CEH Notes 04 Flashcards by Naser aljufairah

Quiz 2: Which component is NOT a part of a Snort rule?
A. source-ip
B. source-port
C. file-extension
D. dest-port

Answer: Option C.

How well did you know this?

Not at all

Perfectly

Quiz 3: In a Snort rule, what does the ‘msg’ keyword represent?
A. A specific port number
B. A custom message related to the rule
C. A particular IP address
D. The protocol being used

Answer: Option B.

How well did you know this?

Not at all

Perfectly

Quiz 1: What is the purpose of Multi-Homing?
A. To increase the speed of the internet connection
B. To put network devices on two different networks for increased security and management
C. To connect multiple devices to a single network interface
D. To create a redundant power supply for network devices

Answer: Option B.

How well did you know this?

Not at all

Perfectly

Quiz 2: What is another term for Multi-Homing?
A. In-Band management
B. Tri-Homing
C. Single-Homing
D. Dual-Homing

Answer: Option D.

How well did you know this?

Not at all

Perfectly

Quiz 3: In a Multi-Homing setup, what is the purpose of having a separate management network?
A. To allow faster data transfer between devices
B. To enable admins to remotely administer devices without exposing them to the production network
C. To provide a backup network in case the primary network fails
D. To monitor network traffic more efficiently

Answer: Option B.

How well did you know this?

Not at all

Perfectly

Quiz 1: Which of the following is NOT a type of firewall?
A. Packet filtering
B. Circuit-level gateways
C. Application level proxies
D. Malware scanner

Answer: Option D.

How well did you know this?

Not at all

Perfectly

Quiz 2: Which layer(s) do Packet Filters inspect?
A. Layer 1 & 2
B. Layer 3 & 4
C. Layer 5 & 6
D. Layer 7

Answer: Option B.

How well did you know this?

Not at all

Perfectly

Quiz 3: What is the key capability of Application level firewalls?
A. Inspecting the payload and filtering out specific content
B. Managing network connections
C. Monitoring network traffic speed
D. Encrypting data

Answer: Option A.

How well did you know this?

Not at all

Perfectly

Quiz 4: What is the primary function of Stateful firewalls?
A. To filter out specific keywords and URLs
B. To inspect the Layer 3 & 4 headers
C. To allow incoming traffic only if it is part of an existing conversation
D. To act as a gateway between networks

Answer: Option C.

How well did you know this?

Not at all

Perfectly

Quiz 1: What is the primary purpose of a DMZ?
A. To allow outsiders to access public company resources while maintaining security
B. To create a high-security network with no outside access
C. To store sensitive company data
D. To act as a backup network in case of a failure

Answer: Option A.

How well did you know this?

Not at all

Perfectly

Quiz 2: What is Split-DNS?
A. A technique to monitor network traffic
B. A method to split network bandwidth evenly among users
C. A configuration where internal and external DNS servers are used for resource lookup
D. A type of malware that affects DNS servers

Answer: Option C.

How well did you know this?

Not at all

Perfectly

Quiz 3: What is the main function of a Honeypot?
A. To increase the speed of network connections
B. To lure-in attackers and observe their actions while protecting the network
C. To act as a backup server for critical data
D. To manage network resources

Answer: Option B.

How well did you know this?

Not at all

Perfectly

Quiz 4: What is Honeyd?
A. A firewall application
B. A type of malware
C. A widely used honeypot daemon
D. A network monitoring tool

Answer: Option C.

How well did you know this?

Not at all

Perfectly

Quiz 5: How can you detect a Honeyd daemon?
A. By observing the number of SYN/ACK re-sends
B. By checking the DNS records
C. By monitoring the network traffic
D. By analyzing the payload data

Answer: Option A.

How well did you know this?

Not at all

Perfectly

Quiz 1: What is the primary purpose of DNS Tunneling?
A. To improve network performance
B. To evade firewall detection by disguising traffic as DNS
C. To encrypt data for secure transmission
D. To manage DNS records

Answer: Option B.

How well did you know this?

Not at all

Perfectly

Quiz 2: What is the main goal of HTTP Tunneling?
A. To increase network speed
B. To disguise traffic as a different protocol by changing port numbers
C. To protect sensitive data from unauthorized access
D. To monitor network traffic

Answer: Option B.

How well did you know this?

Not at all

Perfectly

Quiz 3: Which technique is used to evade detection by signature-based engines?
A. IP Fragmentation / Session Splicing
B. DNS Tunneling
C. HTTP Tunneling
D. Obfuscation

Answer: Option A.

How well did you know this?

