CEH/PEN - Quizlet

Question 1

Attack: Attack that extends the results returned by the original query, enabling attackers to run two or more statements if they have the same structure as the original one

Answer 1

Union SQL injection

Question 2

A technique were an attacker sends FIN/ACK probes to receive a RST packet and would indicate that the port is closed.

Answer 2

TCP Maimon Scan

Question 3

Types of Vulnerability Assessments: Assesses the network from a hacker’s perspective to discover exploits and vulnerabilities

Answer 3

External Assessment

Question 4

Cyber Kill Chain: After reconnaissance, the hacker will use information gathered to find/create malware to use against target network

Answer 4

Weaponization

Question 5

Docker Architecture
- Enables users to interact with Docker
- Can reside on the same host as the daemon or connect to a daemon on a remote host.

Answer 5

Docker Client

Question 6

An information security standard used to handle credit cards from major card brands.

Answer 6

Payment Card Industry Data Security Standard (PCI DSS)

Question 7

Google Dork operator: Locates webpages that contain certain characters or strings insider their text

Answer 7

intext

Question 8

A speech privacy attack that exploits speech reverberations from a smartphone’s inbuilt loudspeaker

Answer 8

Spearphone Attack

Question 9

Cyber Kill Chain: Hacker takes advantage of vulnerabilities to further infiltrate a target network

Answer 9

Exploitation

Question 10

Attack: Technique where the attacker compromises the DNS servers so that traffic is directed to a malicious site

Answer 10

Pharming

Question 11

Attack: Key reinstallation attack. This attack exploits a vulnerability in WPA2 for the purpose of stealing data

Answer 11

KRACK

Question 12

Encryption algorithm, characterized by a 128-bit block size, and its key size can be up to 256 bits.

Answer 12

IDEA

Question 13

-This occurs when an attacker is unable to use the same channel to launch the attack and gather results
- database server can send data to an attacker and give them the ability to make DNS and HTTP requests

Answer 13

Out-of-Band SQLi

Question 14

Types of Vulnerability Assessments: Focuses on testing databases for presence of data exposure or injection type vulnerabilities

Answer 14

Database Assessment

Question 15

An encryption software that uses both symmetric-key cryptograph and asymmetric-key cryptography for improved speed and secure key exchange.

Answer 15

GPG (GnuPGP)

Question 16

Nmap scan that performs a TCP SYN ping scan

Answer 16

-PS

Question 17

An automated tool used to gather a list of words from the a target website to further perform a brute-force attack.

Answer 17

CeWL (custom word list generator)

Question 18

File that is rich target to discover the structure of a website during web-server footprinting

Answer 18

Robots.txt

Question 19

• A technique used to evade an IDS system.
• encoding packets with Unicode characters

Answer 19

Obfuscating

Question 20

Types of Vulnerability Assessments: Determines possible network security attacks that may occur on the organization’s system

Answer 20

Network-Based Assessment

Question 21

Technique that enhances the security of keys used for encryption and authentication

Answer 21

Key stretching

Question 22

Attack on the a DHCP servers by broadcasting forged DHCP requests and leased all the DHCP addresses available in the DHCP scope

Answer 22

DHCP starvation

Question 23

Tool that allows you to scan your network for known device types that could be used as unwilling participants in a distributed denial-of-service attack

Answer 23

IoT Seeker

Question 24

Attack: DDoS attack . Partial HTTP requests are sent to the web infrastructure or applications. Upon receiving a partial request, the target servers opens multiple connections and keeps waiting for the requests to complete.

Answer 24

Slowloris Attack

Question 25

Container Technology Architecture: Testing and Accreditation Systems

Answer 25

Tier 2

Question 26

Tool used to protect against security incidents such as cyber espionage, zero-day attacks, and malware

Answer 26

Flowmon

Question 27

Attack: a rogue Wi-Fi access point (AP) that masquerades as a legitimate one, enabling an attacker to gain access to sensitive information without the end user’s knowledge

Answer 27

Evil-Twin Attack

Question 28

Firewall evasion scanning technique that makes use of a zombie system that has low network activity

Answer 28

idle scanning

Question 29

Attack: In attack in which an entire website and its content is copied on a local drive to view the complete profile of the site’s directory structure, file structure, external links, images, and web pages

Answer 29

Website Mirroring

Question 30

A mechanism for distributed coordination of a worm

Answer 30

Permutation Scanning Technique

Question 31

Files on a web server that can be misconfigured and provide useful information for a hacker

Answer 31

httpd.conf

Question 32

Tool that allows an attacker to obtain the passwords from a Wi-Fi network

Answer 32

Dragonblood

Question 33

Attack in which DNS queries are incorrectly resolved in order to unexpectedly redirect users to malicious sites.

