INTERMEDIATE LEVEL QUIZ

Which type of threat actor only uses skills and knowledge for defensive purposes?

White hat
Hacktivist
Script kiddie
Gray hat

KING is in the middle of performing a penetration test when her client asks her to also check the security of an additional server. Which of the following documents does she need to submit before performing the additional task?

Scope of work
Change order
Rules of engagement
Permission to test

TCP is a connection-oriented protocol that uses a three-way handshake to establish a connection to a system port. Computer 1 sends a SYN packet to Computer 2. Which packet does Computer 2 send back?

RST
SYN/ACK
SYN/RST
ACK

Typically, you think of the username as being the unique identifier behind the scenes, but Windows actually relies on the security identifier (SID). Unlike the username, a SID cannot be used again. When viewing data in the Windows Security Account Manager (SAM), you have located an account ending in -501. Which of the following account types did you find?

The built-in administrator
The domain guests
The domain admins
The built-in guest

Which of the following is considered an out-of-band distribution method for private key encryption?

Sending a secured email.
Using a key distribution algorithm.
Copying the key to a USB drive.
Using a private fiber network.

Which statement best describes a suicide hacker?

This hacker is only concerned with taking down their target for a cause. They have no concerns about being caught.
This hacker may cross the line of what is ethical, but usually has good intentions and isn't being malicious.
This hacker is motivated by religious or political beliefs and wants to create severe disruption or widespread fear.
This hacker's main purpose is to protest an event and draw attention to their views and opinions.

Which of the following is a deviation from standard operating security protocols?

MAC filtering
Security exception
Whitelisting
Blacklisting

What type of scan is used to find system weaknesses such as open ports, access points, and other potential threats?

Network scan
Port scan
Decoy scan
Vulnerability scan

What port does a DNS zone transfer use?

TCP 445
TCP 53
TCP 23
TCP 139

Which of the following best describes a feature of symmetric encryption?

Does not require the exchange of the shared secret key.
Does not work well for bulk encryption of less sensitive data.
Uses only one key to encrypt and decrypt data.
Uses only one algorithm type.

Miguel has been practicing his hacking skills. He has discovered a vulnerability on a system that he did not have permission to attack. Once Miguel discovered the vulnerability, he anonymously alerted the owner and instructed him how to secure the system. What type of hacker is Miguel in this scenario?

Script kiddie
State-sponsored
White hat
Gray hat

Which type of penetration test is required to ensure an organization is following federal laws and regulations?

Compliance-based
White box
Goal-based
Objective-based

You are using an iOS device. You want to scan networks, websites, and ports to find open network devices. Which of the following network mapping tools should you use?

NetAuditor
Network Topology Manager
Scany
Colasoft

Which of the following ports are used by null sessions on your network?

137 and 443
139 and 444
139 and 445
135 and 445

You work for a company that is implementing symmetric cryptography to process payment applications such as card transactions where personally identifiable information (PII) needs to be protected to prevent identity theft or fraudulent charges. Which of the following algorithm types would be best for transmitting large amounts of data?

Block
Steganography
Stream
Cryptanalysis

Which type of testing is typically done by an internal tester who has full knowledge of the network, computer system, and infrastructure?

Known
Penetration
Partially known
Unknown

The process of analyzing an organization’s security and determining its security holes is known as:

Penetration testing
Enumeration
Ethical hacking
Threat modeling

Which of the following defines the security standards for any organization that handles cardholder information for any type of payment card?

PCI DSS
DMCA
HIPAA
FISMA

Which of the following packet crafting software programs can be used to modify flags and adjust other packet content?

IP Tools
Colasoft
Currports
ping

LDAP is an internet protocol for accessing distributed directory services. If this port is open, it indicates that Active Directory or Exchange may be in use. What port does LDAP use?

TCP/UDP 53
TCP/UDP 3268
TCP/UDP 445
TCP/UDP 389

Which of the following is the number of keys used in asymmetric (public key) encryption?

ONE
TWO
THREE
FOUR

Threats are usually ranked from high to low. A higher number indicates a dangerous threat. A lower number indicates threats that may be annoyances but aren’t necessarily malicious in nature. What is this high-to-low scale known as?