Not at all

Perfectly

Quiz 4: What is Whisker?
A. A network monitoring tool
B. A vulnerability scanner that uses fragmentation techniques for stealth
C. A type of malware
D. A honeypot daemon

Answer: Option B.

How well did you know this?

Not at all

Perfectly

Quiz 5: What is the purpose of Obfuscating as an IDS evasion technique?
A. To increase the speed of network connections
B. To encode attack packets in a way that IDS cannot decode but the target can
C. To split malicious payloads into fragments
D. To disguise traffic as a different protocol

Answer: Option B.

How well did you know this?

Not at all

Perfectly

Quiz 1: What is the primary purpose of web server fingerprinting?
A. To check the server’s response time
B. To transfer data between devices
C. To identify the server’s software and version
D. To test the server’s security settings

Answer: Option C.

How well did you know this?

Not at all

Perfectly

Quiz 2: Which tools can be used for web server fingerprinting?
A. Wireshark and Nmap
B. Telnet and Netcat
C. Ping and Traceroute
D. SSH and SCP

Answer: Option B.

How well did you know this?

Not at all

Perfectly

Quiz 3: What is Netcat often referred to as?
A. The “Swiss Army Knife” of networking tools
B. The “Network Detective”
C. The “Security Scanner”
D. The “Port Mapper”

Answer: Option A.

How well did you know this?

Not at all

Perfectly

Quiz 3: What is Netcat often referred to as?
A. The “Swiss Army Knife” of networking tools
B. The “Network Detective”
C. The “Security Scanner”
D. The “Port Mapper”

Answer: Option A.

Quiz 4: How can Netcat be used in the context of web server fingerprinting?
A. By scanning the server’s open ports
B. By duplicating Telnet functionality for fingerprinting a server
C. By testing the server’s response to different types of data
D. By monitoring the network traffic to and from the server

Answer: Option B.

How well did you know this?

Not at all

Perfectly

A hacker is attempting to gain unauthorized access to files and executables on a server that should not be accessible by the general public. Which technique is the hacker most likely using?
A. SQL Injection
B. Cross-site Scripting
C. Directory Traversal
D. Buffer Overflow

Answer: Option C.

How well did you know this?

Not at all

Perfectly

An attacker is exploiting a web application vulnerability that allows them to navigate the server's directory structure using strings like "../../". What type of attack is being conducted? A. SQL Injection B. Cross-site Scripting C. Directory Traversal D. Buffer Overflow

Answer: Option C.

An attacker is trying to exploit a web server by taking advantage of its settings. They are targeting configuration files such as php.ini and httpd.conf to obtain verbose error messages and server banner information. What type of vulnerability is the attacker exploiting? A. Insecure Direct Object References B. Webserver Misconfiguration C. Broken Authentication and Session Management D. Cross-site Request Forgery

Answer: Option B.

An attacker exploits a vulnerability in a public web server to send crafted requests to internal or back-end servers that are protected by a firewall. What type of attack is being conducted? A. Cross-Site Scripting (XSS) B. SQL Injection C. Server-Side Request Forgery (SSRF) D. Distributed Denial of Service (DDoS)

Answer: Option C.

What does the robots.txt file on a web server typically contain? A. Usernames and passwords for site administrators B. List of web server directories, files, and information to hide from web crawlers C. Server configuration settings D. Encrypted data for secure transmission

Answer: Option B.

What is the primary goal of website mirroring in the context of web server attack methodology? A. To create a backup of the target website B. To explore the site's files, read the HTML source code, and gather valuable information C. To deface the target website with altered content D. To generate a high volume of traffic to overwhelm the target website

Answer: Option B.

Which tool is commonly used as a DoS attack tool against web servers? A. Nmap B. Netcat C. Hulk D. Wireshark

Answer: Option C.

What is the primary purpose of ISAPI filters on a Microsoft IIS webserver? A. To perform data sanitization and other functions B. To manage user authentication and access control C. To monitor network traffic for potential attacks D. To encrypt data for secure transmission

Answer: Option A.

What is the primary goal of patch management in relation to web server security? A. To monitor network traffic for potential attacks B. To fix known vulnerabilities by ensuring the appropriate patches are installed C. To manage user authentication and access control D. To encrypt data for secure transmission

Answer: Option B.

Which organization is known for providing resources such as Webgoat, ZAP, and the Top-10 list of web application vulnerabilities? A. SANS Institute B. OWASP C. NIST D. ISC²

Answer: Option B.

According to the OWASP Top-10, what is the #1 web application vulnerability? A. Cross-Site Scripting (XSS) B. Broken Authentication C. Injection Flaws D. XML External Entity (XXE)

Answer: Option C.