Answer 33

DNS Hijacking(aka DNS redirection)

Question 34

Cyber attack in which an authorized user gains access to a legitimate connection of another client in the network

Answer 34

TCP/IP Hijacking

Question 35

Cyber Kill Chain: After hackers have taken over a target network, they execute malware to interrupt services, steal data, etc.

Answer 35

Actions and Objectives

Question 36

7 steps of the Cyber Kill Chain

Answer 36

1. Reconnaissance
2. Weaponization
3. Delivery
4. Exploitation
5. Installation
6. Command and Control
7. Actions and Objectives

Question 37

Types of Vulnerability Assessments: Scans the internal infrastructure to discover exploits and vulnerabilities

Answer 37

Internal Assessment

Question 38

Container Technology Architecture
- Orchestrators
- Allows developers to deploy multiple containers for implementations within applications
- Automates the processes of running instances, provisioning hosts, and linking containers

Answer 38

Tier 4

Question 39

Container Technology Architecture: Tier 1

Answer 39

Developer Machines

Question 40

Attack: Like normal SQL injection; uses a series of true/false questions against the database and determines answers based on the applications response.

Answer 40

Blind SQL Injection

Question 41

File that determines the basic configuration in an Android application

Answer 41

AndriodManifest.xml

Question 42

Google Dork operator: Searches for a specific term in the URL

Answer 42

inurl

Question 43

Google Dork operator: Returns results whose URL contains all the specified characters

Answer 43

allinurl

Question 44

Google Dork operator: Searches for a exact anchor in text used on any links

Answer 44

inanchor

Question 45

Google Dork operator: Shows all sites that contains either or both specified words in the query

Answer 45

|

Question 46

Uses 192 and 256-bit keys for encryption purposes. Weak to brute force attacks.

Answer 46

Advanced Encryption Standard (AES)

Question 47

Attack: When an attacker, hacker, or unauthorized user spoof the root bridge in the topology

Answer 47

STP Attack

Question 48

Docker Architecture: Services that provide locations from where you can store and download images.

Answer 48

Docker Registries

Question 49

Attack: Attack in which a hacker can steal information from a wireless device through Bluetooth.

Answer 49

Bluesnarfing

Question 50

Attack: A web security vulnerability that allows an attacker to read arbitrary files on the server that is running an application.

Answer 50

Directory Traversal

Question 51

Attack: Attack that tricks a user into clicking a webpage element which is invisible or disguised as another element

Answer 51

Clickjacking

Question 52

NetBIOS code: <03>

Answer 52

Windows Messenger service

Question 53

NetBIOS code: <20>

Answer 53

File Service (Host Record)

Question 54

NetBIOS code: <1B>

Answer 54

Domain Master Browser

Question 55

Automated tool used to anonymously query the LDAP service for sensitive information to launch attacks on a target network

Answer 55

JXplorer

Question 56

An online tool used to gather information related to the model of the IoT device and certifications granted to it

Answer 56

FCC ID search

Question 57

Protocol used to secure an LDAP service against Anonymous queries

Answer 57

RADIUS

Question 58

A vluberability which allows attackers to exploit the iTunes Wi-Fi sync feature

Answer 58

iOS Trustjacking

Question 59

A tool that is a self-extracting RAR file containing two components: a bypass component and a service component

Answer 59

Credential enumerator

Question 60

A web-based search platform for assessing attack surface for Internet connected devices

Answer 60

Censys

Question 61

The most effective wayof detecting hosts in LAN networks.