InfraGard
Indicator standards
Confidence level
Intelligence cycle

Which of the following documents details exactly what can be tested during a penetration test?

Master Service Agreement
Non-Disclosure Agreement
Scope of Work
Rules of Engagement

Michael is performing a penetration test for a hospital. Which federal regulation does Michael need to ensure he follows?

DMCA
PCI DSS
HIPAA
FISMA

You want a list of all open UDP and TCP ports on your computer. You also want to know which process opened the port, which user created the process, and what time is was created. Which of the following scanning tools should you use?

Hping3
Currports
IP tools
Angry IP scanner

Shawn, a malicious insider, has obtained physical access to his manager’s computer and wants to listen for incoming connections. He has discovered the computer’s IP address, 192.168.34.91, and he has downloaded netcat. Which of the following netcat commands would he enter on the two computers?

nc -l -s 2222 (manager's computer) and nc -pv 192.168.34.91 2222 (Shawn's machine)
nc -n -s 2222 (manager's computer) and nc -lp 192.168.34.91 2222 (Shawn's machine)
nc -l -p 2222 (manager's computer) and nc -nv 192.168.34.91 2222 (Shawn's machine)
nc -l -p 2222 (manager's computer) and nc -sv 192.168.34.91 2222 (Shawn's machine)

Which of the follow is a characteristic of Elliptic Curve Cryptography (ECC)?

Uses multiplication of large prime numbers.
Is suitable for small amounts of data and small devices, such as smartphones.
Uses symmetric encryption.
Is used to sign a certificate using a private key and to verify a certificate using a public key.

There are five phases in the security intelligence life cycle. During which phase do you gather and process information from your internal sources, such as system and application logs?

Collection
Requirements
Dissemination
Feedback

After performing a risk assessment, an organization must decide what areas of operation can be included in a penetration test and what areas cannot be included. Which of the following describes the process?

Mitigation
Avoidance
Tolerance
Transference

Charles found a song he wrote being used without his permission in a video on YouTube. Which law will help him protect his work?

HIPAA
FISMA
DMCA
PCI DSS

Which of the following best describes the scan with ACK evasion method?

Returns feedback to the fake IP address and ensures there is no record of the IP address sending the requests.
Filters incoming and outgoing traffic, provides you with anonymity, and shields you from possible detection.
Helps determine whether the firewall is stateful or stateless and whether or not the ports are open.
Sends packets and breaks them apart so intrusion detection systems don't know what they are.

Hugh, a security consultant, recommended the use of an internal and external DNS to provide an extra layer of security. Which of the following DNS countermeasures is being used?

Split DNS
DNS zone restriction
DNS zone transfer
Digital signatures

Which of the following cryptographic algorithms is used in asymmetric encryption?

Blowfish
Diffie-Hellman
AES
Twofish

Which of the following attacks involves modifying the IP packet header and source address to make it look like they are coming from a trusted source?

Whitelisting
DNS poisoning
Zero-day
Spoofing

You are performing a penetration test of a local area network (LAN). Refer to the circled area on the network diagram. network. Which of the following types of penetration tests is being performed?

External
Internal
Black Box
Gray Box

Which of the following best describes what FISMA does?

Implements accounting and disclosure requirements that increase transparency.
Defines standards that ensure medical information is kept safe.
Defines how federal government data, operations, and assets are handled.
Defines the security standards for any organization that handles cardholder information

Which of the following is a benefit of using a proxy when you find that your scanning attempts are being blocked?

As long as you are not bombarding the system, the packet segments float by without concern.
It filters incoming and outgoing traffic, provides you with anonymity, and shields you from detection.
The scan is sent to the recipient, the feedback is returned to the fake IP address, and then there is no record of your IP address sending the requests.
This scan will help you to determine whether the firewall is stateful or stateless and whether or not the ports are open.

Diana, a penetration tester, executed the following command. Which answer describes what you learn from the information displayed?

There are DNS restrictions in place.
Split DNS is being used.
This is a DNS zone transfer.
DNS translation is being used.

