Certified Ethical Hacker Exam CEH v11 312-50v11 Practice Test V8.02 Killtest 2021

2. The safer , easier way to help you pass any IT exams. 1.You are attempting to run an Nmap port scan on a web server. Which of the following commands would result in a scan of common ports with the least amount of noise in order to evade IDS? A. nmap -A - Pn B. nmap -sP -p-65535 -T5 C. nmap -sT -O -T0 D. nmap -A --host-timeout 99 -T1 Answer: C 2.In an internal security audit, the white hat hacker gains control over a user account and attempts to acquire access to another account's confidential files and information. How can he achieve this? A. Privilege Escalation B. Shoulder-Surfing C. Hacking Active Directory D. Port Scanning Answer: A Certified Ethical Hacker Exam CEH v11 312-50v11 Practice Test V8.02 Killtest 2021 shows the “nc” process is listening on a network port. What kind of vulnerability must be present to make this remote attack possible? A. File system permissions B. Privilege escalation C. Directory traversal D. Brute force login Answer: A 3.Which of the following tools can be used to perform a zone transfer? A. NSLookup B. Finger C. Dig D. Sam Spade E. Host F. Netcat G. Neotrace Answer: A,C,D,E 4.A network administrator discovers several unknown files in the root directory of his Linux FTP server. One of the files is a tarball, two are shell script files, and the third is a binary file is named "nc." The FTP server's access logs show that the anonymous user account logged in to the server, uploaded the files, and extracted the contents of the tarball and ran the script using a function provided by the FTP server's software. The “ps” command shows that the “nc” file is running as process, and the netstat command 5.While performing online banking using a Web browser, a user receives an email that contains a link to an interesting Web site. When the user clicks on the link, another Web browser session starts and displays a video of cats playing a piano. The next business day, the user receives what looks like an email 2 / 15

3. The safer , easier way to help you pass any IT exams. from his bank, indicating that his bank account has been accessed from a foreign country. The email asks the user to call his bank and verify the authorization of a funds transfer that took place. What Web browser-based security vulnerability was exploited to compromise the user? A. Clickjacking B. Cross-Site Scripting C. Cross-Site Request Forgery D. Web form input validation Answer: C 6.You need a tool that can do network intrusion prevention and intrusion detection, function as a network sniffer, and record network activity, what tool would you most likely select? A. Nmap B. Cain & Abel C. Nessus D. Snort Answer: D Certified Ethical Hacker Exam CEH v11 312-50v11 Practice Test V8.02 Killtest 2021 A. Vulnerability scans only do host discovery and port scanning by default. B. A penetration test actively exploits vulnerabilities in the targeted infrastructure, while a vulnerability scan does not typically involve active exploitation. C. It is not – a penetration test is often performed by an automated tool, while a vulnerability scan requires active engagement. D. The tools used by penetration testers tend to have much more comprehensive vulnerability databases. Answer: B 7.CompanyXYZ has asked you to assess the security of their perimeter email gateway. From your office in New York, you craft a specially formatted email message and send it across the Internet to an employee of CompanyXYZ. The employee of CompanyXYZ is aware of your test. Your email message looks like this: From: jim_miller@companyxyz.com To: michelle_saunders@companyxyz.com Subject: Test message Date: 4/3/2017 14:37 The employee of CompanyXYZ receives your email message. This proves that CompanyXYZ’s email gateway doesn’t prevent what? A. Email Masquerading B. Email Harvesting C. Email Phishing D. Email Spoofing Answer: D 8.Why is a penetration test considered to be more thorough than vulnerability scan? 9.A user on your Windows 2000 network has discovered that he can use L0phtcrack to sniff the SMB exchanges which carry user logons. The user is plugged into a hub with 23 other systems. However, he is unable to capture any logons though he knows that other users are logging in. 3 / 15