Answer 61

ARP ping scan

Question 62

an ethical hacking technique used to gather as much data as possible about a specific targeted computer system, an infrastructure and networks to identify opportunities to penetrate them

Answer 62

Footprinting (i.e. web server footprinting)

Question 63

A technique that creates forged TCP sessions by carrying out multiple SYN, ACK, and RST/FIN packets

Answer 63

Spoofed session flood attack

Question 64

Metasploit post-exploitation module that can be used to escalate privileges on Windows systems

Answer 64

getsystem

Question 65

A powerful recon tool with strong geolocation capabilities

Answer 65

HOOTSUITE

Question 66

Cyber Kill Chain: Cyberweapons and tools are used to infiltrate a target network

Answer 66

Delivery

Question 67

Types of Vulnerability Assessments: Used to sniff the network traffic to discover present active systems, network services, applications, and vulnerabilities.

Answer 67

Passive Assessment

Question 68

Types of Vulnerability Assessments: Conducts a configuration level check to identify system configurations, user directories, file systems, registry systems, etc

Answer 68

Host-Based Assessment

Question 69

Types of Vulnerability Assessments: Uses a network scanner to find hosts, services, and vulnerabilities

Answer 69

Active Assessment

Question 70

Injection attack that makes it possible to execute malicious SQL statements

Answer 70

SQL Injection (SQLi)

Question 71

Google Dork Operator: Returns the cached version of a website

Answer 71

cache:

Question 72

Google Dork operator: Concatenates words to detect pages using more than one specific key

Answer 72

+

Question 73

Google Dork operator: Used to avoid displaying results containing certain words

Answer 73

-

Question 74

Attack: Vulnerability residing in a bare-metal cloud server that enables the attackers to implant a malicious backdoor in its firmware

Answer 74

Cloudborne

Question 75

Used for authenticating messages as well as content verification and digital signatures

Answer 75

MD5 Encryption

Question 76

Ethical hacking practice that collects data about targets and their condition

Answer 76

Whois Footprinting

Question 77

Attack: Attack that allows an attacker to redirect network connections by performing DNS spoofing due to a specification flaw in the LTE.

Answer 77

aLTEr Attack

Question 78

Docker Architecture: A persistent background process that manages Docker images, containers, networks, and storage volumes.

Answer 78

Docker Daemon

Question 79

A tool that gathers email account information from different public sources and check if those emails were leaked

Answer 79

Infoga

Question 80

A technique to protect passwords stored in databases by adding a string of 32 or more characters and then hashing them

Answer 80

Password Salting

Question 81

-Short-range communication protocol based on the IEEE. 203.15.4.
-Used in devices that transfer data infrequently at a low rate

Answer 81

Zigbee

Question 82

Web service that uses HTTP methods such as PUT, POST, GET and DELETE can can improve the overall performance, visibility, scalability, reliability, and portability of an application

Answer 82

RESTful API

Question 83

An online tool that retrieve information such as the network range or an organization and identifies the network topology and OS used in that network.

Answer 83

American Registry for Internet Numbers (ARIN)

Question 84

Attack: When an attacker obtains the frequency required to share information and captures the original data when commands were initiated between connected devices

Answer 84

Replay Attack

Question 85

Method that uses DNS to perform data exfiltration on a target network

Answer 85

DNS Tunneling

Question 86

Attack: a man-in-the-middle attack framework used for phishing credentials along with session cookies, which can then be used to bypass 2-factor authentication protection.

Answer 86

Evilginx

Question 87

NMAP scan that is used to check for a stateless or stateful firewall?

Answer 87

-sA

Question 88

An automated tool that performs vulnerability scanning to find hosts, services and other vulnerabilities in a target server.

Answer 88

Netsparker

Question 89

Type of virus that is most likely to remain hidden from antivirus software

Answer 89

Stealth virus

Question 90

Web service Architecture used to maintain the integrity and confidentiality of SOPA messages

Answer 90

WS-Policy

Question 91

Attack that attempts to overflow the content-addressable memory (CAM) table in a Ethernet switch

Answer 91

MAC flooding

Question 92

Spyware used by attacker to take control of an iphone by jailbreaking the device remotely and record audio, capture screenshots, and monitor all calls and texts

Answer 92

Trident

Question 93

When someone queries a DNS server in order to find out (snoop) if the DNS server has a specific DNS record cached

