No products in the cart.
EC-Council CEH Exam Questions
Page 1 of 65
1.
An attacker is using a proxy chain to conduct a scan. What is the main advantage of this method?
-
Anonymity
-
Increased scanning speed
-
Bypassing bandwidth restrictions
-
Evasion of geo-restrictions
Correct answer: Anonymity
Using a proxy chain allows an attacker to hide their original IP address and therefore provides anonymity.
Using multiple proxies typically slows down the scanning process rather than increasing the speed. Bypassing bandwidth restrictions is not the primary purpose of proxy chains in scanning, and while they can sometimes be used for this purpose, it's not their main advantage. Evading geo-restrictions is also not the primary purpose for using proxy chains in scanning scenarios. However, it may be a side benefit in some cases.
2.
Which encryption protocol, introduced with the original WPA standard, uses a per-packet key system that dynamically changes keys to prevent certain types of attacks?
-
TKIP
-
AES
-
WEP
-
PEAP
Correct answer: TKIP
Temporal Key Integrity Protocol (TKIP) was introduced with the original Wi-Fi Protected Access (WPA) standard as an interim security solution. It uses a per-packet key system that dynamically changes keys to ensure that each packet has a unique encryption key, making it more difficult for attackers to compromise than WEP.
AES is associated with WPA2 and is more secure than TKIP. WEP is an outdated encryption method. Protected Extensible Authentication Protocol (PEAP) is used in conjunction with Extensible Authentication Protocol (EAP) for secure communication on wireless networks and does not itself encrypt traffic.
3.
What is the primary goal of a Denial of Service (DoS) attack?
-
To render a system or network unavailable to legitimate users
-
To gain unauthorized access to a system
-
To intercept sensitive data in transit
-
To delete or modify data on a targeted system
Correct answer: To render a system or network unavailable to legitimate users
A DoS attack aims to overwhelm the target system's resources, such as bandwidth or processing power, causing it to become unavailable to legitimate users.
A DoS attack would not be used to gain unauthorized access to a system, intercept sensitive data in transit, or delete or modify data on a targeted system.
4.
What is one key reason APT attacks can persist for a long time without detection?
-
Use of sophisticated evasion techniques
-
Sole reliance on known malware
-
Lack of any malicious intent
-
They target outdated systems only
Correct answer: Use of sophisticated evasion techniques
Advanced Persistent Threat (APT) attacks employ sophisticated evasion techniques to remain undetected in a system for extended periods, gathering intelligence or data.
They don't rely solely on known malware; in fact, they often use zero-day vulnerabilities. While they certainly have malicious intent, their stealth allows them to operate undetected. APTs target a range of systems, not just outdated ones.
5.
Which malware variant is designed to provide unauthorized remote control over a system?
-
Remote Access Trojan (RAT)
-
Virus
-
Adware
-
Logic bomb
Correct answer: Remote Access Trojan (RAT)
A Remote Access Trojan (RAT) is a type of malware that allows an attacker to take unauthorized remote control over a compromised system.
While a virus can have various functionalities, its defining characteristic isn't providing remote control. Adware displays unwanted ads, and logic bombs activate under specific conditions.
6.
Under FISMA, federal agencies are required to do which of the following?
-
Develop, document, and implement an agency-wide information security program
-
Ensure the proper usage and sharing of digital media copyright
-
Provide open access to all federal data to the public
-
Implement credit card transaction security measures
Correct answer: Develop, document, and implement an agency-wide information security program
The Federal Information Security Management Act (FISMA) requires federal agencies to create an overarching information security program that ensures the protection of their information systems. This means that they need to develop, document, and implement an agency-wide information security program.
Ensuring the proper usage and sharing of digital media copyright is related to the objectives of the DMCA. Providing open access to all federal data to the public is not a FISMA requirement, as not all federal data is meant to be public. Implementing credit card transaction security measures is related to PCI DSS standards.
7.
Which tool can be used to identify the operating system of a remote host through TCP/IP stack fingerprinting?
