CERTIFIED ETHICAL HACKER – CEH
CERTIFICATION FINAL EXAM
QUESTIONS AND DETAILED CORRECT
ANSWERS | COMPREHENSIVE
STUDYGUIDE 2024
RSA is a public-key cryptosystem. Identify the statement
that is true for the RC6 algorithm:
A) Is a variable key-size stream cipher with byte-oriented
operations and is based on the used of random
permutation
B) Includes integer multiplication and the use of four 4-bit
working registers
C) Is a parameterized algorithm, with variable block size,
key size, and a variable number of rounds.
D) Is a 64-bit blick cipher that uses key length that can
vary between 32 and 448 bits. Correct Answer B) Includes
integer multiplication and the use of four 4-bit working
registers
Enumeration is defined as the process of extracting
usernames, machine names, network resources, shares,
and services from a system. Which of the following
enumerations does an attacker use to obtain a list of PCs
that belong to a domain?
A) Netbios
B) SNMP
C) NTP
,D) SMTP Correct Answer A) Netbios
Lawful intercept is a process that enables a Law
Enforcement Agency(LEA) to perform electronic
surveillance on a target as authorized by a judicial or
adiminstrative order. Which of the following is true for
lawful intercept?
A) Affects the subscriber's services on the router
B) Hides information about lawful intercept from all but the
most privileged users
C) Does not allow multiple LEAs to run a lawful intercept
on the same target without each others knowledge
D) Allows wiretaps only for outgoing communication
Correct Answer B) Hides information about lawful intercept
from all but the most privileged users
Secure Hashing Algorithm(SHA)-512 uses what size word
block?
A) 32
B) 64
C) 128
D) 256 Correct Answer B) 64
Which of the following is a mutation technique used for
writing buffer overflow exploits in order to avoid IDS and
other filtering mechanism?
A) Assuming that a string function is exploited, send a long
string as the input
B) Randomly replace the NOPs with functionally
equivalent segments of the code (e.g.: x++; x-; ? NOP
NOP)
,C) Pad the Beginning of the intended buffer overflow with
a longer run of NOP instructions (a NOP slide or sled) so
the CPU will do nothing until it gets to the "main event"
D) Makes a buffer to overflow on the lower part of the
heap, overwriting other dynamic variables which can have
unexpected and unwanted effects. Correct Answer B)
Randomly replace the NOPs with functionally equivalent
segments of the code (e.g.: x++; x-; ? NOP NOP)
Which of the following IDS evasion technique relies on
TTL in TCP/IP packets?
A) DoS Attack
B) Obfuscation
C) Insertion Attack
D) Unicode Evasion Correct Answer C) Insertion Attack
Attackers craft malicious probe packets and scan for
services such as HTTP over SSL (HTTPS) to detect
honeypots in a network. Which of the following condition
shows the presence of a honeypot?
A) Ports show a particular service running but deny a
three-way handshake connection
B) Ports show a particular service running and allow a
three-way handshake
C) Ports do not show any particular service running
D) Scan shows that no scanned ports are live on the
network Correct Answer A) Ports show a particular service
running but deny a three-way handshake connection
Which of the following UNIX commands can be used to
enumerate the shared directories on a machine?
, A) showmount
B) finger
C) rpcinfo
D) rpcclient Correct Answer A) showmount
What is the size of WEP initialization vector(IV)?
A) 8-bit
B) 16-bit
C) 24-bit
D) 32-bit Correct Answer C) 24-bit
Some viruses effect PCs as soon as their code is
executed; other viruses lie dormant until a pre-determined
logical circumstance is met. Identify the virus that modifies
the directory table so that the directory entries point to the
the virus code instead of the actual program:
A) Macro
B) Cluster
C) Encryption
D) Boot Sector Correct Answer B) Cluster
Which of the following scans only work if the operating
system's TCP/IP implementation is based on RFC 793?
A) NULL Scan
B) IDLE Scan
C)TCP Connection Scan
D)FTP Bounce Scan Correct Answer A) NULL Scan
OS Fingerprinting is the method used to determine the OS
running on a remote target system. Active stack
fingerprinting is one of the types of OS Finger printing.
The benefits of buying summaries with Stuvia:
Guaranteed quality through customer reviews
Stuvia customers have reviewed more than 700,000 summaries. This how you know that you are buying the best documents.
Quick and easy check-out
You can quickly pay through credit card or Stuvia-credit for the summaries. There is no membership needed.
Focus on what matters
Your fellow students write the study notes themselves, which is why the documents are always reliable and up-to-date. This ensures you quickly get to the core!
Frequently asked questions
What do I get when I buy this document?
You get a PDF, available immediately after your purchase. The purchased document is accessible anytime, anywhere and indefinitely through your profile.
Satisfaction guarantee: how does it work?
Our satisfaction guarantee ensures that you always find a study document that suits you well. You fill out a form, and our customer service team takes care of the rest.
Who am I buying these notes from?
Stuvia is a marketplace, so you are not buying this document from us, but from seller TUTORWAC. Stuvia facilitates payment to the seller.
Will I be stuck with a subscription?
No, you only buy these notes for $22.99. You're not tied to anything after your purchase.
