CEH Notes 05 Flashcards by Naser aljufairah

Which cloud computing service model offers the infrastructure required to host and run applications over the internet?
A. IaaS
B. PaaS
C. SaaS
D. FaaS

Answer: A. IaaS

How well did you know this?

Not at all

Perfectly

Which cloud deployment model involves a combination of public and private cloud services?
A. Public
B. Private
C. Hybrid
D. Community

Answer: C. Hybrid

How well did you know this?

Not at all

Perfectly

What is the main principle of Zero Trust networks?
A. Trust all connections based on location
B. Trust all connections based on IP address
C. Never trust a connection based on location or IP address
D. Trust only connections from known users

Answer: C. Never trust a connection based on location or IP address

How well did you know this?

Not at all

Perfectly

What is the primary concern with vendor lock-in?
A. The inability to access data
B. The cost of breaking the contract or switching to another provider is prohibitive
C. Vendors are not reliable
D. Vendor lock-in prevents customization

Answer: B. The cost of breaking the contract or switching to another provider is prohibitive

How well did you know this?

Not at all

Perfectly

What is Docker primarily used for?
A. Managing cloud resources
B. Running virtual machines
C. Delivering software in packages called containers
D. Orchestration of container deployments

Answer: C. Delivering software in packages called containers

How well did you know this?

Not at all

Perfectly

What is Kubernetes primarily used for?
A. Running virtual machines
B. Delivering software in packages called containers
C. Orchestration and management of containers and microservices
D. Monitoring cloud resources

Answer: C. Orchestration and management of containers and microservices

How well did you know this?

Not at all

Perfectly

What type of attack is the Cloud Hopper attack?
A. Targets bare-metal cloud servers
B. Targets cloud service firms and MSPs through spear-phishing emails
C. Attacks cloud resources through DDoS attacks
D. Exploits vulnerabilities in cloud infrastructure

Answer: B. Targets cloud service firms and MSPs through spear-phishing emails

How well did you know this?

Not at all

Perfectly

What is the main goal of a Cloudborne attack?
A. Steal user credentials
B. Implant a malicious backdoor in a bare-metal cloud server’s firmware
C. Gain unauthorized access to cloud resources
D. Compromise containers running on cloud platforms

Answer: B. Implant a malicious backdoor in a bare-metal cloud server’s firmware

How well did you know this?

Not at all

Perfectly

Which encryption approach generates a MAC for the plaintext using the hash function, and then combines the MAC with the plaintext before encryption?
A. Authenticated encryption with associated data (AEAD)
B. MAC-then-Encrypt (MtE)
C. Encrypt-and-MAC (E&M)
D. Encrypt-then-MAC (EtM)

Answer: B. MAC-then-Encrypt (MtE)

How well did you know this?

Not at all

Perfectly

Which encryption approach generates a MAC for the plaintext first, followed by encryption of the plaintext, and then combines the ciphertext and MAC for transmission?
A. Authenticated encryption with associated data (AEAD)
B. MAC-then-Encrypt (MtE)
C. Encrypt-and-MAC (E&M)
D. Encrypt-then-MAC (EtM)

Answer: C. Encrypt-and-MAC (E&M)

How well did you know this?

Not at all

Perfectly

Which encryption approach keeps the message header unencrypted to allow the receiver to verify the source of the message and encrypts the payload to ensure confidentiality?
A. Authenticated encryption with associated data (AEAD)
B. MAC-then-Encrypt (MtE)
C. Encrypt-and-MAC (E&M)
D. Encrypt-then-MAC (EtM)

Answer: A. Authenticated encryption with associated data (AEAD)

How well did you know this?

Not at all

Perfectly

Which encryption approach encrypts the plaintext first using a secret key and then generates a hash value called message authentication code (MAC) for the obtained ciphertext?
A. Authenticated encryption with associated data (AEAD)
B. MAC-then-Encrypt (MtE)
C. Encrypt-and-MAC (E&M)
D. Encrypt-then-MAC (EtM)

Answer: D. Encrypt-then-MAC (EtM)

How well did you know this?

Not at all

Perfectly

Is the DES algorithm symmetric or asymmetric?
A. DES
B. RSA
C. YAK
D. Diffie-Hellman

Answer: A. DES (Symmetric)

How well did you know this?

