CEH Questions Part (4)

What is the first step for a hacker conducting a DNS cache poisoning (DNS spoofing) attack against an organization?

 

 

ما هي الخطوة الأولى للمخترق الذي يُجري هجومًا لإخفاء ذاكرة التخزين المؤقت لنظام أسماء النطاقات

(انتحال DNS) ضد إحدى المؤسسات؟

Ethical hacker Jane Doe is attempting to crack the password of the head of the IT department of ABC company. She is utilizing a rainbow table and notices upon entering a password that extra characters are added to the password after submitting.

 

What countermeasure is the company using to protect against rainbow tables?

 

 

Clark, a professional hacker, was hired by an organization to gather sensitive information about its competitors surreptitiously. Clark gathers the server IP address of the target organization using Whois footprinting. Further, he entered the server IP address as an input to an online tool to retrieve information such as the network range of the target organization and to identify the network topology and operating system used in the network.

 

What is the online tool employed by Clark in the above scenario?

 

This wireless security protocol allows 192-bit minimum-strength security protocols and cryptographic tools to protect sensitive data, such as GCMP-256, HMAC-SHA384, and ECDSA

 

using a 384-bit elliptic curve. Which is this wireless security protocol?

 

 

Scenario: Joe turns on his home computer to access personal online banking. When he enters the URL www.bank.com, the website is displayed, but it prompts him to re-enter his credentials as if he has never visited the site before. When he examines the website URL closer, he finds that the site is not secure and the web address appears different.

What type of attack he is experiencing?

 

 

Henry is a cyber security specialist hired by BlackEye – Cyber Security Solutions. He was tasked with discovering the operating system (OS) of a host. He used the Unicornscan tool to discover the OS of the target system. As a result, he obtained a TTL value, which indicates that the target system is running a Windows OS.

Identify the TTL value Henry obtained, which indicates that the target OS is Windows.

 

 

What are common files on a web server that can be misconfigured and provide useful information for a hacker such as verbose error messages?

 

 

ما هي الملفات الشائعة على خادم الويب التي يمكن تهيئتها بشكل خاطئ وتوفر معلومات مفيدة للمتسلل مثل رسائل الخطأ المطولة؟

What piece of hardware on a computer’s motherboard generates encryption keys and only releases a part of the key so that decrypting a disk on a new piece of hardware is not possible?

 

 

ما هي قطعة الأجهزة الموجودة على اللوحة الأم للكمبيوتر التي تولد مفاتيح التشفير وتحرر جزءًا فقط من المفتاح بحيث لا يكون فك تشفير قرص على قطعة جديدة من الأجهزة ممكنًا؟

Based on the below log, which of the following sentences are true?
Mar 1, 2016, 7:33:28 AM 10.240.250.23 - 54373 10.249.253.15 - 22 tcp_ip

 

 

You have been authorized to perform a penetration test against a website. You want to use Google dorks to footprint the site but only want results that show file extensions.

What Google dork operator would you use?

 

 

Which of the following Bluetooth hacking techniques refers to the theft of information from a wireless device through Bluetooth?

 

 

 

أي من تقنيات اختراق البلوتوث التالية تشير إلى سرقة المعلومات من جهاز لاسلكي عبر البلوتوث؟

David is a security professional working in an organization, and he is implementing a vulnerability management program in the organization to evaluate and control the risks and vulnerabilities in its IT infrastructure. He is currently executing the process of applying fixes on vulnerable systems to reduce the impact and severity of vulnerabilities.

Which phase of the vulnerability-management life cycle is David currently in?

 

 

ديفيد هو خبير أمني يعمل في مؤسسة ، ويقوم بتنفيذ برنامج إدارة الثغرات الأمنية في المؤسسة لتقييم المخاطر ونقاط الضعف في البنية التحتية لتكنولوجيا المعلومات الخاصة بها والتحكم فيها. يقوم حاليًا بتنفيذ عملية تطبيق الإصلاحات على الأنظمة الضعيفة لتقليل تأثير وشدة نقاط الضعف.

Emily, an extrovert obsessed with social media, posts a large amount of private information, photographs, and location tags of recently visited places. Realizing this, James, a professional hacker, targets Emily and her acquaintances, conducts a location search to detect their geolocation by using an automated tool, and gathers information to perform other sophisticated attacks.
What is the tool employed by James in the above scenario?

 

 

 

Clark is a professional hacker. He created and configured multiple domains pointing to the same host to switch quickly between the domains and avoid detection.
Identify the behavior of the adversary in the above scenario

 

 

Ricardo has discovered the username for an application in his target’s environment. As he has a limited amount of time, he decides to attempt to use a list of common passwords he found on the Internet. He compiles them into a list and then feeds that list as an argument into his password cracking application.