What type of attack involves uploading malware or injecting malicious scripts into a website frequently visited by the target victims? A. Watering Hole Attack B. Cross-Site Scripting (XSS) C. Man-in-the-Middle Attack D. Phishing

Answer: Option A.

What type of attack involves tricking a user into clicking on a malicious link by using invisible HTML objects such as iFrames? A. Clickjacking B. Cross-Site Scripting (XSS) C. Phishing D. Man-in-the-Middle Attack

Answer: Option A.

Which attack involves sending a request to a server that the victim did not intend to send, often achieved via Clickjacking attacks? A. Cross-Site Scripting (XSS) B. Cross-Site Request Forgery (CSRF or XSRF) C. SQL Injection D. Directory Traversal

Answer: Option B.

What tool scans websites for interesting URIs by brute-forcing using wordlists? A. Nmap B. Burp Suite C. Gobuster D. Wireshark

Answer: Option C.

Which tool allows you to intercept, test, and analyze web traffic between a browser and a web server? A. Wireshark B. Gobuster C. Burp Suite D. Nmap

Answer: Option C.

What type of attack involves manipulating parameters passed from a web browser to a web application? A. Parameter Tampering B. Cross-Site Scripting (XSS) C. SQL Injection D. Directory Traversal

Answer: Option A.

What is the technique called where unauthorized parameters are injected into a connection string using semicolons as separators? A. SQL Injection B. Connection String Parameter Pollution (CSPP) C. Cross-Site Scripting (XSS) D. Parameter Tampering

Answer: Option B.

What is SOAP in the context of web services? A. A security protocol for encrypting web traffic B. A protocol used to transfer data between the service provider and the requester C. An API for connecting web applications D. A tool for scanning web services for vulnerabilities

Answer: Option B.

What are webhooks in the context of web services? A. A security protocol for encrypting web traffic B. User-defined HTTP callbacks based on triggered events C. An API for connecting web applications D. A tool for scanning web services for vulnerabilities

Answer: Option B.

What is the process of sending random characters or numbers to a program in an attempt to crash it? A. Fuzzing B. Brute-forcing C. Buffer Overflow D. SQL Injection

Answer: Option A.

Which term refers to challenges hosted by companies for ethical hackers to find and report vulnerabilities in their systems? A. Penetration Testing B. Red Teaming C. Bug Bounty Programs D. Vulnerability Assessments

Answer: Option C.

What is the purpose of a Web Application Firewall (WAF)? A. To filter out web application attacks such as SQL injection, XSS, and CSRF B. To monitor network traffic and detect intrusions C. To block access to malicious websites D. To encrypt web traffic between a browser and a web server

Answer: Option A.

Which Linux tool is used for retrieving files and information from websites and can be used to clone them? A. curl B. wget C. Nmap D. Gobuster

Answer: Option B.

What is the primary function of Syhunt and Netsparker tools? A. Network scanning B. Web application vulnerability scanning C. Brute-forcing passwords D. Intercepting and modifying web traffic

Answer: Option B.

hat does the presence of .stm files on a server indicate, and what type of attack might the server be vulnerable to? A. The server is using Server-Side Includes (SSI) and might be vulnerable to SSI attacks B. The server is using PHP and might be vulnerable to SQL injection attacks C. The server is using JavaServer Pages (JSP) and might be vulnerable to Java deserialization attacks D. The server is using Active Server Pages (ASP) and might be vulnerable to XSS attacks

Answer: Option A.

Which SQL injection key-words should you be aware of when attempting to identify an attack? A. Drop table, update table, insert into table, shutdown with nowait, ' or 1=1 -- B. Select, from, where, group by, having C. Create table, alter table, delete table, truncate table D. Insert, update, delete, merge

Answer: Option A.

What is the primary purpose of the sqlmap tool? A. To perform network scanning and enumeration B. To perform automated SQL injection attacks C. To intercept and modify web traffic between a browser and a web server D. To brute force login credentials for a web application

Answer: Option B.

What is a blind SQL injection attack? A. An attack where the attacker receives error messages from the server B. An attack where the attacker does not receive error messages and is working "blind" C. An attack where the attacker uses SQL keywords to create new tables and modify existing ones D. An attack where the attacker injects malicious code into a web application to compromise user data

Answer: Option B.

In SQL injection attacks, what is the difference between an end-of-line comment and a middle-of-the-line comment? A. End-of-line comment: --; Middle-of-the-line comment: /* text here / B. End-of-line comment: / text here */; Middle-of-the-line comment: -- C. End-of-line comment: #; Middle-of-the-line comment: ; D. End-of-line comment: ; Middle-of-the-line comment: #

Answer: Option A.