4. The safer , easier way to help you pass any IT exams. What do you think is the most likely reason behind this? A. There is a NIDS present on that segment. B. Kerberos is preventing it. C. Windows logons cannot be sniffed. D. L0phtcrack only sniffs logons to web servers. Answer: B 10.John is an incident handler at a financial institution. His steps in a recent incident are not up to the standards of the company. John frequently forgets some steps and procedures while handling responses as they are very stressful to perform. Which of the following actions should John take to overcome this problem with the least administrative effort? A. Create an incident checklist. B. Select someone else to check the procedures. C. Increase his technical skills. D. Read the incident manual every time it occurs. Answer: C Certified Ethical Hacker Exam CEH v11 312-50v11 Practice Test V8.02 Killtest 2021 13.What is the BEST alternative if you discover that a rootkit has been installed on one of your computers? A. Copy the system files from a known good system B. Perform a trap and trace C. Delete the files and try to determine the source D. Reload from a previous backup E. Reload from known good media Answer: E 11.Which of the following tools is used to analyze the files produced by several packet-capture programs such as tcpdump, WinDump, Wireshark, and EtherPeek? A. tcptrace B. Nessus C. OpenVAS D. tcptraceroute Answer: A 12.Peter is surfing the internet looking for information about DX Company. Which hacking process is Peter doing? A. Scanning B. Footprinting C. Enumeration D. System Hacking Answer: B 14.Peter, a Network Administrator, has come to you looking for advice on a tool that would help him 4 / 15

5. The safer , easier way to help you pass any IT exams. perform SNMP enquires over the network. Which of these tools would do the SNMP enumeration he is looking for? Select the best answers. A. SNMPUtil B. SNScan C. SNMPScan D. Solarwinds IP Network Browser E. NMap Answer: A,B,D 15.When discussing passwords, what is considered a brute force attack? A. You attempt every single possibility until you exhaust all possible combinations or discover the password B. You threaten to use the rubber hose on someone unless they reveal their password C. You load a dictionary of words into your cracking program D. You create hashes of a large number of words and compare it with the encrypted passwords E. You wait until the password expires Answer: A Certified Ethical Hacker Exam CEH v11 312-50v11 Practice Test V8.02 Killtest 2021 C. Mitigate the risk D. Avoid the risk Answer: A 16.What is the purpose of DNS AAAA record? A. Authorization, Authentication and Auditing record B. Address prefix record C. Address database record D. IPv6 address resolution record Answer: D 17.Suppose your company has just passed a security risk assessment exercise. The results display that the risk of the breach in the main company application is 50%. Security staff has taken some measures and implemented the necessary controls. After that, another security risk assessment was performed showing that risk has decreased to 10%. The risk threshold for the application is 20%. Which of the following risk decisions will be the best for the project in terms of its successful continuation with the most business profit? A. Accept the risk B. Introduce more controls to bring risk to 0% 18.Steve, a scientist who works in a governmental security agency, developed a technological solution to identify people based on walking patterns and implemented this approach to a physical control access. A camera captures people walking and identifies the individuals using Steve’s approach. After that, people must approximate their RFID badges. Both the identifications are required to open the door. In this case, we can say: A. Although the approach has two phases, it actually implements just one authentication factor 5 / 15