Not at all

Perfectly

Is the Blowfish algorithm symmetric or asymmetric?
A. Blowfish
B. RSA
C. TEA
D. SHA

Answer: A. Blowfish (Symmetric)

How well did you know this?

Not at all

Perfectly

Is the RC4 algorithm symmetric or asymmetric?
A. RC4
B. MD5
C. Threefish
D. GOST Block Cipher

Answer: A. RC4 (Symmetric)

How well did you know this?

Not at all

Perfectly

Is the RC5 algorithm symmetric or asymmetric?
A. RC5
B. Serpent
C. SHA
D. MD6

Answer: A. RC5 (Symmetric)

How well did you know this?

Not at all

Perfectly

Is the CAST-128 algorithm symmetric or asymmetric?
A. CAST-128
B. RC6
C. Twofish
D. RIPEMD-160

Answer: A. CAST-128 (Symmetric)

How well did you know this?

Not at all

Perfectly

Which algorithm uses the Feistel structure and has a key size of 56 bits and a block size of 64 bits, and is vulnerable to brute-force attacks?
A. DES
B. 3DES
C. RC6
D. Blowfish

Answer: A. DES (Feistel, 56/64, Brute-force attack)

How well did you know this?

Not at all

Perfectly

Which algorithm uses a substitution-permutation structure and has a key size of up to 256 bits and a block size of 128 bits, and is vulnerable to side-channel attacks?
A. AES
B. RC4
C. Serpent
D. SHA

Answer: A. AES (Substitution-permutation, Up to 256/128, Side-channel attack)

How well did you know this?

Not at all

Perfectly

Which algorithm uses a tweakable block cipher/non-Feistel structure and has a key size of up to 1024 bits and a block size of 1024 bits, and is vulnerable to boomerang attacks?
A. Threefish
B. TEA
C. CAST-128
D. YAK

Answer: A. Threefish (Tweakable block cipher/Non-Feistel, Up to 1024/1024, Boomerang attack)

How well did you know this?

Not at all

Perfectly

Which algorithm uses the Merkle-Damgard construction and has a key size of up to 320 bits and a block size of 512 bits, and is vulnerable to collision attacks?
A. MD5
B. SHA
C. RIPEMD-160
D. MD6

Answer: RIPEMD-160

How well did you know this?

Not at all

Perfectly

Which algorithm uses factorization and has a variable key size, and is vulnerable to brute force and timing attacks?
A. RSA
B. Diffie-Hellman
C. GOST Block Cipher
D. Twofish

Answer: A. RSA (Factorization, Variable, Brute force and timing attack)

How well did you know this?

Not at all

Perfectly

Which algorithm uses the Feistel structure and has a key size of up to 2040 bits and a block size of 128 bits, and is vulnerable to timing attacks?
A. RC5
B. Serpent
C. Threefish
D. YAK

Answer: A. RC5 (Feistel, Up to 2040/128, Timing attack)

How well did you know this?

Not at all

Perfectly

Which algorithm uses the Feistel structure and has a key size of 32-448 bits, and is vulnerable to birthday attacks and known-plaintext attacks?
A. Blowfish
B. RC6
C. CAST-128
D. AES

Answer: A. Blowfish (Feistel, 32-448 bits, Birthday attack and known-plaintext attack)

How well did you know this?

Not at all

Perfectly

Which algorithm uses the random-permutation structure and has a key size of up to 2048/2064 bits, and is vulnerable to NOMORE attacks? A. RC4 B. RC6 C. SHA D. GOST Block Cipher

Answer: A. RC4 (Random-permutation, Up to 2048/2064, NOMORE attack)

Which algorithm uses the HMAC structure and has a key size of 256 bits and a block size of 64 bits, and is vulnerable to chosen-key attacks? A. GOST Block Cipher B. RC6 C. Threefish D. MD5

Answer: A. GOST Block Cipher (HMAC, 256/64, Chosen-key attack)

Which algorithm uses the nondeterministic finite automation (NFA) structure and has a variable key size, and is vulnerable to man-in-the-middle attacks? A. YAK B. RC6 C. AES D. SHA

