Tentamen (uitwerkingen)

CEH V12 Exam Version 2 (Latest 2024/ 2025 Update) Qs & As | Grade A| 100% Correct (Verified Answers)

Beoordeling

Verkocht

Pagina's

Cijfer

A+

Geüpload op

17-09-2024

Geschreven in

2024/2025

CEH V12 Exam Version 2 (Latest 2024/ 2025 Update) Qs & As | Grade A| 100% Correct (Verified Answers) Q: Becky has been hired by a client from Dubai to perform a penetration test against one of their remote offices. Working from her location in Columbus, Ohio, Becky runs her usual reconnaissance scans to obtain basic information about their network. When analyzing the results of her Whois search, Becky notices that the IP was allocated to a location in Le Havre, France. Which regional Internet registry should Becky go to for detailed information? A. ARIN B. LACNIC C. APNIC D. RIPE Answer: RIPE Q: Harry, a professional hacker, targets the IT infrastructure of an organiza- tion. After preparing for the attack, he attempts to enter the target network us- ing techniques such as sending spear-phishing emails and exploiting vulnera- bilities on publicly available servers. Using these techniques, he successfully deployed malware on the target system to establish an outbound connection. What is the APT lifecycle phase that Harry is currently executing? A. Initial intrusion B. Persistence C. Cleanup D. Preparation Answer: Initial Intrusion Q: Robin, a professional hacker, targeted an organization's network to sniff all the traffic. During this process, Robin plugged in a rogue switch to an unused port in the LAN with a priority lower than any other switch in the network so that he could make it a root bridge that will later allow him to sniff all the traffic in the network. What is the attack performed by Robin in the above scenario? A. ARP spoofing attack B. STP attack C. DNS poisoning attack D. VLAN hopping attack Answer: STP attack Q: An attacker utilizes a Wi-Fi Pineapple to run an access point with a le- gitimate-looking SSID for a nearby business in order to capture the wireless password. What kind of attack is this? A. MAC spoofing attack B. War driving attack C. Phishing attack D. Evil-twin attack Answer: Evil-twin attack Q: CyberTech Inc. recently experienced SQL injection attacks on its official website. The company appointed Bob, a security professional, to build and incorporate defensive strategies against such attacks. Bob adopted a practice whereby only a list of entities such as the data type, range, size, and value, which have been approved for secured access, is accepted. What is the defensive technique employed by Bob in the above scenario? A. Whitelist validation B. Output encoding C. Blacklist validation D. Enforce least privileges Answer: Whitelist validation Q: Joe works as an IT administrator in an organization and has recently set up a cloud computing service for the organization. To implement this service, he reached out to a telecom company for providing Internet connectivity and transport services between the organization and the cloud service provider. In the NIST cloud deployment reference architecture, under which category does the telecom company fall in the above scenario? A. Cloud consumer B. Cloud broker C. Cloud auditor D. Cloud carrier Answer: Cloud carrier Q: Bobby, an attacker, targeted a user and decided to hijack and intercept all their wireless communications. He installed a fake communication tower between two authentic endpoints to mislead the victim. Bobby used this vir- tual tower to interrupt the data transmission between the user and real tower, attempting to hijack an active session. Upon receiving the user's request, Bobby manipulated the traffic with the virtual tower and redirected the victim to a malicious website. What is the attack performed by Bobby in the above scenario? A. aLTEr attack B. Jamming signal attack C. Wardriving D. KRACK attack Answer: aLTEr attack Q: John, a professional hacker, targeted an organization that uses LDAP for accessing distributed directory services. He used an automated tool to anony- mously query the LDAP service for sensitive information such as usernames, addresses, departmental details, and server names to launch further attacks on the target organization. What is the tool employed by John to gather information from the LDAP service? A. ike-scan B. Zabasearch C. JXplorer D. EarthExplorer Answer: JXplorer Q: Annie, a cloud security engineer, uses the Docker architecture to employ a client/server model in the application she is working on. She utilizes a component that can process API requests and handle various Docker objects, such as containers, volumes, images, and networks. What is the component of the Docker architecture used by Annie in the above scenario? A. Docker objects B. Docker daemon C. Docker client D. Docker registries Answer: Docker daemon Q: Bob, an attacker, has managed to access a target IoT device. He employed an online tool to gather information related to the model of the IoT device and the certifications granted to it. Which of the following tools did Bob employ to gather the above information? A. FCC ID search B. Google image search C. D. EarthExplorer Answer: FCC ID search Q: What piece of hardware on a computer's motherboard generates encryp- tion keys and only releases a part of the key so that decrypting a disk on a new piece of hardware is not possible? A. CPU B. UEFI C. GPU D. TPM Answer: TPM Q: Gilbert, a web developer, uses a centralized we

