CEH v11

INDEX

Q301 - Developers at your company are creating a web application which will be available for use by anyone on the Internet, The developers have taken the approach of implementing a Three-Tier Architecture for the web application. The developers are now asking you which network should the Presentation Tier (front- end web server) be placed in?

  1. isolated vlan network
  2. Mesh network
  3. DMZ network
  4. Internal network

Answer: A

Q302 - A medium-sized healthcare IT business decides to implement a risk management strategy. Which of the following is NOT one of the five basic responses to risk?

  1. Delegate
  2. Avoid
  3. Mitigate
  4. Accept

Answer: A

Q303 - Which of the following provides a security professional with most information about the system's security posture?

  1. Wardriving, warchalking, social engineering
  2. Social engineering, company site browsing, tailgating
  3. Phishing, spamming, sending trojans
  4. Port scanning, banner grabbing, service identification

Answer: D

Q304 - Which of the following steps for risk assessment methodology refers to vulnerability identification?

  1. Determines if any flaws exist in systems, policies, or procedures
  2. Assigns values to risk probabilities; Impact values.
  3. Determines risk probability that vulnerability will be exploited (High. Medium, Low)
  4. Identifies sources of harm to an IT system. (Natural, Human. Environmental)

Answer: C

Q305 - The use of technologies like IPSec can help guarantee the following: authenticity, integrity, confidentiality and

  1. non-repudiation.
  2. operability.
  3. security.
  4. usability.

Answer: A

Q306 - A zone file consists of which of the following Resource Records (RRs)?

  1. DNS, NS, AXFR, and MX records
  2. DNS, NS, PTR, and MX records
  3. SOA, NS, AXFR, and MX records
  4. SOA, NS, A, and MX records

Answer: D

Q307 - Which of the following is a hardware requirement that either an IDS/IPS system or a proxy server must have in order to properly function?

  1. Fast processor to help with network traffic analysis
  2. They must be dual-homed
  3. Similar RAM requirements
  4. Fast network interface cards

Answer: B

Q308 - Jimmy is standing outside a secure entrance to a facility. He is pretending to have a tense conversation on his cell phone as an authorized employee badges in. Jimmy, while still on the phone, grabs the door as it begins to close. What just happened?

  1. Phishing
  2. Whaling
  3. Tailgating
  4. Masquerading

Answer: C

Q309 - Which of the following Nmap commands would be used to perform a stack fingerprinting?

  1. Nmap -O -p80 < host(s). >
  2. Nmap -hU -Q < host(s). >
  3. Nmap -sT -p < host(s). >
  4. Nmap -u -o -w2 < host >
  5. Nmap -sS -0p target

Answer: B

Q310 - An IT security engineer notices that the company's web server is currently being hacked. What should the engineer do next?

  1. Unplug the network connection on the company's web server.
  2. Determine the origin of the attack and launch a counterattack.
  3. Record as much information as possible from the attack.
  4. Perform a system restart on the company's web server.

Answer: C

Q311 - Eric has discovered a fantastic package of tools named Dsniff on the Internet. He has learnt to use these tools in his lab and is now ready for real world exploitation. He was able to effectively intercept communications between the two entities and establish credentials with both sides of the connections. The two remote ends of the communication never notice that Eric is relaying the information between the two. What would you call this attack?

  1. Interceptor
  2. Man-in-the-middle
  3. ARP Proxy
  4. Poisoning Attack

Answer: B

Q312 - Which security control role does encryption meet?

  1. Preventative
  2. Detective
  3. Offensive
  4. Defensive

Answer: A

Q313 - Perspective clients want to see sample reports from previous penetration tests. What should you do next?

  1. Decline but, provide references.
  2. Share full reports, not redacted.
  3. Share full reports with redactions.
  4. Share reports, after NDA is signed.

Answer: A

Q314 - How is sniffing broadly categorized?

  1. Active and passive
  2. Broadcast and unicast
  3. Unmanaged and managed
  4. Filtered and unfiltered

Answer: A

Q315 - To send a PGP encrypted message, which piece of information from the recipient must the sender have before encrypting the message?

  1. Recipient's private key
  2. Recipient's public key
  3. Master encryption key
  4. Sender's public key

Answer: B

Q316 - ViruXine.W32 virus hides their presence by changing the underlying executable code. This Virus code mutates while keeping the original algorithm intact, the code changes itself each time it runs, but the function of the code (its semantics) will not change at all.

Here is a section of the Virus code:

What is this technique called?

  1. Polymorphic Virus
  2. Metamorphic Virus
  3. Dravidic Virus
  4. Stealth Virus

Answer: A

Q317 - Shellshock had the potential for an unauthorized user to gain access to a server. It affected many internet-facing services, which OS did it not directly affect?