6. The safer , easier way to help you pass any IT exams. B. The solution implements the two authentication factors: physical object and physical characteristic C. The solution will have a high level of false positives D. Biological motion cannot be used to identify people Answer: B 19.What port number is used by LDAP protocol? A. 110 B. 389 C. 464 D. 445 Answer: B Certified Ethical Hacker Exam CEH v11 312-50v11 Practice Test V8.02 Killtest 2021 A. Host OS on containers has a larger surface attack. B. Containers may full fill disk space of the host. C. A compromise container may cause a CPU starvation of the host. D. Containers are attached to the same virtual network. Answer: A 20.Which mode of IPSec should you use to assure security and confidentiality of data within the same LAN? A. ESP transport mode B. ESP confidential C. AH permiscuous D. AH Tunnel mode Answer: A 21.A large company intends to use Blackberry for corporate mobile phones and a security analyst is assigned to evaluate the possible threats. The analyst will use the Blackjacking attack method to demonstrate how an attacker could circumvent perimeter defenses and gain access to the Prometric Online Testing – Reports https://ibt1.prometric.com/users/custom/report_queue/rq_str... corporate network. What tool should the analyst use to perform a Blackjacking attack? A. Paros Proxy B. BBProxy C. Blooover D. BBCrack Answer: B 22.Why containers are less secure that virtual machines? 23.Which of the following viruses tries to hide from anti-virus programs by actively altering and corrupting the chosen service call interruptions when they are being run? A. Macro virus B. Stealth/Tunneling virus C. Cavity virus 6 / 15

7. The safer , easier way to help you pass any IT exams. D. Polymorphic virus Answer: B 24.Which of the following is a command line packet analyzer similar to GUI-based Wireshark? A. nessus B. tcpdump C. ethereal D. jack the ripper Answer: B 25.John the Ripper is a technical assessment tool used to test the weakness of which of the following? A. Passwords B. File permissions C. Firewall rulesets D. Usernames Answer: A Certified Ethical Hacker Exam CEH v11 312-50v11 Practice Test V8.02 Killtest 2021 E. B757BF5C0D87772FAAD3B435B51404EE F. E52CAC67419A9A224A3B108F3FA6CB6D Answer: B,E 26.Fred is the network administrator for his company. Fred is testing an internal switch. From an external IP address, Fred wants to try and trick this switch into thinking it already has established a session with his computer. How can Fred accomplish this? A. Fred can accomplish this by sending an IP packet with the RST/SIN bit and the source address of his computer. B. He can send an IP packet with the SYN bit and the source address of his computer. C. Fred can send an IP packet with the ACK bit set to zero and the source address of the switch. D. Fred can send an IP packet to the switch with the ACK bit and the source address of his machine. Answer: D 27.Which of the following LM hashes represent a password of less than 8 characters? (Choose two.) A. BA810DBA98995F1817306D272A9441BB B. 44EFCE164AB921CQAAD3B435B51404EE C. 0182BD0BD4444BF836077A718CCDF409 D. CEC52EB9C8E3455DC2265B23734E0DAC 28.CORRECT TEXT You have successfully comprised a server having an IP address of 10.10.0.5. You would like to enumerate all machines in the same network quickly. What is the best Nmap command you will use? A. nmap -T4 -q 10.10.0.0/24 B. nmap -T4 -F 10.10.0.0/24 C. nmap -T4 -r 10.10.1.0/24 7 / 15

8. The safer , easier way to help you pass any IT exams. D. nmap -T4 -O 10.10.0.0/24 Answer: B 29.MX record priority increases as the number increases. (True/False.) A. True B. False Answer: B 30.Identify the UDP port that Network Time Protocol (NTP) uses as its primary means of communication? A. 113 B. 69 C. 123 D. 161 Answer: C Certified Ethical Hacker Exam CEH v11 312-50v11 Practice Test V8.02 Killtest 2021 D. All three servers need to face the Internet so that they can communicate between themselves Answer: B 31.Log monitoring tools performing behavioral analysis have alerted several suspicious logins on a Linux server occurring during non-business hours. After further examination of all login activities, it is noticed that none of the logins have occurred during typical work hours. A Linux administrator who is investigating this problem realizes the system time on the Linux server is wrong by more than twelve hours. What protocol used on Linux servers to synchronize the time has stopped working? A. Time Keeper B. NTP C. PPP D. OSPP Answer: B 32.You need to deploy a new web-based software package for your organization. The package requires three separate servers and needs to be available on the Internet. What is the recommended architecture in terms of server placement? A. All three servers need to be placed internally B. A web server facing the Internet, an application server on the internal network, a database server on the internal network C. A web server and the database server facing the Internet, an application server on the internal network 33.What is one of the advantages of using both symmetric and asymmetric cryptography in SSL/TLS? A. Symmetric algorithms such as AES provide a failsafe when asymmetric methods fail. B. Asymmetric cryptography is computationally expensive in comparison. However, it is well-suited to securely negotiate keys for use with symmetric cryptography. C. Symmetric encryption allows the server to securely transmit the session keys out-of-band. D. Supporting both types of algorithms allows less-powerful devices such as mobile phones to use symmetric encryption instead. Answer: D 8 / 15

