Brainscape's Knowledge GenomeTM

Browse over 1 million classes created by top students, professors, publishers, and experts.


See full index

Certified Ethical Hacker v11 > Exam Questions - Misc 2 > Flashcards

Exam Questions - Misc 2 Flashcards

1
Q

Which of the following is considered as the method of transmitting radio signals by rapidly switching a carrier among many frequency channels?

  • Orthogonal Frequency-division Multiplexing (OFDM)
  • Multiple input, multiple output orthogonal frequency-division multiplexing (MIMO-OFDM)
  • Direct-sequence Spread Spectrum (DSSS)
  • Frequency-hopping Spread Spectrum (FHSS)
A

Frequency-hopping Spread Spectrum (FHSS)

  • Direct-sequence spread spectrum (DSSS): DSSS is a spread spectrum technique that multiplies the original data signal with a pseudo-random noise-spreading code. Also referred to as a data transmission scheme or modulation scheme, the technique protects signals against interference or jamming
  • An OFDM is a method of digital modulation of data in which a signal, at a chosen frequency, is split into multiple carrier frequencies that are orthogonal (occurring at right angles) to each other
  • MIMO-OFDM influences the spectral efficiency of 4G and 5G wireless communication services. Adopting the MIMO-OFDM technique reduces interference and increases the channel robustness
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

Which of the following Encryption techniques is used in WEP?

  • RC4
  • TKIP
  • AES
  • DES
A

RC4

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

Which of the following communication protocols is a variant of the Wi-Fi standard that provides an extended range, making it useful for communications in rural areas, and offers low data rates?

  • HaLow
  • Z-Wave
  • 6LoWPAN
  • QUIC
A

HaLow

Z-Wave and 6LoWPAN are both short-range standards (z-wave for IoT and 6LoWPAN for Personal Area Networks). QUIC the UDP transport that underlies HTTP3.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

Which of the following tools is utilized by an attacker to perform vulnerability assessment on a target IoT and ICS environment for obtaining the objective risk score and identifying all the IoT and ICS assets connected to the target network?

  • Cydia
  • CyberX
  • Frida
  • Foren6
A

CyberX

  • Frida is a free dynamic instrumentation toolkit that enables software professionals to execute their own scripts in software that has traditionally been locked down; i.e. proprietary (such as Android applications)
  • Foren6 is a diagnosis tool for 6LoWPAN
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

Given below are the different steps by which an attacker can reveal a hidden SSID using the aircrack-ng suite.

  1. Start airodump-ng to discover SSIDs on the interface
  2. Run airmon-ng in the monitor mode
  3. Switch to airodump to view the revealed SSID
  4. De-authenticate the client to reveal the hidden SSID using Aireplay-ng

What is the correct sequence of steps used for revealing a hidden SSID using the aircrack-ng suite?

A
  1. Run airmon-ng in the monitor mode
  2. Start airodump-ng to discover SSIDs on the interface
  3. De-authenticate the client to reveal the hidden SSID using Aireplay-ng
  4. Switch to airodump to view the revealed SSID
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

Which of the following techniques allows an attacker to view the individual data bytes of each packet passing through a network as well as capture a data packet, decode it, and analyze its content according to predetermined rules?

  • Hardware protocol analyzer
  • Switch port stealing
  • SPAN port
  • CAM table
A

Hardware protocol analyzers.

  • Switch port stealing involves arp poisoning and doesn’t guarantee stealing all packets passing through the switch.
  • SPAN Port: Switched Port Analyzer (SPAN) is a Cisco switch feature, also known as “port mirroring,” that monitors network traffic on one or more ports on the switch. A SPAN port is a port that is configured to receive a copy of every packet that passes through a switch. It helps to analyze and debug data, identify errors, and investigate unauthorized network access
  • CAM table maps MACs to interfaces on the switch.
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

Given below are different phases involved in hacking a system or network.

  • Scanning
  • Reconnaissance
  • Maintaining access
  • Clearing tracks
  • Gaining access

What is the correct sequence of steps involved in hacking a system?

