CEH V12 3 Questions with Correct Answers
Cross-site request forgery involves: - Answer-A browser making a request to a server without the user's knowledge
You are a security officer of a company. You had an alert from IDS that indicates that one PC on your Intranet is connected to a blacklisted...
CEH V12 3 Questions with Correct
Answers
Cross-site request forgery involves: - Answer-A browser making a request to a server
without the user's knowledge
You are a security officer of a company. You had an alert from IDS that indicates that
one PC on your Intranet is connected to a blacklisted IP address (C2 Server) on the
Internet. The IP address was blacklisted just before the alert. You are starting an
investigation to roughly analyze the severity of the situation. Which of the following is
appropriate to analyze? - Answer-Internet Firewall/Proxy log
John, a professional hacker, targeted an organization that uses LDAP for accessing
distributed directory services. He used an automated tool to anonymously query the
IDAP service for sensitive information such as usernames. addresses, departmental
details, and server names to launch further attacks on the target organization.What is
the tool employed by John to gather information from the IDAP service? - Answer-
jxplorer
A security analyst is performing an audit on the network to determine if there are any
deviations from the security policies in place. The analyst discovers that a user from the
IT department had a dial-out modem installed.Which security policy must the security
analyst check to see if dial-out modems are allowed? - Answer-Remote-access policy
What piece of hardware on a computer's motherboard generates encryption keys and
only releases a part of the key so that decrypting a disk on a new piece of hardware is
not possible? - Answer-TPM
Tony wants to integrate a 128-bit symmetric block cipher with key sizes of 128,192, or
256 bits into a software program, which involves 32 rounds of computational operations
that include substitution and permutation operations on four 32-bit word blocks using 8-
variable S-boxes with 4-bit entry and 4-bit exit. Which of the following algorithms
includes all the above features and can be integrated by Tony into the software
program? - Answer-serpent
Every company needs a formal written document which spells out to employees
precisely what they are allowed to use the company's systems for, what is prohibited,
and what will happen to them if they break the rules. Two printed copies of the policy
should be given to every employee as soon as possible after they join the organization.
The employee should be asked to sign one copy, which should be safely filed by the
company. No one should be allowed to use the company's computer systems until they
, have signed the policy in acceptance of its terms.What is this document called? -
Answer-Information Security Policy (ISP)
Mason, a professional hacker, targets an organization and spreads Emotet malware
through malicious script. After infecting the victim's device. Mason further used Emotet
to spread the infection across local networks and beyond to compromise as many
machines as possible. In this process, he used a tool, which is a self-extracting RAR
file, to retrieve information related to network resources such as writable share drives.
What is the tool employed by Mason in the above scenario? - Answer-Credential
enumerator
Alex, a cloud security engineer working in Eyecloud Inc. is tasked with isolating
applications from the underlying infrastructure and stimulating communication via well-
defined channels. For this purpose, he used an open-source technology that helped him
in developing, packaging, and running applications; further, the technology provides
PaaS through OS-level visualization, delivers containerized software packages, and
promotes fast software delivery. What is the cloud technology employed by Alex in the
above scenario? - Answer-Docker
--------- is a set of extensions to DNS that provide the origin authentication of DNS data
to DNS clients (resolvers) so as to reduce the threat of DNS poisoning, spoofing, and
similar types of attacks. - Answer-DNSSEC
Which of the following is a low-tech way of gaining unauthorized access to systems? -
Answer-Social Engineering
Elante company has recently hired James as a penetration tester. He was tasked with
performing enumeration on an organization's network. In the process of enumeration,
James discovered a service that is accessible to external sources. This service runs
directly on port 21. What is the service enumerated byjames in the above scenario? -
Answer-File Transfer Protocol (FTP)
While scanning with Nmap, Patin found several hosts which have the IP ID of
incremental sequences. He then decided to conduct: nmap -Pn -p- -si kiosk.adobe.com
www.riaa.com. kiosk.adobe.com is the host with incremental IP ID sequence. What is
the purpose of using "-si" with Nmap? - Answer-Conduct IDLE scan
The security team of Debry Inc. decided to upgrade Wi-Fi security to thwart attacks
such as dictionary attacks and key recovery attacks. For this purpose, the security team
started implementing cutting-edge technology that uses a modern key establishment
protocol called the simultaneous authentication of equals (SAE), also known as
dragonfly key exchange, which replaces the PSK concept. What is the Wi-Fi encryption
technology implemented by Debry Inc.? - Answer-WPA3
Richard, an attacker, aimed to hack IoT devices connected to a target network. In this
process, Richard recorded the frequency required to share information between
The benefits of buying summaries with Stuvia:
Guaranteed quality through customer reviews
Stuvia customers have reviewed more than 700,000 summaries. This how you know that you are buying the best documents.
Quick and easy check-out
You can quickly pay through credit card or Stuvia-credit for the summaries. There is no membership needed.
Focus on what matters
Your fellow students write the study notes themselves, which is why the documents are always reliable and up-to-date. This ensures you quickly get to the core!
Frequently asked questions
What do I get when I buy this document?
You get a PDF, available immediately after your purchase. The purchased document is accessible anytime, anywhere and indefinitely through your profile.
Satisfaction guarantee: how does it work?
Our satisfaction guarantee ensures that you always find a study document that suits you well. You fill out a form, and our customer service team takes care of the rest.
Who am I buying these notes from?
Stuvia is a marketplace, so you are not buying this document from us, but from seller Scholarsstudyguide. Stuvia facilitates payment to the seller.
Will I be stuck with a subscription?
No, you only buy these notes for $13.49. You're not tied to anything after your purchase.