×

Quiz Session - Attempts With Random Questions

EC-Council CEH Exam Questions

Page 5 of 65

81.

Which of the following protocols is commonly enumerated to obtain network device information?

  • SNMP

  • HTTP

  • SMTP

  • FTP

Correct answer: SNMP

Simple Network Management Protocol (SNMP) can be enumerated to gather information about network devices. SNMP can provide information about network devices such as their system name and other details. 

The other protocols (HTTP, SMTP, and FTP) may also be enumerated but will not provide much information about network devices. 

82.

What is the main purpose of DNS cache snooping? 

  • To determine if a DNS server has recently resolved specific DNS queries, providing insight into network activity

  • To generate a list of all subdomains related to a specific domain

  • To identify the physical location of a DNS server

  • To encrypt DNS query responses

Correct answer: To determine if a DNS server has recently resolved specific DNS queries, providing insight into network activity

DNS cache snooping is primarily used to determine if a DNS server has recently resolved specific DNS queries. This can provide insight into network activity and potentially reveal sensitive information about network users or configurations. 

DNS cache snooping does not generate a list of subdomains, identify the physical location of a DNS server, or encrypt DNS query responses.

83.

What is the main benefit of serverless computing from a scalability perspective?

  • It automatically scales computing resources based on application demand

  • It requires manual scaling of resources

  • It relies on physical server management

  • It limits the scaling to predefined thresholds

Correct answer: It automatically scales computing resources based on application demand

Serverless computing platforms automatically scale the computing resources up or down based on the application demand without the need for manual intervention, which is the key benefit from a scalability perspective. 

Serverless computing eliminates the need for manual scaling, physical server management, and the limitations of predefined scaling thresholds.

84.

What is SQL injection?

  • An attack method exploiting poor input validation

  • A technique for managing databases

  • A security testing method for databases

  • A database performance optimization process

Correct answer: An attack method exploiting poor input validation

SQL injection is an attack method that exploits poor input validation in applications to execute unauthorized SQL queries, potentially compromising the database. SQL injection specifically targets vulnerabilities where user input is not correctly sanitized, allowing attackers to manipulate or retrieve data directly from the database.

SQL injection is not a legitimate database management technique, a formal method for security testing, or performance optimization. 

85.

Angela is attempting to bypass path-based access control mechanisms in a web application. Which type of attack could Angela utilize to achieve this?

  • Path traversal

  • Session fixation

  • SQL injection

  • Input validation

Correct answer: Path traversal

Path traversal, also known as directory traversal, is an attack that allows attackers to access files, directories, and commands that reside outside the web root folder. It exploits insufficient security validation/sanitization of user-supplied input file names. 

Session fixation and SQL injection are different types of attacks not directly related to path-based access control mechanisms. Input validation is a security measure and not an attack.

86.

During which phase of vulnerability assessment are targets defined and information gathering methods chosen?

  • Pre-assessment

  • Active scanning

  • Result analysis

  • Remediation

Correct answer: Pre-assessment

During the pre-assessment phase of vulnerability assessment, targets are defined and methods for information gathering are chosen. Preparing in advance generally leads to a more effective assessment. 

Active scanning involves testing the target for vulnerabilities, result analysis focuses on interpreting the findings, and the remediation phase deals with addressing the discovered vulnerabilities.

87.

What attack targets the availability of web applications by consuming all available database connections, preventing legitimate access?

  • Connection pool DoS

  • SQL injection

  • XSS 

  • CSRF 

Correct answer: Connection pool DoS

Connection pool DoS (Denial of Service) attacks target the availability of web applications by consuming all available database connections, leaving none for legitimate users.

SQL injection and Cross-Site Scripting (XSS) involve code injection, while Cross-Site Request Forgery (CSRF) tricks users into submitting unwanted actions.

88.

How do application security firewalls contribute to cloud security?