Meer zien Lees minder

Instelling

CEH V12

Vak

CEH V12

Oeps! We kunnen je document nu niet laden. Probeer het nog eens of neem contact op met support.

Meld schending auteursrecht

Geschreven voor

Instelling: CEH V12
Vak: CEH V12

Documentinformatie

Geüpload op: 17 september 2024
Aantal pagina's: 44
Geschreven in: 2024/2025
Type: Tentamen (uitwerkingen)
Bevat: Vragen en antwoorden

Onderwerpen

certified ethical hacker v12 ceh v12
ceh v12 exam version 2 latest update
gilbert a web developer uses a centr
becky has been hired by a client from dubai to per

Voorbeeld van de inhoud

CEHIV12IExamIVersionI2I(LatestI2024/
I2025IUpdate)IQsI&IAsI|IGradeIA|I100%I
CorrectI(VerifiedIAnswers)

Q:IBeckyIhasIbeenIhiredIbyIaIclientIfromIDubaiItoIperformIaIpenetrationItestIagainstIoneIof
ItheirIremoteIoffices.IWorkingIfromIherIlocationIinIColumbus,IOhio,IBeckyIrunsIherIusualIrec
onnaissanceIscansItoIobtainIbasicIinformationIaboutItheirInetwork.IWhenIanalyzingItheIresults
IofIherIWhoisIsearch,IBeckyInoticesIthatItheIIPIwasIallocatedItoIaIlocationIinILeIHavre,IFranc
e.IWhichIregionalIInternetIregistryIshouldIBeckyIgoItoIforIdetailedIinformation?
A.IARIN
B.ILACNIC
I
C.IAPNIC
D.IRIPE

Answer:
IRIPE

Q:IHarry,IaIprofessionalIhacker,ItargetsItheIITIinfrastructureIofIanIorganiza-
Ition.IAfterIpreparingIforItheIattack,IheIattemptsItoIenterItheItargetInetworkIus-
IingItechniquesIsuchIasIsendingIspear-phishingIemailsIandIexploitingIvulnera-
IbilitiesIonIpubliclyIavailableIservers.IUsingItheseItechniques,IheIsuccessfullyIdeployedImalwa
reIonItheItargetIsystemItoIestablishIanIoutboundIconnection.IWhatIisItheIAPTIlifecycleIphaseIt
hatIHarryIisIcurrentlyIexecuting?
A.IInitialIintrusion
B.IPersistence
C.ICleanup
D.IPreparation

Answer:
IInitialIIntrusion

,Q:IRobin,IaIprofessionalIhacker,ItargetedIanIorganization'sInetworkItoIsniffIallItheItraffic.ID
uringIthisIprocess,IRobinIpluggedIinIaIrogueIswitchItoIanIunusedIportIinItheILANIwithIaIprior
ityIlowerIthanIanyIotherIswitchIinItheInetworkIsoIthatIheIcouldImakeIitIaIrootIbridgeIthatIwill
IlaterIallowIhimItoIsniffIallItheItrafficIinItheInetwork.IWhatIisItheIattackIperformedIbyIRobinIi
nItheIaboveIscenario?
A.IARPIspoofingIattack
B.ISTPIattack
C.IDNSIpoisoningIattack
D.IVLANIhoppingIattack

