×

Quiz Session - Attempts With Random Questions

EC-Council CEH Exam Questions

Page 2 of 65

21.

Which type of attack aims to make a website or service unavailable in multiple regions or worldwide?

  • Global DoS attack

  • Regional DoS attack

  • Stateful DoS attack

  • Stateless DoS attack

Correct answer: Global DoS attack

A Global DoS attack targets a website or service to make it unavailable in multiple regions or worldwide. 

The other options are either fictional or not directly related to the geographical reach of the attack.

22.

In August 2021, which global company suffered a 2.4 Tbps DDoS attack that made its service unavailable for over 10 minutes?

  • Microsoft

  • Netflix

  • Amazon

  • Apple

Correct answer: Microsoft 

In August 2021, Microsoft experienced a Distributed Denial of Service (DDoS) attack that made its Azure service unavailable for over 10 minutes. The DDoS technique used was a UDP reflection attack. 

The DDoS attack described in the question did not target Netflix, Amazon, or Apple.  

23.

Which software primarily focuses on network diagramming and documentation?

  • Microsoft Visio

  • Nmap

  • Wireshark

  • Nessus

Correct answer: Microsoft Visio

Microsoft Visio is primarily used for creating diagrams, including network diagrams. Visio is one of the most popular tools used for creating detailed network diagrams. 

Nmap is for network scanning, Wireshark for packet capture, and Nessus for vulnerability scanning.

24.

What attack vector on mobile devices is characterized by sending fraudulent messages to entice users into revealing sensitive information or performing certain actions? 

  • Smishing 

  • Vishing 

  • Phishing 

  • Spoofing 

Correct answer: Smishing

Smishing is an attack vector that uses Short Message Service (SMS) to send fraudulent messages that aim to trick the recipient into divulging sensitive information or performing actions that may lead to device compromise or financial loss. 

Vishing involves voice calls. Phishing is a broader term that often refers to email-based scams. Spoofing can involve various methods of impersonation but does not specifically refer to sending messages to users.

25.

Which type of security threat involves the unauthorized access and manipulation of data in a cloud service?

  • Data leakage

  • DDoS attack

  • API vulnerability

  • Side-channel attack

Correct answer: Data leakage

Data leakage involves unauthorized access and potential manipulation of data, which is a significant concern in cloud security. 

DDoS attacks typically target the availability of a service. API vulnerabilities are a broader category that can lead to various types of security issues. A side-channel attack is a method that gains information from the implementation of a computer system rather than weaknesses in the implemented algorithms themselves.

26.

What tool provides features for advanced XML editing that can be repurposed by attackers to test for XML injection vulnerabilities?

  • XMLSpy

  • SoapUI

  • Fiddler

  • Postman

Correct answer: XMLSpy

XMLSpy offers advanced XML editing, validation, and debugging features that attackers could repurpose to test for XML injection vulnerabilities in web services. 

SoapUI is for SOAP-based web service testing. Fiddler is a web debugging proxy. Postman is an API development environment.

27.

Which Windows service, primarily responsible for distributing automatic updates, can be exploited by attackers to bypass firewalls?

  • Windows Background Intelligent Transfer Service

  • Windows Update Service

  • Windows Firewall Service

  • Windows Defender Service

Correct answer: Windows Background Intelligent Transfer Service

Windows Background Intelligent Transfer Service (BITS) is primarily designed to transfer files in the background using idle network bandwidth. Because of its legitimate purpose of downloading Windows updates, it often has permissions to communicate through firewalls. Attackers can exploit this feature to bypass firewalls by using BITS to download or upload files. 

Windows Update Service manages the updates but doesn't handle the transfer in the same manner, and the Windows Firewall Service and Windows Defender Service are related to security but aren't exploited in this way for file transfers.

28.

What security measure was introduced to prevent DNSSEC zone walking, a vulnerability where an attacker can enumerate all the DNS names in a zone?

  • NSEC3 records

  • DNSKEY records

  • RRSIG records

  • DS records

Correct answer: NSEC3 records

The NSEC3 record was introduced to prevent DNSSEC zone walking. It is similar to NSEC, but it includes a hashed version of the next record name, making it harder to enumerate DNS entries. 

DNSKEY records hold public keys used in DNSSEC but don't directly prevent zone walking. RRSIG records provide signatures for DNS record sets, and DS records are used for delegation of trust, neither of which are directly involved in preventing zone walking.

29.

What technique within the MITRE ATT&CK for ICS might involve an attacker using standard protocols to interact with and control industrial processes?

  • Exploitation of remote services

  •  The command-line interface

  • Control device identification

  • Data destruction

Correct answer: Exploitation of remote services

Exploitation of remote services involves taking advantage of services or functions intended for remote management or interaction with ICS processes. This technique is listed under Initial Access and Lateral Movement Tactics in MITRE ATT&CK for ICS.

The command-line interface is a means of interaction with the computer, not specifically related to the control of industrial processes. Control device identification is about recognizing devices, not interacting with them, and data destruction is related to damaging or erasing data.

30.

Which of the following is not a tool used for DNS enumeration using zone transfer?

  • VRFY

  • Nslookup

  • Dig

  • DNSRecon

Correct answer: VRFY

VRFY is a command that, when enabled, is used to validate users on a mail server using SMTP. VRFY is not used for DNS enumeration using zone transfers. 

Performing a DNS zone transfer can be done using tools such as NSlookup, Dig, and DNSRecon. 

31.

Which of the following is a detective control in cloud security?