What type of attack is Ricardo performing?

 

 

Attacker Steve targeted an organization’s network with the aim of redirecting the company’s web traffic to another malicious website. To achieve this goal, Steve performed DNS cache poisoning by exploiting the vulnerabilities in the DNS server software and modified the original IP address of the target website to that of a fake website.

What is the technique employed by Steve to gather information for identity theft?

 

 

Nicolas just found a vulnerability on a public-facing system that is considered a zero-day vulnerability. He sent an email to the owner of the public system describing the problem and how the owner can protect themselves from that vulnerability. He also sent an email to Microsoft informing them of the problem that their systems are exposed to.

 

What type of hacker is Nicolas?

 

Jason, an attacker, targeted an organization to perform an attack on its Internet-facing web server with the intention of gaining access to backend servers, which are protected by a firewall. In this process, he used a URL https://xyz.com/feed.php?url=externalsite.com/feed/to to obtain a remote feed and altered the URL input to the local host to view all the local resources on the target server.

What is the type of attack Jason performed in the above scenario?

 

 

You are a penetration tester tasked with testing the wireless network of your client Brakeme SA. You are attempting to break into the wireless network with the SSID “Brakeme-Internal.” You realize that this network uses WPA3 encryption.

Which of the following vulnerabilities is the promising to exploit?

 

 

 

While testing a web application in development, you notice that the web server does not properly ignore the “dot dot slash” (../) character string and instead returns the file listing of a folder higher up in the folder structure of the server.

What kind of attack is possible in this scenario?

 

 

Sam, a professional hacker, targeted an organization with intention of compromising AWS IAM credentials. He attempted to lure one of the employees of the organization by initiating fake calls while posing as a legitimate employee. Moreover, he sent phishing emails to steal the AWS IAM credentials and further compromise the employee’s account.
What is the technique used by Sam to compromise the AWS IAM credentials?

 

 

 

John, a professional hacker, performs a network attack on a renowned organization and gains unauthorized access to the target network. He remains in the network without being detected for a long time and obtains sensitive information without sabotaging the organization.
Which of the following attack techniques is used by John?

 

 

What firewall evasion scanning technique make use of a zombie system that has low network activity as well as its fragment identification numbers?

 

ما هي تقنية مسح التهرب من جدار الحماية التي تستخدم نظام الزومبي الذي يحتوي على نشاط شبكة منخفض بالإضافة إلى أرقام تعريف الأجزاء الخاصة به؟

Which IOS jailbreaking technique patches the kernel during the device boot so that it becomes jailbroken after each successive reboot?

 

 

ما هي تقنية IOS Jailbreaking التي تعمل على تصحيح النواة أثناء تمهيد الجهاز بحيث يتم كسر الحماية بعد كل إعادة تشغيل متتالية؟

Susan, a software developer, wants her web API to update other applications with the latest information. For this purpose, she uses a user-defined HTTP callback or push APIs that are raised based on trigger events; when invoked, this feature supplies data to other applications so that users can instantly receive real-time information.
Which of the following techniques is employed by Susan?

 

 

After an audit, the auditors inform you that there is a critical finding that you must tackle immediately. You read the audit report, and the problem is the service running on port 389.
Which service is this and how can you tackle the problem?

 

 

Larry, a security professional in an organization, has noticed some abnormalities in the user accounts on a web server. To thwart evolving attacks, he decided to harden the security of the web server by adopting a few countermeasures to secure the accounts on the web server.
Which of the following countermeasures must Larry implement to secure the user accounts on the web server?

 

 

Morris, a professional hacker, performed a vulnerability scan on a target organization by sniffing the traffic on the network to identify the active systems, network services, applications, and vulnerabilities. He also obtained the list of the users who are currently accessing the network.
What is the type of vulnerability assessment that Morris performed on the target organization?

 

 

What would be the fastest way to perform content enumeration on a given web server by using the Gobuster tool?

 

 

ما هي أسرع طريقة لإجراء تعداد المحتوى على خادم ويب معين باستخدام أداة Gobuster؟

Bob was recently hired by a medical company after it experienced a major cyber security breach. Many patients are complaining that their personal medical records are fully exposed on the Internet and someone can find them with a simple Google search. Bob’s boss is very worried because of regulations that protect those data.
Which of the following regulations is mostly violated?