Answer: A. YAK (Nondeterministic Finite automation (NFA), Variable, Man-in-the-Middle attack)

Which algorithm uses the Merkle-Damgard construction and has a key size of 160 bits and a block size of 512 bits, and is vulnerable to brute-force and birthday attacks? A. MD6 B. SHA C. RIPEMD-160 D. AES

Answer: A. MD6 (Merkle-Damgard Construction, 160/512, Brute-force attack/Birthday attack)

Which algorithm uses the elliptic curves/algebraic structure and has a variable key size, and is vulnerable to collision attacks? A. Diffie-Hellman B. RSA C. TEA D. Twofish

Answer: A. Diffie-Hellman (Elliptic Curves/Algebraic, Variable, Collision attack)

Which algorithm uses the substitution-permutation structure and has a key size of up to 256 bits and a block size of 128 bits, and is vulnerable to XSL and Meet-in-the-Middle attacks? A. Serpent B. RC4 C. GOST Block Cipher D. MD5

Answer: A. Serpent (Substitution-permutation, Up to 256/128, XSL and Meet-in-the-Middle attack)

Which algorithm uses the Feistel structure and has a key size of up to 128 bits and a block size of 64 bits, and is vulnerable to known-plaintext attacks? A. CAST-128 B. RC6 C. Threefish D. SHA

Answer: A. CAST-128 (Feistel, Up to 128/64, Known-plaintext attack)

Which algorithm uses the Feistel structure and has a key size of up to 128 bits and a block size of 64 bits, and is vulnerable to known-plaintext attacks? A. CAST-128 B. RC6 C. Threefish D. SHA

Answer: A. CAST-128 (Feistel, Up to 128/64, Known-plaintext attack) Which algorithm uses the Merkle-Damgard construction and has a variable key size, and is vulnerable to key share and key replication attacks? A. MD5 B. SHA C. RIPEMD-160 D. TEA Answer: A. MD5 (Merkle-Damgard Construction, Variable, Key share and key replication attack)

Which algorithm uses the Feistel structure and has a key size of 112 or 168 bits, and is vulnerable to block collision attacks? A. 3DES B. RC4 C. Twofish D. MD6

Answer: A. 3DES (Feistel, 112 or 168 bits, Block collision attack)

Which algorithm uses the Feistel structure and has a key size of up to 256 bits and a block size of 128 bits, and is vulnerable to power analysis attacks? A. Twofish B. RC6 C. SHA D. AES

Answer: A. Twofish (Feistel, Up to 256/128, Power analysis attack)

Which algorithm uses the Feistel structure and has a key size of up to 256 bits and a block size of 128 bits, and is vulnerable to brute-force attacks? A. RC6 B. Serpent C. AES D. SHA

Answer: A. RC6 (Feistel, Up to 256/128, Brute-force attack)

Which algorithm uses the Merkle-Damgard construction and has a variable key size, and is vulnerable to collision attacks? A. SHA B. RIPEMD-160 C. MD6 D. GOST Block Cipher

Answer: A. SHA (Merkle-Damgard Construction, Up to 320/512, Collision attack)

Which algorithm uses the HMAC structure and has a variable key size, and is vulnerable to related-key attacks? A. TEA B. GOST Block Cipher C. Threefish D. MD5

Answer: A. TEA (Feistel, Up to 128/64, Related-key attack)

Which algorithm uses the random-permutation structure and has a key size of up to 2048/2064 bits, and is vulnerable to NOMORE attacks? A. RC4 B. RC6 C. SHA D. GOST Block Cipher

Answer: A. RC4 (Random-permutation, Up to 2048/2064, NOMORE attack)

Which algorithm uses the Merkle-Damgard construction and has a variable key size, and is vulnerable to collision attacks? A. RIPEMD-160 B. MD6 C. SHA D. GOST Block Cipher

Answer: A. B. MD6 (Merkle-Damgard Construction, Variable, Collision attack)

Which algorithm uses the Feistel structure and has a key size of up to 128/64 bits, and is vulnerable to related-key attacks? A. CAST-128 B. TEA C. RC5 D. 3DES

Answer: B. TEA (Feistel, Up to 128/64, Related-key attack)