Which of the following is the best solution to prevent web attacks and SQL injection attacks? A. Strong authentication mechanisms B. Frequent patch management C. Input validation D. Encrypting sensitive data

Answer: Option C.

What is the purpose of whitelist validation in input validation? A. To allow only specifically approved entries as input B. To block a list of known malicious input patterns C. To check if the input is encrypted D. To ensure that the input matches a specific data format

Answer: Option A.

Which of these is an evasion technique used to bypass IDS and WAF? A. Password cracking B. Brute force attacks C. IP fragmentation D. Social engineering

Answer: Option C.

What is the primary goal of obfuscated code in an evasion technique? A. To speed up the execution of the code B. To make the code more readable for the developer C. To hide the true purpose of the code from detection systems D. To ensure compatibility between different programming languages

Answer: Option C.

What is the primary purpose of wardriving? A. To test the range of wireless networks B. To find and map wireless networks in a specific area C. To connect to multiple wireless networks for increased bandwidth D. To physically locate wireless access points for maintenance purposes

Answer: Option B.

Which wireless security protocol was designed as a replacement for WEP and did NOT require a hardware upgrade? A. WPA B. WPA2 C. WPA3 D. Zigbee

Answer: Option A.

Which encryption standard does WPA2 use? A. RC4/TKIP B. AES-128/CCMP C. GCMP-256 D. HMAC-SHA-384

Answer: Option B.

What is the primary purpose of the Simultaneous Authentication of Equals (SAE) in WPA3? A. To provide a more secure authentication method B. To increase the range of wireless networks C. To improve the speed of wireless networks D. To enable backward compatibility with older devices

Answer: Option A.

What is the purpose of an Evil Twin attack? A. To disrupt a legitimate wireless network B. To impersonate a legitimate wireless access point and trick users into connecting to it C. To increase the range of a legitimate wireless network D. To force users to connect to a network with lower security protocols

Answer: Option B.

Which attack is specifically targeting WPA2? A. Evil Twin B. KRACK attack C. Downgrade attack D. aLTEr attack

Answer: Option B.

What does a downgrade attack accomplish? A. Forces users to use older, less secure protocols B. Increases the range of wireless networks C. Allows attackers to intercept encrypted traffic D. Impersonates a legitimate wireless access point

Answer: Option A.

Which of the following Bluetooth attacks is characterized by stealing someone's information through Bluetooth vulnerabilities? A. Bluejacking B. Bluesnarfing C. Bluesmacking D. Bluedriving

Answer: Option B.

Which of the following Bluetooth attacks involves sending unsolicited messages or spam to a Bluetooth-enabled device? A. Bluejacking B. Bluesnarfing C. Bluesmacking D. Bluedriving

Answer: Option A.

Which Bluetooth attack is focused on exploiting vulnerabilities to steal data from Bluetooth-enabled devices? A. Bluejacking B. Bluesnarfing C. Bluesmacking D. Bluedriving

Answer: Option B.

Which Bluetooth attack is characterized by launching a Denial of Service (DoS) attack on a Bluetooth-enabled device? A. Bluejacking B. Bluesnarfing C. Bluesmacking D. Bluedriving

Answer: Option C.

Which of the following Bluetooth attacks involves searching for and mapping Bluetooth-enabled devices in a given area? A. Bluejacking B. Bluesnarfing C. Bluesmacking D. Bluedriving

Answer: Option D.

Which Bluetooth utility can be used to sniff, jam, or hijack Bluetooth connections? A. BtleSniffer B. BlueSnarf C. BtleJack D. BlueJam

Answer: Option C.

In the BtleJack utility, which flag is used to select a connected device? A. -s B. -d C. -c D. -t

Answer: Option B.

Which flag in the BtleJack utility is used to sniff a connection? A. -s B. -d C. -c D. -t

Answer: Option A.

In the BtleJack utility, which flag is used to find a new connection to sniff? A. -s B. -d C. -c D. -t

Answer: Option C.

Which flag in the BtleJack utility allows you to hijack a Bluetooth connection? A. -s B. -d C. -c D. -t

Answer: Option D.

Which of the following is NOT a best-practice for WiFi configuration? A. Disable SSID broadcasts B. Use Port-Security (MAC filtering) C. Enable WPS for ease of use D. Use 802.1x (port-authentication)

Answer: Option C.

What does 802.1X provide in a network? A. Port-Authentication B. Signal boosting C. WPS support D. Wireless encryption

Answer: Option A.

