Brainscape's Knowledge GenomeTM

Browse over 1 million classes created by top students, professors, publishers, and experts.


See full index

CEH Notes > CEH Notes 05 > Flashcards

CEH Notes 05 Flashcards

1
Q

Which cloud computing service model offers the infrastructure required to host and run applications over the internet?
A. IaaS
B. PaaS
C. SaaS
D. FaaS

A

Answer: A. IaaS

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

Which cloud deployment model involves a combination of public and private cloud services?
A. Public
B. Private
C. Hybrid
D. Community

A

Answer: C. Hybrid

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

What is the main principle of Zero Trust networks?
A. Trust all connections based on location
B. Trust all connections based on IP address
C. Never trust a connection based on location or IP address
D. Trust only connections from known users

A

Answer: C. Never trust a connection based on location or IP address

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

What is the primary concern with vendor lock-in?
A. The inability to access data
B. The cost of breaking the contract or switching to another provider is prohibitive
C. Vendors are not reliable
D. Vendor lock-in prevents customization

A

Answer: B. The cost of breaking the contract or switching to another provider is prohibitive

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

What is Docker primarily used for?
A. Managing cloud resources
B. Running virtual machines
C. Delivering software in packages called containers
D. Orchestration of container deployments

A

Answer: C. Delivering software in packages called containers

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

What is Kubernetes primarily used for?
A. Running virtual machines
B. Delivering software in packages called containers
C. Orchestration and management of containers and microservices
D. Monitoring cloud resources

A

Answer: C. Orchestration and management of containers and microservices

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

What type of attack is the Cloud Hopper attack?
A. Targets bare-metal cloud servers
B. Targets cloud service firms and MSPs through spear-phishing emails
C. Attacks cloud resources through DDoS attacks
D. Exploits vulnerabilities in cloud infrastructure

A

Answer: B. Targets cloud service firms and MSPs through spear-phishing emails

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

What is the main goal of a Cloudborne attack?
A. Steal user credentials
B. Implant a malicious backdoor in a bare-metal cloud server’s firmware
C. Gain unauthorized access to cloud resources
D. Compromise containers running on cloud platforms

A

Answer: B. Implant a malicious backdoor in a bare-metal cloud server’s firmware

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

Which encryption approach generates a MAC for the plaintext using the hash function, and then combines the MAC with the plaintext before encryption?
A. Authenticated encryption with associated data (AEAD)
B. MAC-then-Encrypt (MtE)
C. Encrypt-and-MAC (E&M)
D. Encrypt-then-MAC (EtM)

A

Answer: B. MAC-then-Encrypt (MtE)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

Which encryption approach generates a MAC for the plaintext first, followed by encryption of the plaintext, and then combines the ciphertext and MAC for transmission?
A. Authenticated encryption with associated data (AEAD)
B. MAC-then-Encrypt (MtE)
C. Encrypt-and-MAC (E&M)
D. Encrypt-then-MAC (EtM)

A

Answer: C. Encrypt-and-MAC (E&M)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

Which encryption approach keeps the message header unencrypted to allow the receiver to verify the source of the message and encrypts the payload to ensure confidentiality?
A. Authenticated encryption with associated data (AEAD)
B. MAC-then-Encrypt (MtE)
C. Encrypt-and-MAC (E&M)
D. Encrypt-then-MAC (EtM)

A

Answer: A. Authenticated encryption with associated data (AEAD)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

Which encryption approach encrypts the plaintext first using a secret key and then generates a hash value called message authentication code (MAC) for the obtained ciphertext?
A. Authenticated encryption with associated data (AEAD)
B. MAC-then-Encrypt (MtE)
C. Encrypt-and-MAC (E&M)
D. Encrypt-then-MAC (EtM)

A

Answer: D. Encrypt-then-MAC (EtM)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

Is the DES algorithm symmetric or asymmetric?
A. DES
B. RSA
C. YAK
D. Diffie-Hellman

A

Answer: A. DES (Symmetric)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

Is the Blowfish algorithm symmetric or asymmetric?
A. Blowfish
B. RSA
C. TEA
D. SHA

A

Answer: A. Blowfish (Symmetric)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

Is the RC4 algorithm symmetric or asymmetric?
A. RC4
B. MD5
C. Threefish
D. GOST Block Cipher

A

Answer: A. RC4 (Symmetric)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

Is the RC5 algorithm symmetric or asymmetric?
A. RC5
B. Serpent
C. SHA
D. MD6

A

Answer: A. RC5 (Symmetric)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
17
Q

