CEH/PEN - Practice Exam_2

Question 1

Vulnerability management cycle

Answer 1

1. Identify assets and create a baseline
2. Vulnerability scan
3. Risk Assessment
4. Remediation
5. Verification
6. Monitor

Question 2

Command line used to discover WPS enabled APs

Answer 2

ntptrace

Question 3

Attack: Security exploit that compromises a site that a targeted victim visits to gain access to victim’s computer and network

Answer 3

Watering hole attack

Question 4

An individual who uses hacking skills to identify security vulnerabilities in hardware, software or netowrks

Answer 4

White Hat Hacker

Question 5

A web security vulnerability that allows an attacker to interfere with an application’s processing of XML data

Answer 5

XXE (XML external entity injection)

Question 6

Technique when someone queries a DNS server in order to find out if the DNS server has a specific DNS record cached, and thereby deduce if the DNS server’s owner have recently visited a specified site

Answer 6

DNS Cache Snooping

Question 7

A powerful, flexible and portable tool created to perform various types of MITM attacks against a network, manipulate HTTP, HTTPS and TCP traffic in real-time, sniff for credentials and much more

Answer 7

BetterCAP

Question 8

Field in the IPv4 header, and the Traffic Class filed in the IPv6 header, used to classify IP packets so that routers can make QoS (quality of service) decision about what path packets should traverse across the network

Answer 8

Type of Service (ToS)

Question 9

Private IP address range (Class A)

Answer 9

10.0.0.0 - 10.255.255.255

Question 10

Class B address ranges

Answer 10

172.16.0.0 - 172.31.255.255

Question 11

Class C address range

Answer 11

192.168.0.0 - 192.168.255.255

Question 12

Three types of IPv6 addresses

Answer 12

• Unicast
• Anycast
• Multicast

Question 13

Protocols used to mitigate session hijackings

Answer 13

• IPSEC
• VPN

Question 14

Device typically used with software such as Wireshark to aid in wireless network traffic analysis

Answer 14

AirPcap

Question 15

Two security issues related to containers as compared to VMs

Answer 15

• Open network traffic across services
• sharing the OS kernel

Question 16

Ports are divided into three ranges known as:

Answer 16

• Well-known ports
• Registered Ports
• Dynamic/Private Ports

Question 17

Well-known ports range

Answer 17

0 - 1023

Question 18

Registered ports range

Answer 18

1024 - 49151

Question 19

Dynamic/Private ports range

Answer 19

49152 - 65535

Question 20

DoS attack against a Bluetooth device

Answer 20

Bluesmacking

Question 21

In context of Microsoft Windows NT, which Security Identifier (SID) represents the administrator account

Answer 21

S-1-5 and end with -500

Question 22

(inherent risk) - (impact of risk controls) =

Answer 22

Residual risk

Question 23

The Five Phases of Penetration Testing

Answer 23

Reconnaissance
Scanning
Vulnerability assessment
Exploitation
Reporting

Question 24

When an attacker attempts to deliver the payload over multiple packets for an extended period of time

Answer 24

Session splicing

Question 25

Attack when you extract secrets from people by use of torture or coercion

Answer 25

Rubber hose attack

Question 26

Tactics used in social engineering attacks

Answer 26

• Reciprocity
• Social Validation
• Authority

Question 27

Attack that is used to redirect users to an incorrect DNS server (2 answers)

Answer 27

• DNS cache poisoning
• Pharming

Question 28

Process of sending ICMP Echo request to all IP addresses in the range

Answer 28

Ping sweep

Question 29

Tool that allows you to query the DNS database from any computer on the network and find the hostname of a device by specifying its IP address

Answer 29

nslookup

Question 30

Tool that can be used to crack WEP encryption

Answer 30

Aircrack-NG

Question 31

What is the first step in a form based SQL injection attack

Answer 31

Locate a user input file on a web page

Question 32

What are two common reasons for using split DNS

Answer 32

• Allow internal networks to resolve DNS on the Internet
• Hide internal information from external clients on the Internet

Question 33

Auxiliary in Metasploit that allows you to scan for SNMP configurations

Answer 33

auxiliary/scanner/snmp

Question 34

What is the first step followed by vulnerability scanners

Answer 34

Checking if the remote host is alive

Question 35

Nmap command used to perform a TCP SYN ping scan

Answer 35

nmap -sn -PS <target></target>

Question 36

Encryption software, which is a free implementation of the OpenPGP standard that uses both symmetric-key cryptography and asymmetric-key cryptography

Answer 36

PGP

Question 37

Which sqlmap command allows you to enumerate a database for a specific url?

Answer 37

-dbs

Question 38

Attack: When an attacker compromises a site likely to be visited by a particular target group

Answer 38

Waterhole attack

Question 39

Individual who uses hacking skills to identify security vulnerabilities in hardware, software or networks

Answer 39

White Hat Hacker

Question 40

Criminals who break into computer networks with malicious intent

Answer 40

Black Hat Hacker

Question 41

A powerful, flexible and portable tool created to perform various types of MITM attacks against a network, manipulate HTTP, HTTPS and TCP traffic in real time, sniff for credentials and much more.

Answer 41

BetterCAP

Question 42

Integrated platform/graphical tool for performing security testing of web applications.

Answer 42

Burp Suite

Question 43

Attack technique used to crack the password used by industrial control systems

Answer 43

HMI-based attack

Question 44

Length of the IPv6 datagram hearder

Answer 44

40 bytes