  • Regular security audits

  • Implementation of firewalls

  • User training and awareness programs

  • Anti-malware software

Correct answer: Regular security audits

Regular security audits are a form of detective control in cloud security, which help to identify non-compliance with security policies, unauthorized changes, or other security risks within the cloud infrastructure. 

User training and awareness are administrative controls, firewalls are preventive controls, and anti-malware software is considered a preventive control. 

32.

Why is living off the land a term associated with fileless malware?

  • It utilizes built-in system tools to conduct malicious activities

  • It always targets agricultural databases

  • It involves hiding in files related to land and property documents

  • It requires a physical presence near the target system

Correct answer: It utilizes built-in system tools to conduct malicious activities

The term living off the land in a cybersecurity context refers to the tactic wherein malware utilizes built-in system tools and legitimate processes to conduct its malicious activities. This approach helps it blend in and evade detection. 

The other options are not relevant to fileless malware. 

33.

Which type of footprinting does not directly interact with the target system and instead gathers information from publicly available sources?

  • Passive footprinting

  • Active footprinting

  • Aggressive scanning

  • Direct enumeration 

Correct answer: Passive footprinting

Footprinting is always the first step in an attack against any information system. During footprinting, information is gathered about the target. Passive and active are the two types of footprinting. Passive footprinting involves collecting data without interacting with the target directly. This is typically done using public information.

Active footprinting involves directly interacting with the target system, such as pinging the system or port scanning. Aggressive scanning relates to active probing but isn't specifically tied to the process of footprinting. Direct enumeration is more related to understanding the specific services and functions of a system rather than broader footprinting.

34.

Which of the following web services can be used to gather information about a website's technology stack?

  • BuiltWith

  • WhoIsHostingThis

  • Google Trends

  • Moz

Correct answer: BuiltWith

The web service BuiltWith provides details on the technologies, frameworks, and tools a website is using. Another tool that can be used for gathering information about a website's tech stack is Wappalyzer, a browser plugin, that can be added to Chrome or Firefox. 

WhoIsHostingThis tells you where a website is hosted but not its tech stack. Moz focuses on Search Engine Optimization (SEO). Google Trends showcases search trends over time.

35.

What is the primary role of Programmable Logic Controllers (PLCs) in OT environments?

  •  To control industrial machines and processes

  • To provide computing resources for general office applications

  • To facilitate electronic communication via email

  • To manage human resources

Correct answer: To control industrial machines and processes

Programmable Logic Controllers (PLCs) are Industrial Control Systems (ICSs) that continuously monitor the state of input devices and make decisions based upon a custom program to control the state of output devices essential for machine automation. 

PLCs are not designed for office applications, email communication, or human resource management.

36.

What type of mobile device attack involves a perpetrator intercepting and possibly altering the communication between two parties who believe they are directly communicating with each other? 

  • Man-in-the-Middle attack (MITM)

  • Phishing attack

  • Denial-of-Service (DoS) attack

  • Trojan attack

Correct answer: Man-in-the-Middle attack (MITM)

A Man-In-The-Middle attack (MITM) occurs when an attacker intercepts communication between two parties, potentially eavesdropping or altering the communication without their knowledge. 

Phishing attacks involve tricking the user into giving away sensitive information. A Denial-of-Service (DoS) attack aims to make a service unavailable. A Trojan attack involves malware that is disguised as legitimate software.

37.

What is the best countermeasure against tailgating?

  • Implementing strict physical security measures

  • Regular software patching

  • Using virtual private networks (VPNs)

  • Deploying network intrusion detection systems

Correct answer: Implementing strict physical security measures

Tailgating involves unauthorized individuals following authorized personnel into secure areas. The best countermeasure against this is to implement strict physical security measures, such as security guards, badge readers, and man traps. 

While software patching, using Virtual Private Networks (VPNs), and deploying network Intrusion Detection Systems (IDSs) are all critical security practices, they don't counter the physical security risks posed by tailgating.

38.

Which of the following is a primary characteristic of a design flaw vulnerability?

  • It arises due to poor system design decisions

  • It results from a typographical error in the code

  • It is primarily discovered by running static code analysis

  • It is based on a lack of user input validation in the application

Correct answer: It arises due to poor system design decisions

A design flaw vulnerability is a result of poor system design decisions. Design flaws stem from the overall design of the system or application failing to consider certain security aspects.

Running static code analysis is more suitable for finding coding errors rather than design flaws. While lack of user input validation is a common security issue, it often comes under implementation errors rather than design flaws. Typographical errors in code are simply coding mistakes and not design flaws. 

39.

Andrea is performing network footprinting and reconnaissance. What could she use traceroute for?

  • To map out the path data takes from the source to the destination

  • To find vulnerabilities in the network

  • To crack network passwords

  • To perform a denial-of-service attack

Correct Answer: To map out the path data takes from the source to the destination

Traceroute is used to map out the path data packets take from the source (Andrea's system) to the destination (the target system), making it a valuable tool in network footprinting for understanding network topology. 

The other options, such as finding vulnerabilities, cracking passwords, or performing a denial-of-service attack, cannot be done using traceroute.

40.

Which type of malware primarily spreads through malicious macros in documents?

  • Macro virus

  • Polymorphic virus

  • Resident virus

  • File infector virus

Correct answer: Macro virus

A macro virus primarily spreads by exploiting macros within documents, especially in software like Microsoft Office. Disabling macros is one way to mitigate these types of viruses. 

Polymorphic viruses change their code to avoid detection. Resident viruses embed themselves in system memory. File infector viruses attach themselves to executable files.

×