CEH Practice Questions 5
docx
keyboard_arrow_up
School
Western Governors University *
*We aren’t endorsed by this school
Course
701
Subject
Information Systems
Date
Feb 20, 2024
Type
docx
Pages
3
Uploaded by ostorgafermin
1.
Which of the following programming languages is most susceptible to buffer overflow attacks, due to its lack of a built-in bounds checking mechanism?
Code:
a.
C#
b.
Python c.
Java
d.
C++
2.
Internet Protocol Security IPsec is actually a suite pf protocols. Each protocol within the suite
provides different functionality. Collective IPsec does everything except.
a.
Protect the payload and the headers
b.
Encrypt
c.
Work at the Data Link Layer
d.
Authenticate
3.
An attacker attaches a rogue router in a network. He wants to redirect traffic to a LAN attached to his router as part of a man-in-the-middle attack. What measure on behalf of the legitimate admin can mitigate this attack?
a.
Make sure that legitimate network routers are configured to run routing protocols with authentication.
b.
Disable all routing protocols and only use static routes
c.
Only using OSPFv3 will mitigate this risk.
d.
Redirection of the traffic cannot happen unless the admin allows it explicitly.
4.
Which method of password cracking takes the most time and effort?
a.
Dictionary attack
b.
Shoulder surfing
c.
Rainbow tables
d.
Brute force
5.
An attacker is trying to redirect the traffic of a small office. That office is using their own mail server, DNS server and NTP server because of the importance of their job. The attacker gain access to the DNS server and redirect the direction www.google.com to his own IP
address. Now when the employees of the office want to go to Google, they are being redirected to the attacker machine. What is the name of this kind of attack?
a.
MAC flooding b.
Smurf attack c.
DNS spoofing
d.
ARP poisoning
6.
What term describes the amount of risk that remains after the vulnerabilities are classified and the countermeasures have been deployed?
a.
Residual risk b.
Impact risk c.
Deferred risk d.
Inherent risk 7.
Which of the following is the best countermeasure to encrypting ransomwares?
a.
Use multiple antivirus software
b.
Pay a ransom
c.
Keep some generation of off-line backup
d.
Analyze the ransomware to get decryption key of encrypted data
8.
Session splicing is an IDS evasion technique in which an attacker delivers data in multiple, small sized packets to the target computer, making it very difficult for an IDS to detect the attack signatures. Which tool can be used to perform session splicing attacks?
a.
tcpsplice
b.
Burp
c.
Hydra
d.
Whisker
9.
You have successfully comprised a server having an IP address of 10.10.0.5. You would like to enumerate all machines in the same network quickly.
What is the best Nmap command you will use?
a.
nmap -T4 -q 10.10.0.0/24
b.
nmap -T4 -F 10.10.0.0/24
c.
nmap -T4 -r 10.10.1.0/24
d.
nmap -T4 -O 10.10.0.0/24
10. As a Certified Ethical Hacker, you were contracted by a private firm to conduct an external security assessment through penetration testing.
What document describes the specifics of the testing, the associated violations, and essentially protects both the organization's interest and your liabilities as a tester?
a.
Service Level Agreement
b.
Project Scope
c.
Rules of Engagement
d.
Non-Disclosure Agreement
Your preview ends here
Eager to read complete document? Join bartleby learn and gain access to the full version
- Access to all documents
- Unlimited textbook solutions
- 24/7 expert homework help