CEH Notes 01 Flashcards
1
Q
Quiz 1: Which port number is used by HTTP?
A. 80
B. 443
C. 23
D. 161
A
Answer: A. 80
2
Q
Quiz 2: Which port number is used by HTTPS?
A. 80
B. 443
C. 23
D. 161
A
Answer: B. 443
3
Q
Quiz 3: Which port numbers are used by FTP?
A. 20, 21
B. 23, 25
C. 80, 443
D. 123, 456
A
Answer: A. 20, 21
4
Q
Quiz 4: Which port number is used by Telnet?
A. 20
B. 21
C. 22
D. 23
A
Answer: D. 23
5
Q
Quiz 5: Which port number is used by SSH?
A. 20
B. 21
C. 22
D. 23
A
Answer: C. 22
6
Q
Quiz 6: Which port number is used by DNS for queries and replies?
A. 53
B. 123
C. 161
D. 389
A
Answer: A. 53
7
Q
Quiz 7: Which port number is used by DNS for zone transfers?
A. 53
B. 80
C. 161
D. 389
A
Answer: A. 53
8
Q
Quiz 8: Which port number is used by NTP?
A. 20
B. 21
C. 22
D. 123
A
Answer: D. 123
9
Q
Quiz 9: Which port number is used by RDP?
A. 20
B. 21
C. 22
D. 3389
A
Answer: D. 3389
10
Q
Quiz 10: Which port number is used by HP JetDirect?
A. 80
B. 443
C. 23
D. 9100
A
Answer: D. 9100
11
Q
Quiz 11: Which port number is used by LDAP?
A. 389
B. 636
C. 161
D. 445
A
Answer: A. 389
12
Q
Quiz 12: Which port number is used by LDAPS?
A. 636
B. 389
C. 161
D. 445
A
Answer: A. 636
13
Q
Quiz 14: Which port number is used by SYSLOG?
A. 53
B. 161
C. 514
D. 3389
A
Answer: C. 514
14
Q
Quiz 15: Which port numbers are used by MS SQL Server?
A. 80, 443
B. 123, 456
C. 1433, 1434
D. 3306, 3307
A
Answer: C. 1433, 1434
15
Q
Quiz 16: Which port number is used by MySQL?
A. 3306
B. 389
C. 161
D. 445
A
Answer: A. 3306
16
Q
Quiz 17: Which port number is used by Oracle DB?
A. 1521
B. 3306
C. 53
D. 3389
A
Answer: A. 1521
17
Q
Quiz 18: Which port number is used by SMB?
A. 80
B. 443
C. 23
D. 445
A
Answer: D. 445
18
Q
Quiz 19: Which port numbers are used by NetBIOS?
A. 20, 21, 22
B. 53, 161, 445
C. 137, 138, 139
D. 1433, 1434, 3306
A
Answer: C. 137, 138, 139
19
Q
Quiz 1: Which phase of the Cyber Kill Chain involves collecting as much information as possible about the target?
A. Reconnaissance
B. Delivery
C. Exploitation
D. Command and Control
A
Answer: A. Reconnaissance
20
Q
Quiz 2: Which phase of the Cyber Kill Chain involves selecting or creating a malicious payload or exploit?
A. Weaponization
B. Installation
C. Actions on Objectives
D. Delivery
A
Answer: A. Weaponization
21
Q
Quiz 3: Which phase of the Cyber Kill Chain involves sending the weapon to the victim?
A. Reconnaissance
B. Installation
C. Delivery
D. Command and Control
A
Answer: C. Delivery
22
Q
Quiz 4: Which phase of the Cyber Kill Chain involves exploiting a client-side vulnerability to gain remote access to the target system?
A. Exploitation
B. Installation
C. Reconnaissance
D. Command and Control
A
Answer: A. Exploitation
23
Q
Quiz 5: Which phase of the Cyber Kill Chain involves downloading and installing more malware to create a backdoor?
A. Reconnaissance
B. Actions on Objectives
C. Installation
D. Delivery
A
Answer: C. Installation
24
Q
Quiz 6: Which phase of the Cyber Kill Chain involves establishing a 2-way communication channel between the victim and attacker’s computers?