Is the CAST-128 algorithm symmetric or asymmetric?
A. CAST-128
B. RC6
C. Twofish
D. RIPEMD-160

A

Answer: A. CAST-128 (Symmetric)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
18
Q

Which algorithm uses the Feistel structure and has a key size of 56 bits and a block size of 64 bits, and is vulnerable to brute-force attacks?
A. DES
B. 3DES
C. RC6
D. Blowfish

A

Answer: A. DES (Feistel, 56/64, Brute-force attack)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
19
Q

Which algorithm uses a substitution-permutation structure and has a key size of up to 256 bits and a block size of 128 bits, and is vulnerable to side-channel attacks?
A. AES
B. RC4
C. Serpent
D. SHA

A

Answer: A. AES (Substitution-permutation, Up to 256/128, Side-channel attack)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
20
Q

Which algorithm uses a tweakable block cipher/non-Feistel structure and has a key size of up to 1024 bits and a block size of 1024 bits, and is vulnerable to boomerang attacks?
A. Threefish
B. TEA
C. CAST-128
D. YAK

A

Answer: A. Threefish (Tweakable block cipher/Non-Feistel, Up to 1024/1024, Boomerang attack)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
21
Q

Which algorithm uses the Merkle-Damgard construction and has a key size of up to 320 bits and a block size of 512 bits, and is vulnerable to collision attacks?
A. MD5
B. SHA
C. RIPEMD-160
D. MD6

A

Answer: RIPEMD-160

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
22
Q

Which algorithm uses factorization and has a variable key size, and is vulnerable to brute force and timing attacks?
A. RSA
B. Diffie-Hellman
C. GOST Block Cipher
D. Twofish

A

Answer: A. RSA (Factorization, Variable, Brute force and timing attack)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
23
Q

Which algorithm uses the Feistel structure and has a key size of up to 2040 bits and a block size of 128 bits, and is vulnerable to timing attacks?
A. RC5
B. Serpent
C. Threefish
D. YAK

A

Answer: A. RC5 (Feistel, Up to 2040/128, Timing attack)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
24
Q

Which algorithm uses the Feistel structure and has a key size of 32-448 bits, and is vulnerable to birthday attacks and known-plaintext attacks?
A. Blowfish
B. RC6
C. CAST-128
D. AES

A

Answer: A. Blowfish (Feistel, 32-448 bits, Birthday attack and known-plaintext attack)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
25
Q

Which algorithm uses the random-permutation structure and has a key size of up to 2048/2064 bits, and is vulnerable to NOMORE attacks?
A. RC4
B. RC6
C. SHA
D. GOST Block Cipher

A

Answer: A. RC4 (Random-permutation, Up to 2048/2064, NOMORE attack)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
26
Q

Which algorithm uses the HMAC structure and has a key size of 256 bits and a block size of 64 bits, and is vulnerable to chosen-key attacks?
A. GOST Block Cipher
B. RC6
C. Threefish
D. MD5

A

Answer: A. GOST Block Cipher (HMAC, 256/64, Chosen-key attack)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
27
Q

Which algorithm uses the nondeterministic finite automation (NFA) structure and has a variable key size, and is vulnerable to man-in-the-middle attacks?
A. YAK
B. RC6
C. AES
D. SHA

A

Answer: A. YAK (Nondeterministic Finite automation (NFA), Variable, Man-in-the-Middle attack)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
28
Q

Which algorithm uses the Merkle-Damgard construction and has a key size of 160 bits and a block size of 512 bits, and is vulnerable to brute-force and birthday attacks?
A. MD6
B. SHA
C. RIPEMD-160
D. AES

A

Answer: A. MD6 (Merkle-Damgard Construction, 160/512, Brute-force attack/Birthday attack)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
29
Q

Which algorithm uses the elliptic curves/algebraic structure and has a variable key size, and is vulnerable to collision attacks?
A. Diffie-Hellman
B. RSA
C. TEA
D. Twofish

A

Answer: A. Diffie-Hellman (Elliptic Curves/Algebraic, Variable, Collision attack)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
30
Q

Which algorithm uses the substitution-permutation structure and has a key size of up to 256 bits and a block size of 128 bits, and is vulnerable to XSL and Meet-in-the-Middle attacks?
A. Serpent
B. RC4
C. GOST Block Cipher
D. MD5

A

Answer: A. Serpent (Substitution-permutation, Up to 256/128, XSL and Meet-in-the-Middle attack)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
31
Q