  •  By filtering out malicious web traffic and protecting against common web vulnerabilities

  • By monitoring application performance metrics

  • By protecting against external hardware threats

  • By providing a physical barrier to server hardware

Correct answer: By filtering out malicious web traffic and protecting against common web vulnerabilities

Application security firewalls, often called Web Application Firewalls (WAFs), specifically protect web applications by filtering and monitoring HTTP traffic between a web application and the internet. They help protect web applications by preventing attacks stemming from web application security flaws, such as SQL injection, Cross-Site Scripting (XSS), file inclusion, and security misconfigurations. 

WAFs are not designed for monitoring application performance, providing physical barriers, or protecting against external hardware threats.

89.

What is a concern among privacy advocates regarding the use of GAKs?

  •  Potential for abuse and unauthorized surveillance

  • Increased security for private communications

  • Improved efficiency in government communication systems

  • The cost associated with implementing GAK systems

Correct answer: Potential for abuse and unauthorized surveillance

Privacy advocates are concerned that Government Access Keys (GAKs) could be abused, leading to unauthorized surveillance and infringement of individual privacy rights by governments. 

While concerns about cost might exist, the primary worry is about the potential for misuse. GAKs are not necessarily related to improving the security of private communications or the efficiency of government communication systems.

90.

How can Nmap be used to detect the firewall in a network?

  • By using the -sA (ACK) scan option

  • By using the -sS (SYN) scan option

  • By using the -sN (Null) scan option

  • By using the -sF (FIN) scan option

Correct answer: By using the -sA (ACK) scan option

The -sA (ACK) scan option can be used with Nmap to determine if a stateful firewall is in place or if no firewall is in place. If no response is received, a stateful firewall is present. If an RST packet is received as a response, then there is no firewall present. 

SYN scans, Null scans, and FIN scans won't provide information regarding whether a firewall is in place. 

91.

Which of the following tools would be best to use LDAP enumeration?

  • JXplorer

  • Wireshark

  • Metasploit

  • PuTTY

Correct answer: JXplorer

JXplorer is an open-source LDAP browser and editor. JXplorer is specifically designed for LDAP unlike the other tools mentioned. 

While Wireshark can capture LDAP packets and Metasploit might have modules for LDAP-related vulnerabilities, JXplorer would be a better option. PuTTY is an SSH and telnet client.

92.

 Which technique can an attacker use to exploit services running as root on a Linux system to escalate privileges?

  • Kernel exploitation

  • Service enumeration

  • Sniffing network traffic

  • Dictionary attacks

Correct answer: Kernel exploitation

Kernel exploitation focuses on targeting vulnerabilities within the system kernel, and if a vulnerable service runs as root, it can lead to privilege escalation. 

Service enumeration is about identifying running services, sniffing involves capturing network traffic, and dictionary attacks aim to guess passwords. Only kernel exploitation directly involves exploiting services running as root for privilege escalation.

93.

How did the 802.11i amendment address the security deficiencies of WEP?

  • By introducing WPA with protocols like TKIP and AES

  • By extending the IV size in WEP

  • By implementing a new version of WEP with longer keys

  • By mandating the use of MAC address filtering

Correct answer: By introducing WPA with protocols like TKIP and AES

802.11i addressed WEP's deficiencies by introducing Wi-Fi Protected Access (WPA) and Wi-Fi Protected Access II (WPA2), which use TKIP and AES for encryption, respectively. These protocols provide stronger security than WEP by ensuring data integrity and encryption. 

Extending the IV size and implementing a new version of WEP with longer keys were not measures taken by the 802.11i amendment. MAC address filtering is a network access control method and, while it can improve security, does not address the fundamental encryption weaknesses found in WEP.

94.

Priya has the Google search engine up on her computer and has typed the string site:Amazon.com filetype:xls "Dropshipping" in the search bar. What type of results is Priya likely looking to find?

  • Excel files from Amazon.com that contain the keyword Dropshipping

  • Any files from the Amazon.com domain that contain the keyword Dropshipping

  • Any Excel files from anywhere on the internet that contain the words Amazon and Dropshipping

  • PDF files from Amazon.com that contain the word Drop or Shipping

Correct answer: Excel files from Amazon.com that contain the keyword Dropshipping

Google hacking is a useful technique to improve search results. By using specific strings containing keywords, you can find useful results. In the scenario, the string given would be used to locate Excel files from Amazon.com that contain the keyword Dropshipping

The string given would not show other file types besides Excel, and it would not search on other domains besides Amazon.com. 

