows systems, log messages are sent to the event subsystem. Instead of the text-based messages that syslog uses, the event subsystem uses a binary storage system. An advantage of the way the event subsystem stores data is that it can be queried as though it were a database.
-
Question 9 of 30
9. Question
Security professionals use Open Source Intelligence (OSINT) to identify potential weaknesses in friendly networks so that they can be remediated before they are exploited by threat actors. One of the useful tools in gathering OSINT is the InSpy tool. Which of the following sentences best describes the InSpy tool?
Correct
InSpy is a Python-based LinkedIn enumeration tool with two functionalities: TechSpy and EmpSpy. TechSpy crawls LinkedIn job listings for technologies used by the target company while EmpSpy attempts to identify technologies by matching job descriptions to keywords from a newline-delimited file.
Incorrect
InSpy is a Python-based LinkedIn enumeration tool with two functionalities: TechSpy and EmpSpy. TechSpy crawls LinkedIn job listings for technologies used by the target company while EmpSpy attempts to identify technologies by matching job descriptions to keywords from a newline-delimited file.
-
Question 10 of 30
10. Question
Several organizations govern the internet when it comes to domains and addresses. One of these organizations is the Internet Assigned Numbers Authority (IANA). Which of the following statements defines IANA?
Correct
Internet Assigned Numbers Authority (IANA) is an operating unit of the Internet Corporation for Assigned Names and Numbers (ICANN). It maintains the top-level domain, IP address, and protocol number databases. It also keeps authoritative records, but it has no jurisdiction over internet activity and does not resolve address conflicts.
Incorrect
Internet Assigned Numbers Authority (IANA) is an operating unit of the Internet Corporation for Assigned Names and Numbers (ICANN). It maintains the top-level domain, IP address, and protocol number databases. It also keeps authoritative records, but it has no jurisdiction over internet activity and does not resolve address conflicts.
-
Question 11 of 30
11. Question
Domain Name System (DNS) translates domain names into IP addresses, allowing you to access an internet location by its domain name. Several tools can be used to conduct a DNS lookup, one of which is the dnsrecon tool. Which of the following statements best describes the dnsrecon tool?
Correct
The dnsrecon tool can be used to do a brute force scan and to extract some of the common resource records in DNS. It can also be used to identify hostnames as a result of repeated requests based on a wordlist provided to the program.
Incorrect
The dnsrecon tool can be used to do a brute force scan and to extract some of the common resource records in DNS. It can also be used to identify hostnames as a result of repeated requests based on a wordlist provided to the program.
-
Question 12 of 30
12. Question
Passive reconnaissance is an attempt to gain information about targeted computers and networks without actively engaging with the systems. P0f is one of the useful tools for conducting passive reconnaissance. Which of the following sentences defines p0f?
Correct
P0f can watch the network headers as they go by, from the layer 3 headers to the application headers, making observations as the traffic passes. Unfortunately, it wasn’t as useful as it once was because web servers are generally encrypting traffic by default, which means p0f can’t watch the HTTP headers, identify the server, and other useful information.
Incorrect
P0f can watch the network headers as they go by, from the layer 3 headers to the application headers, making observations as the traffic passes. Unfortunately, it wasn’t as useful as it once was because web servers are generally encrypting traffic by default, which means p0f can’t watch the HTTP headers, identify the server, and other useful information.
-
Question 13 of 30
13. Question
Google hacking, also called as Google Dorking is an information-gathering technique used by an attacker leveraging advanced Google searching techniques. What tool can you use if you want to search for terms that have been found to reveal sensitive data exposed by vulnerable servers and web applications?
Correct
The Google Hacking Database (https://www.exploit-db.com/google-hacking-database/) contains search terms that have been found to reveal sensitive data exposed by vulnerable servers and web applications. It stores search terms in several categories, including footholds, vulnerable files, error messages, and sensitive directories.
Incorrect
The Google Hacking Database (https://www.exploit-db.com/google-hacking-database/) contains search terms that have been found to reveal sensitive data exposed by vulnerable servers and web applications. It stores search terms in several categories, including footholds, vulnerable files, error messages, and sensitive directories.
