×

Quiz Session - Attempts With Random Questions

EC-Council CEH Exam Questions

Page 7 of 65

121.

Which of the following is an effective countermeasure against ARP spoofing attacks?

  • Utilizing static ARP entries

  • Limiting bandwidth usage

  • Employing MAC address filtering

  • Reducing DHCP lease time

Correct answer: Utilizing static ARP entries

Using static ARP entries means setting a device to only recognize a specific IP-MAC address pairing. This is effective against ARP spoofing attacks because the device will not accept unsolicited ARP responses that try to associate a malicious MAC address with a known IP. 

While MAC address filtering can add a layer of security, it doesn't directly combat ARP spoofing. Limiting bandwidth and reducing DHCP lease times are unrelated to ARP spoofing countermeasures.

122.

You want to see if you are able to get any information about the applications in use on target 192.168.10.111 by having nmap look at the application banner. Which command could you run to achieve this?

  • nmap -sV 192.168.10.111

  • nmap -sS 192.168.10.111

  • nmap -sN 192.168.10.111

  • nmap -sT 192.168.10.111

Correct answer: nmap -sV 192.168.10.111

Version scanning, using the -sV parameter in nmap, is one way to gather information about applications. The command nmap -sV 192.168.10.11 would run a version scan on the host 192.168.10.111. When running a version scan, nmap connects to the port and issues the correct protocol commands to get the application banner. The banner may include information such as the software or application name as well as the version. 

The command nmap -sS 192.168.10.111 will perform a SYN scan of the target. The command nmap -sN 192.168.10.111 will perform a NULL scan of the target. The command nmap -sT 192.168.10.111 will perform a full TCP connect scan of the target. Only the version scan will provide information about the applications. 

123.

Which of the following best describes the act of acquiring and using someone else's personal data for illicit purposes?

  • Identity theft 

  • Phishing attacks

  • Buffer overflow

  • Man-in-the-middle attacks

Correct answer: Identity theft

Identity theft involves the unauthorized acquisition and use of someone's personal data, usually for illicit purposes such as financial gain.

Phishing attacks are methods of tricking users into giving up their data, but they don't encompass the whole process of illicitly using it. Buffer overflow is a type of vulnerability in software, and a man-in-the-middle attack involves intercepting communications between two parties.

124.

What is the main objective of a Smurf attack in the context of DDoS?

  • Amplifying the attack by exploiting ICMP

  • Infecting a system with malware

  • Stealing personal data

  • Intercepting secure transmissions

Correct answer: Amplifying the attack by exploiting ICMP

A Smurf attack uses the Internet Control Message Protocol (ICMP) to flood a victim with network traffic. It involves sending ping requests to a network's broadcast address to amplify the attack. 

The other options are different types of cyberattacks and are not related to ICMP amplification.

125.

Which record type is used to indicate the host that email should be sent to for a specific domain?

  • MX

  • NS

  • CNAME

  • PTR

Correct answer: MX

MX records are mail exchanger records, which indicate the host that email should be sent from for that domain. 

NS records are the IP addresses and FQDNs of the authoritative name servers for that domain. A CNAME is an alias for an FQDN. A PTR record is a pointer from an IP address to an FQDN. 

126.

Which cloud security threat specifically targets making a cloud service unavailable to its users?

  • DDoS attack

  • Phishing attack

  • Cross-site scripting

  • Insider threat

Correct answer: DDoS attack

A Distributed Denial of Service (DDoS) attack specifically targets services with the intention of making them unavailable to users by overwhelming the service with excessive requests. DDoS attacks can be performed against cloud services and non-cloud services. 

Phishing attempts to acquire sensitive data fraudulently. Insider threats come from within the organization and do not necessarily aim to disrupt services. Cross-Site Scripting (XSS) attacks inject malicious scripts but are primarily aimed at client-side exploitation rather than service availability.

127.

What type of information gathering can an ethical hacker perform with IoTSeeker?

  •  Passively scanning for devices with default credentials without engaging them

  • Actively engaging with devices to map their internal network structure

  • Intercepting and decrypting encrypted traffic from IoT devices

  • Conducting physical security assessments of IoT devices

Correct answer: Passively scanning for devices with default credentials without engaging them

IoTseeker passively scans for IoT devices that still have default credentials, which is a potential security risk, but it does not actively engage or interact with the devices, thereby reducing the risk of disrupting their operation. 

