Certified Ethical Hacker v12 – Practice Test Questions

In the ever-evolving landscape of cybersecurity, the role of Certified Ethical Hackers (CEH) has become increasingly crucial. These professionals are tasked with identifying and exploiting vulnerabilities in computer systems, networks, and applications, all with the goal of fortifying digital defenses against malicious hackers.

Achieving the CEH certification requires a deep understanding of various hacking techniques, tools, and methodologies. One effective way to prepare for the CEH exam is through practice test questions, which simulate real-world scenarios and assess your knowledge and skills.

Uncover the intricacies of session hijacking with this set of questions. Test your ability to compromise active sessions and explore countermeasures to protect against cookie theft, session prediction, and man-in-the-middle attacks.

1Q: As a security consultant, a company brings you in to run a vulnerability assessment on the system of this large entertainment organization. Company management wants to know how much time it will take you to get access to sensitive financial data. How would you respond to them?

a. Your best attempt should allow you access within 2-3 weeks.
b. You are running a vulnerability assessment, which does not involve pentesting (pentesting does involve getting access to sensitive data).
c. It is directly dependent on the security posture of the organization, and how well controls have been implemented.
d. It depends on the contract and which types of testing are allowed: white box testing, black box testing, etc.

Solution: The correct answer is B.

2Q: Alex is his company’s security engineer and several employees are requesting that they have remote access to their work machines. What will he use to limit the risks of an MiTM attack?

a. IPSec
b. SSL
c. TLS
d. HTTP over DNS

Solution: The correct answer is A.

3Q: In attempting to crack the password of Server Message Block (SMB), which of the following tools would prove useful? (Select more than one answer if applicable.)

a. L0phtCrack
b. Pwddump2
c. SMBRelay
d. KrbCrack

Solution: Answers A and C are correct.

4Q: Which of the below tools would be useful for achieving connection to a remote computer and then executing a Trojan on it?

a. PsExec
b. Remoxec
c. GetAdmin.exe
d. Hk.exe

Solution: The correct answer is A.

5Q: In performing a security audit, you discover that the password policy only requires 5 characters with letters and numbers (no special characters). Why might this method be problematic?

a. It isn’t; this is a strong password policy.
b. The policy ought to also require special characters.
c. This password policy is too weak for several reasons.
d. The password policy should require a minimum of 6 characters.

Solution: The correct answer is C.

6Q: Which of the below are the well-known weaknesses/downsides of LAN Manager hash? (Select more than one answer if applicable.)

a. LM hash will convert any lowercase passwords to uppercase.
b. Hashes in LM hash are transmitted in clear text via the network.
c. It does not use cryptographic salt.
d. It uses only 16-bit encryption.

Solution: Answers A, B, C, and D are correct.

7Q: Because system administrators, in managing use of their network, universally use passwords for access control, password-hacking techniques continue to crop up and advance. Password stealing allows hackers to utilize user credentials and could potentially be the cause of significant data losses from the system. Which of these is NOT a type of password attack?

a. Phishing
b. Shoulder surfing
c. Password hashing
d. Social engineering

Solution: The correct answer is C.

8Q: Which of the below methods of information discovery is used by governmental authorities and the police?

a. Spoofing
b. Wiretapping
c. Phishing
d. SMB signing

Solution: The correct answer is B.

9Q: Which of the below account authentications are supported by SSH-1 protocol but not SSH-2 protocol? (Select more than one answer if applicable.)

a. Kerberos authentication
b. Rhosts (RSH-style) authentication
c. Password-based authentication
d. TIS authentication

Solution: The correct answers are A, B, and D.

10Q: What are the disadvantages of the successor to the NTLM (NT LAN Manager) Web authentication scheme? (Select more than one answer if applicable.)

a. It is vulnerable to brute force attacks.
b. It will only work with Microsoft Internet Explorer.
c. Passwords will be sent in clear text format to a Web server.
d. Passwords will be sent in hashed format to a Web server.

Solution: Answers A and B are correct.

11Q: Which of the below statements is accurate regarding Digest Access Authentication scheme?

a. It often uses the base64 encoding encryption scheme.
b. A password will be sent over a network in clear text format.
c. A username and password are required for each request, not only when the user initially logs in.
d. A valid response from the user will include a checksum of the username, the password, the given random value, the HTTP method, and the requested URL.

Solution: The correct answer is D.

