CEH Exam UPDATED ACTUAL Exam
Questions and CORRECT Answers
An Unauthorized individual enters a building following an employee through the employee
entrance after the lunch rush. What type of breach has the individual just performed? -
CORRECT ANSWER- Tailgating
Which of the following is the best countermeasure to encrypting ransomwares?
A. Use multiple antivirus softwares
B. Keep some generation of off-line backup
C. Analyze the ransomware to get decryption key of encrypted data
D. Pay a ransom - CORRECT ANSWER- B. Pay a ransom
If an attacker uses the command SELECT*FROM user WHERE name = 'x' AND IS NULL;';
which type of SQL injection attack is the attacker performing? - CORRECT ANSWER- End
of Line Comment
Sophia travels a lot and worries that her laptop containing confidential documents might be
stolen. What is the best protection that will work for her? - CORRECT ANSWER- Full Disk
encryption
An attacker has installed a RAT on a host. The attacker wants to ensure that when a user attempts
to go to "www.MyPersonalBank.com", that the user is directed to a phishing site.
Which File does the attacker need to modify? - CORRECT ANSWER- Hosts
Which of the following options represents a conceptual characteristic of an anomaly-based IDS
over a signature-based IDS?
A. Produces less false positives
B. Can identify unknown attacks
C. Requires vendor updates for a new threat
,D. Cannot deal with encrypted network traffic - CORRECT ANSWER- B. Can identify
unknown attacks
You are logged in as a local admin on a Windows 7 system and you need to launch the Computer
Management Console from command line
Which command do you use? - CORRECT ANSWER- c:\compmgmt.msc
Which of the following act requires employer's standard national numbers to identify them on
standard transactions? - CORRECT ANSWER- HIPAA
In Wireshark, the packet bytes panes show the data ofWhich of the following act requires
employer's standard national numbers to identify them on standard transactions? the current
packet in which format? - CORRECT ANSWER- Hexadecimal
_______ is a set of extensions to DNS that provide to DNS clients (resolvers) the origin
authentication of DNS data to reduce the threat of DNS poisoning, spoofing, and similar types of
attacks, - CORRECT ANSWER- DNSSEC
PGP, SSL, and IKE are all examples of which type of cryptography? - CORRECT ANSWER-
Public Key
Which of the following is considered as one of the most reliable forms of TCP scanning? -
CORRECT ANSWER- TCP Connect/Full Open Scan
Which of the following scanning method splits the TCP header into several packets and makes it
difficult for packet filters to detect the purpose of the packet? - CORRECT ANSWER-
SYN/FIN scanning using IP fragments
Which of the following is the BEST way to defend against network sniffing?
A. Restrict Physical Access to Server Rooms hosting Critical Servers
B. Use Static IP Address
,C. Using encryption protocols to secure network communications
D. Register all machines MAC Adress in a Centralized Database - CORRECT ANSWER- C.
Using encryption protocols to secure network communications
You have successfully gained access to a Linux server and would like to ensure that the
succeeding outgoing traffic from this server will not be caught by Network-Based Intrusion
Detection Systems (NIDS)
What is the best way to evade the NIDS? - CORRECT ANSWER- Encryption
What is the purpose of a demilitarized zone on a network? - CORRECT ANSWER- To only
provide direct access to the nodes within the DMZ and protect the network behind it
You need to deploy a new web-based software package for your organization. The package
requires three separate servers and needs to be available on the Internet. What is the
recommended architecture in terms of server placement? - CORRECT ANSWER- A web
server facing the Internet, an application server on the internal network, a database server on the
internal network
The security administrator of ABC needs to permit Internet traffic in the host 10.0.0.2 and UDP
traffic in the host 10.0.0.3. He also needs to permit all FTP traffic to the rest of the network and
deny all other traffic. After he applied his ACL configuration in the router, nobody can access to
the ftp, and the permitted hosts cannot access the Internet. According to the next configuration,
what is happening in the network?
access-list 102 deny tcp any any
access-list 104 permit udp host 10.0.0.3 any
access-list 110 permit tcp host 10.0.0.2 eq www any
access-list 108 permit tcp any eq ftp any - CORRECT ANSWER- The first ACL is denying
all TCP traffic and the other ACLs are being ignored by the router
When conducting a penetration test, it is crucial to use all means to get all available information
about the target network. One of the ways to do that is by sniffing the network. Which of the
following cannot be performed by the passive network sniffing?