IoTSeeker does not map internal networks, decrypt traffic, or conduct physical security assessments.

128.

Which social engineering tactic relies on creating a sense of urgency to push the victim into making a hasty decision?

  • Scarcity

  • Consensus 

  • Familiarity 

  • Authority

Correct answer: Scarcity

Scarcity as a tactic plays on the victim's fear of missing out, creating a sense of urgency that can lead them to make hurried and often ill-advised decisions. 

Authority involves leveraging the influence of a perceived figure of authority to manipulate behavior. Consensus exploits the need to follow the crowd, while familiarity exploits the victim's trust in something or someone they recognize. 

129.

Which technique involves generating packets with odd combinations of flags to determine details about a network? 

  • Xmas scan

  • SYN scan

  • Decoy scan

  • Proxy scan

Correct answer: Xmas scan

Xmas scanning sends packets with multiple flags set, hoping for specific responses to learn more about the network. The scan gets its name from the way that it looks when viewed via a packet analysis tool like Wireshark. 

SYN scanning involves initiating a TCP connection but not completing it. Decoy scanning uses multiple IP addresses to mask the scanner's true IP. Proxy scanning involves using proxies to obfuscate the source of the scan.

130.

What could an attacker potentially do with the information gathered from email footprinting?

  •  Launch targeted phishing attacks

  • Decrypt encrypted files

  • Directly access the internal database

  • Modify the source code of the email server

Correct Answer: Launch targeted phishing attacks

Information obtained from email footprinting can be used by an attacker to launch targeted phishing attacks. This is because the attackers may be able to see what types of emails the target typically receives, or they can impersonate a contact that the target has interacted with in the past. 

The other options are not directly related to the use of information obtained from email footprinting.

131.

Which file in Linux, if misconfigured, can directly lead to privilege escalation?

  • /etc/sudoers

  • /etc/passwd

  • /etc/networks

  • /etc/group

Correct answer: /etc/sudoers

The /etc/sudoers file in Linux systems determines who can run what commands as other users, including the root user. A misconfiguration in this file can lead to privilege escalation. 

While /etc/passwd and /etc/group involve user and group definitions respectively and /etc/networks define network names, the direct manipulation of privileges is most commonly associated with /etc/sudoers.

132.

What can an ethical hacker determine by using the Time to Live (TTL) value in an ICMP echo request and response?

  • Approximate distance (in hops) to the target

  • The type of operating system on the target

  • Open ports on the target

  • Subdomains associated with a target domain

Correct answer: Approximate distance (in hops) to the target

The TTL value can be used to estimate the number of hops to a target. Utilities like traceroute and ping use TTL to reach the host or trace a route to that host. 

While the type of OS can sometimes be inferred from TTL values and ICMP responses, it's not as direct as the distance. Determining open ports on a target requires port scanning, and finding subdomains associated with a target domain requires domain enumeration techniques.

133.

For an attacker, what's the primary advantage of using Send-safe Honeypot Hunter before launching an attack?

  • To verify and skip potential honeypot targets

  • To improve the speed of the attack

  • To bypass network intrusion detection systems

  • To encrypt the attacker's traffic

Correct answer: To verify and skip potential honeypot targets

The primary advantage of using Send-safe Honeypot Hunter for an attacker is to verify and skip potential honeypot targets, ensuring they don't waste resources or expose themselves by interacting with honeypots.

The Send-safe Honeypot Hunter tool is not designed to speed up attacks, bypass Intrusion Detection Systems (IDS), or encrypt traffic.

134.

In the context of cloud computing, what is the main purpose of a side-channel attack?

  • To extract information from a virtual machine by exploiting a shared physical resource

  • To create a denial of service condition

  • To bypass authentication mechanisms

  • To inject malicious code into a cloud software service

Correct answer: To extract information from a virtual machine by exploiting a shared physical resource

A side-channel attack in cloud computing is typically used to extract information from a virtual machine by exploiting shared physical resources such as CPU cache, which can lead to the leakage of sensitive information. 