Which of the following uses on-the-fly encryption, meaning the data is automatically encrypted immediately before it is saved and decrypted immediately after it is loaded?

Secure Sockets Layer (SSL)
Transport Layer Security (TSL)
BitLocker
VeraCrypt

Penetration testing is the practice of finding vulnerabilities and risks with the purpose of securing a computer or network. Penetration testing falls under which all-encompassing term?

Ethical hacking
Network scanning
Red teaming
Blue teaming

FABRICE is performing a penetration test on a web server. Miguel was given only the server’s IP address and name. Which of the following best describes the type of penetration test Miguel is performing?

External
Internal
Black box
White box

Which of the following best describes what SOX does?

Implements accounting and disclosure requirements that increase transparency.
Defines standards that ensure medical information is kept safe.
Defines how federal government data, operations, and assets are handled.
Defines the security standards for any organization that handles cardholder information.

Information transmitted by the remote host can be captured to expose the application type, application version, and even operating system type and version. Which of the following is a technique hackers use to obtain information about the services running on a target system?

Wardriving
Banner grabbing
Wardialing
Firewalking

After the enumeration stage, you are considering blocking port 389. Your colleague has advised you to use caution when blocking ports that could potentially impact your network.

Which of the following necessary services could be blocked?

DNS
LDAP
SNMP
SMTP

Alan wants to implement a security tool that protects the entire contents of a hard drive and prevents access even if the drive is moved to another system. Which of the following tools should he choose?

EFS
VPN
BitLocker
IPsec

Heather is performing a penetration test. She has gathered a lot of valuable information about her target already. Heather has used some hacking tools to determine that, on her target network, a computer named Production Workstation has port 445 open. Which step in the ethical hacking methodology is Heather performing?

Reconnaissance
Scanning and enumeration
Gain access
Maintain access

Which of the following elements is generally considered the weakest link in an organization’s security?

Network
Physical
Human
Servers

Which of the following is a limitation of relying on regulations?

The industry standards take precedence.
They are regularly updated.
They rely heavily on password policies.
They allow interpretation.

Joe wants to use a stealthy Linux tool that analyzes network traffic and returns information about operating systems. Which of the following banner grabbing tools is he most likely to use?

P0f
Shodan
Netcraft
Telnet

Which of the following is the most basic way to counteract SMTP exploitations?

Review and implement the security settings and services available with your server software.
Restrict zones to ensure where zones are copied, use digital signatures, and split zones.
Ignore messages to unknown recipients instead of sending back error messages.
Monitor ports, remove agents, update systems, and change default passwords.

Which of the following encryption tools would prevent a user from reading a file that they did not create and does not require you to encrypt an entire drive?

EFS
SSL
IPsec
VPN

Which of the following is the third step in the ethical hacking methodology?

Scanning and enumeration
Clear your tracks
Gain access
Reconnaissance

Which of the following best describes social engineering?

Sending an email that appears to be from a bank to trick the target into entering their credentials on a malicious website.
The art of deceiving and manipulating others into doing what you want.
A stealthy computer network attack in which a person or group gains unauthorized access for an extended period.
The process of analyzing an organization's security and locating security holes.

A technician is using a modem to dial a large block of phone numbers in an attempt to locate other systems connected to a modem. Which type of network scan is being used?

Stealth
Fingerprinting
Ping sweep
Wardialing

In which phase of the ethical hacking process do you gather information from a system to learn more about its configurations, software, and services?

Scanning
Enumeration
Reconnaissance
Sniffing

Which of the following terms is the encrypted form of a message that is unreadable except to its intended recipient?

plain text
steganography
encryption algorithm
ciphertext

Donna is configuring the encryption settings on her email server. She is given a choice of encryption protocols and has been instructed to use the protocol that has the most improvements. Which of the following cryptographic protocols should she choose?

SSL
OpenSSL
VeraCrypt
TLS

FABRICE is performing a penetration test on his client’s web-based application. Which penetration test frameworks should Miguel utilize?