A. Delivery
B. Command and Control
C. Reconnaissance
D. Exploitation
A
Answer: B. Command and Control
25
Quiz 7: Which phase of the Cyber Kill Chain is the final objective of the attack?
A. Delivery
B. Installation
C. Actions on Objectives
D. Reconnaissance
Answer: C. Actions on Objectives
26
Quiz 1: Which class of hacker is an ethical hacker who tests systems with permission to find vulnerabilities and help fix them?
A. White Hat
B. Gray Hat
C. Black Hat
D. Script Kiddie
Answer: A. White Hat
27
Quiz 2: Which class of hacker falls between the white and black hat categories and may test systems without permission but may disclose vulnerabilities to the vendor?
A. White Hat
B. Gray Hat
C. Black Hat
D. Script Kiddie
Answer: B. Gray Hat
28
Quiz 3: Which class of hacker is an unethical hacker who uses his/her knowledge of security to break into systems and gain unauthorized access for personal gain?
A. White Hat
B. Gray Hat
C. Black Hat
D. Script Kiddie
Answer: C. Black Hat
29
Quiz 4: Which class of attacker is unskilled and uses pre-existing tools and scripts to perform attacks without understanding the underlying concepts?
A. White Hat
B. Gray Hat
C. Black Hat
D. Script Kiddie
Answer: D. Script Kiddie
30
Quiz 5: Which class of hacker is not related to the concept of hacker classification?
A. White Hat
B. Gray Hat
C. Black Hat
D. Red Hat
Answer: D. Red Hat
31
Quiz 1: In which phase of hacking is information about the target gathered through open source intelligence, scanning, and enumeration?
A. Gaining Access
B. Scanning
C. Clearing Tracks
D. Reconnaissance
Answer: D. Reconnaissance
32
Quiz 2: Which phase of hacking involves looking for vulnerabilities in the target network or system using tools and techniques such as port scanning, vulnerability scanning, and fingerprinting?
A. Clearing Tracks
B. Gaining Access
C. Scanning
D. Reconnaissance
Answer: C. Scanning
33
Quiz 3: In which phase of hacking does the attacker exploit vulnerabilities to gain unauthorized access to the target system or network?
A. Maintaining Access
B. Gaining Access
C. Scanning
D. Reconnaissance
Answer: B. Gaining Access
34
Quiz 3: In which phase of hacking does the attacker exploit vulnerabilities to gain unauthorized access to the target system or network?
A. Maintaining Access
B. Gaining Access
C. Scanning
D. Reconnaissance
Answer: B. Gaining Access
35
Quiz 5: What is the use of multiple layers of defense, such as firewalls, intrusion detection/prevention systems, and access controls, to protect against attacks and minimize the impact of any successful attacks?
A. Defense in Depth
B. Gaining Access
C. Scanning
D. Clearing Tracks
Answer: A. Defense in Depth
36
Quiz 6: What are the three levels of knowledge and access granted to the penetration tester during the testing process?
A. Red, Blue, Yellow
B. White, Gray, Black Box
C. Alpha, Beta, Gamma
D. A, B, C
Answer: B. White, Gray, Black Box
37
Quiz 1: What is the risk assessment approach that considers threats, defenses, and the likelihood and impact of an incident?
A. Quantitative risk assessment
B. Single Loss Expectancy
C. Qualitative assessment
D. Annual Loss Expectancy
Answer: C. Qualitative assessment
38
Quiz 2: What is the risk assessment approach where dollar values are assigned to assets in order to calculate the potential financial loss in the event of an incident?
A. Quantitative risk assessment
B. Single Loss Expectancy
C. Qualitative assessment
D. Annual Loss Expectancy
Answer: A. Quantitative risk assessment
39
Quiz 3: What calculation is used in quantitative risk assessments to determine the expected financial loss if a specific asset is lost?
A. Annual Loss Expectancy (ALE)
B. Single Loss Expectancy (SLE)
C. Exposure Factor (EF)
D. Asset Value (AV)
Answer: B. Single Loss Expectancy (SLE)
40
Quiz 4: What calculation is used in quantitative risk assessments to determine the expected financial loss in a year due to a specific incident?