Side-channel attacks do not primarily focus on denial of service, which aims to disrupt availability or bypass authentication mechanisms, which is the goal of attacks like credential stuffing or phishing. Injecting malicious code into cloud software is more aligned with application-level attacks rather than the exploitation of shared infrastructure.

135.

What does the term multi-tenancy in cloud computing refer to?

  • Multiple customers sharing the same infrastructure and applications

  • Multiple cloud providers collaborating to offer services

  • Multiple devices accessing cloud services simultaneously

  • Multiple instances of an application running on separate physical hardware

Correct answer: Multiple customers sharing the same infrastructure and applications

Multi-tenancy in cloud computing refers to a principle in software architecture where a single instance of the software runs on a server, serving multiple tenant customers. This allows for cost savings and efficiency as resources are pooled for all customers.

Multiple cloud providers collaborating to offer services represents a consortium. Multiple devices accessing cloud services simultaneously refers to broad network access, a feature of cloud computing.  Multiple instances of an application running on separate physical hardware describe traditional deployment methods rather than the cloud model.

136.

What is the first step in the wireless hacking methodology where attackers identify Wi-Fi networks within their range? 

  • Wi-Fi discovery

  • GPS mapping

  • Wireless traffic analysis

  •  The launch of wireless attacks

Correct answer: Wi-Fi discovery

Wi-Fi discovery is the initial step in the wireless hacking methodology. Attackers use tools to detect the presence of wireless networks within their range. This step is crucial for mapping out the target environment and selecting potential networks for further exploitation. 

GPS mapping is used to log the location of wireless networks. Wireless traffic analysis involves monitoring and analyzing the data transmitted over the network. The launch of wireless attacks refers to the execution of attack vectors based on gathered information.

137.

Which command is used to build a Docker image from a Dockerfile?

  • Docker build

  • Docker run 

  • Docker pull

  • Docker commit

Correct answer: Docker build

The docker build command is used to build an image from a Dockerfile and a context. 

The docker run command is used to run a container from an image. The docker pull command is used to pull an image or a repository from a registry. The docker commit command creates a new image from a container's changes.

138.

What is the primary goal of a password spraying attack against a web application's authentication mechanism?

  • To try a few common passwords against many different user accounts

  • To guess one user's password by trying many different passwords for that username

  • To intercept and use valid session tokens

  • To inject client-side scripts into web pages viewed by other users

Correct answer: To try a few common passwords against many different user accounts

Password spraying targets many user accounts with a few commonly used passwords, as opposed to trying many passwords on one account. It is an effective attack against organizations where users might have weak passwords. 

Guessing one user's password by trying many different passwords is likely to trigger account lockout mechanisms. Intercepting session tokens is related to session hijacking, and injecting scripts is associated with XSS attacks, neither of which are directly related to attacking the authentication mechanism through password spraying.

139.

What is one of the primary countermeasures against NetBIOS enumeration? 

  • Blocking incoming traffic on ports 137-139 and 445

  • Implementing two-factor authentication

  • Disabling ICMP echo requests

  • Deploying honeypots

Correct answer: Blocking incoming traffic on ports 137-139 and 445

Ports 137-139 and 445 are the ports associated with NetBIOS and SMB services. By blocking incoming traffic on these ports, NetBIOS enumeration attempts from external sources can be mitigated.

Implementing two-factor authentication is valuable for securing user logins but does not directly prevent NetBIOS enumeration. Disabling ICMP echo requests is a method to prevent ping sweeps. While honeypots can detect and divert attackers, they do not inherently block NetBIOS enumeration.

140.

After successfully cracking the Wi-Fi encryption, what is the final step in the wireless hacking methodology? 

  • Compromise the Wi-Fi Network

  • Wi-Fi Discovery

  •  GPS Mapping

  • Wireless Traffic Analysis

Correct answer: Compromise the Wi-Fi Network

Compromising the Wi-Fi Network is the final goal of the wireless hacking methodology, where the attacker gains unauthorized access to the network to conduct malicious activities, such as data theft or deploying malware. 

Compromising the Wi-Fi network follows the Wi-Fi Encryption Cracking step and is not to be confused with Wi-Fi Discovery (finding wireless networks to target), GPS Mapping (geographical plotting), or Wireless Traffic Analysis (packet capturing and inspection).

×