-
Question 14 of 30
14. Question
A ping sweep is a technique used to identify if the hosts are alive in the networks using their IP addresses. Many tools can perform a ping sweep; one of the common ones is MegaPing. Which of the following statements best defines MegaPing?
Correct
MegaPing is a GUI-based tool that runs under Windows. It incorporates several functions into a single interface. The ping sweep can be accomplished using the IP scanner tool, which you would select from the list on the left-hand side of the application.
Incorrect
MegaPing is a GUI-based tool that runs under Windows. It incorporates several functions into a single interface. The ping sweep can be accomplished using the IP scanner tool, which you would select from the list on the left-hand side of the application.
-
Question 15 of 30
15. Question
Transmission Control Protocol (TCP) scanning is the most detailed and complex type of port scanning. There are different types of TCP scans that Nmap can perform, one of which is the Xmas scan. Which of the following sentences best describes the Xmas scan?
Correct
In a Xmas scan, the packets being sent have the FIN, PSH, and URG flags set, which makes the packet look lit up like a Christmas tree. There are no indications about open ports here. Instead, Nmap is telling us that the port is either open or filtered. If the port is closed, the system responds with an RST while open ports don’t respond at all because this is not a legal packet from the perspective of the protocol.
Incorrect
In a Xmas scan, the packets being sent have the FIN, PSH, and URG flags set, which makes the packet look lit up like a Christmas tree. There are no indications about open ports here. Instead, Nmap is telling us that the port is either open or filtered. If the port is closed, the system responds with an RST while open ports don’t respond at all because this is not a legal packet from the perspective of the protocol.
-
Question 16 of 30
16. Question
In UDP scanning, Nmap sends out UDP messages and then watches whatever responses may come back. The expectation is that if a port is closed, the system will respond with an ICMP port unreachable message. If a port is open, the service may respond with something, or it may just not respond at all. If you want to avoid detection, how will you set the throttle rate in a UDP scan?
Correct
By default, the throttle rate is set at 3, which is a common rate of message transmission. If you want it faster, you go up to 5. If you want it to go slower, potentially to avoid detection, you can turn it down to 1.
Incorrect
By default, the throttle rate is set at 3, which is a common rate of message transmission. If you want it faster, you go up to 5. If you want it to go slower, potentially to avoid detection, you can turn it down to 1.
-
Question 17 of 30
17. Question
Encryption is the process of converting data to an unrecognizable or encrypted form. It is commonly used to protect sensitive information so that only authorized parties can view it. There are several programs ethical hackers can use to try to break encrypted protocols, one of which is the sslstrip. Which of the following statements best describes the sslstrip program?
Correct
The sslstrip program was developed to grab SSL messages and strip the encryption from them. This program was developed by Moxie Marlinspike in conjunction with a presentation he made at Black Hat in 2009. This program has less of a likelihood of success because the vulnerabilities that allowed it to work have been resolved
Incorrect
The sslstrip program was developed to grab SSL messages and strip the encryption from them. This program was developed by Moxie Marlinspike in conjunction with a presentation he made at Black Hat in 2009. This program has less of a likelihood of success because the vulnerabilities that allowed it to work have been resolved
-
Question 18 of 30
18. Question
A port scanner is an application designed to probe a server or host for open ports. Such an application may be used by administrators to verify the security policies of their networks and by attackers to identify network services running on a host and exploit vulnerabilities. Zenmap is one of the effective tools used in scanning ports. Which of the following statements best defines Zenmap?
Correct
Zenmap was created to be the GUI version of Nmap. One useful capability of Zenmap is its ability to save and compare two saved scans. This means you can get a baseline of a network and then check it again later to see what may have changed. It also saves scans in XML format, which is a text-based format.
Incorrect
Zenmap was created to be the GUI version of Nmap. One useful capability of Zenmap is its ability to save and compare two saved scans. This means you can get a baseline of a network and then check it again later to see what may have changed. It also saves scans in XML format, which is a text-based format.
-
Question 19 of 30
19. Question
Vulnerability scanners are automated tools that allow organizations to check if their network, systems, and applications have security weaknesses that could expose them to attacks. An example of this is the Security Analysis Tool for Auditing Networks (SATAN). Which of the following sentences describes SATAN?