A. Annual Loss Expectancy (ALE)
B. Single Loss Expectancy (SLE)
C. Exposure Factor (EF)
D. Asset Value (AV)
Answer: A. Annual Loss Expectancy (ALE)
41
Quiz 5: What are the options for responding to identified risks?
A. Avoid, Transfer, Mitigate, Accept
B. Qualitative, Quantitative, Single Loss Expectancy, Annual Loss Expectancy
C. Threats, Defenses, Likelihood, Impact
D. None of the above
Answer: A. Avoid, Transfer, Mitigate, Accept
42
Quiz 1: What type of cyber threat intelligence provides high-level information on changing risks, such as emerging threat actors, geopolitical events, or new attack vectors?
A. Tactical
B. Technical
C. Operational
D. Strategic
Answer: D. Strategic
43
Quiz 2: What type of cyber threat intelligence provides information on an attacker's tactics, techniques, and procedures (TTPs)?
A. Tactical
B. Technical
C. Operational
D. Strategic
Answer: A. Tactical
44
Quiz 3: What type of cyber threat intelligence provides information on a specific incoming attack or threat, such as IP addresses, domains, or command and control infrastructure?
A. Technical
B. Operational
C. Strategic
D. Tactical
Answer: B. Operational
45
Quiz 4: What type of cyber threat intelligence provides information on specific indicators of compromise (IOCs), such as file hashes, registry keys, or network traffic patterns?
A. Technical
B. Operational
C. Strategic
D. Tactical
Answer: A. Technical
46
Quiz 1: In which phase of incident handling and response does an organization create an IH&R plan, get training for incident handlers, obtain necessary tools, and create policies and procedures for incident management?
A. Incident Triage
B. Preparation
C. Notification
D. Recovery
Answer: B. Preparation
47
Quiz 2: In which phase of incident handling and response is the incident analyzed, validated, categorized, and prioritized?
A. Incident Triage
B. Recovery
C. Notification
D. Evidence gathering / forensic analysis
Answer: A. Incident Triage
48
Quiz 3: In which phase of incident handling and response is the root cause of the incident removed/eliminated, and all attack vectors are closed to prevent similar incidents from happening in the future?
A. Eradication
B. Recovery
C. Post-Incident activities
D. Containment
Answer: A. Eradication
49
Quiz 4: What is the purpose of the post-incident activities phase in incident handling and response?
A. To review the incident and determine its impact
B. To restore systems, services, and data
C. To inform various stakeholders of the incident
D. To create an IH&R plan
Answer: A. To review the incident and determine its impact
50
Quiz 1: In which phase of incident handling and response is the incident recorded and assigned to the appropriate incident handler personnel?
A. Notification
B. Incident Triage
C. Recovery
D. Incident Recording and Assignment
Answer: D. Incident Recording and Assignment
51
Quiz 2: What is the purpose of the containment phase in incident handling and response?
A. To isolate the incident and stop its propagation
B. To restore systems, services, and data
C. To review the incident and determine its impact
D. To gather evidence and perform forensic analysis
Answer: A. To isolate the incident and stop its propagation
52
Quiz 3: In which phase of incident handling and response is evidence gathered and submitted to the forensics department for investigation?
A. Recovery
B. Evidence gathering / forensic analysis
C. Notification
D. Eradication
Answer: B. Evidence gathering / forensic analysis
53
Quiz 4: What is the purpose of the recovery phase in incident handling and response?
A. To isolate the incident and stop its propagation
B. To restore systems, services, and data
C. To review the incident and determine its impact
D. To gather evidence and perform forensic analysis
Answer: B. To restore systems, services, and data
54
Quiz 1: Which US law sets the standard for protecting sensitive patient data?
A. FISMA
B. SOX
C. HIPAA
D. PCI-DSS
Answer: C. HIPAA
55
Quiz 2: What is the purpose of the PCI-DSS?
A. To ensure the security of government information, operations, and assets
B. To define a comprehensive framework to protect financial disclosures of public companies
C. To maintain a secure environment for credit card information
D. To protect personally identifiable information
Answer: C. To maintain a secure environment for credit card information
56
Quiz 3: Which US law sets standards for financial accounting and reporting of public companies?