Answer:
ISTPIattack

Q:IAnIattackerIutilizesIaIWi-FiIPineappleItoIrunIanIaccessIpointIwithIaIle-Igitimate-
lookingISSIDIforIaInearbyIbusinessIinIorderItoIcaptureItheIwirelessIpassword.IWhatIkindIofIat
tackIisIthis?
A.IMACIspoofingIattack
B.IWarIdrivingIattack
C.IPhishingIattack
D.IEvil-twinIattack

Answer:
IEvil-twinIattack

Q:ICyberTechIInc.IrecentlyIexperiencedISQLIinjectionIattacksIonIitsIofficialIwebsite.ITheIco
mpanyIappointedIBob,IaIsecurityIprofessional,ItoIbuildIandIincorporateIdefensiveIstrategiesIag
ainstIsuchIattacks.IBobIadoptedIaIpracticeIwherebyIonlyIaIlistIofIentitiesIsuchIasItheIdataItype,
Irange,Isize,IandIvalue,IwhichIhaveIbeenIapprovedIforIsecuredIaccess,IisIaccepted.IWhatIisIthe
IdefensiveItechniqueIemployedIbyIBobIinItheIaboveIscenario?
A.IWhitelistIvalidation
I
B.IOutputIencoding
C.IBlacklistIvalidation
D.IEnforceIleastIprivileges

Answer:
IWhitelistIvalidation

,Q:IJoeIworksIasIanIITIadministratorIinIanIorganizationIandIhasIrecentlyIsetIupIaIcloudIcomp
utingIserviceIforItheIorganization.IToIimplementIthisIservice,IheIreachedIoutItoIaItelecomIcom
panyIforIprovidingIInternetIconnectivityIandItransportIservicesIbetweenItheIorganizationIandIt
heIcloudIserviceIprovider.IInItheINISTIcloudIdeploymentIreferenceIarchitecture,IunderIwhichIc
ategoryIdoesItheItelecomIcompanyIfallIinItheIaboveIscenario?
A.ICloudIconsumer
B.ICloudIbroker
C.ICloudIauditor
D.ICloudIcarrier

Answer:
ICloudIcarrier

Q:IBobby,IanIattacker,ItargetedIaIuserIandIdecidedItoIhijackIandIinterceptIallItheirIwirelessIc
ommunications.IHeIinstalledIaIfakeIcommunicationItowerIbetweenItwoIauthenticIendpointsItoI
misleadItheIvictim.IBobbyIusedIthisIvir-
ItualItowerItoIinterruptItheIdataItransmissionIbetweenItheIuserIandIrealItower,IattemptingItoIhi
jackIanIactiveIsession.IUponIreceivingItheIuser'sIrequest,IBobbyImanipulatedItheItrafficIwithIt
heIvirtualItowerIandIredirectedItheIvictimItoIaImaliciousIwebsite.
WhatIisItheIattackIperformedIbyIBobbyIinItheIaboveIscenario?
A.IaLTErIattack
B.IJammingIsignalIattack
C.IWardriving
D.IKRACKIattack

Answer:
IaLTErIattack

Q:IJohn,IaIprofessionalIhacker,ItargetedIanIorganizationIthatIusesILDAPIforIaccessingIdistrib
utedIdirectoryIservices.IHeIusedIanIautomatedItoolItoIanony-
ImouslyIqueryItheILDAPIserviceIforIsensitiveIinformationIsuchIasIusernames,Iaddresses,Idepa
rtmentalIdetails,IandIserverInamesItoIlaunchIfurtherIattacksIonItheItargetIorganization.
WhatIisItheItoolIemployedIbyIJohnItoIgatherIinformationIfromItheILDAP
service?
A.Iike-scan