9. The safer , easier way to help you pass any IT exams. 34.Vlady works in a fishing company where the majority of the employees have very little understanding of IT let alone IT Security. Several information security issues that Vlady often found includes, employees sharing password, writing his/her password on a post it note and stick it to his/her desk, leaving the computer unlocked, didn’t log out from emails or other social media accounts, and etc. After discussing with his boss, Vlady decided to make some changes to improve the security environment in his company. The first thing that Vlady wanted to do is to make the employees understand the importance of keeping confidential information, such as password, a secret and they should not share it with other persons. Which of the following steps should be the first thing that Vlady should do to make the employees in his company understand to importance of keeping confidential information a secret? A. Warning to those who write password on a post it note and put it on his/her desk B. Developing a strict information security policy C. Information security awareness training D. Conducting a one to one discussion with the other employees about the importance of information security Answer: A Certified Ethical Hacker Exam CEH v11 312-50v11 Practice Test V8.02 Killtest 2021 are both on the 192.168.1.0/24. Which of the following has occurred? A. The computer is not using a private IP address. B. The gateway is not routing to a public IP address. C. The gateway and the computer are not on the same network. D. The computer is using an invalid IP address. Answer: B 35.Eve is spending her day scanning the library computers. She notices that Alice is using a computer whose port 445 is active and listening. Eve uses the ENUM tool to enumerate Alice machine. From the command prompt, she types the following command. What is Eve trying to do? A. Eve is trying to connect as a user with Administrator privileges B. Eve is trying to enumerate all users with Administrative privileges C. Eve is trying to carry out a password crack for user Administrator D. Eve is trying to escalate privilege of the null user to that of Administrator Answer: C 36.A technician is resolving an issue where a computer is unable to connect to the Internet using a wireless access point. The computer is able to transfer files locally to other machines, but cannot successfully reach the Internet. When the technician examines the IP address and default gateway they 37.Study the following log extract and identify the attack. 9 / 15

10. The safer , easier way to help you pass any IT exams. Certified Ethical Hacker Exam CEH v11 312-50v11 Practice Test V8.02 Killtest 2021 38.Susan has attached to her company's network. She has managed to synchronize her boss's sessions with that of the file server. She then intercepted his traffic destined for the server, changed it the way she wanted to and then placed it on the server in his home directory. What kind of attack is Susan carrying on? A. A sniffing attack B. A spoofing attack C. A man in the middle attack D. A denial of service attack Answer: C A. Hexcode Attack B. Cross Site Scripting C. Multiple Domain Traversal Attack D. Unicode Directory Traversal Attack Answer: D 39.A bank stores and processes sensitive privacy information related to home loans. However, auditing 10 / 15

