×

Quiz Session - Attempts With Random Questions

EC-Council CEH Exam Questions

Page 8 of 65

141.

Which type of attack involves an attacker injecting a malicious script into a web server's outgoing response?

  • Cross-Site Scripting (XSS) attack

  • Distributed Denial of Service (DDoS) attack

  • Phishing attack

  • Man-in-the-Middle (MitM) attack

Correct answer: Cross-Site Scripting (XSS) attack

A Cross-Site Scripting (XSS) attack involves an attacker injecting a malicious script into a web server's outgoing response, which is then executed by the client's browser. 

Distributed Denial of Service (DDoS) attacks flood servers with traffic, phishing attacks trick users into giving up information, and Man-in-the-Middle (MitM) attacks intercept communications, none of which involve injecting scripts into server responses.

142.

Which tool is used to manage and store encrypted passwords and notes in a local, secure, and organized manner?

  • KeePass

  • Password Safe

  • LastPass

  • Dashlane

Correct answer: KeePass

KeePass is a free open-source password manager that helps you to manage your passwords securely. You can store all your passwords in one database, which is locked with a master key or a key file. 

Password Safe, LastPass, and Dashlane are other password management tools, but KeePass is particularly notable for its use as a local, rather than cloud-based, solution.

143.

Which practice is most effective for preventing the unauthorized installation and operation of wireless access points within an enterprise environment? 

  • Implementing a strict access point management policy

  • Increasing the guard interval in Wi-Fi settings

  • Enabling fast roaming protocols like 802.11r

  • Utilizing Wi-Fi multimedia (WMM) settings for prioritization

Correct answer: Implementing a strict access point management policy

A strict access point management policy ensures that all wireless access points are authorized, configured, and managed according to the organization’s security protocols, thereby preventing unauthorized installations. This should include regular wireless network audits to ensure that no rogue access points have been deployed. 

The guard interval, fast roaming protocols, and Wi-Fi MultiMedia (WMM) settings are all related to performance rather than the security management of access points.

144.

Which attack best describes the manipulation of HTTP headers within web service requests to misrepresent the origin or intent of the request?

  • HTTP header spoofing

  • Web service masquerading

  • HTTP request tampering

  • Service request forgery 

Correct answer: HTTP header spoofing

HTTP header spoofing is an attack where the HTTP headers within web service requests are manipulated or spoofed to misrepresent the origin or intent of the request, potentially bypassing security checks or impersonating another service or user. 

Web service masquerading involves impersonating a service. HTTP request tampering is a broader term for altering HTTP requests but not specific to just HTTP headers. Service request forgery refers to forging service requests.

145.

What is a typical characteristic of serverless computing regarding application state?

  • State is managed externally, such as in a database or storage service

  • Serverless computing inherently provides stateful storage

  • Applications must maintain their own state.

  • Serverless functions have persistent local storage

Correct answer: State is managed externally, such as in a database or storage service

A typical characteristic of serverless computing regarding application state is that state is managed externally, often in a database or storage service, because serverless functions are stateless by design. 

Applications do not maintain their own state within the serverless function. Serverless computing does not inherently provide stateful storage. Serverless functions do not have persistent local storage, as they are ephemeral and stateless.

146.

Which tool is capable of monitoring and recording all the system calls made by a process, aiding in fileless malware detection?

  • Process Monitor

  • Aircrack-ng

  • John the Ripper

  • Nikto

Correct answer: Process Monitor

Process Monitor is a tool that can monitor and display in real time registry, file system, and process/thread activity, making it effective for observing the system calls made by processes, a key feature in detecting fileless malware activities. 

Aircrack-ng is used for Wi-Fi network security assessment. John the Ripper is a password cracker. Nikto is a web server scanner. 

147.

What malware is often used by the Ryuk ransomware as a starting point for an attack?

  • Trickbot

  • REvil

  • WannaCry

  • Maze

Correct answer: Trickbot

Ryuk is ransomware that utilizes complementary attacks to accomplish its goal. Trickbot started as a banking trojan to steal financial information. Ryuk is known to often use Trickbot as a starting point. Once Trickbot infects a system, it can pull the Ryuk ransomware onto the system. 

 REvil, WannaCry, and Maze are all examples of other types of ransomware.

148.

In what way do SQL injection queries typically deviate from the intended use of normal SQL queries?

  • They manipulate the standard SQL query structure to alter its intended behavior

  • SQL injection queries use advanced SQL syntax for better performance

  • They are written by the developers to test the database security

  • SQL injection queries are simply longer versions of normal SQL queries

Correct answer: They manipulate the standard SQL query structure to alter its intended behavior

SQL injection queries deviate from the intended use of normal SQL queries by manipulating the standard SQL query structure, altering its intended behavior for unauthorized access or operations. 

Unlike normal queries designed for valid transactions, SQL injection queries are not intended for performance optimization, nor are they authorized tests by developers. The length of the query is not the distinguishing factor; it's the intent and the manipulative structure that characterize SQL injection.

149.

What is the primary danger of leaving default credentials unchanged on a system or device?

  • It can lead to privilege escalation

  • It increases network speed

  • It ensures data integrity

  • It provides encrypted communication

Correct answer: It can lead to privilege escalation

Leaving default credentials unchanged poses a significant security risk because attackers often know or can easily find these credentials, allowing them unauthorized access, potentially leading to privilege escalation. 

Leaving credentials unchanged does not lead to increased network speed, data integrity, or encrypted communication. 

150.

When performing an investigation into webpages and the technologies used, you can use developer tools on Google Chrome. What is the equivalent to Chrome's developer tools on the Firefox web browser? 

  • Firebug

  • Firefly

  • Foxtools

  • FoxDev

Correct answer: Firebug

Firebug is a tool available on Firefox that allows you to dig into a website and the technologies used. You can look at the Document Object Model (DOM) and all its components. You can also select and inspect different HTML elements in the page. 

Firefly, Foxtools, and FoxDev are fictitious names. 

151.

What is the main disadvantage of enumeration?

  • It can be detected by intrusion detection systems (IDS)

  • It requires physical access to the system

  • It requires high-level privileges on the system

  • It only works on unencrypted networks

Correct answer: It can be detected by intrusion detection systems (IDS)

The main disadvantage of enumeration is that it can be detected by Intrusion Detection Systems (IDS) because it involves actively probing and interacting with the system. 

Enumeration does not require physical access or high-level privileges, and it can be done on both encrypted and unencrypted networks.

152.

Which of the following best defines Information Security?

  • The protection of information systems from unauthorized access, use, disclosure, disruption, modification, or destruction

  • The use of technology to break into systems and networks

  • The process of finding and reporting vulnerabilities

  • Ensuring software is free from bugs

Correct answer: The protection of information systems from unauthorized access, use, disclosure, disruption, modification, or destruction

The definition of Information Security is the protection of information systems from unauthorized access, use, disclosure, disruption, modification, or destruction. Many different teams within an organization play a part in the organization's information security, from the IT and security staff to the end users. 

The other options are all related to information security, but they do not define information security overall. 

153.

What is the primary purpose of the Nmap Scripting Engine (NSE)? 

  • To extend Nmap's capabilities using scripts

  • To decipher encrypted traffic

  • To automate the process of ARP requests

  • To visualize network topologies

Correct answer: To extend Nmap's capabilities using scripts

The Nmap Scripting Engine (NSE) allows users to extend Nmap's functionality using scripts, making it possible to perform more advanced tasks such as vulnerability detection and advanced information gathering. 

Deciphering encrypted traffic is not a primary purpose of NSE. Automating ARP requests is a function of ARP tools, not specifically NSE. Visualizing network topologies is associated with network mapping tools and not a primary function of NSE.

154.

What are Docker volumes primarily used for?

  • To store and manage persistent data for containers

  • To create new containers

  • To increase the processing power of containers

  • To connect containers to external networks

Correct answer: To store and manage persistent data for containers

Docker volumes are designed to store and manage data that should persist independently of container lifecycles, such as databases or file storage. 

Docker volumes are not used to increase processing power, create new containers, or connect containers to external networks. 

155.

Which protocol inherently lacks security features and can be exploited by session hijackers to capture data in plain text?

  • Telnet

  • SSH

  • HTTPS

  • SCP

Correct answer: Telnet

Telnet transmits data, including login credentials, in plain text over networks. This makes it vulnerable to session hijacking and eavesdropping. 

SSH, HTTPS, and SCP all use encryption to protect data in transit.

156.

In the Cyber Kill Chain, which step immediately follows weaponization?

  • Delivery

  • Reconnaissance

  • Installation

  • Exploitation 

Correct answer: Delivery

The Cyber Kill Chain framework consists of the seven stages of a cyberattack. Delivery is the third one, right after weaponization. 

The framework is as follows:

  1. Reconnaissance 
  2. Weaponization
  3. Delivery
  4. Exploitation
  5. Installation
  6. Command and Control
  7. Actions on Objectives

157.

Which of the following is a practical countermeasure to SNMP enumeration?

  • Limiting SNMP access to a certain IP range

  • Disabling the network firewall

  • Enabling remote desktop protocol (RDP)

  • Allowing unrestricted access to SNMP community strings

Correct answer: Limiting SNMP access to a certain IP range

Limiting SNMP access to a certain IP range is a good countermeasure to SNMP enumeration, as it restricts the ability of potential attackers to interact with SNMP unless they're coming from trusted IPs. 

Disabling the network firewall, enabling RDP, or allowing unrestricted access to SNMP community strings would likely increase vulnerability. 

158.

Which command-line tool is used for transferring data to or from a server and for exploiting File Transfer Protocol (FTP) as a vector?

  • cURL

  • ifconfig

  • ipconfig

  • dig

Correct answer: cURL

cURL is a command-line tool used for transferring data with URLs and can be used to exploit File Transfer Protocol (FTP) vulnerabilities by transferring data to or from a server, as well as many other protocols.

ifconfig is used to configure network interfaces, ipconfig is a console application that displays all current TCP/IP network configuration values, and dig is a DNS lookup utility.

159.

Which technique involves comparing the current state of system files against a known good baseline to detect potential malware alterations?

  • File integrity monitoring

  • Load balancing

  • Role-based access control

  • Session hijacking

Correct answer: File integrity monitoring

File Integrity Monitoring (FIM) involves checking and comparing the current state of system files against a previously established baseline to detect any alterations that could be indicative of a malware infection or other unauthorized changes. 

Load balancing is about distributing network traffic evenly, role-based access control manages user permissions based on their roles, and session hijacking is an attack where unauthorized users take over established user sessions. 

160.

Which cloud computing model combines on-premises infrastructure with cloud resources to create a flexible and scalable IT environment?

  • Hybrid cloud

  • Private cloud 

  • Public cloud

  • Community cloud 

Correct answer: Hybrid cloud

A hybrid cloud is a computing environment that combines on-premises infrastructure, or private clouds, with public clouds, allowing data and applications to be shared between them. This model provides businesses with flexibility and more data deployment options. 

A private cloud is an infrastructure operated solely for a single organization. A public cloud is where the services are rendered over a network that is open for public use. A community cloud is for a specific community of users from organizations that have shared needs.

×