Which algorithm uses the Merkle-Damgard construction and has a variable key size, and is vulnerable to key share and key replication attacks? A. MD5 B. SHA C. RIPEMD-160 D. MD6

Answer: A. MD5 (Merkle-Damgard Construction, Variable, Key share and key replication attack)

Which algorithm uses the elliptic curves/algebraic structure and has a variable key size, and is vulnerable to collision attacks? A. RSA B. Diffie-Hellman C. GOST Block Cipher D. SHA

Answer: B. Diffie-Hellman (Elliptic Curves/Algebraic, Variable, Collision attack)

Answer: A. Serpent (Substitution-permutation, Up to 256/128, XSL and Meet-in-the-Middle attack)

Which algorithm uses the Merkle-Damgard construction and has a variable key size, and is vulnerable to collision attacks? A. RIPEMD-160 B. MD6 C. SHA D. GOST Block Cipher

Answer: A. RIPEMD-160 (Merkle-Damgard Construction, Variable, Collision attack)

Which algorithm uses the Feistel structure and has a key size of up to 256/128 bits, and is vulnerable to brute-force attacks? A. RC6 B. Serpent C. AES D. SHA

Answer: A. RC6 (Feistel, Up to 256/128, Brute-force attack)

Which algorithm uses the Merkle-Damgard construction and has a variable key size, and is vulnerable to key share and key replication attacks? A. MD5 B. SHA C. RIPEMD-160 D. MD6

Answer: A. MD5 (Merkle-Damgard Construction, Variable, Key share and key replication attack)

Which algorithm uses the Feistel structure and has a key size of 32-448 bits, and is vulnerable to birthday attacks and known-plaintext attacks? A. Blowfish B. RC6 C. CAST-128 D. AES

Answer: A. Blowfish (Feistel, 32-448 bits, Birthday attack and known-plaintext attack)

Quiz 1: What is the main drawback to symmetric ciphers? A. They are slow B. They require two keys C. They can only encrypt small amounts of data D. There is no built-in way to exchange the key

Answer: D. There is no built-in way to exchange the key.

Quiz 2: Which type of cipher creates a Public-Private key pair? A. Symmetric cipher B. Asymmetric cipher C. Hashing algorithm D. Key escrow

Answer: B. Asymmetric cipher.

Quiz 3: What is the purpose of hashing algorithms? A. To encrypt data B. To decrypt data C. To check for data integrity D. To exchange keys

Answer: C. To check for data integrity.

Quiz 4: What is the output size for MD5? A. 32 (hex) character B. 40 (hex) character C. 128 bits D. 160 bits

Answer: A. 32 (hex) character.

Quiz 5: What is the purpose of a Trusted Platform Module (TPM)? A. To generate and store encryption keys B. To encrypt and decrypt data on your hard disk C. To act as a CA and sign public keys D. To back up private keys for safekeeping

Answer: A. To generate and store encryption keys.

What is a collision problem in hashing algorithms? a) A problem where two different source messages produce the same message digest b) A problem where the message digest cannot be computed c) A problem where the hash function is not secure d) A problem where the message length is too long

Answer: a) A problem where two different source messages produce the same message digest

Which hashing algorithm is prone to collision attacks? a) SHA-256 b) SHA-1 c) SHA-512 d) SHA-384

Answer: b) SHA-1

What is collision resistance in hashing algorithms? a) The ability for a hashing algorithm to produce less collisions b) The ability for a hashing algorithm to prevent all collisions c) The ability for a hashing algorithm to compute the message digest faster d) The ability for a hashing algorithm to generate longer message digests

Answer: a) The ability for a hashing algorithm to produce less collisions

What is a collision attack? a) An attempt to find two messages that produce the same hash b) An attempt to break the encryption key c) An attempt to compute the message digest faster d) An attempt to generate longer message digests

Answer: a) An attempt to find two messages that produce the same hash

Which hashing algorithm is also prone to collision attacks? a) SHA-512 b) SHA-384 c) SHA-256 d) MD5

Answer: d) MD5

What is key escrow? a) The process of exchanging encryption keys b) The process of backing up private keys for safekeeping c) The process of storing public keys in a safe location d) The process of generating encryption keys