A

Reconnaisance -> Scanning -> Gaining Access -> Maintaining Access -> Clearing Tracks

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

Which of the following types of software vulnerability occurs due to coding errors and allows attackers to gain access to the target system?

  • Open services
  • Unpatched servers
  • Buffer overflow
  • Misconfiguration
A

Buffer overflows, as these are coding errors.

The others are human error or just innate (like open services) to the system’s function.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

Which of the following static malware analysis techniques provides information about the basic functionality of any program and is also used to determine the harmful actions that a program can perform?

  • Identifying packing/obfuscation methods
  • Strings search
  • Finding information on portable executables (PE)
  • Malware disassembly
A

Strings search, as string searches can reveal relevant URLs and IPs the program comunicates with, as well as internal and external functions it invokes.

Malware disassembly is used to break a malicious binaries behavior out in extreme detail, rather than basic functionality.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

Clark, a professional hacker, has targeted Rick, a bank employee. Clark secretly installed a backdoor Trojan in Rick’s laptop to leverage it and access Rick’s files. After installing the Trojan, Clark obtained uninterrupted access to the target machine and used it for transferring and modifying files.

Which of the following types of Trojans did Clark install in the above scenario?

  • Win32/Simile
  • Zmist
  • Dharma
  • PoisonIvy
A

PoisonIvy.

  • Zmist: Zmist is also known as Zombie. Mistfall was the first virus to use the technique called “code integration.” This code inserts itself into other code, regenerates the code, and rebuilds the executable.
  • Win32/Similie: The intruder programs this virus in assembly language to target Microsoft Windows. This process is complicated and generates almost 90% of the virus code.
  • Dharma is ransomware.
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

Which of the following types of jailbreaking uses a loophole in SecureROM to disable signature checks and thereby load patch NOR firmware?

  • Userland exploit
  • iBoot exploit
  • Bootrom exploit
  • Tethered jailbreaking
A

Bootrom exploit.

iBoot exploit can be semi-tethered if the device has a new bootrom. An iboot jailbreak allows user-level access and iboot-level access. This exploit takes advantage of a loophole in iBoot (iDevice’s third bootloader) to delink the code-signing appliance. Firmware updates can patch such exploits.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

Which of the following Nmap commands is used by an attacker to perform an IP protocol ping scan on a target device?

nmap –sn –PS

nmap –sn –PA

nmap –sn –PO

nmap –sn –PP

A

nmap -sn -PO

-PS is SYN, -PA is ACK, -PP is ICMP ping.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

What is a cloud broker?

A

A cloud broker is an entity that manages cloud services in terms of use, performance, and delivery, and maintains the relationship between cloud providers and consumers

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

What is a cloud auditor?

A

A party for making independent assessments of cloud service controls and taking an opinion thereon

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

Which of the following hping command performs UDP scan on port 80?

hping3 -2 –p 80

hping3 -1 –p 80

hping3 –A –p 80

hping3 –F –P –U –p 80

A

hping3 -2

-2 specifies UDP

  • 1 specifies ICMP
  • A specifies ACK
  • F specifies FIN
  • P specifies PSH
  • U specifies URG
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

Which of the following attacks exploits the reuse of cryptographic nonce during the TLS handshake to hijack HTTPS sessions, leading to the disclosure of sensitive information?

  • CRIME attack
  • Proxy servers
  • Session donation attack
  • Forbidden attack
A

Forbidden attack.

Compression Ratio Info-Leak Made Easy (CRIME attacks) is a client-side attack that exploits vulnerabilities in the data-compression feature of protocols such as SSL/Transport Layer Security (TLS), SPDY, and HTTP Secure (HTTPS). The possibility of mitigation against HTTPS compression is low, which makes this vulnerability even more dangerous than other compression vulnerabilities

17
Q
A
18
Q

Which of the following master components in the Kubernetes cluster architecture scans newly generated pods and allocates a node to them?

Kube-apiserver

Etcd cluster

Kube-scheduler

Kube-controller-manager

A

kube-scheduler.