  1. Windows
  2. Unix
  3. Linux
  4. OS X

Answer: A

Q318 - The Open Web Application Security Project (OWASP) testing methodology addresses the need to secure web applications by providing which one of the following services?

  1. An extensible security framework named COBIT
  2. A list of flaws and how to fix them
  3. Web application patches
  4. A security certification for hardened web applications

Answer: B

Q319 - Email is transmitted across the Internet using the Simple Mail Transport Protocol. SMTP does not encrypt email, leaving the information in the message vulnerable to being read by an unauthorized person. SMTP can upgrade a connection between two mail servers to use TLS. Email transmitted by SMTP over TLS is encrypted. What is the name of the command used by SMTP to transmit email over TLS?

  1. OPPORTUNISTICTLS STARTTLS
  2. FORCETLS
  3. UPGRADETLS

Answer: B

Q320 - Which of the below hashing functions are not recommended for use?

  1. SHA-1.ECC
  2. MD5, SHA-1
  3. SHA-2. SHA-3
  4. MD5. SHA-5

Answer: A

Q321 - Which solution can be used to emulate computer services, such as mail and ftp, and to capture information related to logins or actions?

  1. Firewall
  2. Honeypot
  3. Core server
  4. Layer 4 switch

Answer: B

Q322 - An IT employee got a call from one of our best customers. The caller wanted to know about the company's network infrastructure, systems, and team. New opportunities of integration are in sight for both company and customer. What should this employee do?

  1. Since the company's policy is all about Customer Service, he/she will provide information.
  2. Disregarding the call, the employee should hang up.
  3. The employee should not provide any information without previous management authorization.
  4. The employees can not provide any information; but, anyway, he/she will provide the name of the person in charge.

Answer: C

Q323 - Which of the following items is unique to the N-tier architecture method of designing software applications?

  1. Application layers can be separated, allowing each layer to be upgraded independently from other layers.
  2. It is compatible with various databases including Access, Oracle, and SQL.
  3. Data security is tied into each layer and must be updated for all layers when any upgrade is performed.
  4. Application layers can be written in C, ASP.NET, or Delphi without any performance loss.

Answer: A

Q324 - This TCP flag instructs the sending system to transmit all buffered data immediately.

  1. SYN
  2. RST
  3. PSH
  4. URG
  5. FIN

Answer: C

Q325 - Identify the UDP port that Network Time Protocol (NTP) uses as its primary means of communication?

  1. 123
  2. 161
  3. 69
  4. 113

Answer: A

Q326 - A large mobile telephony and data network operator has a data that houses network elements. These are essentially large computers running on Linux. The perimeter of the data center is secured with firewalls and IPS systems. What is the best security policy concerning this setup?

  1. Network elements must be hardened with user ids and strong passwords. Regular security tests and audits should be performed.
  2. As long as the physical access to the network elements is restricted, there is no need for additional measures.
  3. There is no need for specific security measures on the network elements as long as firewalls and IPS systems exist.
  4. The operator knows that attacks and down time are inevitable and should have a backup site.

Answer: A

Q327 - Which of the following attacks exploits web age vulnerabilities that allow an attacker to force an unsuspecting user's browser to send malicious requests they did not intend?

  1. Command Injection Attacks
  2. File Injection Attack
  3. Cross-Site Request Forgery (CSRF)
  4. Hidden Field Manipulation Attack

Answer: C

Q328 - The company ABC recently contracted a new accountant. The accountant will be working with the financial statements. Those financial statements need to be approved by the CFO and then they will be sent to the accountant but the CFO is worried because he wants to be sure that the information sent to the accountant was not modified once he approved it. What of the following options can be useful to ensure the integrity of the data?

  1. The document can be sent to the accountant using an exclusive USB for that document.
  2. The CFO can use a hash algorithm in the document once he approved the financial statements.
  3. The financial statements can be sent twice, one by email and the other delivered in USB and the accountant can compare both to be sure it is the same document.
  4. The CFO can use an excel file with a password.

Answer: B

Q329 - The "black box testing" methodology enforces which kind of restriction?

  1. Only the external operation of a system is accessible to the tester.
  2. Only the internal operation of a system is known to the tester.
  3. The internal operation of a system is only partly accessible to the tester.
  4. The internal operation of a system is completely known to the tester.

Answer: A

Q330 - Which of the following statements is TRUE?

  1. Sniffers operate on Layer 2 of the OSI model
  2. Sniffers operate on Layer 3 of the OSI model
  3. Sniffers operate on both Layer 2 & Layer 3 of the OSI model
  4. Sniffers operate on the Layer 1 of the OSI model

Answer: A