Answer: b) The process of backing up private keys for safekeeping

What is the role of a recovery agent in key escrow? a) To generate encryption keys b) To store public keys in a safe location c) To back up private keys for safekeeping d) To exchange encryption keys

Answer: c) To back up private keys for safekeeping

Why should you never give your private key to anyone? a) Because private keys are not necessary for encryption b) Because private keys can be easily guessed c) Because private keys are used to decrypt sensitive data d) Because private keys should be kept confidential

Answer: d) Because private keys should be kept confidential

What is the purpose of key escrow? a) To exchange encryption keys b) To generate encryption keys c) To store encryption keys in a safe location d) To back up encryption keys for safekeeping

Answer: d) To back up encryption keys for safekeeping

What is the name of the program that can encrypt data such as e-mails? a) SHA-1 b) PGP c) TPM d) MD5

Answer: b) PGP

What is PGP? a) A hashing algorithm b) An encryption tool c) A decryption tool d) A symmetric cipher

Answer: b) An encryption tool

What is RSA used for in PGP? a) Symmetric-key exchange b) Bulk data encryption c) Key escrow d) Integrity checking

Answer: a) Symmetric-key exchange

What is IDEA used for in PGP? a) Symmetric-key exchange b) Bulk data encryption c) Key escrow d) Integrity checking

Answer: b) Bulk

What is the DROWN attack? a) An attack that exploits a vulnerability in the SSL protocol to expose a webserver's private key b) An attack that breaks encryption through adaptive chosen plaintext c) An attack that gets someone's encryption key through coercion or torture d) An attack that attempts to find two messages that produce the same hash

Answer: a

What is the solution to the DROWN attack? a) Enabling SSL v2 connections b) Using the same certificate for both TLS and SSL v2 connections c) Disabling SSL d) None of the above

Answer: c

What is the Heartbleed vulnerability? a) An attack that exploits a vulnerability in the SSL protocol to expose a webserver's private key b) An attack that breaks encryption through adaptive chosen plaintext c) An attack that gets someone's encryption key through coercion or torture d) An attack that attempts to find two messages that produce the same hash

Answer: a

What is cryptanalysis? a) An attack that exploits a vulnerability in the SSL protocol to expose a webserver's private key b) An attack that breaks encryption through adaptive chosen plaintext c) An attack that gets someone's encryption key through coercion or torture d) An attack that attempts to find two messages that produce the same hash

Answer: b

What is a rubber-hose attack? a) An attack that exploits a vulnerability in the SSL protocol to expose a webserver's private key b) An attack that breaks encryption through adaptive chosen plaintext c) An attack that gets someone's encryption key through coercion or torture d) An attack that attempts to find two messages that produce the same hash

Answer: c

What is key stretching? a) An attack that exploits a vulnerability in the SSL protocol to expose a webserver's private key b) An attack that breaks encryption through adaptive chosen plaintext c) The process of strengthening a key by making it longer d) An attack that attempts to find two messages that produce the same hash

Answer: c

What is a web of trust? a) The practice of giving your private key to your administrator for safekeeping b) The process of signing each other's public keys for distribution c) An attempt to find two messages that produce the same hash d) None of the above

Answer: b

What is the name of the vulnerability in SSL v2 that allows an attacker to get a web server's private key? A. DROWN attack B. Heartbleed C. Cryptanalysis D. Rubber-Hose attack

Answer: A. DROWN attack

What is the process of strengthening a key by making it longer called? A. Cryptanalysis B. Rubber-Hose attack C. Key Stretching D. DROWN attack

Answer: C. Key Stretching

What is the name of the encryption program that can encrypt data such as emails and uses RSA for symmetric-key exchange and IDEA for bulk data encryption? A. GPG B. PGP C. TPM D. SHA-1

Answer: B. PGP

What is the name of the security model used by PGP, GPG, etc where each user acts as a CA and signs each other's public keys for distribution? A. TPM B. Web-of-Trust C. DROWN attack D. Key Escrow

Answer: B. Web-of-Trust

Which vulnerability with the SSL protocol from 2014 exposed a web server's private key? A. Heartbleed B. DROWN attack C. Cryptanalysis D. Rubber-Hose attack