OWASP
NIST SP 800-115
ISO/IEC 27001
OSSTMM

Which of the following is considered a mission-critical application?

Medical database
Customer database
Video player
Support log

A ping sweep is used to scan a range of IP addresses to look for live systems. A ping sweep can also alert a security system, which could result in an alarm being triggered or an attempt being blocked. Which type of scan is being used?

Network scan
Port scan
Decoy scan
Vulnerability scan

Which enumeration process tries different combinations of usernames and passwords until it finds something that works?

Zone transfers
Brute force
Exploiting SMTP
Default passwords

Bob encrypts a message using a key and sends it to Alice. Alice decrypts the message using the same key. Which of the following types of encryption keys is being used?

Symmetric
Asymmetric
Block cipher
Digital signature

Which of the following is an open-source cryptography toolkit that implements SSL and TLS network protocols and the related cryptography standards required by them?

OpenSSL
EFS
Symantec Drive Encryption
BitLocker

The penetration testing life cycle is a common methodology used when performing a penetration test. This methodology is almost identical to the ethical hacking methodology. Which of the following is the key difference between these methodologies?

Reconnaissance
Reporting
Maintain access
Gain access

What does an organization do to identify areas of vulnerability within their network and security systems?

Scanning
External test
Risk assessment
Internal test

Randy is an ethical hacker student. He has learned how Nmap flag manipulation can help find open ports. Although the name of the operating system did not jump right out at him, he might be able to figure it out by reviewing packet information. In a packet, Randy can see a TTL of 255 and a window size of 4128. What type of scanning process is Randy using?

Wardialing
Ping sweep
Fingerprinting
Beyond Trust

Which of the following best describes IPsec enumeration?

Uses SIP to enable voice and video calls over an IP network.
Is used by most email servers and clients to send email messages.
Is used to manage devices such as routers, hubs, and switches.
Uses ESP, AH, and IKE to secure communication between VPN endpoints.

Which of the following is a characteristic of Triple DES (3DES)?

Uses a 168-bit key
Uses the Rijndael block cipher
Uses 64-bit blocks with 128-bit keys
Is easy to break

Which of the following best explains why brute force attacks are always successful?

They can be performed in a distributed parallel processing environment.
They test every possible valid combination.
They are platform-independent.
They are fast.

You are executing an attack in order to simulate an outside attack. Which type of penetration test are you performing?

Black hat
White box
Black box
White hat

During a risk assessment, the organization determines that the risk of collecting personal data from its customers is not acceptable and stops. What method of dealing with risk is the organization using?

Avoidance
Acceptance
Transference
Mitigation

Which of the following scans is used to actively engage a target in an attempt to gather information about it?

Port scan
Vulnerability scan
Network scan
TCP scan

Which of the following enumeration tools provides information about users on a Linux machine?

finger
PsTools
Null session
SuperScan

Which of the following is the most frequently used symmetric key stream cipher?

Advanced Encryption Standard (AES)
Blowfish
Ron's Cipher v4 (RC4)
Ron's Cipher v5 (RC5)

Which of the following cryptography attacks is characterized by the attacker having access to both the plain text and the resulting ciphertext, but does not allow the attacker to choose the plain text?

Known plain text
Chosen ciphertext
Chosen plain text
Brute force

Which of the following best describes a gray box penetration test?

The ethical hacker has partial information about the target or network.
The ethical hacker has no information regarding the target or network.
The ethical hacker is given strict guidelines about what can be targeted.
The ethical hacker is given full knowledge of the target or network.

he following formula defines which method of dealing with risk?

Cost of Risk > Damage = Risk _________

Acceptance
Avoidance
Mitigation
Transference

A hacker finds a target machine but wants to avoid getting caught, so the hacker finds another system to take the blame. This system is frequently called a zombie machine because it’s disposable and creates a good distraction. Which of the following port scans is being used?

Full open scan
NULL scan
Xmas tree scan
Idle scan

The Simple Network Management Protocol (SNMP) is used to manage devices such as routers, hubs, and switches. SNMP works with an SNMP agent and an SNMP management station in which layer of the OSI model?

