Last Updated on July 25, 2021 by InfraExam
312-50v11 : Certified Ethical Hacker v11 Exam : Part 11
What is the first step for a hacker conducting a DNS cache poisoning (DNS spoofing) attack against an organization?
- The attacker queries a nameserver using the DNS resolver.
- The attacker uses TCP to poison the DNS resolver.
- The attacker makes a request to the DNS resolver.
- The attacker forges a reply from the DNS resolver.
Ethical hacker Jane Doe is attempting to crack the password of the head of the IT department of ABC company. She is utilizing a rainbow table and notices upon entering a password that extra characters are added to the password after submitting.
What countermeasure is the company using to protect against rainbow tables?
- Account lockout
- Password hashing
- Password key hashing
- Password salting
Clark, a professional hacker, was hired by an organization to gather sensitive information about its competitors surreptitiously. Clark gathers the server IP address of the target organization using Whois footprinting. Further, he entered the server IP address as an input to an online tool to retrieve information such as the network range of the target organization and to identify the network topology and operating system used in the network.
What is the online tool employed by Clark in the above scenario?
This wireless security protocol allows 192-bit minimum-strength security protocols and cryptographic tools to protect sensitive data, such as GCMP-256, HMAC-SHA384, and ECDSA using a 384-bit elliptic curve.
Which is this wireless security protocol?
Scenario: Joe turns on his home computer to access personal online banking. When he enters the URL www.bank.com, the website is displayed, but it prompts him to re-enter his credentials as if he has never visited the site before. When he examines the website URL closer, he finds that the site is not secure and the web address appears different.
What type of attack he is experiencing?
- DHCP spoofing
- DoS attack
- ARP cache poisoning
- DNS hijacking
Henry is a cyber security specialist hired by BlackEye – Cyber Security Solutions. He was tasked with discovering the operating system (OS) of a host. He used the Unicornscan tool to discover the OS of the target system. As a result, he obtained a TTL value, which indicates that the target system is running a Windows OS.
Identify the TTL value Henry obtained, which indicates that the target OS is Windows.
What are common files on a web server that can be misconfigured and provide useful information for a hacker such as verbose error messages?
Abel, a security professional, conducts penetration testing in his client organization to check for any security loopholes. He launched an attack on the DHCP servers by broadcasting forged DHCP requests and leased all the DHCP addresses available in the DHCP scope until the server could not issue any more IP addresses. This led to a DoS attack, and as a result, legitimate employees were unable to access the client’s network.
Which of the following attacks did Abel perform in the above scenario?
- Rogue DHCP server attack
- VLAN hopping
- STP attack
- DHCP starvation
What piece of hardware on a computer’s motherboard generates encryption keys and only releases a part of the key so that decrypting a disk on a new piece of hardware is not possible?
Based on the below log, which of the following sentences are true?
Mar 1, 2016, 7:33:28 AM 10.240.250.23 – 54373 10.249.253.15 – 22 tcp_ip
- Application is FTP and 10.240.250.23 is the client and 10.249.253.15 is the server.
- Application is SSH and 10.240.250.23 is the server and 10.249.253.15 is the client.
- SSH communications are encrypted; it’s impossible to know who is the client or the server.
- Application is SSH and 10.240.250.23 is the client and 10.249.253.15 is the server.
Garry is a network administrator in an organization. He uses SNMP to manage networked devices from a remote location. To manage nodes in the network, he uses MIB, which contains formal descriptions of all network objects managed by SNMP. He accesses the contents of MIB by using a web browser either by entering the IP address and Lseries.mib or by entering the DNS library name and Lseries.mib. He is currently retrieving information from an MIB that contains object types for workstations and server services.
Which of the following types of MIB is accessed by Garry in the above scenario?
You have been authorized to perform a penetration test against a website. You want to use Google dorks to footprint the site but only want results that show file extensions.
What Google dork operator would you use?
Which of the following Bluetooth hacking techniques refers to the theft of information from a wireless device through Bluetooth?
David is a security professional working in an organization, and he is implementing a vulnerability management program in the organization to evaluate and control the risks and vulnerabilities in its IT infrastructure. He is currently executing the process of applying fixes on vulnerable systems to reduce the impact and severity of vulnerabilities.
Which phase of the vulnerability-management life cycle is David currently in?
- Risk assessment
- Vulnerability scan
Bobby, an attacker, targeted a user and decided to hijack and intercept all their wireless communications. He installed a fake communication tower between two authentic endpoints to mislead the victim. Bobby used this virtual tower to interrupt the data transmission between the user and real tower, attempting to hijack an active session. Upon receiving the user’s request, Bobby manipulated the traffic with the virtual tower and redirected the victim to a malicious website.
What is the attack performed by Bobby in the above scenario?
- aLTEr attack
- Jamming signal attack
- KRACK attack