A. FISMA
B. SOX
C. HIPAA
D. PCI-DSS
Answer: B. SOX
57
Quiz 4: What is the definition of PII?
A. Any information related to an individual's health status, medical condition, or treatment
B. Any information that can be used to identify a specific individual
C. A set of security standards for protecting government information
D. A set of standards for protecting sensitive patient data
Answer: B. Any information that can be used to identify a specific individual
58
Quiz 2: What is the purpose of the HIPAA?
A. To maintain a secure environment for credit card information
B. To define a comprehensive framework to protect government information
C. To protect sensitive patient data
D. To protect financial disclosures of public companies
Answer: C. To protect sensitive patient data
59
Quiz 3: What does PII stand for?
A. Personal Investment Information
B. Personally Identifiable Information
C. Payment Industry Information
D. Public Information Infrastructure
Answer: B. Personally Identifiable Information
60
Quiz 4: What is the purpose of the PCI-DSS?
A. To maintain a secure environment for credit card information
B. To ensure the security of government information
C. To protect sensitive patient data
D. To set standards for financial accounting and reporting of public companies
Answer: A. To maintain a secure environment for credit card information
61
Quiz 5: Which US law defines a comprehensive framework to protect government information, operations, and assets against natural or man-made threats?
A. FISMA
B. SOX
C. HIPAA
D. PCI-DSS
Answer: A. FISMA
62
Quiz 6: What does PHI stand for?
A. Personal Housing Information
B. Protected Health Information
C. Payment History Information
D. Public Health Infrastructure
Answer: B. Protected Health Information
63
Quiz 1: What is the difference between Active and Passive reconnaissance?
A. Active reconnaissance involves eavesdropping while passive reconnaissance engages the target.
B. Active reconnaissance engages the target while passive reconnaissance involves eavesdropping.
C. Active reconnaissance involves conducting vulnerability scans while passive reconnaissance involves social engineering.
D. Active reconnaissance involves using search engines while passive reconnaissance involves using online tools.
Answer: B. Active reconnaissance engages the target while passive reconnaissance involves eavesdropping.
64
Quiz 2: What does OSINT stand for?
A. Open-Source Internet Tools
B. Online Security Intelligence Techniques
C. Operating System Internet Tools
D. Open-Source Intelligence
Answer: D. Open-Source Intelligence
65
Quiz 3: What is the purpose of Google advanced search operators?
A. To conduct social engineering attacks
B. To engage in active reconnaissance
C. To improve the effectiveness of search queries
D. To find vulnerabilities in websites
Answer: C. To improve the effectiveness of search queries
66
Quiz 4: How do you negate a search term in Google search?
A. Use the "allinurl" operator
B. Use the "related" operator
C. Use the "intitle" operator
D. Use a hyphen before the search term
Answer: D. Use a hyphen before the search term
67
Quiz 5: What is the purpose of Netcraft?
A. To provide internet security services
B. To find vulnerabilities in websites
C. To conduct social engineering attacks
D. To provide anonymous surfing
Answer: A. To provide internet security services
68
Quiz 6: What is the purpose of Guardster.com?
A. To provide internet security services
B. To find vulnerabilities in websites
C. To conduct social engineering attacks
D. To provide anonymous surfing
Answer: D. To provide anonymous surfing
69
Quiz 7: What is the purpose of Hootsuite?
A. To find vulnerabilities in websites
B. To provide internet security services
C. To conduct social engineering attacks
D. To manage social media accounts
Answer: D. To manage social media accounts
70
Quiz 8: What is the purpose of Archive.org?
A. To provide anonymous surfing
B. To manage social media accounts
C. To find vulnerabilities in websites
D. To look up past versions of a website
Answer: D. To look up past versions of a website
71
Quiz 9: What is the purpose of Web-Stat?
A. To find vulnerabilities in websites
B. To conduct social engineering attacks
C. To provide anonymous surfing
D. To observe visitors to a website in real-time
Answer: D. To observe visitors to a website in real-time
72
Quiz 10: What is the purpose of CeWL?
A. To manage social media accounts
B. To conduct social engineering attacks
C. To provide internet security services
D. To crawl a website and make a list of words or terms
Answer: D. To crawl a website and make a list of words or terms
73
Quiz 11: What is the purpose of email tracking tools like Infoga?