Which algorithm uses the Feistel structure and has a key size of up to 128 bits and a block size of 64 bits, and is vulnerable to known-plaintext attacks?
A. CAST-128
B. RC6
C. Threefish
D. SHA

A

Answer: A. CAST-128 (Feistel, Up to 128/64, Known-plaintext attack)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
32
Q

Which algorithm uses the Feistel structure and has a key size of up to 128 bits and a block size of 64 bits, and is vulnerable to known-plaintext attacks?
A. CAST-128
B. RC6
C. Threefish
D. SHA

A

Answer: A. CAST-128 (Feistel, Up to 128/64, Known-plaintext attack)

Which algorithm uses the Merkle-Damgard construction and has a variable key size, and is vulnerable to key share and key replication attacks?
A. MD5
B. SHA
C. RIPEMD-160
D. TEA
Answer: A. MD5 (Merkle-Damgard Construction, Variable, Key share and key replication attack)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
33
Q

Which algorithm uses the Feistel structure and has a key size of 112 or 168 bits, and is vulnerable to block collision attacks?
A. 3DES
B. RC4
C. Twofish
D. MD6

A

Answer: A. 3DES (Feistel, 112 or 168 bits, Block collision attack)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
34
Q

Which algorithm uses the Feistel structure and has a key size of up to 256 bits and a block size of 128 bits, and is vulnerable to power analysis attacks?
A. Twofish
B. RC6
C. SHA
D. AES

A

Answer: A. Twofish (Feistel, Up to 256/128, Power analysis attack)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
35
Q

Which algorithm uses the Feistel structure and has a key size of up to 256 bits and a block size of 128 bits, and is vulnerable to brute-force attacks?
A. RC6
B. Serpent
C. AES
D. SHA

A

Answer: A. RC6 (Feistel, Up to 256/128, Brute-force attack)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
36
Q

Which algorithm uses the Merkle-Damgard construction and has a variable key size, and is vulnerable to collision attacks?
A. SHA
B. RIPEMD-160
C. MD6
D. GOST Block Cipher

A

Answer: A. SHA (Merkle-Damgard Construction, Up to 320/512, Collision attack)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
37
Q

Which algorithm uses the HMAC structure and has a variable key size, and is vulnerable to related-key attacks?
A. TEA
B. GOST Block Cipher
C. Threefish
D. MD5

A

Answer: A. TEA (Feistel, Up to 128/64, Related-key attack)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
38
Q

Which algorithm uses the random-permutation structure and has a key size of up to 2048/2064 bits, and is vulnerable to NOMORE attacks?
A. RC4
B. RC6
C. SHA
D. GOST Block Cipher

A

Answer: A. RC4 (Random-permutation, Up to 2048/2064, NOMORE attack)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
39
Q

Which algorithm uses the Merkle-Damgard construction and has a variable key size, and is vulnerable to collision attacks?
A. RIPEMD-160
B. MD6
C. SHA
D. GOST Block Cipher

A

Answer: A. B. MD6 (Merkle-Damgard Construction, Variable, Collision attack)

40
Q

Which algorithm uses the Feistel structure and has a key size of up to 128/64 bits, and is vulnerable to related-key attacks?
A. CAST-128
B. TEA
C. RC5
D. 3DES

A

Answer: B. TEA (Feistel, Up to 128/64, Related-key attack)

41
Q

Which algorithm uses the Merkle-Damgard construction and has a variable key size, and is vulnerable to key share and key replication attacks?
A. MD5
B. SHA
C. RIPEMD-160
D. MD6

A

Answer: A. MD5 (Merkle-Damgard Construction, Variable, Key share and key replication attack)

42
Q

Which algorithm uses the elliptic curves/algebraic structure and has a variable key size, and is vulnerable to collision attacks?
A. RSA
B. Diffie-Hellman
C. GOST Block Cipher
D. SHA

A

Answer: B. Diffie-Hellman (Elliptic Curves/Algebraic, Variable, Collision attack)

43
Q

Which algorithm uses the substitution-permutation structure and has a key size of up to 256 bits and a block size of 128 bits, and is vulnerable to XSL and Meet-in-the-Middle attacks?
A. Serpent
B. RC4
C. GOST Block Cipher
D. MD5

A

Answer: A. Serpent (Substitution-permutation, Up to 256/128, XSL and Meet-in-the-Middle attack)