Kube-controller-manager is a master component that runs controllers. Controllers are generally individual processes (e.g., node controller, endpoint controller, replication controller, service account and token controller) but are combined into a single binary and run together in a single process to reduce complexity

etcd-cluster is a key-value store.

kube-apiserver is the front end for the control panel and responds to api requests. It’s the only component that interacts with etcd cluster and ensures data storage

19
Q

Given below are the steps to exploit a system using the Metasploit framework.

  1. Verify exploit options
  2. Configure an active exploit
  3. Select a target
  4. Launch the exploit
  5. Select a payload

What is the correct sequence of steps through which a system can be exploited?

A

2 -> 1 -> 3 -> 5 -> 4

Configure an active exploit -> verify exploit options -> select a target -> select a payload -> launch the exploit

20
Q

Which of the following techniques is used by an attacker to access all of an application’s functionalities and employs an intercepting proxy to monitor all requests and responses?

  • Web spidering/crawling
  • Banner grabbing
  • Attacker-directed spidering
  • DNS interrogation
A

Attacker-directed spidering (aka User-directed spidering). This is performed with tools like Burp Suite.

21
Q

Which of the following types of honeypots simulates only a limited number of services and applications of a target system or network?

  • Medium-interaction honeypots
  • Low-interaction honeypots
  • High-interaction honeypots
  • Pure honeypots
A

Low-interaction honeypots emulate only a limited number of services and applications of a target system or network. If the attacker does something that the emulation does not expect, the honeypot will simply generate an error. They capture limited amounts of information, i.e., mainly transactional data, and some limited interactions.

  • High-interaction honeypots are honeynets.
  • Medium-interaction honeypots simulate a real OS as well as applications and services of a target network. They provide greater misconception of an OS than low-interaction honeypots. Therefore, it is possible to log and analyze more complex attacks. These honeypots capture more useful data than low-interaction honeypots. They can only respond to preconfigured commands; therefore, the risk of intrusion increases
  • Pure honeypots emulate the real production network of a target organization. They cause attackers to devote their time and resources toward attacking the critical production system of the company. Attackers uncover and discover the vulnerabilities and trigger alerts that help network administrators to provide early warnings of attacks and hence reduce the risk of an intrusion.
22
Q

Which of the following types of antennas is useful for transmitting weak radio signals over very long distances – on the order of 10 miles?

  • Omnidirectional
  • Parabolic grid
  • Unidirectional
  • Bidirectional
A

Parabolic grid

23
Q

In which of the following threat modelling steps does the administrator break down an application to obtain details about the trust boundaries, data flows, entry points, and exit points?

  • Identify security objectives
  • Identify threats
  • Application overview
  • Decompose the application
A

Decompose the application.

Application overview involves identifying the components, data flows, and trust boundaries.

24
Q

In which of the following methods does an attacker leverage headers such as Host in the HTTP request message to crack passwords?

  • Brute-forcing
  • Password guessing
  • Attack password reset mechanism
  • “Remember Me” exploit
A

Attack password reset mechanism

25
Q

In which of the following malware components does an attacker embed notorious malware files that can perform the installation task covertly?

  • Injector
  • Obfuscator
  • Dropper
  • Packer
A

Dropper

26
Q

Michel, a professional hacker, is trying to perform an SQL injection attack on the MS SQL database system of the CityInfo, Inc. by bypassing the signature-based IDS. He tried various IDS evasion techniques and finally succeeded with one where he breaks the SQL query into a number of small pieces and uses the + sign to join SQL query end to end.
Which of the following IDS evasion techniques he uses to bypass the signature-based IDS?

String concatenation

Char encoding

Hex encoding

URL encoding

A

String concatenation

27
Q

Which of the following symmetric-key block ciphers uses a 128-bit symmetric block cipher with key sizes of 128, 192, and 256 bits and can be easily integrated into software or hardware programs without any restrictions?

  • Serpent
  • TEA
  • Blowfish
  • RC6
A

Serpent

28
Q

Which of the following is the regulation that specifies the requirements for establishing, implementing, maintaining, and continually improving an information security management system within the context of an organization?