Correct
Security Analysis Tool for Auditing Networks (SATAN) is developed by Dan Farmer and Wietse Venema in 1995. It is an open-source tool wherein its functionality can be extended by adding in modules. It was written primarily in Perl and used a web interface.
Incorrect
Security Analysis Tool for Auditing Networks (SATAN) is developed by Dan Farmer and Wietse Venema in 1995. It is an open-source tool wherein its functionality can be extended by adding in modules. It was written primarily in Perl and used a web interface.
-
Question 20 of 30
20. Question
Interprocess communication is the mechanism provided by the operating system that allows processes to communicate with each other. This communication could involve a process allowing another process to know that some events have occurred or the transferring of data from one process to another. There have been several implementations of request-response protocols over the years; one example of this is the Common Object Request Broker Architecture (CORBA). Which of the following sentences defines CORBA?
Correct
Common Object Request Broker Architecture (CORBA) is a standard developed by the Object Management Group (OMG) to provide interoperability among distributed objects. It is the world’s leading middleware solution enabling the exchange of information, independent of hardware platforms, programming languages, and operating systems.
Incorrect
Common Object Request Broker Architecture (CORBA) is a standard developed by the Object Management Group (OMG) to provide interoperability among distributed objects. It is the world’s leading middleware solution enabling the exchange of information, independent of hardware platforms, programming languages, and operating systems.
-
Question 21 of 30
21. Question
Malware, short for malicious software, refers to any software designed to cause damage to a single computer, server, or computer network. There are several examples of malware, one of which is the dropper. Which of the following sentences defines the dropper?
Correct
The dropper is a type of malware that is used as a starting point. Once this malware is installed in your system, it starts grabbing other software to install. This may include backdoors, key loggers, botnet clients, trojan, or other software that is useful to the attacker.
Incorrect
The dropper is a type of malware that is used as a starting point. Once this malware is installed in your system, it starts grabbing other software to install. This may include backdoors, key loggers, botnet clients, trojan, or other software that is useful to the attacker.
-
Question 22 of 30
22. Question
There are two types of malware analysis. The first, static analysis, looks at the code to analyze it. The second type, dynamic analysis, runs the malware and observes the behavior. PE detective is one of the useful tools in conducting a static analysis. Which of the following statements is true about PE detective?
Correct
PE detective is a tool used to scan entire directories to identify programs. It can also determine the compiler that was used for the program, which may be of some interest.
Incorrect
PE detective is a tool used to scan entire directories to identify programs. It can also determine the compiler that was used for the program, which may be of some interest.
-
Question 23 of 30
23. Question
Biometrics can be defined as biological measurements or physical characteristics that can be used to identify individuals. One type of biometrics is Iris scanning. Which of the following sentences best defines Iris scanning?
Correct
Iris scanning is a more recent version of eye scanning. It is the part of the eye that contains the color and changes size based on how much your pupil has to dilate because of the amount of light. The iris pattern is considered unique, and it is used to authenticate a person. An advantage of iris scanning is that light is used to illuminate the eye, so iris scanning could work well in the dark.
Incorrect
Iris scanning is a more recent version of eye scanning. It is the part of the eye that contains the color and changes size based on how much your pupil has to dilate because of the amount of light. The iris pattern is considered unique, and it is used to authenticate a person. An advantage of iris scanning is that light is used to illuminate the eye, so iris scanning could work well in the dark.
-
Question 24 of 30
24. Question
A wireless attack aims to capture the information sent across the network and intrude on the traffic of information. One of the tools that can be used in conducting a wireless attack is the Wifiphisher tool. Which of the following statements best describes the Wifiphisher tool?
Correct
Wifiphisher is a security tool that mounts automated phishing attacks against Wi-Fi networks to obtain credentials or infect the victims with malware. It is a social engineering attack that can be used to obtain WPA/WPA2 secret passphrases, and unlike other methods, it does not include any brute forcing. It is an easy way for obtaining credentials from social networks or other third-party login pages.
Incorrect
Wifiphisher is a security tool that mounts automated phishing attacks against Wi-Fi networks to obtain credentials or infect the victims with malware. It is a social engineering attack that can be used to obtain WPA/WPA2 secret passphrases, and unlike other methods, it does not include any brute forcing. It is an easy way for obtaining credentials from social networks or other third-party login pages.