44
Q

Which algorithm uses the Merkle-Damgard construction and has a variable key size, and is vulnerable to collision attacks?
A. RIPEMD-160
B. MD6
C. SHA
D. GOST Block Cipher

A

Answer: A. RIPEMD-160 (Merkle-Damgard Construction, Variable, Collision attack)

45
Q

Which algorithm uses the Feistel structure and has a key size of up to 256/128 bits, and is vulnerable to brute-force attacks?
A. RC6
B. Serpent
C. AES
D. SHA

A

Answer: A. RC6 (Feistel, Up to 256/128, Brute-force attack)

46
Q

Which algorithm uses the Merkle-Damgard construction and has a variable key size, and is vulnerable to key share and key replication attacks?
A. MD5
B. SHA
C. RIPEMD-160
D. MD6

A

Answer: A. MD5 (Merkle-Damgard Construction, Variable, Key share and key replication attack)

47
Q

Which algorithm uses the Feistel structure and has a key size of 32-448 bits, and is vulnerable to birthday attacks and known-plaintext attacks?
A. Blowfish
B. RC6
C. CAST-128
D. AES

A

Answer: A. Blowfish (Feistel, 32-448 bits, Birthday attack and known-plaintext attack)

48
Q

Quiz 1: What is the main drawback to symmetric ciphers?
A. They are slow
B. They require two keys
C. They can only encrypt small amounts of data
D. There is no built-in way to exchange the key

A

Answer: D. There is no built-in way to exchange the key.

49
Q

Quiz 2: Which type of cipher creates a Public-Private key pair?
A. Symmetric cipher
B. Asymmetric cipher
C. Hashing algorithm
D. Key escrow

A

Answer: B. Asymmetric cipher.

50
Q

Quiz 3: What is the purpose of hashing algorithms?
A. To encrypt data
B. To decrypt data
C. To check for data integrity
D. To exchange keys

A

Answer: C. To check for data integrity.

51
Q

Quiz 4: What is the output size for MD5?
A. 32 (hex) character
B. 40 (hex) character
C. 128 bits
D. 160 bits

A

Answer: A. 32 (hex) character.

52
Q

Quiz 5: What is the purpose of a Trusted Platform Module (TPM)?
A. To generate and store encryption keys
B. To encrypt and decrypt data on your hard disk
C. To act as a CA and sign public keys
D. To back up private keys for safekeeping

A

Answer: A. To generate and store encryption keys.

53
Q

What is a collision problem in hashing algorithms?
a) A problem where two different source messages produce the same message digest
b) A problem where the message digest cannot be computed
c) A problem where the hash function is not secure
d) A problem where the message length is too long

A

Answer: a) A problem where two different source messages produce the same message digest

54
Q

Which hashing algorithm is prone to collision attacks?
a) SHA-256
b) SHA-1
c) SHA-512
d) SHA-384

A

Answer: b) SHA-1

55
Q

What is collision resistance in hashing algorithms?
a) The ability for a hashing algorithm to produce less collisions
b) The ability for a hashing algorithm to prevent all collisions
c) The ability for a hashing algorithm to compute the message digest faster
d) The ability for a hashing algorithm to generate longer message digests

A

Answer: a) The ability for a hashing algorithm to produce less collisions

56
Q

What is a collision attack?
a) An attempt to find two messages that produce the same hash
b) An attempt to break the encryption key
c) An attempt to compute the message digest faster
d) An attempt to generate longer message digests

A

Answer: a) An attempt to find two messages that produce the same hash

57
Q

Which hashing algorithm is also prone to collision attacks?
a) SHA-512
b) SHA-384
c) SHA-256
d) MD5

A

Answer: d) MD5

58
Q

What is key escrow?
a) The process of exchanging encryption keys
b) The process of backing up private keys for safekeeping
c) The process of storing public keys in a safe location
d) The process of generating encryption keys

A

Answer: b) The process of backing up private keys for safekeeping

59
Q

What is the role of a recovery agent in key escrow?
a) To generate encryption keys
b) To store public keys in a safe location
c) To back up private keys for safekeeping
d) To exchange encryption keys

A

Answer: c) To back up private keys for safekeeping

60
Q

Why should you never give your private key to anyone?
a) Because private keys are not necessary for encryption
b) Because private keys can be easily guessed
c) Because private keys are used to decrypt sensitive data
d) Because private keys should be kept confidential

A

Answer: d) Because private keys should be kept confidential

61
Q

What is the purpose of key escrow?
a) To exchange encryption keys
b) To generate encryption keys
c) To store encryption keys in a safe location
d) To back up encryption keys for safekeeping