, A. Identifying operating systems, services, protocols and devices
B. Modifying and replaying captured network traffic
C. Collecting unencrypted information about usernames and passwords
D. Capturing a network traffic for further analysis - CORRECT ANSWER- B. Modifying
and replaying captured network traffic
A company's Web development team has become aware of a certain type of security vulnerability
in their their Web software. To mitigate the possibility of this vulnerability being exploited, the
team wants to modify the software requirements to disallow users from entering HTML as input
into their Web application.
What kind of Web application vulnerability likely exists in their software? - CORRECT
ANSWER- Cross-site scripting vulnerability
Insecure direct object reference is a type or vulnerability where the application does not verify if
the user is authorized to access the internal object via its name of key.
Suppose a malicious user Rob tries to get access to the account of a benign user Ned.
Which of the following requests best illustrates an attempt to exploit an insecure direct object
reference?
A. "GET/restricted/goldtransfer?to=Rob&from=1 or 1=1' HTTP/1.1Host: westbank.com"
B. "GET/restricted/accounts/?name=Ned HTTP/1.1 Host: westbank.com"
C. "GET/restricted/bank.getaccount('Ned) HTTP/1.1 Host: westbank.com"
D. "GET/restricted/\r\n\%00account%00Ned%00access HTTP/1.1 Host: westbank.com" -
CORRECT ANSWER- B. "GET/restricted/accounts/?name=Ned HTTP/1.1 Host:
westbank.com"
Which tool allows analysts and pen testers to examine links between data using graphs and link
analysis? - CORRECT ANSWER- Maltego
Which of these is capable of searching for and locating rogue access points?
A. HIDS
B. NIDS
Questions and CORRECT Answers
An Unauthorized individual enters a building following an employee through the employee
entrance after the lunch rush. What type of breach has the individual just performed? -
CORRECT ANSWER- Tailgating
Which of the following is the best countermeasure to encrypting ransomwares?
A. Use multiple antivirus softwares
B. Keep some generation of off-line backup
C. Analyze the ransomware to get decryption key of encrypted data
D. Pay a ransom - CORRECT ANSWER- B. Pay a ransom
If an attacker uses the command SELECT*FROM user WHERE name = 'x' AND IS NULL;';
which type of SQL injection attack is the attacker performing? - CORRECT ANSWER- End
of Line Comment
Sophia travels a lot and worries that her laptop containing confidential documents might be
stolen. What is the best protection that will work for her? - CORRECT ANSWER- Full Disk
encryption
An attacker has installed a RAT on a host. The attacker wants to ensure that when a user attempts
to go to "www.MyPersonalBank.com", that the user is directed to a phishing site.
Which File does the attacker need to modify? - CORRECT ANSWER- Hosts
Which of the following options represents a conceptual characteristic of an anomaly-based IDS
over a signature-based IDS?
A. Produces less false positives
B. Can identify unknown attacks
C. Requires vendor updates for a new threat
,D. Cannot deal with encrypted network traffic - CORRECT ANSWER- B. Can identify
unknown attacks
You are logged in as a local admin on a Windows 7 system and you need to launch the Computer
Management Console from command line
Which command do you use? - CORRECT ANSWER- c:\compmgmt.msc
Which of the following act requires employer's standard national numbers to identify them on
standard transactions? - CORRECT ANSWER- HIPAA
In Wireshark, the packet bytes panes show the data ofWhich of the following act requires
employer's standard national numbers to identify them on standard transactions? the current
packet in which format? - CORRECT ANSWER- Hexadecimal
_______ is a set of extensions to DNS that provide to DNS clients (resolvers) the origin
authentication of DNS data to reduce the threat of DNS poisoning, spoofing, and similar types of
attacks, - CORRECT ANSWER- DNSSEC
PGP, SSL, and IKE are all examples of which type of cryptography? - CORRECT ANSWER-
Public Key
Which of the following is considered as one of the most reliable forms of TCP scanning? -
CORRECT ANSWER- TCP Connect/Full Open Scan
Which of the following scanning method splits the TCP header into several packets and makes it
difficult for packet filters to detect the purpose of the packet? - CORRECT ANSWER-
SYN/FIN scanning using IP fragments
Which of the following is the BEST way to defend against network sniffing?
