Quiz: Certified Ethical Hacker Part 5

These hackers have limited or no training and they only know how to use basic methods or What kind of hackers are we talking about?

What is considered to be a brute force attack?

Which of the followings is one of the most actual way to prevent Cross-site Scripting (XSS) in software applications?

A hacker has successfully infected an internet-facing server to send junk mails. Which sort of Trojan infects this server?

In which phase of the ethical hacking process, Google hacking is employed?

Which of the followings are well known password-cracking programs?

Select the program which infects the system boot sector and the executable files at the same time:

While testing the company’s web applications, a tester attempts to insert the following test script into the search area on the company’s website:

<script >alert (“Testing Testing Testing”) </script >

Afterwards, when the tester presses the search button, a pop-up box appears on the screen with the text: “Testing Testing Testing”. Which of the following vulnerability has been detected in the web application?

A pentester is configuring a Windows laptop for a test. While setting Wireshark, which of the following driver and library are required to allow the NIC to work in promiscuous mode?

While scanning your company’s network, you discover that TCP port 123 is open. Which of the services by default run on TCP port 123?

Which of the following techniques will identify if the computer files have been changed?

Which of the following tools would be used to collect Wireless Packet Data?

A log monitoring tool alerted several suspicious logins on a Linux server during non-business hours while performing behavioural analysis. After further examination of all login activities, it was noticed that one of the logins have occurred during typical working hours. A Linux administrator who is investigating this problem comes to know that the system time on the Linux server is wrong by more than twelve hours. Which type of protocol must be used on Linux server to synchronize the time that has stopped working?

Which of the following Intrusion Detection System is best applicable for large environments, where critical assets on the network need extra security and is ideal for observing sensitive network segments?

Which tool is used to silently copy files from USB devices?

Define Denial-of-Service attack?

Fingerprint and Smartcard ID are the examples of two factor authentication.Which of the followings is an example of two factor authentication?

What is the best way to defend against network sniffing?

An NMAP scan of a server shows that port 69 is open. What risk could this pose?

Which of the following components of IPsec performs protocol-level functions that are required to encrypt and decrypt the packets?

Which of the following modes of IPSec should you use to assure security and confidentiality of data within the same LAN?

Differentiate between the AES and RSA algorithms?

Which port number is used by LDAP protocol?

Which of the following types of jailbreaking allows user-level access but does not allow iboot-level access?

A Virus that attempts to install itself inside the file that it is infecting, is called:

Which kind of security feature stops vehicles from crashing through the doors of a building?

Which of the following programs are usually targeted at Microsoft Office products?

Two-factor authentication deals with:

During a security audit of IT process, an IS auditor found that there were no documented security procedures. What should the IS auditor do?

________ is a tool that can hide processes from the process list, hide files, intercept keystrokes, and register entries.

_____________ is an extremely common IDS evasion system in the web world.

The configuration allows a wired or wireless network interface controller to pass all traffic it receives to the Central Processing Unit (CPU), rather than passing only the frames that the controller is intended to receive. Which of the following terms is being described?

Which of the following types of scan is used on the eye to measure the layer of blood vessels?

Define a “collision attack” in cryptography?

What is a short-range wireless communication technology intended to replace the cables connecting portable of fixed devices, while maintaining high levels of security allows mobile phones, computer and other devices to connect and communicate using a short-range wireless connection. Select the best match from the followings:

What is the most important stage of ethical hacking in which you need to spend a considerable amount of time?

An e-commerce site was put into a live environment and the programmers failed to remove the secret entry point that was used during the application development. The secret entry point is known as _______?

Which of the following is considered as a strength of symmetric key cryptography, when compared with asymmetric algorithms?

A medium-sized healthcare IT business decides to implement a risk management strategy. There are five basic responses to risk except______.

Which of the followings provides most information about the system’s security posture?

Which of the following steps for risk assessment methodology refers to vulnerability identification?

Which of the followings is a hardware requirement that either an IDS/IPS system or a proxy server must have in order to properly function?

What should you do next when perspective clients want to see sample reports from previous penetration tests?

Which TCP flag instructs the sending system to transmit all buffered data immediately?

The “black box testing” methodology enforces which kind of restriction?

Which of these options is the most secure method for storing backup tapes?

A hacker is attempting to use nslookup to query Domain Name Service (DNS). The hacker uses the nslookup interactive mode for a search. Which command should the hacker type into the command shell to request the appropriate records?

___________ processes evaluate the adherence of an organization to its stated security policy.

What is the best countermeasure to encrypting ransomwares?

You have effectively compromised a machine on the network and found a server that is alive on the same network. You tried to ping it but you did not get any response back. What is the cause of this?