A

Answer: d) To back up encryption keys for safekeeping

62
Q

What is the name of the program that can encrypt data such as e-mails?
a) SHA-1
b) PGP
c) TPM
d) MD5

A

Answer: b) PGP

63
Q

What is PGP?
a) A hashing algorithm
b) An encryption tool
c) A decryption tool
d) A symmetric cipher

A

Answer: b) An encryption tool

64
Q

What is RSA used for in PGP?
a) Symmetric-key exchange
b) Bulk data encryption
c) Key escrow
d) Integrity checking

A

Answer: a) Symmetric-key exchange

65
Q

What is IDEA used for in PGP?
a) Symmetric-key exchange
b) Bulk data encryption
c) Key escrow
d) Integrity checking

A

Answer: b) Bulk

66
Q

What is the DROWN attack?
a) An attack that exploits a vulnerability in the SSL protocol to expose a webserver’s private key
b) An attack that breaks encryption through adaptive chosen plaintext
c) An attack that gets someone’s encryption key through coercion or torture
d) An attack that attempts to find two messages that produce the same hash

A

Answer: a

67
Q

What is the solution to the DROWN attack?
a) Enabling SSL v2 connections
b) Using the same certificate for both TLS and SSL v2 connections
c) Disabling SSL
d) None of the above

A

Answer: c

68
Q

What is the Heartbleed vulnerability?
a) An attack that exploits a vulnerability in the SSL protocol to expose a webserver’s private key
b) An attack that breaks encryption through adaptive chosen plaintext
c) An attack that gets someone’s encryption key through coercion or torture
d) An attack that attempts to find two messages that produce the same hash

A

Answer: a

69
Q

What is cryptanalysis?
a) An attack that exploits a vulnerability in the SSL protocol to expose a webserver’s private key
b) An attack that breaks encryption through adaptive chosen plaintext
c) An attack that gets someone’s encryption key through coercion or torture
d) An attack that attempts to find two messages that produce the same hash

A

Answer: b

70
Q

What is a rubber-hose attack?
a) An attack that exploits a vulnerability in the SSL protocol to expose a webserver’s private key
b) An attack that breaks encryption through adaptive chosen plaintext
c) An attack that gets someone’s encryption key through coercion or torture
d) An attack that attempts to find two messages that produce the same hash

A

Answer: c

71
Q

What is key stretching?
a) An attack that exploits a vulnerability in the SSL protocol to expose a webserver’s private key
b) An attack that breaks encryption through adaptive chosen plaintext
c) The process of strengthening a key by making it longer
d) An attack that attempts to find two messages that produce the same hash

A

Answer: c

72
Q

What is a web of trust?
a) The practice of giving your private key to your administrator for safekeeping
b) The process of signing each other’s public keys for distribution
c) An attempt to find two messages that produce the same hash
d) None of the above

A

Answer: b

73
Q

What is the name of the vulnerability in SSL v2 that allows an attacker to get a web server’s private key?
A. DROWN attack
B. Heartbleed
C. Cryptanalysis
D. Rubber-Hose attack

A

Answer: A. DROWN attack

74
Q

What is the process of strengthening a key by making it longer called?
A. Cryptanalysis
B. Rubber-Hose attack
C. Key Stretching
D. DROWN attack

A

Answer: C. Key Stretching

75
Q

What is the name of the encryption program that can encrypt data such as emails and uses RSA for symmetric-key exchange and IDEA for bulk data encryption?
A. GPG
B. PGP
C. TPM
D. SHA-1

A

Answer: B. PGP

76
Q

What is the name of the security model used by PGP, GPG, etc where each user acts as a CA and signs each other’s public keys for distribution?
A. TPM
B. Web-of-Trust
C. DROWN attack
D. Key Escrow

A

Answer: B. Web-of-Trust

77
Q

Which vulnerability with the SSL protocol from 2014 exposed a web server’s private key?
A. Heartbleed
B. DROWN attack
C. Cryptanalysis
D. Rubber-Hose attack

A

Answer: A. Heartbleed

78
Q

What is the primary function of Nmap?
A. Password cracking
B. Vulnerability scanning
C. Network discovery
D. Sniffing network traffic

A

Answer: C. Network discovery

79
Q

Which of the following is a web application vulnerability scanner?
A. Burp Suite
B. Metasploit
C. Wireshark
D. Aircrack-ng