11. The safer , easier way to help you pass any IT exams. has never been enabled on the system. What is the first step that the bank should take before enabling the audit feature? A. Perform a vulnerability scan of the system. B. Determine the impact of enabling the audit feature. C. Perform a cost/benefit analysis of the audit feature. D. Allocate funds for staffing of audit log review. Answer: B 40.In the field of cryptanalysis, what is meant by a “rubber-hose” attack? A. Forcing the targeted keystream through a hardware-accelerated device such as an ASIC. B. A backdoor placed into a cryptographic algorithm by its creator. C. Extraction of cryptographic secrets through coercion or torture. D. Attempting to decrypt ciphertext by making logical assumptions about the contents of the original plaintext. Answer: C Certified Ethical Hacker Exam CEH v11 312-50v11 Practice Test V8.02 Killtest 2021 41.The company ABC recently contracts a new accountant. The accountant will be working with the financial statements. Those financial statements need to be approved by the CFO and then they will be sent to the accountant but the CFO is worried because he wants to be sure that the information sent to the accountant was not modified once he approved it. Which of the following options can be useful to ensure the integrity of the data? A. The CFO can use a hash algorithm in the document once he approved the financial statements B. The CFO can use an excel file with a password C. The financial statements can be sent twice, one by email and the other delivered in USB and the accountant can compare both to be sure is the same document D. The document can be sent to the accountant using an exclusive USB for that document Answer: A 42.The “Gray-box testing” methodology enforces what kind of restriction? A. Only the external operation of a system is accessible to the tester. B. The internal operation of a system in only partly accessible to the tester. C. Only the internal operation of a system is known to the tester. D. The internal operation of a system is completely known to the tester. Answer: B 43.A network admin contacts you. He is concerned that ARP spoofing or poisoning might occur on his network. What are some things he can do to prevent it? Select the best answers. A. Use port security on his switches. B. Use a tool like ARP watch to monitor for strange ARP activity. C. Use a firewall between all LAN segments. D. If you have a small network, use static ARP entries. E. Use only static IP addresses on all PC's. Answer: A,B,D 11 / 15

12. The safer , easier way to help you pass any IT exams. 44.What type of analysis is performed when an attacker has partial knowledge of inner-workings of the application? A. Black-box B. Announced C. White-box D. Grey-box Answer: D 45.You are trying to break into a highly classified top-secret mainframe computer with highest security system in place at Merclyn Barley Bank located in Los Angeles. You know that conventional hacking doesn't work in this case, because organizations such as banks are generally tight and secure when it comes to protecting their systems. In other words, you are trying to penetrate an otherwise impenetrable system. How would you proceed? A. Look for "zero-day" exploits at various underground hacker websites in Russia and China and buy the necessary exploits from these hackers and target the bank's network B. Try to hang around the local pubs or restaurants near the bank, get talking to a poorly-paid or disgruntled employee, and offer them money if they'll abuse their access privileges by providing you with sensitive information C. Launch DDOS attacks against Merclyn Barley Bank's routers and firewall systems using 100, 000 or more "zombies" and "bots" D. Try to conduct Man-in-the-Middle (MiTM) attack and divert the network traffic going to the Merclyn Barley Bank's Webserver to that of your machine using DNS Cache Poisoning techniques Answer: B Certified Ethical Hacker Exam CEH v11 312-50v11 Practice Test V8.02 Killtest 2021 D. NoSQL injection Answer: B 46.Elliot is in the process of exploiting a web application that uses SQL as a back-end database. He’s determined that the application is vulnerable to SQL injection, and has introduced conditional timing delays into injected queries to determine whether they are successful. What type of SQL injection is Elliot most likely performing? A. Error-based SQL injection B. Blind SQL injection C. Union-based SQL injection 47.A large mobile telephony and data network operator has a data center that houses network elements. These are essentially large computers running on Linux. The perimeter of the data center is secured with firewalls and IPS systems. What is the best security policy concerning this setup? A. Network elements must be hardened with user ids and strong passwords. Regular security tests and audits should be performed. B. As long as the physical access to the network elements is restricted, there is no need for additional measures. 12 / 15