Answer 93

DNS cache snooping

Question 94

Tool used to test for any security loopholes by hijacking a session between a client and server

Answer 94

Burp Suite

Question 95

NMAP switch that helps evade IDS/Firewalls

Answer 95

-D

Question 96

Cyber Kill Chain: Hackers research potential targets before carrying out any penetration testing

Answer 96

Reconnaissance

Question 97

Cyber Kill Chain: Attacker attempts to install malware and other cyberweapons on target network to take control of systems and steal data

Answer 97

Installation

Question 98

Cyber Kill Chain: Hackers communicate with the malware to initiate specified actions/objective

Answer 98

Command and Control

Question 99

Types of Vulnerability Assessments: Test and analyzes all elements of web infrastructure for any misconfiguration, outdated content, or known vulnerabilities

Answer 99

Application Assessment

Question 100

Container Technology Architecture
- Registries
- Repository or collection of repositories used to store container images for Kubernets, DevOPs, and container-based application development

Answer 100

Tier 3

Question 101

• Allows 192-bit minimum strength security protocols
• Uses cryptographic such as GCMP-256, HMAC-SHA384, and ECDSA

Answer 101

WPA3 Enterprise

Question 102

Google Dork Operator: Returns a list of all indexed URLs from a website or domain

Answer 102

site

Question 103

Google Dork operator: Returns various kind of files depending on the file extension

Answer 103

filetype

Question 104

Attack
- Attacks that are triggered at the managed service providers (MSP) and their users.
- Uses spear-phishing emails with custom-made malware to compromise accounts

Answer 104

Cloud Hopper

Question 105

3 keys are used, with each key consisting of 56 bits

Answer 105

Triple DES Encryption

Question 106

Attack: A cross-protocol security bug that attacks servers supporting modern SSLv3/TLS protocol suites by using their support for the obsolete, insecure, SSL v2 protocol.

Answer 106

DROWN Attack

Question 107

NetBIOS code: <00>

Answer 107

Workstation Service (Name)

Question 108

Attack: An attack that permits an attacker to hijack a valid user session

Answer 108

Session Fixation

Question 109

Attack: An attack in which an attacker has full or partial control of the request sent by a web application

Answer 109

Server-side Request Forgery (SSRF) Attack

Question 110

A federal law that mandates certain practices in financial record keeping and reporting for corporations

Answer 110

Sarbanes-Oxley (SOX) Act

Question 111

Technique that patches the kernel during the device boot so that it becomes jailbroken after reboot

Answer 111

Untethered Jailbreaking

Question 112

Most effective way of detecting hosts in LAN networks

Answer 112

ARP Ping Scan

Question 113

Automated tool that can retrieve infomration about DNS zone data including DNS domian names, computer names, IP addresses, DNS records, and network Whois records

Answer 113

Bluto

Question 114

Malware that is undetected by IDS/IPS or AV tools

Answer 114

File-less Malware

Question 115

Outdated wireless network encryption protocol desinged to mimic wired cryption

Answer 115

WEP

Question 116

Command that is used to check for valid users on an SMTP server

Answer 116

VRFY

Question 117

Mobile malware that generates financial gain by replacing legitimate applications on devices with malicious versions that include fraudulent ads

Answer 117

Agent Smith

Question 118

Web-page file type that would strongly indicate that the server is vulnerable to a “Server-side includes” attack

Answer 118

.stm

Question 119

Highly trusted web application security scanner which provides great accuracy in detecting vulnerabilities and all around security.

Answer 119

Syhunt Hybrid

Question 120

Useful tool used for cracking hashed passwords

Answer 120

Netcat

Question 121

An open-source framework for performing automated reconnaissance activities.

Answer 121

OSINT framework

Question 122

Algorithm that involves 32 rounds of computational operations and key sizes of 128, 192, or 256

Answer 122

Serpent

Question 123

Spyware that allows an attacker to take control of an iPhone by jailbreaking the device remotely and record audio, capture screenshots, and monitor all calls and texts

Answer 123

Trident

Question 124

Information security law or standard that aims to protect stakeholders and the general public from account errors and fraudulent activities within organizations.

Answer 124

SOX