-
Nmap
-
Netcat
-
Hping3
-
ARP
Correct answer: Nmap
Nmap, short for Network MAPper, is one of the most popular port scanners. In addition to port scanning, Nmap has many other functions, including OS detection capabilities using TCP/IP stack fingerprinting.
Netcat is a networking tool. Hping3 is used for crafting packets. ARP is for IP to MAC resolution.
8.
Which of the following technologies can be used to isolate containers at the kernel level?
-
Namespaces
-
Docker compose
-
VPNs
-
Load balancers
Correct answer: Namespaces
Namespaces are a feature of the Linux kernel that isolate and virtualize system resources for containers, allowing each container to have its own instance of global resources.
Docker compose is a tool for defining and running multi-container Docker applications. VPNs secure network connections and load balancers distribute traffic across multiple servers, which are not related to kernel-level isolation.
9.
In cloud computing, what is the term for distributing workloads across multiple resources to ensure no single resource is overwhelmed?
-
Load balancing
-
Multi-tenancy
-
Vertical scaling
-
Redundancy
Correct answer: Load balancing
Load balancing in cloud computing refers to the process of distributing workloads across multiple computing resources, such as servers or networks, to ensure that no single resource is overwhelmed, which improves the efficiency and availability of applications and services.
Multi-tenancy is when a single instance of a software application serves multiple customers. Vertical scaling refers to adding more resources to a single node in a system. Redundancy involves duplicating critical components of a system with the intention of increasing reliability of the system.
10.
What is the advantage of using Shodan over traditional search engines when searching for vulnerable IoT devices?
-
Shodan indexes devices directly connected to the internet
-
Shodan provides real-time data packet interception
-
Shodan can perform automated penetration tests on devices
-
Shodan offers private network scanning capabilities
Correct Answer: Shodan indexes devices directly connected to the internet
Shodan is specifically designed to index internet-connected devices, which includes many IoT devices, making it useful for finding devices that may be vulnerable due to their exposure to the internet. Traditional search engines index web content, not devices.
Shodan does not intercept data packets, perform penetration tests, or scan private networks.
11.
What kind of shared environment attack is characterized by an unauthorized user gaining control over the hypervisor to potentially access all hosted virtual machines?
-
Hyperjacking
-
VM escape
-
Rootkit installation
-
Man-in-the-middle
Correct answer: Hyperjacking
Hyperjacking is an attack where the hypervisor, which creates and manages Virtual Machines (VMs), is taken over by an unauthorized user, potentially giving them access to all hosted VMs.
VM escape involves breaking out of a VM to attack the host system. Rootkit installation is the implantation of stealthy malware. A man-in-the-middle attack involves intercepting communications.
12.
How does an attacker exploit a cross-site scripting (XSS) vulnerability on a web server?
-
By injecting malicious scripts into web pages viewed by other users
-
By decrypting data transmitted over SSL/TLS
-
By bypassing CAPTCHA mechanisms
-
By disabling antivirus software on the server
Correct answer: By injecting malicious scripts into web pages viewed by other users
An attacker exploits a Cross-Site Scripting (XSS) vulnerability by injecting malicious scripts into web pages, which are then executed in the browsers of other users. This can result in unauthorized access to user sessions or personal data.
Decrypting data over SSL/TLS, bypassing CAPTCHA, and disabling antivirus software are not methods of exploiting XSS vulnerabilities.
13.
What is the primary purpose of enumeration in the ethical hacking process?
-
To gather detailed information about a target's network and services
-
To exploit vulnerabilities and gain access to a system
-
To find live hosts on a network
-
To implement security measures
Correct answer: To gather detailed information about a target's network and services
Enumeration is primarily used to gather detailed information about a target's network and services. This stage comes after the scanning phase, where live hosts are identified, and before the exploitation phase.
Implementing security measures is not a part of the enumeration process but a reactive measure after penetration testing has been completed.
14.
What does keylogging refer to?