What is the primary function of a WIPS (Wireless IPS)? A. Boosting WiFi signal strength B. Locating rogue access points and detecting wireless threats C. Enabling WPS functionality D. Providing wireless network analytics

Answer: Option B.

Which comprehensive suite of tools can be used for wireless Man in The Middle attacks and other useful tricks? A. Wireshark B. Nmap C. Ettercap D. Aircrack-ng

Answer: Option C.

What is the primary purpose of the Wash utility? A. Scan a network to find WPS-enabled APs B. Boost WiFi signal strength C. Analyze wireless network traffic D. Perform a network vulnerability assessment

Answer: A. Scan a network to find WPS-enabled APs

What is the main goal of the Agent Smith Attack? A. Encrypt the victim's device data B. Take control of the victim's device remotely C. Replace legitimate apps with malicious ones and display irrelevant advertisements for financial gain D. Disable the victim's device

Answer: C. Replace legitimate apps with malicious ones and display irrelevant advertisements for financial gain

What is the purpose of the AndroidManifest.xml file in Android applications? A. Store the application's source code B. Manage the application's dependencies C. Describe essential information about the application D. Provide a user interface for the application

Answer: C. Describe essential information about the application

Which type of iOS jailbreak allows the device to boot on its own and automatically enables jailbreak functionality upon each bootup? A. Tethered Jailbreak B. Semi-Tethered Jailbreak C. Semi-Untethered Jailbreak D. Untethered Jailbreak

Answer: D. Untethered Jailbreak

Which type of jailbreak requires the device to be connected to a computer for booting up? A. Tethered Jailbreak B. Semi-Tethered Jailbreak C. Semi-Untethered Jailbreak D. Untethered Jailbreak

Answer: A. Tethered Jailbreak

Which type of jailbreak allows the device to boot on its own, but requires connecting to a computer to use jailbreak functionality? A. Tethered Jailbreak B. Semi-Tethered Jailbreak C. Semi-Untethered Jailbreak D. Untethered Jailbreak

Answer: B. Semi-Tethered Jailbreak

Which type of jailbreak enables the device to boot independently and requires launching an app on the device to access jailbreak functionality? A. Tethered Jailbreak B. Semi-Tethered Jailbreak C. Semi-Untethered Jailbreak D. Untethered Jailbreak

Answer: C. Semi-Untethered Jailbreak

Which type of jailbreak allows the device to boot independently without any restrictions and enables jailbreak functionality automatically upon bootup? A. Tethered Jailbreak B. Semi-Tethered Jailbreak C. Semi-Untethered Jailbreak D. Untethered Jailbreak

Answer: D. Untethered Jailbreak

Which attack exploits the iTunes Wi-Fi Sync functionality between an iPhone and a computer? A. iOS Trustjacking B. Trident C. Blackjacking D. Spearphone attack

Answer: A. iOS Trustjacking

Which spyware targets iPhones for the purpose of spying on the user? A. iOS Trustjacking B. Trident C. Blackjacking D. Spearphone attack

Answer: B. Trident

Which attack is focused on hijacking someone's Blackberry to gain access to their corporate network? A. iOS Trustjacking B. Trident C. Blackjacking D. Spearphone attack

Answer: C. Blackjacking

What type of attack involves a malicious Android app that allows an attacker to eavesdrop on the phone's speaker? A. iOS Trustjacking B. Trident C. Blackjacking D. Spearphone attack

Answer: D. Spearphone attack

What technique involves disassembling and extracting the source code of an application to find vulnerabilities? A. iOS Trustjacking B. Trident C. Blackjacking D. Reverse Engineering

Answer: D. Reverse Engineering

Which tool is commonly used in a Blackjacking attack? A. Ettercap B. BBProxy C. sqlmap D. Wash utility

Answer: B. BBProxy

What type of radio is used to generate radio communications and process radio signals through software? A. HMI Radio B. SDR (Software Defined Radio) C. OT Radio D. FCC Radio

Answer: B. SDR (Software Defined Radio)

What type of control system is commonly targeted by attackers in OT networks? A. SDR systems B. IoT devices C. HMI (Human Machine Interface) D. Power supply systems

Answer: C. HMI (Human Machine Interface)

What type of attack involves injecting faults or glitches into the power supply and clock network of a chip? A. Power/Clock/Reset Glitching B. SDR-Based attacks C. HMI-based attack D. IoT hacking

Answer: A. Power/Clock/Reset Glitching

Which port should be monitored to defend against IoT hacking, as it was used by the famous Mirai botnet to infect IoT devices in 2016? A. 48101 B. 80 C. 443 D. 8080

Answer: A. 48101