-
Question 25 of 30
25. Question
Wi-Fi is a wireless networking technology that allows computers and other devices to communicate over a wireless signal. It describes network components that are based on one of the 802.11 standards developed by the IEEE. There are two types of wireless networks: ad hoc network and infrastructure network. Which of the following sentences defines the ad hoc network?
Correct
An ad hoc network is a type of wireless network that exists without any central routing or switching device and is rarely used in a business environment.
Incorrect
An ad hoc network is a type of wireless network that exists without any central routing or switching device and is rarely used in a business environment.
-
Question 26 of 30
26. Question
A deauthentication attack sends messages that force stations to reauthenticate against the access point. It logs out any station, making it reestablish the association. If you’re using a Linux system, what program can you use to conduct this attack?
Correct
If you’re using a Linux system, you can conduct this attack using the iwconfig program; meanwhile, under the Windows system, this is done through the device properties of the wireless interface.
Incorrect
If you’re using a Linux system, you can conduct this attack using the iwconfig program; meanwhile, under the Windows system, this is done through the device properties of the wireless interface.
-
Question 27 of 30
27. Question
Bluetooth is a short-range wireless data network that allows hands-free operation for mobile phones in vehicles. You can also use Bluetooth to connect a few computers, mobile phones, and other devices to sync and swap files. On the downside, Bluetooth is prone to attacks and intruders. Some of these attacks are bluejacking, bluesnarfing, and bluebugging. Which of the following sentences defines bluebugging?
Correct
Bluebugging uses Bluetooth to gain access to a phone to place a phone call. Once the phone call is placed, the attacker has a remote listening device. The initial attack has to be done near the target, but the phone call will continue to provide a remote listening point no matter where that victim and attacker are in relationship to one another.
Incorrect
Bluebugging uses Bluetooth to gain access to a phone to place a phone call. Once the phone call is placed, the attacker has a remote listening device. The initial attack has to be done near the target, but the phone call will continue to provide a remote listening point no matter where that victim and attacker are in relationship to one another.
-
Question 28 of 30
28. Question
Web application attacks are the most prevalent and devastating security threat facing organizations today. One of the most common web application attacks is the XML entity injection attack. Which of the following statements best defines the XML entity injection attack?
Correct
An XML entity injection attack is a type of attack against an application that parses XML input. This attack occurs when XML input containing a reference to an external entity is processed by a weakly configured XML parser. This attack may lead to the disclosure of confidential data, denial of service, server-side request forgery, port scanning from the perspective of the machine where the parser is located, and other system impacts.
Incorrect
An XML entity injection attack is a type of attack against an application that parses XML input. This attack occurs when XML input containing a reference to an external entity is processed by a weakly configured XML parser. This attack may lead to the disclosure of confidential data, denial of service, server-side request forgery, port scanning from the perspective of the machine where the parser is located, and other system impacts.
-
Question 29 of 30
29. Question
The Denial-of-Service (DoS) is an attack targeted at depriving legitimate users of online services. It is done by flooding the network or server with useless and invalid authentication requests, which eventually brings the whole network down, resulting in no connectivity. There are several types of denial of service attacks, one of which is the Fraggle attack. Which of the following statements defines a Fraggle attack?
Correct
In a Fraggle attack, spoofed UDP requests are sent to the broadcast address of a network with the target address set as the source. It is very similar to a Smurf attack, which uses spoofed ICMP traffic rather than UDP traffic to achieve the same goal.
Incorrect
In a Fraggle attack, spoofed UDP requests are sent to the broadcast address of a network with the target address set as the source. It is very similar to a Smurf attack, which uses spoofed ICMP traffic rather than UDP traffic to achieve the same goal.
-
Question 30 of 30
30. Question
The primary objective of an attack life cycle is to help organizations know how to respond once the attack has been detected. Which of the following sentences describes the escalating of the privileges phase in the attack life cycle?
Correct
The escalating of the privileges phase is the fourth phase of the attack life cycle. In this phase, the attacker will start harvesting credentials. They will also try to gain higher-level privileges where they can.
Incorrect
The escalating of the privileges phase is the fourth phase of the attack life cycle. In this phase, the attacker will start harvesting credentials. They will also try to gain higher-level privileges where they can.