Answer: A. Heartbleed

What is the primary function of Nmap? A. Password cracking B. Vulnerability scanning C. Network discovery D. Sniffing network traffic

Answer: C. Network discovery

Which of the following is a web application vulnerability scanner? A. Burp Suite B. Metasploit C. Wireshark D. Aircrack-ng

Answer: A. Burp Suite

Which tool is used for wireless network auditing and penetration testing? A. Metasploit B. Cain and Abel C. Aircrack-ng D. Hydra

Answer: C. Aircrack-ng

What is the purpose of John the Ripper? A. Network scanning B. Password cracking C. Web application testing D. Traffic analysis

Answer: B. Password cracking

Which tool is used for performing network traffic analysis and protocol decoding? A. Wireshark B. Nessus C. Nikto D. John the Ripper

Answer: A. Wireshark

What is the tool Hydra used for in ethical hacking? A. Network scanning B. Password cracking C. SQL injection D. Denial-of-service attacks

Answer: B. Password cracking

What is the tool Sqlmap used for in ethical hacking? A. Network scanning B. Password cracking C. SQL injection D. Web application security testing

Answer: C. SQL injection

What is the tool THC-Hydra used for in ethical hacking? A. Network scanning B. Password cracking C. SQL injection D. Denial-of-service attacks

Answer: B. Password cracking

What is the tool Social-Engineer Toolkit (SET) used for in ethical hacking? A. Network scanning B. Password cracking C. SQL injection D. Social engineering

Answer: D. Social engineering

What is fuzzing in the context of computer security? A. A technique for detecting and exploiting software vulnerabilities B. The practice of gathering intelligence by monitoring network traffic C. The use of encryption to secure sensitive data D. Sending a lot of random characters/numbers to a program in an attempt to crash it

Answer: D. Sending a lot of random characters/numbers to a program in an attempt to crash it.

What is Black Hat Search Engine Optimization (SEO)? A. Using ethical SEO techniques to get higher search engine rankings B. Using aggressive SEO tactics to get higher search engine rankings for malware pages C. Using social engineering to trick search engines into ranking pages higher D. Using legitimate advertising channels to spread malware on systems

Answer: B. Using aggressive SEO tactics to get higher search engine rankings for malware pages

What is Social Engineered Click-jacking? A. Injecting malware into websites that appear legitimate to trick users into clicking them B. Creating fake social media profiles to trick users into revealing personal information C. Sending malicious links via social media platforms D. Using social engineering to convince users to install malware on their devices

Answer: A. Injecting malware into websites that appear legitimate to trick users into clicking them

What are Spear-phishing Sites used for? A. Spreading malware through legitimate advertising channels B. Mimicking legitimate institutions to steal sensitive information C. Hacking into social media accounts D. Disguising malware as legitimate software updates

Answer: B. Mimicking legitimate institutions to steal sensitive information

What is Malvertising? A. Using social engineering to trick users into installing malware B. Embedding malware-laden advertisements in legitimate online advertising channels C. Creating fake social media profiles to trick users into revealing personal information D. Injecting malware into websites that appear legitimate to trick users into clicking them

Answer: B. Embedding malware-laden advertisements in legitimate online advertising channels

How do attackers use Compromised Legitimate Websites to spread malware? A. By sending malicious links via social media platforms B. By embedding malware in legitimate software updates C. By tricking users into clicking on malicious email attachments D. By infecting the website and compromising systems of unsuspecting users who visit the site

Answer: D. By infecting the website and compromising systems of unsuspecting users who visit the site

What is Drive-by Downloads? A. The unintentional downloading of software via the Internet B. The intentional downloading of software via the Internet C. The intentional downloading of software from a physical location D. The unintentional downloading of software from a physical location

Answer: A. The unintentional downloading of software via the Internet

What is the most common method used by attackers to spread malware? A. Compromised Legitimate Websites B. Drive-by Downloads C. Social Engineered Click-jacking D. Spam Emails

Answer: D. Spam Emails

What is Rich Text Format (RTF) Injection? A. Exploiting features of Microsoft Office to execute malware B. Tricking users into revealing sensitive information C. Spreading malware through social media platforms D. Creating fake social media profiles to trick users

Answer: A. Exploiting features of Microsoft Office to execute malware