, B.IZabasearch
C.IJXplorer
D.IEarthExplorer

Answer:
IJXplorer
I

Q:IAnnie,IaIcloudIsecurityIengineer,IusesItheIDockerIarchitectureItoIemployIaIclient/serverI
modelIinItheIapplicationIsheIisIworkingIon.ISheIutilizesIaIcomponentIthatIcanIprocessIAPIIreq
uestsIandIhandleIvariousIDockerIobjects,IsuchIasIcontainers,Ivolumes,Iimages,IandInetworks.I
WhatIisItheIcomponentIofItheIDockerIarchitectureIusedIbyIAnnieIinItheIaboveIscenario?
A.IDockerIobjectsIB.IDockerIdaemonIC.IDockerIclient
D.IDockerIregistries

Answer:
IDockerIdaemon

Q:IBob,IanIattacker,IhasImanagedItoIaccessIaItargetIIoTIdevice.IHeIemployedIanIonlineItool
ItoIgatherIinformationIrelatedItoItheImodelIofItheIIoTIdeviceIandItheIcertificationsIgrantedItoIi
t.IWhichIofItheIfollowingItoolsIdidIBobIemployItoIgatherItheIaboveIinformation?
A.IFCCIIDIsearch
B.IGoogleIimageIsearch
C.Isearch.com
D.IEarthExplorer

Answer:
IFCCIIDIsearch

Q:IWhatIpieceIofIhardwareIonIaIcomputer'sImotherboardIgeneratesIencryp-
ItionIkeysIandIonlyIreleasesIaIpartIofItheIkeyIsoIthatIdecryptingIaIdiskIonIaInewIpieceIofIhard
wareIisInotIpossible?
A.ICPUIB.IUEFIIC.IGPU
D.ITPM

Answer:

$10.99

Krijg toegang tot het volledige document:

100% tevredenheidsgarantie

Direct beschikbaar na je betaling

Lees online óf als PDF

Geen vaste maandelijkse kosten

Maak kennis met de verkoper

nurse_steph

3.9

(1673)

Ook beschikbaar in voordeelbundel

Maak kennis met de verkoper

nurse_steph Rasmussen College

Bekijk profiel

Volgen

Verkocht

9356

Lid sinds

5 jaar

Aantal volgers

5135

Documenten

7547

Laatst verkocht

3 uur geleden

Exams, Study guides, Reviews, Notes

All study solutions.

3.9

1673 beoordelingen

841

296

258

201

Recent door jou bekeken

Waarom studenten kiezen voor Stuvia

Gemaakt door medestudenten, geverifieerd door reviews

Kwaliteit die je kunt vertrouwen: geschreven door studenten die slaagden en beoordeeld door anderen die dit document gebruikten.

Niet tevreden? Kies een ander document

Geen zorgen! Je kunt voor hetzelfde geld direct een ander document kiezen dat beter past bij wat je zoekt.

Betaal zoals je wilt, start meteen met leren

Geen abonnement, geen verplichtingen. Betaal zoals je gewend bent via iDeal of creditcard en download je PDF-document meteen.

“Gekocht, gedownload en geslaagd. Zo makkelijk kan het dus zijn.”

Alisha Student

Veelgestelde vragen

Wat krijg ik als ik dit document koop?

Je krijgt een PDF, die direct beschikbaar is na je aankoop. Het gekochte document is altijd, overal en oneindig toegankelijk via je profiel.

Tevredenheidsgarantie: hoe werkt dat?

Onze tevredenheidsgarantie zorgt ervoor dat je altijd een studiedocument vindt dat goed bij je past. Je vult een formulier in en onze klantenservice regelt de rest.

Van wie koop ik deze samenvatting?

Stuvia is een marktplaats, je koop dit document dus niet van ons, maar van verkoper nurse_steph. Stuvia faciliteert de betaling aan de verkoper.

Zit ik meteen vast aan een abonnement?

Nee, je koopt alleen deze samenvatting voor $10.99. Je zit daarna nergens aan vast.

Is Stuvia te vertrouwen?

4,6 sterren op Google & Trustpilot (+1000 reviews) Afgelopen 30 dagen zijn er 46153 samenvattingen verkocht Opgericht in 2010, al 15 jaar dé plek om samenvattingen te kopen