Network Layer
Session Layer
Transport Layer
Application Layer

Which of the following is a characteristic of the Advanced Encryption Standard (AES) symmetric block cipher?

Uses the Rijndael block cipher.
Is easy to break.
Uses up to 16 rounds of substitution and transposition.
Is used by Pretty Good Privacy (PGP) email encryption.

Your company produces an encryption device that lets you enter text and receive encrypted text in response. An attacker obtains one of these devices and starts inputting random plain text to see the resulting ciphertext. Which of the following cryptographic attacks is being used?

Chosen ciphertext
Chosen plain text
Brute force
Known plain text

Randy was just hired as a penetration tester for the red team. Which of the following best describes the red team?

Is a team of specialists that focus on the organization's defensive security.
Acts as a pipeline between teams and can work on any side.
Is responsible for establishing and implementing policies.
Performs offensive security tasks to test the network's security.

Which of the following is a consideration when scheduling a penetration test?

Are there any security exceptions?
Who is aware of the test?
Which systems are being tested?
What risks are acceptable?

FABRICE, a security specialist, is using an Xmas tree scan. Which of the following TCP flags will be sent back if the port is closed?

RST
URG
FIN
ACK

A hacker has managed to gain access to the /etc/passwd file on a Linux host. What can the hacker obtain from this file?

Usernames and passwords
The root username and password
Usernames, but no passwords
No usernames or passwords

Which of the following forms of cryptography is best suited for bulk encryption because of its speed?

Asymmetric cryptography
Hashing cryptography
Public key cryptography
Symmetric cryptography

Which of the following cryptography attacks is characterized by the attacker making a series of interactive queries and choosing subsequent plain texts based on the information from the previous encryption?

Chosen ciphertext
Adaptive chosen plain text
Known plain text
Chosen plain text

The Stuxnet worm was discovered in 2010 and was used to gain sensitive information on Iran’s industrial infrastructure. This worm was probably active for about five years before being discovered. During this time, the attacker had access to the target. Which type of attack was Stuxnet?

APT
Logic bomb
Virus
Trojan horse

A client asking for small deviations from the scope of work is called:

Security exception
Scope creep
Change order
Rules of engagement

Which of the following flags is used by a TCP scan to direct the sending system to send buffered data?

SYN
FIN
URG
PSH

Jorge, a hacker, has gained access to a Linux system. He has located the usernames and IDs. He wants the hashed passwords for the users that he found. Which file should he look in?

/etc/services
/etc/shadow
/etc/passwd
/etc/group

Which of the following is the number of keys used in symmetric encryption?

ONE
TWO
FOUR
FIVE

Which type of cryptanalysis method is based on substitution-permutation networks?

Differential
Dictionary
Linear
Integral

Which type of test simulates an insider threat by giving the tester partial information about the network and computer systems?

Penetration
Unknown
Partially known
Known

Pos.	Name	Entered on	Points	Result
Table is loading
No data available

Average score
Your score

INTERMEDIATE LEVEL QUIZ | CEH 11

INTERMEDIATE LEVEL QUIZ | CEH 11

INTERMEDIATE LEVEL QUIZ | CEH 11

Quiz Summary

Information

Results

Results

Categories

1. Question

2. Question

3. Question

4. Question

5. Question

6. Question

7. Question

8. Question

9. Question

10. Question

11. Question

12. Question

13. Question

14. Question

15. Question

16. Question

17. Question

18. Question

19. Question

20. Question

21. Question

22. Question

23. Question

24. Question

25. Question

26. Question

27. Question

28. Question

29. Question

30. Question

31. Question

32. Question

33. Question

34. Question

35. Question

36. Question

37. Question

38. Question

39. Question

40. Question

41. Question

42. Question

43. Question

44. Question

45. Question

46. Question

47. Question

48. Question

49. Question

50. Question

51. Question

52. Question

53. Question

54. Question

55. Question

56. Question

57. Question

58. Question

59. Question

60. Question

61. Question

62. Question

63. Question

64. Question

65. Question

66. Question

67. Question

68. Question

69. Question

70. Question

71. Question

72. Question