A. Restrict Physical Access to Server Rooms hosting Critical Servers
B. Use Static IP Address
,C. Using encryption protocols to secure network communications
D. Register all machines MAC Adress in a Centralized Database - CORRECT ANSWER- C.
Using encryption protocols to secure network communications
You have successfully gained access to a Linux server and would like to ensure that the
succeeding outgoing traffic from this server will not be caught by Network-Based Intrusion
Detection Systems (NIDS)
What is the best way to evade the NIDS? - CORRECT ANSWER- Encryption
What is the purpose of a demilitarized zone on a network? - CORRECT ANSWER- To only
provide direct access to the nodes within the DMZ and protect the network behind it
You need to deploy a new web-based software package for your organization. The package
requires three separate servers and needs to be available on the Internet. What is the
recommended architecture in terms of server placement? - CORRECT ANSWER- A web
server facing the Internet, an application server on the internal network, a database server on the
internal network
The security administrator of ABC needs to permit Internet traffic in the host 10.0.0.2 and UDP
traffic in the host 10.0.0.3. He also needs to permit all FTP traffic to the rest of the network and
deny all other traffic. After he applied his ACL configuration in the router, nobody can access to
the ftp, and the permitted hosts cannot access the Internet. According to the next configuration,
what is happening in the network?
access-list 102 deny tcp any any
access-list 104 permit udp host 10.0.0.3 any
access-list 110 permit tcp host 10.0.0.2 eq www any
access-list 108 permit tcp any eq ftp any - CORRECT ANSWER- The first ACL is denying
all TCP traffic and the other ACLs are being ignored by the router
When conducting a penetration test, it is crucial to use all means to get all available information
about the target network. One of the ways to do that is by sniffing the network. Which of the
following cannot be performed by the passive network sniffing?
, A. Identifying operating systems, services, protocols and devices
B. Modifying and replaying captured network traffic
C. Collecting unencrypted information about usernames and passwords
D. Capturing a network traffic for further analysis - CORRECT ANSWER- B. Modifying
and replaying captured network traffic
A company's Web development team has become aware of a certain type of security vulnerability
in their their Web software. To mitigate the possibility of this vulnerability being exploited, the
team wants to modify the software requirements to disallow users from entering HTML as input
into their Web application.
What kind of Web application vulnerability likely exists in their software? - CORRECT
ANSWER- Cross-site scripting vulnerability
Insecure direct object reference is a type or vulnerability where the application does not verify if
the user is authorized to access the internal object via its name of key.
Suppose a malicious user Rob tries to get access to the account of a benign user Ned.
Which of the following requests best illustrates an attempt to exploit an insecure direct object
reference?
A. "GET/restricted/goldtransfer?to=Rob&from=1 or 1=1' HTTP/1.1Host: westbank.com"
B. "GET/restricted/accounts/?name=Ned HTTP/1.1 Host: westbank.com"
C. "GET/restricted/bank.getaccount('Ned) HTTP/1.1 Host: westbank.com"
D. "GET/restricted/\r\n\%00account%00Ned%00access HTTP/1.1 Host: westbank.com" -
CORRECT ANSWER- B. "GET/restricted/accounts/?name=Ned HTTP/1.1 Host:
westbank.com"
Which tool allows analysts and pen testers to examine links between data using graphs and link
analysis? - CORRECT ANSWER- Maltego
Which of these is capable of searching for and locating rogue access points?
A. HIDS
B. NIDS