12Q: Which of the below Web authentication techniques uses a single sign-on scheme?

a. Basic
b. Digest
c. NTLM
d. Microsoft Passport authentication

Solution: The correct answer is D.

13Q: What is L0phtcrack (LC4) used for?

a. To launch DDoS attacks using cracks in the network.
b. To run lofty port scans for all open services on a target network.
c. It is a Windows password-cracking utility.0
d. It is an effective network traffic-sniffing tool.

Solution: The correct answer is C.

14Q: Which of the below rules are common to password policies? (Select more than one answer if applicable.)

a. Users must use only words found in a dictionary or including their street address or other personal information.
b. Users must include one or more special characters.
c. Users must include one or more numerical digits.
d. Users must make use of both upper- and lower-case letters (case sensitivity).

Solution: The correct answers are B, C, and D.

15Q: Mike is a professional Ethical Hacker. One of his responsibilities includes security testing the web server of his company. His machine is using Windows Server 2003. If Mike suspects that a friend of his installed the keyghost keylogger onto his machine, which of the following solutions should he execute? (Select more than one answer if applicable.)

a. Use a network monitor, which will alert him when an application attempts to make an unauthorized network connection (to send the data with the typed information).
b. Use on-screen keyboards and speech-to-text conversion software that can also be useful against keyloggers, as no typing or mouse movements are involved.
c. Use commercially available anti-keyloggers such as PrivacyKeyboard.
d. Remove the SNMP agent or disable the SNMP service.

Solution: The correct answers are A, B, and C.

16Q: Email tracking comes under which of the below hacking phase(s)?

a. Scanning
b. Maintaining Access
c. Gaining access
d. Reconnaissance

Solution: The correct answer is D.

17Q: In which of the below attacks involves an attacker creating IP packets with a faked source IP address with the intent of masking his identity or impersonating another system?

a. Cross-site request forgery
b. Polymorphic shell code attack
c. Rainbow attack
d. IP address spoofing

Solution: The correct answer is D.

18Q: Which of the below tools are used for anti-phishing?

a. Netcraft
b. eBlaster
c. Spector
d. Legion

Solution: The correct answer is A.

19Q: Mike’s server is Linux-based, and he wants to use a tool to filter packets by MAC address and TCP header flags. One of the below tools will work for this task. Which one?

a. PsExec
b. Chkrootkit
c. PsLogList
d. IPTables

Solution: The correct answer is D.

20Q: Alex has been given the task of testing security for his employer’s website. He first installs a rootkit on the Linux server of the network. Once a rootkit has been installed, what capabilities will an attacker have on a system or network? (Select more than one answer if applicable.)

a. Attackers can secretly execute packet sniffers in order to grab passwords.
b. Attackers can conduct a buffer overflow or overrun.
c. Attackers will be able to input a Trojan in the OS to gain anytime access (also known as backdoor access).
d. Attackers are able to replace utility programs that otherwise might be used to detect their activity on the system.

Solution: The correct answers are A, C, and D.

21Q: After placing a Trojan file trojan.exe within a text file readme.txt via NTFS streaming, how can the Trojan be extracted from the readme.txt file?

a. c:\> cat trojan.exe
b. c:\> cat readme.txt > trojan.exe
c. c:\> cat trojan.exe > readme.txt > trojan.exe
d. c:\> cat readme.txt:trojan.exe > trojan.exe

Solution: The correct answer is D.

22Q: You work as a network security administrator. You suspect that someone has gained access to your machine and used your e-mail account. To uncover potential viruses installed on your computer, you run a full scan. However, you do not find any illegal software. Which of the below security attack types often run in the background on a machine?

a. Rootkit
b. Hybrid
c. Replay
d. Zero-day

Solution: The correct answer is A.

23Q: Adam wishes to use the Stenographic file system method for encryption of data and to hide private information. Which of the below are potential storage locations for him? Each correct answer represents a complete solution. Choose three.

a. Unused sectors
b. Flow space
c. Hidden partition
d. Slack space

Solution: Answers A, C and D are correct.

24Q: Peter is resigning from a company for personal reasons and now wants to send out proprietary and secret information about the company. So he edits an image file, using tool image hide and embedding the damaging file within his image, and then sends it to his private email account. The mail server doesn’t recognize the file within his image file, and does not filter it. What is his technique called?

a. Web ripping
b. Social engineering
c. Email spoofing
d. Steganography

Solution: The correct answer is D.

You may also like: