CERTIFIED ETHICAL HACKER v11 MASTER SET questions and answers| GRADED A+
4 views 0 purchase
Course
CERTIFIED ETHICAL HACKER v11
Institution
CERTIFIED ETHICAL HACKER V11
CERTIFIED ETHICAL HACKER v11 MASTER SET
Which of the following information security elements guarantees that the sender of a message cannot later deny having sent the message and the recipient cannot deny having received the message?
A Confidentiality
B Non-repudiation
C Availability
D Int...
CERTIFIED ETHICAL HACKER v11 MASTER SET
Which of the following information security elements guarantees that the sender of a message cannot
later deny having sent the message and the recipient cannot deny having received the message?
A Confidentiality
B Non-repudiation
C Availability
D Integrity correct answer: B
A phase of the cyber kill chain methodology triggers the adversary's malicious code, which utilizes a
vulnerability in the operating system, application, or server on a target system. At this stage, the
organization may face threats such as authentication and authorization attacks, arbitrary code
execution, physical security threats, and security misconfiguration.
Which is this phase of the cyber kill chain methodology?
A Reconnaissance
B Weaponization
C Exploitation
D Installation correct answer: C
Which of the following is a category of hackers who are also known as crackers, use their extraordinary
computing skills for illegal or malicious purposes, and are often involved in criminal activities?
A Black hats
B White hats
C Suicide hackers
D Script kiddies correct answer: A
John, a professional hacker, has launched an attack on a target organization to extract sensitive
information. He was successful in launching the attack and gathering the required information. He is
now attempting to hide the malicious acts by overwriting the server, system, and application logs to
avoid suspicion.
Which of the following phases of hacking is John currently in?
A Maintaining access
B Scanning
C Clearing tracks
D Gaining access correct answer: C
Which of the following risk management phases involves selecting and implementing appropriate
controls for the identified risks to modify them?
A Risk tracking and review
B Risk identification
,C Risk treatment
D Risk assessment correct answer: C
In which of the following incident handling and response phases are the identified security incidents
analyzed, validated, categorized, and prioritized?
A Incident recording and assignment
B Incident triage
C Containment
D Eradication correct answer: B
Which of the following phases of risk management is an ongoing iterative process that assigns priorities
for risk mitigation and implementation plans to help determine the quantitative and qualitative value of
risk?
A Risk identification
B Risk treatment
C Risk tracking and review
D Risk assessment correct answer: D
Jack, a security professional, was instructed to introduce a security standard to handle cardholder
information for major debit, credit, prepaid, e-purse, ATM, and POS cards. In the process, Jack has
employed a standard that offers robust and comprehensive standards as well as supporting materials to
enhance payment-card data security.
What is the security standard that Jack has employed?
A HIPAA
B SOX
C DMCA
D PCI DSS correct answer: D
Morris, an attacker, has targeted an organization's network. To know the structure of the target
network, he combined footprinting techniques with a network utility that helped him create
diagrammatic representations of the target network.
What is the network utility employed by Morris in the above scenario?
A Netcraft
B Tracert
C Shodan
D BuzzSumo correct answer: B
Which of the following Google advanced search operators displays similar websites to the specified
URL?
A [site:]
B [info:]
,C [inurl:]
D [related:] correct answer: D
Which of the following techniques is used by an attacker to perform automated searches on the target
website and collect specified information, such as employee names and email addresses?
A Web spidering
B Website mirroring
C Monitoring of web updates
D Website link extraction correct answer: A
Jude, an attacker, has targeted an organization's communication network. While conducting initial
footprinting, he used a Google dork to find the VoIP login portals of the organization.
What is the Google dork that helped Jude find the VoIP login portals?
A inurl:8080 intitle:"login" intext:"UserLogin" "English"
B inurl:/voice/advanced/ intitle:Linksys SPA configuration
C inurl:/remote/login?lang=en
D !Host=*.* intext:enc_UserPassword=* ext:pcf correct answer: A
Stokes, an attacker, decided to find vulnerable IoT devices installed in the target organization. In this
process, he used an online tool that helped him gather information such as a device's manufacturer
details, its IP address, and the location where it is installed.
What is the online tool that Stokes used in the above scenario?
A DuckDuckGo
B Baidu
C Shodan
D Bing correct answer: C
CenSys Solutions hired Clark, a security professional, to enhance the Internet security of the
organization. To achieve the goal, Clark employed a tool that provides various Internet security services,
including anti-fraud and anti-phishing services, application testing, and PCI scanning.
What is the tool used by Clark to perform the above activities?
A Blisqy
B OmniPeek
C Netcraft
D BTCrawler correct answer: C
Clark is a professional hacker. He targeted an organization for financial benefit and used various
footprinting techniques to gather information about the target network. In this process, he employed a
protocol used for querying databases that store the registered users or assignees of an Internet
resource, such as a domain name, an IP address block, or an autonomous system.
, What is the protocol employed by Clark in the above scenario?
A SMB
B Whois
C SNMP
D FTP correct answer: B
Which of the following tools in OSRFramework is used by attackers to check for a user profile on up to
290 different platforms?
A usufy.py
B phonefy.py
C entify.py
D searchfy.py correct answer: A
What is the feature in FOCA that checks each domain to ascertain the host names configured in NS, MX,
and SPF servers to discover the new host and domain names?
A Common names
B DNS search
C Web search
D Bing IP correct answer: B
Which of the following countermeasures should be followed to safeguard the privacy, data, and
reputation of an organization and to prevent information disclosure?
A Keeping the domain name profile public
B Enabling directory listings in the web servers
C Avoiding domain-level cross-linking for critical assets
D Turning on geolocation access on all mobile devices correct answer: C
Which of the following TCP communication flags notifies the transmission of a new sequence number
and represents the establishment of a connection between two hosts?
A FIN flag
B SYN flag
C PSH flag
D RST flag correct answer: B
Which of the following hping commands is used by an attacker to scan the entire subnet to detect live
hosts in a target network?
A hping3 -8 50-60 -S 10.0.0.25 -V
B hping3 -F -P -U 10.0.0.25 -p 80
C hping3 -1 10.0.1.x --rand-dest -I eth0
D hping3 -9 HTTP -I eth0 correct answer: C
The benefits of buying summaries with Stuvia:
Guaranteed quality through customer reviews
Stuvia customers have reviewed more than 700,000 summaries. This how you know that you are buying the best documents.
Quick and easy check-out
You can quickly pay through credit card or Stuvia-credit for the summaries. There is no membership needed.
Focus on what matters
Your fellow students write the study notes themselves, which is why the documents are always reliable and up-to-date. This ensures you quickly get to the core!
Frequently asked questions
What do I get when I buy this document?
You get a PDF, available immediately after your purchase. The purchased document is accessible anytime, anywhere and indefinitely through your profile.
Satisfaction guarantee: how does it work?
Our satisfaction guarantee ensures that you always find a study document that suits you well. You fill out a form, and our customer service team takes care of the rest.
Who am I buying these notes from?
Stuvia is a marketplace, so you are not buying this document from us, but from seller Classroom. Stuvia facilitates payment to the seller.
Will I be stuck with a subscription?
No, you only buy these notes for $16.49. You're not tied to anything after your purchase.