13. The safer , easier way to help you pass any IT exams. C. There is no need for specific security measures on the network elements as long as firewalls and IPS systems exist. D. The operator knows that attacks and down time are inevitable and should have a backup site. Answer: A 48.Which of the following is the structure designed to verify and authenticate the identity of individuals within the enterprise taking part in a data exchange? A. SOA B. biometrics C. single sign on D. PKI Answer: D Certified Ethical Hacker Exam CEH v11 312-50v11 Practice Test V8.02 Killtest 2021 - Does not require additional hardware - Lower entry cost Which type of IDS is best suited for Tremp's requirements? A. Gateway-based IDS B. Network-based IDS C. Host-based IDS D. Open source-based Answer: C 49.Which of the following programs is usually targeted at Microsoft Office products? A. Polymorphic virus B. Multipart virus C. Macro virus D. Stealth virus Answer: C 50.Internet Protocol Security IPsec is actually a suite pf protocols. Each protocol within the suite provides different functionality. Collective IPsec does everything except. A. Protect the payload and the headers B. Encrypt C. Work at the Data Link Layer D. Authenticate Answer: D 51.Tremp is an IT Security Manager, and he is planning to deploy an IDS in his small company. He is looking for an IDS with the following characteristics: - Verifies success or failure of an attack - Monitors system activities Detects attacks that a network-based IDS fails to detect - Near real-time detection and response 52.Which of the following steps for risk assessment methodology refers to vulnerability identification? A. Determines if any flaws exist in systems, policies, or procedures B. Assigns values to risk probabilities; Impact values. 13 / 15

14. The safer , easier way to help you pass any IT exams. C. Determines risk probability that vulnerability will be exploited (High. Medium, Low) D. Identifies sources of harm to an IT system. (Natural, Human. Environmental) Answer: C 53.Bob received this text message on his mobile phone: “Hello, this is Scott Smelby from the Yahoo Bank. Kindly contact me for a vital transaction on: scottsmelby@yahoo.com”. Which statement below is true? A. This is a scam as everybody can get a @yahoo address, not the Yahoo customer service employees. B. This is a scam because Bob does not know Scott. C. Bob should write to scottmelby@yahoo.com to verify the identity of Scott. D. This is probably a legitimate message as it comes from a respectable organization. Answer: A Certified Ethical Hacker Exam CEH v11 312-50v11 Practice Test V8.02 Killtest 2021 C. An authentication system that creates one-time passwords that are encrypted with secret keys. D. An authentication system that uses passphrases that are converted into virtual passwords. Answer: C 54.When a security analyst prepares for the formal security assessment - what of the following should be done in order to determine inconsistencies in the secure assets database and verify that system is compliant to the minimum security baseline? A. Data items and vulnerability scanning B. Interviewing employees and network engineers C. Reviewing the firewalls configuration D. Source code review Answer: A 55.Which of the following is a component of a risk assessment? A. Administrative safeguards B. Physical security C. DMZ D. Logical interface Answer: A 56.Todd has been asked by the security officer to purchase a counter-based authentication system. Which of the following best describes this type of system? A. A biometric system that bases authentication decisions on behavioral attributes. B. A biometric system that bases authentication decisions on physical attributes. 57.What kind of detection techniques is being used in antivirus softwares that identifies malware by collecting data from multiple protected systems and instead of analyzing files locally it's made on the premiers environment- A. VCloud based B. Honypot based C. Behaviour based D. Heuristics based 14 / 15

15. The safer , easier way to help you pass any IT exams. Answer: A 58.PGP, SSL, and IKE are all examples of which type of cryptography? A. Digest B. Secret Key C. Public Key D. Hash Algorithm Answer: C 59.You just set up a security system in your network. In what kind of system would you find the following string of characters used as a rule within its configuration? alert tcp any any -> 192.168.100.0/24 21 (msg: ““FTP on the network!””;) A. A firewall IPTable B. FTP Server rule C. A Router IPTable D. An Intrusion Detection System Answer: D Certified Ethical Hacker Exam CEH v11 312-50v11 Practice Test V8.02 Killtest 2021 60.Which of the following is assured by the use of a hash? A. Authentication B. Confidentiality C. Availability D. Integrity Answer: D 15 / 15