CEH v12 Study Guide-Questions and Answers 100%
Solved
fuzz testing (fuzzing) Correct Ans-A software testing technique that deliberately provides
invalid, unexpected, or random data as inputs to a computer program.
Concolic Testing Correct Ans-Concolic testing is a hybrid software verification technique
that performs symbolic execution, a classical technique that treats program variables as
symbolic variables along a concrete execution path. Symbolic execution is used in conjunction
with an automated theorem prover or constaraint solver based on constraint logic
programming to generate new concrete inputs (test cases) to maximize code coverage. Its
main focus is finding bugs in real-world software rather than demonstrating program
correctness.
Monkey Testing Correct Ans-Monkey testing is a technique where the user tests the
application or system by providing random inputs and checking the behavior, or seeing
whether the application or system will crash. Monkey testing is usually implemented as
random, automated unit tests.
, CEH v12 Study Guide-Questions and Answers 100%
Solved
Security Testing Correct Ans-a process intended to reveal flaws in the security mechanisms
of an information system that protect data and maintain functionality as intended.
Firewalking Correct Ans-the method of determining the movement of a data packet from
an untrusted external host to a protected internal host through a firewall.
Session Hijacking Correct Ans-An attack in which an attacker attempts to impersonate the
user by using his session token.
Network Sniffing Correct Ans-theft or interception of data by capturing the network traffic
using a sniffer (an application aimed at capturing network packets).
MITM (Man-in-the-Middle) Correct Ans-a cyberattack where the attacker secretly relays
and possibly alters the communications between two parties who believe that they are
directly communicating with each other.
, CEH v12 Study Guide-Questions and Answers 100%
Solved
digital signature Correct Ans-Unforgeable and authentic
How to avoid NIDS? Correct Ans-Encryption
Slowloris Correct Ans-Attempts to monopolize by sending HTTP requests that never
complete
Eventually consumes Web server's connection capacity
Utilizes legitimate HTTP traffic
Existing intrusion detection and prevention solutions that rely on signatures to detect attacks
will generally not recognize this attack
HTTP Flood Correct Ans-a type of Distributed Denial of Service (DDoS) attack in which the
attacker manipulates HTTP and POST unwanted requests in order to attack a web server or
application.
, CEH v12 Study Guide-Questions and Answers 100%
Solved
Spoofed Session Flood Attack Correct Ans-Attackers create fake or spoofed TCP sessions by
carrying multiple SYN, ACK, and RST or FIN packets.
Fragmentation Correct Ans-a process used to partition messages (the service data unit
(SDU); typically a packet) from one layer of a network into multiple smaller payloads that can
fit within the lower layer's protocol data unit (PDU).
Reconissance Stage Correct Ans-attackers act like detectives, gathering information to
understand their target truly. From examining email lists to open source information, their
goal is to know the network better than those who run and maintain it. They hone in on the
technology's security aspect, study the weaknesses, and use any vulnerability to their
advantage.
Compromised Data Integrity Correct Ans-As SQL statements are also used to modify or add
the record, an attacker can use SQL injection to modify or add data stored in a database.
Solved
fuzz testing (fuzzing) Correct Ans-A software testing technique that deliberately provides
invalid, unexpected, or random data as inputs to a computer program.
Concolic Testing Correct Ans-Concolic testing is a hybrid software verification technique
that performs symbolic execution, a classical technique that treats program variables as
symbolic variables along a concrete execution path. Symbolic execution is used in conjunction
with an automated theorem prover or constaraint solver based on constraint logic
programming to generate new concrete inputs (test cases) to maximize code coverage. Its
main focus is finding bugs in real-world software rather than demonstrating program
correctness.
Monkey Testing Correct Ans-Monkey testing is a technique where the user tests the
application or system by providing random inputs and checking the behavior, or seeing
whether the application or system will crash. Monkey testing is usually implemented as
random, automated unit tests.
, CEH v12 Study Guide-Questions and Answers 100%
Solved
Security Testing Correct Ans-a process intended to reveal flaws in the security mechanisms
of an information system that protect data and maintain functionality as intended.
Firewalking Correct Ans-the method of determining the movement of a data packet from
an untrusted external host to a protected internal host through a firewall.
Session Hijacking Correct Ans-An attack in which an attacker attempts to impersonate the
user by using his session token.
Network Sniffing Correct Ans-theft or interception of data by capturing the network traffic
using a sniffer (an application aimed at capturing network packets).
MITM (Man-in-the-Middle) Correct Ans-a cyberattack where the attacker secretly relays
and possibly alters the communications between two parties who believe that they are
directly communicating with each other.
, CEH v12 Study Guide-Questions and Answers 100%
Solved
digital signature Correct Ans-Unforgeable and authentic
How to avoid NIDS? Correct Ans-Encryption
Slowloris Correct Ans-Attempts to monopolize by sending HTTP requests that never
complete
Eventually consumes Web server's connection capacity
Utilizes legitimate HTTP traffic
Existing intrusion detection and prevention solutions that rely on signatures to detect attacks
will generally not recognize this attack
HTTP Flood Correct Ans-a type of Distributed Denial of Service (DDoS) attack in which the
attacker manipulates HTTP and POST unwanted requests in order to attack a web server or
application.
, CEH v12 Study Guide-Questions and Answers 100%
Solved
Spoofed Session Flood Attack Correct Ans-Attackers create fake or spoofed TCP sessions by
carrying multiple SYN, ACK, and RST or FIN packets.
Fragmentation Correct Ans-a process used to partition messages (the service data unit
(SDU); typically a packet) from one layer of a network into multiple smaller payloads that can
fit within the lower layer's protocol data unit (PDU).
Reconissance Stage Correct Ans-attackers act like detectives, gathering information to
understand their target truly. From examining email lists to open source information, their
goal is to know the network better than those who run and maintain it. They hone in on the
technology's security aspect, study the weaknesses, and use any vulnerability to their
advantage.
Compromised Data Integrity Correct Ans-As SQL statements are also used to modify or add
the record, an attacker can use SQL injection to modify or add data stored in a database.