-
Capturing and recording user keystrokes
-
Logging the keys used in encryption
-
Keeping a record of system access keys
-
Monitoring the system for key vulnerabilities
Correct answer: Capturing and recording user keystrokes
Keylogging refers to the method of capturing and recording user keystrokes, which can reveal sensitive information like passwords. Keyloggers can either be hardware-based (typically USB) or software-based.
Keylogging is not related to logging the keys used in encryption, keeping a record of system access keys, or monitoring the system for key vulnerabilities.
15.
The Internet Assigned Numbers Authority (IANA) owns all IP addresses at a high level. IANA hands out the IP addresses to Regional Internet Registries (RIR) to then pass out to organizations that fall into their geographical region. Which RIR handles the IP addresses for Africa?
-
AfriNIC
-
ARIN
-
APNIC
-
RIPE
Correct answer: AfriNIC
AfriNIC is the Regional Internet Registry (RIR) that handles IP addresses for Africa.
ARIN handles IP addresses in the United States, Canada, Antarctica, and parts of the Carribean. APNIC handles Asia, Australia, New Zealand, and neighboring countries. RIPE handles Europe, Russia, Greenland, the Middle East, and parts of Central Asia.
16.
Which technique involves sending specially crafted packets that exploit the firewall's inability to handle non-standard IP options or flags?
-
Crafted packet injection
-
HTML smuggling
-
Insertion attack
-
Flooding
Correct answer: Crafted packet injection
Crafted packet injection involves sending uniquely constructed packets that exploit a firewall's inadequacy in handling non-standard IP options, potentially allowing malicious traffic through. There are many tools that enable packet crafting, such as PackETH and Hping.
HTML smuggling embeds malicious content in benign files, insertion attacks exploit discrepancies in packet interpretation, and flooding overwhelms with excessive traffic.
17.
An attacker has just successfully executed a denial-of-service attack against a target. Which attribute of the CIA triad is being compromised in this scenario?
-
Availability
-
Integrity
-
Non-repudiation
-
Confidentiality
Correct answer: Availability
A denial-of-service attack affects the availability of resources. This means that those attempting to access legitimate resources may not be able to do so.
The CIA triad is made up of confidentiality, integrity, and availability. Non-repudiation is not part of the CIA triad, although it is typically considered to be related. A denial-of-service attack would not impact or compromise integrity and confidentiality.
18.
What is the primary purpose of the Executive Summary in a vulnerability assessment report?
-
Present a high-level overview of the assessment's outcomes
-
Discuss technical details of each vulnerability
-
Offer remediation steps for vulnerabilities
-
List the tools used in the assessment
Correct answer: Present a high-level overview of the assessment's outcomes
The Executive Summary is designed to provide a concise, high-level overview of the assessment's results, tailored for stakeholders and leadership.
Technical details of each vulnerability would typically be outlined in the Findings or Findings and Analysis section of the report. Remediation advice is typically found in the Recommendations section. A list of tools used in the assessment is not always included, but if it is included, it would not be in the Executive Summary.
19.
What technique can be used in a web server attack to masquerade malicious SQL queries by altering their appearance?
-
SQL obfuscation
-
Load balancing
-
SSL stripping
-
Subnetting
Correct answer: SQL obfuscation
SQL obfuscation can be used in a web server attack to masquerade malicious SQL queries by altering their appearance, making it more difficult for security systems to detect the attack.
Load balancing distributes traffic, SSL stripping downgrades secure connections, and subnetting involves network segmentation, none of which are related to masquerading SQL queries.
20.
Which of the following refers to the use of information and communication technologies to gain an advantage over an opponent?
-
Information warfare
-
Information security
-
Cybercrime
-
Service enumeration
Correct answer: Information warfare
Information warfare, or infowar, refers to the use of information and communication technologies to gain an advantage over an opponent. There are both defensive and offensive types of information warfare.
Information warfare is not necessarily illegal, meaning that it isn't cybercrime. Information security, or infosec, refers to the defense and protection of information systems. Service enumeration means identifying services running on a specific target.