 

 

Allen, a professional pen tester, was hired by XpertTech Solutions to perform an attack simulation on the organization’s network resources. To perform the attack, he took advantage of the NetBIOS API and targeted the NetBIOS service. By enumerating NetBIOS, he found that port 139 was open and could see the resources that could be accessed or viewed on a remote system. He came across many NetBIOS codes during enumeration.
Identify the NetBIOS code used for obtaining the messenger service running for the logged-in user?

 

 

Robin, a professional hacker, targeted an organization’s network to sniff all the traffic. During this process, Robin plugged in a rogue switch to an unused port in the LAN with a priority lower than any other switch in the network so that he could make it a root bridge that will later allow him to sniff all the traffic in the network.
What is the attack performed by Robin in the above scenario?

 

 

During the enumeration phase, Lawrence performs banner grabbing to obtain information such as OS details and versions of services running. The service that he enumerated runs directly on TCP port 445.
Which of the following services is enumerated by Lawrence in this scenario?

 

 

John, a disgruntled ex-employee of an organization, contacted a professional hacker to exploit the organization. In the attack process, the professional hacker installed a scanner on a machine belonging to one of the victims and scanned several machines on the same network to identify vulnerabilities to perform further exploitation.
What is the type of vulnerability assessment tool employed by John in the above scenario?

 

 

Which of the following protocols can be used to secure an LDAP service against anonymous queries?

 

 

أي من البروتوكولات التالية يمكن استخدامه لتأمين خدمة LDAP ضد الاستعلامات المجهولة؟

Richard, an attacker, aimed to hack IoT devices connected to a target network. In this process, Richard recorded the frequency required to share information between connected devices. After obtaining the frequency, he captured the original data when commands were initiated by the connected devices. Once the original data were collected, he used free tools such as URH to segregate the command sequence. Subsequently, he started injecting the segregated command sequence on the same frequency into the IoT network, which repeats the captured signals of the devices.
What is the type of attack performed by Richard in the above scenario?

 

 

There have been concerns in your network that the wireless network component is not sufficiently secure. You perform a vulnerability scan of the wireless network and find that it is using an old encryption protocol that was designed to mimic wired encryption.
What encryption protocol is being used?

 

 

Widespread fraud at Enron, WorldCom, and Tyco led to the creation of a law that was designed to improve the accuracy and accountability of corporate disclosures. It covers accounting firms and third parties that provide financial services to some organizations and came into effect in 2002.
This law is known by what acronym?

 

 

 

A newly joined employee, Janet, has been allocated an existing system used by a previous employee. Before issuing the system to Janet, it was assessed by Martin, the administrator. Martin found that there were possibilities of compromise through user directories, registries, and other system parameters. He also identified vulnerabilities such as native configuration tables, incorrect registry or file permissions, and software configuration errors.
What is the type of vulnerability assessment performed by Martin?

 

 

George is a security professional working for iTech Solutions. He was tasked with securely transferring sensitive data of the organization between industrial systems. In this process, he used a short-range communication protocol based on the IEEE 203.15.4 standard. This protocol is used in devices that transfer data infrequently at a low rate in a restricted area, within a range of 10-100 m.
What is the short-range wireless communication technology George employed in the above scenario?

 

 

You want to analyze packets on your wireless network. Which program would you use?

 

 

تريد تحليل الحزم الموجودة على شبكتك اللاسلكية. ما البرنامج الذي ستستخدمه؟

When conducting a penetration test, it is crucial to use all means to get all available information about the target network. One of the ways to do that is by sniffing the network. Which of the following cannot be performed by the passive network sniffing?

 

 

عند إجراء اختبار اختراق ، من الضروري استخدام جميع الوسائل للحصول على جميع المعلومات المتاحة حول الشبكة المستهدفة. إحدى طرق القيام بذلك هي استنشاق الشبكة. أي مما يلي لا يمكن تنفيذه عن طريق استنشاق الشبكة السلبية؟

An unauthorized individual enters a building following an employee through the employee entrance after the lunch rush. What type of breach has the individual just performed?

 

 

يدخل فرد غير مصرح له إلى مبنى يتبع موظفًا من خلال مدخل الموظف بعد اندفاع الغداء. ما نوع الخرق الذي قام به الفرد للتو؟

Which of these is capable of searching for and locating rogue access points?

 

 

أي مما يلي قادر على البحث عن نقاط الوصول المارقة وتحديد موقعها؟

You are tasked to configure the DHCP server to lease the last 100 usable IP addresses in subnet 10.1.4.0/23.
Which of the following IP addresses could be leased as a esult of the new configuration?