A. To conduct social engineering attacks
B. To manage social media accounts
C. To find vulnerabilities in websites
D. To track an email and extract information about the sender
Answer: D. To track an email and extract information about the sender
74
Quiz: What is the purpose of a Whois Lookup?
A. To discover information about a registered domain name, such as DNS servers and creation date
B. To perform network diagnostics and identify IP devices
C. To look up who owns a particular IP address
D. To find the geographical location of routers and servers
Answer: A. To discover information about a registered domain name, such as DNS servers and creation date.
75
Quiz: What is the purpose of ARIN Whois search?
A. To discover information about a registered domain name, such as DNS servers and creation date
B. To perform network diagnostics and identify IP devices
C. To look up who owns a particular IP address
D. To see the range of IP's owned by an organization
Answer: D. To see the range of IP's owned by an organization.
76
Quiz: What is VisualRoute?
A. A tool for DNS footprinting
B. A tool for Whois Lookup
C. A traceroute and network diagnostics tool
D. A tool for performing email tracking
Answer: C. A traceroute and network diagnostics tool that can identify the geographical location of routers, servers, and other IP devices.
77
Quiz: What is DNS footprinting?
A. Finding DNS information such as web, mail, and DNS server addresses
B. Identifying the geographical location of routers and servers
C. Extracting information about a sender's identity and IP address
D. Crawling a website to make a list of e-mail addresses
Answer: A. Finding DNS information such as web, mail, and DNS server addresses.
78
Quiz: What is the purpose of a DNS SOA record?
A. To map an IP address to a fully qualified domain name
B. To map an IPv6 address to a fully qualified domain name
C. To find the mail server IP
D. To identify the primary DNS server for a domain
Answer: D. To identify the primary DNS server for a domain.
79
Quiz 1: What is the TCP 3-way handshake and what is its purpose?
A. A protocol used for fast data transfers
B. A process that establishes a TCP conversation and synchronizes sequence and acknowledgement numbers
C. A handshake used to establish a UDP connection
D. A method of spoofing IP addresses
Answer: B. A process that establishes a TCP conversation and synchronizes sequence and acknowledgement numbers.
80
Quiz 2: What are the 6 TCP flags and what do they do?
A. SYN, ACK, FIN, RST, PSH, URG
B. SYN, ACK, FIN, RST, PSH, STOP
C. START, ACK, FIN, RST, PSH, URG
D. SYN, ACK, STOP, RESET, PSH, URG
Answer: A. SYN, ACK, FIN, RST, PSH, URG. The SYN flag is used to synchronize sequence numbers, the ACK flag is used to acknowledge received packets, the FIN flag is used to terminate a TCP conversation, the RST flag is used to reset the connection, the PSH flag is used to push data to the receiving application, and the URG flag is used to indicate urgent data.
81
Quiz 3: What is UDP and what are its characteristics?
A. A protocol used for fast data transfers
B. A process that establishes a TCP conversation and synchronizes sequence and acknowledgement numbers
C. A handshake used to establish a TCP connection
D. A method of spoofing IP addresses
Answer: A. A protocol used for fast data transfers. UDP is a simple protocol with no flags, no handshake, and no reliability. It is built for speed or for small data transfers.
82
What is the default Nmap host discovery type?
a) ARP ping scan (-PR)
b) ICMP Echo Ping (-PE)
c) ICMP Timestamp Ping (-PP)
d) TCP SYN Ping (-PS)
Answer: a) ARP ping scan (-PR)
83
Which Nmap host discovery type uses the ICMP protocol to see if the target is live?
a) ARP ping scan (-PR)
b) ICMP Echo Ping (-PE)
c) ICMP Timestamp Ping (-PP)
d) TCP SYN Ping (-PS)
Answer: b) ICMP Echo Ping (-PE)
84
Which Nmap host discovery type can be used if ICMP ECHO pings are blocked by the firewall?
a) ARP ping scan (-PR)
b) ICMP Echo Ping (-PE)
c) ICMP Timestamp Ping (-PP)
d) TCP SYN Ping (-PS)
Answer: c) ICMP Timestamp Ping (-PP)
85
Which Nmap host discovery type sends a packet with the TCP SYN flag turned on?