95.

Which of the following best describes an attack that takes place due to the lack of proper authentication mechanisms in an IoT device?

  • Unauthorized device access

  • Insecure network services 

  • Insufficient privacy protection 

  • Insecure or outdated components

Correct Answer: Unauthorized device access

Unauthorized device access is a threat and attack that occurs when an attacker gains access to an IoT device due to weak or non-existent authentication mechanisms. Weak, guessable, or hardcoded credentials can all lead to Unauthorized Device Access. 

Insecure network services may facilitate unauthorized access but are not an attack themselves. Insufficient privacy protection is a broad concern that can lead to various attacks but is not an attack by itself. The use of insecure or outdated components is a vulnerability that could lead to many types of attacks but is not specific to authentication issues.

96.

Which of the following Nmap commands could be used to perform a service enumeration version scan on the host 192.168.5.125?

  • nmap -sV 192.168.5.125

  • nmap -Pn 192.168.5.125

  • nmap -sS 192.168.5.125

  • nmap -sn 192.168.5.125

Correct answer: nmap -sV 192.168.5.125

The command nmap -sV target is used to perform a version detection scan, helping to identify the versions of services running on the target system. 

The command nmap -Pn target is used to skip host discovery and scan anyway, nmap -sS target is used for a SYN scan, and nmap -sn target is used to perform a ping scan and disable port scanning.

97.

Max is a student studying in Russia and is connected to the internet. Which of the following Regional Internet Registries (RIR) is responsible for the IP addresses in Russia?

  • RIPE

  • APNIC

  • ARIN

  • LACNIC

Correct answer: RIPE

Réseaux IP Européens Network Coordination Centre (RIPE or RIPE NCC) is responsible for the IP addresses in Europe, Russia, Greenland, the Middle East, and parts of Central Asia. 

APNIC is responsible for IP addresses for Asia, Australia, New Zealand, and neighboring countries. ARIN handles the United States, Canada, Antarctica, and parts of the Carribean. LACNIC handles Latin America and parts of the Carribean. 

98.

Which term, derived from a military reference, refers to gathering information about the location of a target by scouting and covertly surveilling them? 

  • Reconnaissance

  • Command & control 

  • Persistence 

  • Discovery

Correct answer: Reconnaissance

The term reconnaissance stems from the military, and it refers to gathering as much information about a target, such as the location of the target, as possible. Reconnaissance on a target is typically the most time-consuming part of the cyber attack lifecycle. 

Persistence refers to ensuring that once a foothold has been acquired within a system or network, the attacker can re-enter even after the system has been rebooted or modified. This is typically done by installing a backdoor into the system. Discovery is any activity that collects data and information from within a target environment. Command & control refers to the ability to issue commands and actions to the target system. 

99.

How can you enable containers to communicate across different Docker hosts?

  •  By using the overlay network driver

  • By disabling network isolation

  • By creating a host network

  • By using the default bridge network

Correct answer: By using the overlay network driver

The overlay network driver is used to facilitate communication between containers across multiple Docker hosts. The overlay network driver enables communication over the physical infrastructure. 

The default bridge network is intended for single-host communication. Creating a host network also applies to a single host and gives a container full access to the host's network stack. Disabling network isolation is unrelated to multi-host communication and would compromise security.

100.

How does SQL injection typically occur?

  • By taking advantage of improperly sanitized user inputs

  • Through secure database connections 

  • By exploiting vulnerabilities in server configurations

  • Due to the use of outdated SQL syntax

Correct answer: By taking advantage of improperly sanitized user inputs

SQL injection primarily occurs when user inputs are improperly sanitized, allowing attackers to insert or alter SQL queries. Input validation is the most effective mediation for this type of vulnerability. 

This vulnerability is not related to the security of database connections, server configurations, or outdated SQL syntax but rather to how user input is handled by the application.

×