A

Answer: A. Burp Suite

80
Q

Which tool is used for wireless network auditing and penetration testing?
A. Metasploit
B. Cain and Abel
C. Aircrack-ng
D. Hydra

A

Answer: C. Aircrack-ng

81
Q

What is the purpose of John the Ripper?
A. Network scanning
B. Password cracking
C. Web application testing
D. Traffic analysis

A

Answer: B. Password cracking

82
Q

Which tool is used for performing network traffic analysis and protocol decoding?
A. Wireshark
B. Nessus
C. Nikto
D. John the Ripper

A

Answer: A. Wireshark

83
Q

What is the tool Hydra used for in ethical hacking?
A. Network scanning
B. Password cracking
C. SQL injection
D. Denial-of-service attacks

A

Answer: B. Password cracking

84
Q

What is the tool Sqlmap used for in ethical hacking?
A. Network scanning
B. Password cracking
C. SQL injection
D. Web application security testing

A

Answer: C. SQL injection

85
Q

What is the tool THC-Hydra used for in ethical hacking?
A. Network scanning
B. Password cracking
C. SQL injection
D. Denial-of-service attacks

A

Answer: B. Password cracking

86
Q

What is the tool Social-Engineer Toolkit (SET) used for in ethical hacking?
A. Network scanning
B. Password cracking
C. SQL injection
D. Social engineering

A

Answer: D. Social engineering

87
Q

What is fuzzing in the context of computer security?
A. A technique for detecting and exploiting software vulnerabilities
B. The practice of gathering intelligence by monitoring network traffic
C. The use of encryption to secure sensitive data
D. Sending a lot of random characters/numbers to a program in an attempt to crash it

A

Answer: D. Sending a lot of random characters/numbers to a program in an attempt to crash it.

88
Q

What is Black Hat Search Engine Optimization (SEO)?
A. Using ethical SEO techniques to get higher search engine rankings
B. Using aggressive SEO tactics to get higher search engine rankings for malware pages
C. Using social engineering to trick search engines into ranking pages higher
D. Using legitimate advertising channels to spread malware on systems

A

Answer: B. Using aggressive SEO tactics to get higher search engine rankings for malware pages

89
Q

What is Social Engineered Click-jacking?
A. Injecting malware into websites that appear legitimate to trick users into clicking them
B. Creating fake social media profiles to trick users into revealing personal information
C. Sending malicious links via social media platforms
D. Using social engineering to convince users to install malware on their devices

A

Answer: A. Injecting malware into websites that appear legitimate to trick users into clicking them

90
Q

What are Spear-phishing Sites used for?
A. Spreading malware through legitimate advertising channels
B. Mimicking legitimate institutions to steal sensitive information
C. Hacking into social media accounts
D. Disguising malware as legitimate software updates

A

Answer: B. Mimicking legitimate institutions to steal sensitive information

91
Q

What is Malvertising?
A. Using social engineering to trick users into installing malware
B. Embedding malware-laden advertisements in legitimate online advertising channels
C. Creating fake social media profiles to trick users into revealing personal information
D. Injecting malware into websites that appear legitimate to trick users into clicking them

A

Answer: B. Embedding malware-laden advertisements in legitimate online advertising channels

92
Q

How do attackers use Compromised Legitimate Websites to spread malware?
A. By sending malicious links via social media platforms
B. By embedding malware in legitimate software updates
C. By tricking users into clicking on malicious email attachments
D. By infecting the website and compromising systems of unsuspecting users who visit the site

A

Answer: D. By infecting the website and compromising systems of unsuspecting users who visit the site

93
Q

What is Drive-by Downloads?
A. The unintentional downloading of software via the Internet
B. The intentional downloading of software via the Internet
C. The intentional downloading of software from a physical location
D. The unintentional downloading of software from a physical location

A

Answer: A. The unintentional downloading of software via the Internet

94
Q

What is the most common method used by attackers to spread malware?
A. Compromised Legitimate Websites
B. Drive-by Downloads
C. Social Engineered Click-jacking
D. Spam Emails

A

Answer: D. Spam Emails

95
Q

What is Rich Text Format (RTF) Injection?
A. Exploiting features of Microsoft Office to execute malware
B. Tricking users into revealing sensitive information
C. Spreading malware through social media platforms
D. Creating fake social media profiles to trick users

A

Answer: A. Exploiting features of Microsoft Office to execute malware

CEH Notes (7 decks)

Brainscape helps you reach your goals faster, through stronger study habits.
© 2024 Bold Learning Solutions. Terms and Conditions