a) ARP ping scan (-PR)
b) ICMP Echo Ping (-PE)
c) ICMP Timestamp Ping (-PP)
d) TCP SYN Ping (-PS)
Answer: d) TCP SYN Ping (-PS)
86
Which Nmap host discovery type sends a UDP packet to the host?
a) ARP ping scan (-PR)
b) ICMP Echo Ping (-PE)
c) ICMP Timestamp Ping (-PP)
d) UDP Ping (-PU)
Answer: d) UDP Ping (-PU)
87
How many flags are there in the TCP header?
a) 4
b) 6
c) 8
d) 10
Answer: b) 6
88
Which TCP flag is used to initiate a connection?
a) SYN
b) ACK
c) FIN
d) RST
Answer: a) SYN
89
Which TCP flag is used to terminate a connection?
a) SYN
b) ACK
c) FIN
d) RST
Answer: c) FIN
90
Quiz: What is the Nmap option for skipping host discovery and assuming the host is online?
A. -ST
B. -PS
C. -Pn
D. -PA
Answer: C. -Pn
91
Quiz: Which Nmap port scanning option completes the TCP 3-way handshake and is the most "normal looking" scan?
A. -ST
B. -SS
C. -SV
D. -SU
Answer: A. -ST
92
Quiz: What Nmap option is used for UDP scans and indicates an open port when there is no reply to the scan?
A. -ST
B. -SS
C. -SV
D. -SU
Answer: D. -SU
93
Quiz: What are the abnormal flag combinations used by the Xmas, Null, Fin, and Maimon scans in Nmap?
A. SYN, RST
B. Fin, Urg, Push
C. ACK, RST
D. NO flags
Answer: B. Fin, Urg, Push
94
Quiz: Which Nmap option is used for version detection and provides the exact version number of the service?
A. -ST
B. -SS
C. -SV
D. -SU
Answer: C. -SV
95
Quiz: Which scan can map out firewall rule-sets, especially if there are several firewalls in a row?
A. Maimon scan
B. ACK scan
C. Firewalking
D. Idle scan
Answer: C. Firewalking.
Explanation: Firewalking is the process of mapping out firewall rule-sets, especially if there are multiple firewalls in a row. It involves probing the firewall to see which ports are open or filtered. By doing this, the attacker can determine which services are allowed through the firewall and identify potential weaknesses.
96
Quiz: What does an ACK scan return when a port is open or closed?
A. RST
B. SYN-ACK
C. FIN
D. No reply
Answer: A. RST.
Explanation: An ACK scan returns a RST whether the port is open or closed (but not filtered). However, looking at deeper details of the RST can give clues as to whether the port is open. If the TTL is less than 64 or the window size is non-zero, then the port is open.
97
Quiz: What does a Fast scan (-F) do?
A. Scans the top 1,000 most common ports
B. Scans the top 100 most common ports
C. Scans all ports
D. Performs a version detection scan
Answer: B. Scans the top 100 most common ports.
Explanation: By default, if port numbers are not specified, the top 1,000 most common ports will be scanned. Using the -F switch instead will only scan the top 100 most common port numbers. This is useful for quickly identifying potential targets for further scanning.
98
Quiz: What is the purpose of an Idle scan?
A. To map out firewall rule-sets
B. To find open ports
C. To identify specific services and version numbers
D. To perform a port scan from a spoofed IP address
Answer: D. To perform a port scan from a spoofed IP address.
Explanation: The purpose of an Idle scan is to perform a port scan from a spoofed IP address to avoid detection. The scan utilizes the IPID field in the IP header to determine whether a target port is open or closed. An IPID increase of 2 means the port is open, while an IPID increase of 1 means the port is closed.
99
Quiz: What is the purpose of adding the -sV switch to a port scan in nmap?
A. To skip host discovery and go straight to port scanning
B. To perform a UDP scan
C. To find open ports on a target
D. To verify the exact service and version number running on a target
Answer: D. To verify the exact service and version number running on a target.
Explanation: When performing a port scan with nmap, adding the -sV switch will verify the exact service and version number running on a target in addition to finding open ports. This can be useful for identifying specific vulnerabilities that are associated with a particular service version.