  • The Federal Information Security Management Act (FISMA)
  • ISO/IEC 27001:2013
  • The Digital Millennium Copyright Act (DMCA)
  • Sarbanes Oxley Act (SOX)
A

ISO/IEC 27001:2013

FISMA is for information systems that support the federal government.

DMCA is copyright related.

Sarbanes Oxley Act is financial/business disclosure related (see blizzard class action on fraud).

29
Q

Which of the following indicators in the OSINT framework indicates a URL that contains the search term, where the URL itself must be edited manually?

  1. (T)
  2. (D)
  3. (R)
  4. (M)
A

(M)

  • (T) - Local tool that must be installed
  • (D) - Google Dork
  • (R) - Requires Registration
30
Q

A hacker is attempting to see which protocols are supported by target machines or network. Which NMAP switch would the hacker use?

  • -sO
  • -sT
  • -sS
  • -sU
A

-sO. -sO is IP protocol scan so it’s not TCP/UDP specific, while -sT is TCP, -sS is tcp stealth, -sU is udp. The latter 3 won’t capture the other transport protocols.

31
Q

Which of the following types of steganography involves the process of converting sensitive information into user-definable free speech, such as a play?

  • Natural text steganography
  • Web steganography
  • Spam/email steganography
  • Document steganography
A

Natural text steganography.

32
Q

Which of the following Nbtstat parameters lists the current NetBIOS sessions and their status with the IP addresses?

  • -S
  • -s
  • -c
  • -R
A

-S

  • -s: Lists the NetBIOS sessions table converting destination IP addresses to computer NetBIOS names
  • -R: Purges the name cache and reloads all #PRE-tagged entries from the Lmhosts file
  • -c: Lists the contents of the NetBIOS name cache, the table of NetBIOS names and their resolved IP addresses
33
Q

In which of the following attack techniques does an attacker exploit an NFC-enabled Android device by establishing a remote connection with the target mobile device and taking full control of the device?

  • Advanced SMS phishing
  • Hooking
  • Spearphone attack
  • Tap ’n Ghost attack
A

Tap ‘n Ghost attack.

  • Hooking is SSL shit.
  • A spearphone attack allows Android apps to record loudspeaker data without any privileges. Attackers can eavesdrop on loudspeaker voice conversations between remote mobile users by exploiting the hardware-based motion sensor, i.e., the accelerometer.
34
Q

What are the 5 built-in docker network drivers?

A
  • Bridge: forms a NAT between the host and the docker containers respective networks. The default network driver. If you don’t specify a driver, this is the type of network you are creating. Bridge networks are usually used when your applications run in standalone containers that need to communicate
  • host: For standalone containers, remove network isolation between the container and the Docker host, and use the host’s networking directly.
  • overlay: Overlay networks connect multiple Docker daemons together and enable swarm services to communicate with each other. You can also use overlay networks to facilitate communication between a swarm service and a standalone container, or between two standalone containers on different Docker daemons. This strategy removes the need to do OS-level routing between these containers.
  • macvlan: Macvlan networks allow you to assign a MAC address to a container, making it appear as a physical device on your network. The Docker daemon routes traffic to containers by their MAC addresses. Using the macvlan driver is sometimes the best choice when dealing with legacy applications that expect to be directly connected to the physical network, rather than routed through the Docker host’s network stack.
  • none: no network driver. This is usually used when you’re going to use a custom or 3rd-party network driver.
35
Q

Given below are the different phases involved in the web API hacking methodology.

  1. Detect security standards
  2. Identify the target
  3. Launch attacks
  4. Identify the attack surface

What is the correct sequence of phases followed in the web API hacking methodology?

A

2 -> 4 -> 1 -> 3

Identify the Target -> Detect Security Standards -> Identify the Attack Surface -> Launch Attacks

Certified Ethical Hacker v11 (22 decks)

Brainscape helps you reach your goals faster, through stronger study habits.
© 2024 Bold Learning Solutions. Terms and Conditions